CodeExplorer
You are a developer and looking for Shopware projects?
Apply Now!
forbidden example
public function checkAccess(AccountInterface $account, MediaLibraryState $state = NULL) {
if (!$state) {
try {
$state = MediaLibraryState::fromRequest($this->request);
}
catch (BadRequestHttpException $e) {
return AccessResult::forbidden($e->getMessage());
}
catch (\InvalidArgumentException $e) {
return AccessResult::forbidden($e->getMessage());
}
}
// Deny access if the view or display are removed. $view = $this->entityTypeManager->getStorage('view')->load('media_library');
if (!$view) {
return AccessResult::forbidden('The media library view does not exist.')
->setCacheMaxAge(0);
}
$layout_entity = $layout_entity->reveal();
$context = $this->prophesize(ContextInterface::class);
$context->getContextValue()->willReturn($layout_entity);
$contexts['layout_builder.entity'] = $context->reveal();
$block->setAccessDependency($layout_entity)->shouldBeCalled();
}
else {
$block = $this->prophesize(BlockPluginInterface::class);
}
$access_result = AccessResult::forbidden();
$block->access($this->account->reveal(), TRUE)->willReturn($access_result)->shouldBeCalled();
$block->getCacheContexts()->shouldNotBeCalled();
$block->getCacheTags()->shouldNotBeCalled();
$block->getCacheMaxAge()->shouldNotBeCalled();
$block->getConfiguration()->shouldNotBeCalled();
$block->getPluginId()->shouldNotBeCalled();
$block->getBaseId()->shouldNotBeCalled();
$block->getDerivativeId()->shouldNotBeCalled();
$block_content = ['#markup' => 'The block content.'];
$block->build()->willReturn($block_content);
$context = $this->prophesize(ContextInterface::class);
$context->getContextValue()->willReturn($layout_entity);
$contexts['layout_builder.entity'] = $context->reveal();
$block->setAccessDependency($layout_entity)->shouldBeCalled();
}
else {
$block = $this->prophesize(BlockPluginInterface::class);
}
$access_result = AccessResult::forbidden();
$block->access($this->account->reveal(), TRUE)->willReturn($access_result)->shouldBeCalled();
$block->getCacheContexts()->shouldNotBeCalled();
$block->getCacheTags()->shouldNotBeCalled();
$block->getCacheMaxAge()->shouldNotBeCalled();
$block->getConfiguration()->shouldNotBeCalled();
$block->getPluginId()->shouldNotBeCalled();
$block->getBaseId()->shouldNotBeCalled();
$block->getDerivativeId()->shouldNotBeCalled();
$block_content = ['#markup' => 'The block content.'];
$block->build()->willReturn($block_content);
$access_result = AccessResult::allowedIfHasPermissions($account, ['view latest version', 'view any unpublished content']);
if (!$access_result->isAllowed()) {
// Check entity owner access. $owner_access = AccessResult::allowedIfHasPermissions($account, ['view latest version', 'view own unpublished content']);
$owner_access = $owner_access->andIf((AccessResult::allowedIf($entity instanceof EntityOwnerInterface && ($entity->getOwnerId() == $account->id()))));
$access_result = $access_result->orIf($owner_access);
}
return $access_result->addCacheableDependency($entity);
}
return AccessResult::forbidden('No pending revision for moderated entity.')->addCacheableDependency($entity);
}
/** * Returns the default revision of the entity this route is for. * * @param \Symfony\Component\Routing\Route $route * The route to check against. * @param \Drupal\Core\Routing\RouteMatchInterface $route_match * The parametrized route. * * @return \Drupal\Core\Entity\ContentEntityInterface * returns the Entity in question. * * @throws \Drupal\Core\Access\AccessException * An AccessException is thrown if the entity couldn't be loaded. */
if (!$access_result->isAllowed()) {
// Check entity owner access. $owner_access = AccessResult::allowedIfHasPermissions($account, ['view latest version', 'view own unpublished content']);
$owner_access = $owner_access->andIf((AccessResult::allowedIf($entity instanceof EntityOwnerInterface && ($entity->getOwnerId() == $account->id()))));
$access_result = $access_result->orIf($owner_access);
}
return $access_result->addCacheableDependency($entity);
}
return AccessResult::forbidden('No pending revision for moderated entity.')->addCacheableDependency($entity);
}
/** * Returns the default revision of the entity this route is for. * * @param \Symfony\Component\Routing\Route $route * The route to check against. * @param \Drupal\Core\Routing\RouteMatchInterface $route_match * The parametrized route. * * @return \Drupal\Core\Entity\ContentEntityInterface * returns the Entity in question. * * @throws \Drupal\Core\Access\AccessException * An AccessException is thrown if the entity couldn't be loaded. */
public function access(EntityInterface $entity, $operation, AccountInterface $account = NULL, $return_as_object = FALSE) {
$account = $this->prepareUser($account);
// Only bypass if not a revision operation, to retain compatibility. if ($account->hasPermission('bypass node access') && !isset(static::REVISION_OPERATION_MAP[$operation])) {
$result = AccessResult::allowed()->cachePerPermissions();
return $return_as_object ? $result : $result->isAllowed();
}
if (!$account->hasPermission('access content')) {
$result = AccessResult::forbidden("The 'access content' permission is required.")->cachePerPermissions();
return $return_as_object ? $result : $result->isAllowed();
}
$result = parent::access($entity, $operation, $account, TRUE)->cachePerPermissions();
return $return_as_object ? $result : $result->isAllowed();
}
/** * {@inheritdoc} */
public function createAccess($entity_bundle = NULL, AccountInterface $account = NULL, array $context = [], $return_as_object = FALSE) {
return $convert($this) === $convert($list_to_compare);
}
/** * Overrides \Drupal\Core\Field\FieldItemListInterface::defaultAccess(). * * @ingroup layout_builder_access */
public function defaultAccess($operation = 'view', AccountInterface $account = NULL) {
// @todo Allow access in https://www.drupal.org/node/2942975. return AccessResult::forbidden();
}
}
public static function forbiddenIf($condition, $reason = NULL) {
return $condition ? static::forbidden($reason) : static::neutral();
}
/** * Creates an allowed access result if the permission is present, neutral otherwise. * * Checks the permission and adds a 'user.permissions' cache context. * * @param \Drupal\Core\Session\AccountInterface $account * The account for which to check a permission. * @param string $permission * The permission to check for. * * @return \Drupal\Core\Access\AccessResult * If the account has the permission, isAllowed() will be TRUE, otherwise * isNeutral() will be TRUE. */
class LayoutPreviewAccessAllowed implements AccessibleInterface {
/** * {@inheritdoc} */
public function access($operation, AccountInterface $account = NULL, $return_as_object = FALSE) {
if ($operation === 'view') {
return $return_as_object ? AccessResult::allowed() : TRUE;
}
// The layout builder preview should only need 'view' access. return $return_as_object ? AccessResult::forbidden() : FALSE;
}
}
public function access(Route $route) {
if ($route->getRequirement('_access') === 'TRUE') {
return AccessResult::allowed();
}
elseif ($route->getRequirement('_access') === 'FALSE') {
return AccessResult::forbidden();
}
else {
return AccessResult::neutral();
}
}
}
protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {
if ($operation == 'delete' && $entity->isNew()) {
return AccessResult::forbidden()->addCacheableDependency($entity);
}
if ($admin_permission = $this->entityType->getAdminPermission()) {
return AccessResult::allowedIfHasPermission($account, $admin_permission);
}
else {
// No opinion. return AccessResult::neutral();
}
}
/** * Tries to retrieve a previously cached access value from the static cache. * * @param string $cid * Unique string identifier for the entity/operation, for example the * entity UUID or a custom string. * @param string $operation * The entity operation. Usually one of 'view', 'update', 'create' or * 'delete'. * @param string $langcode * The language code for which to check access. * @param \Drupal\Core\Session\AccountInterface $account * The user for which to check access. * * @return \Drupal\Core\Access\AccessResultInterface|null * The cached AccessResult, or NULL if there is no record for the given * user, operation, langcode and entity in the cache. */
if ($entity->isReusable() === FALSE && $access->isForbidden() !== TRUE) {
if (!$entity instanceof DependentAccessInterface) {
throw new \LogicException("Non-reusable block entities must implement \Drupal\block_content\Access\DependentAccessInterface for access control.");
}
$dependency = $entity->getAccessDependency();
if (empty($dependency)) {
// If an access dependency has not been set let modules set one. $event = new BlockContentGetDependencyEvent($entity);
$this->eventDispatcher->dispatch($event, BlockContentEvents::BLOCK_CONTENT_GET_DEPENDENCY);
$dependency = $event->getAccessDependency();
if (empty($dependency)) {
return AccessResult::forbidden("Non-reusable blocks must set an access dependency for access control.");
}
}
/** @var \Drupal\Core\Entity\EntityInterface $dependency */
$access = $access->andIf($dependency->access($operation, $account, TRUE));
}
return $access;
}
/** * {@inheritdoc} */
if (!$entity instanceof DependentAccessInterface) {
throw new \LogicException("Non-reusable block entities must implement \Drupal\block_content\Access\DependentAccessInterface for access control.");
}
$dependency = $entity->getAccessDependency();
if (empty($dependency)) {
// If an access dependency has not been set let modules set one. $event = new BlockContentGetDependencyEvent($entity);
$this->eventDispatcher->dispatch($event, BlockContentEvents::BLOCK_CONTENT_GET_DEPENDENCY);
$dependency = $event->getAccessDependency();
if (empty($dependency)) {
return AccessResult::forbidden("Non-reusable blocks must set an access dependency for access control.");
}
}
/** @var \Drupal\Core\Entity\EntityInterface $dependency */
$access = $access->andIf($dependency->access($operation, $account, TRUE));
}
return $access;
}
/** * {@inheritdoc} */
/**
* Access check based on whether image upload is enabled or not.
*
* @param \Drupal\editor\Entity\Editor $editor
* The text editor for which an image upload is occurring.
*
* @return \Drupal\Core\Access\AccessResultInterface
* The access result.
*/
public function imageUploadEnabledAccess(Editor $editor) {
if ($editor->getEditor() !== 'ckeditor5') {
return AccessResult::forbidden();
}
if ($editor->getImageUploadSettings()['status'] !== TRUE) {
return AccessResult::forbidden();
}
return AccessResult::allowed();
}
/** * Validates the file. * * @param \Drupal\file\FileInterface $file * The file entity to validate. * @param array $validators * An array of upload validators to pass to file_validate(). * * @return \Drupal\Core\Entity\EntityConstraintViolationListInterface * The list of constraint violations, if any. */
public function imageUploadEnabledAccess(Editor $editor) {
if ($editor->getEditor() !== 'ckeditor5') {
return AccessResult::forbidden();
}
if ($editor->getImageUploadSettings()['status'] !== TRUE) {
return AccessResult::forbidden();
}
return AccessResult::allowed();
}
/** * Validates the file. * * @param \Drupal\file\FileInterface $file * The file entity to validate. * @param array $validators * An array of upload validators to pass to file_validate(). * * @return \Drupal\Core\Entity\EntityConstraintViolationListInterface * The list of constraint violations, if any. */
public function testRenderWithAccessControllerResolved($access) {
switch ($access) {
case AccessResult::allowed():
$method = 'accessResultAllowed';
break;
case AccessResult::forbidden():
$method = 'accessResultForbidden';
break;
case FALSE:
$method = 'accessFalse';
break;
case TRUE:
$method = 'accessTrue';
break;
}
/** * {@inheritdoc} */
public function checkAccess(MediaLibraryState $state, AccountInterface $account) {
$parameters = $state->getOpenerParameters() + ['entity_id' => NULL];
// Forbid access if any of the required parameters are missing. foreach (['entity_type_id', 'bundle', 'field_name'] as $key) {
if (empty($parameters[$key])) {
return AccessResult::forbidden("$key parameter is missing.")->addCacheableDependency($state);
}
}
$entity_type_id = $parameters['entity_type_id'];
$bundle = $parameters['bundle'];
$field_name = $parameters['field_name'];
// Since we defer to a field to determine access, ensure we are dealing with // a fieldable entity type. $entity_type = $this->entityTypeManager->getDefinition($entity_type_id);
if (!$entity_type->entityClassImplements(FieldableEntityInterface::class)) {
// ParamConverterManager relies on the route name and object being
// available from the parameters array.
$parameters[RouteObjectInterface::ROUTE_NAME] = $route_name;
$parameters[RouteObjectInterface::ROUTE_OBJECT] = $route;
$upcasted_parameters = $this->paramConverterManager->convert($parameters + $route->getDefaults());
$route_match = new RouteMatch($route_name, $route, $upcasted_parameters, $parameters);
return $this->check($route_match, $account, NULL, $return_as_object);
}
catch (RouteNotFoundException $e) {
// Cacheable until extensions change. $result = AccessResult::forbidden()->addCacheTags(['config:core.extension']);
return $return_as_object ? $result : $result->isAllowed();
}
catch (ParamNotConvertedException $e) {
// Uncacheable because conversion of the parameter may not have been // possible due to dynamic circumstances. $result = AccessResult::forbidden()->setCacheMaxAge(0);
return $return_as_object ? $result : $result->isAllowed();
}
}
/** * {@inheritdoc} */
$parameters[RouteObjectInterface::ROUTE_OBJECT] = $route;
$upcasted_parameters = $this->paramConverterManager->convert($parameters + $route->getDefaults());
$route_match = new RouteMatch($route_name, $route, $upcasted_parameters, $parameters);
return $this->check($route_match, $account, NULL, $return_as_object);
}
catch (RouteNotFoundException $e) {
// Cacheable until extensions change. $result = AccessResult::forbidden()->addCacheTags(['config:core.extension']);
return $return_as_object ? $result : $result->isAllowed();
}
catch (ParamNotConvertedException $e) {
// Uncacheable because conversion of the parameter may not have been // possible due to dynamic circumstances. $result = AccessResult::forbidden()->setCacheMaxAge(0);
return $return_as_object ? $result : $result->isAllowed();
}
}
/** * {@inheritdoc} */
return AccessResult::allowed()->addCacheContexts(['user']);
}
}
}
elseif ($operation == 'update') {
$account = $this->prepareUser($account);
$file_uid = $entity->get('uid')->getValue();
// Only the file owner can update the file entity. if (isset($file_uid[0]['target_id']) && $account->id() == $file_uid[0]['target_id']) {
return AccessResult::allowed();
}
return AccessResult::forbidden('Only the file owner can update the file entity.');
}
elseif ($operation == 'delete') {
$access = AccessResult::allowedIfHasPermission($account, 'delete any file');
if (!$access->isAllowed() && $account->hasPermission('delete own files')) {
$access = $access->orIf(AccessResult::allowedIf($account->id() == $entity->getOwnerId()))->cachePerUser()->addCacheableDependency($entity);
}
return $access;
}
// No opinion. return AccessResult::neutral();
}
}
}
}
elseif ($operation == 'update') {
$account = $this->prepareUser($account);
$file_uid = $entity->get('uid')->getValue();
// Only the file owner can update the file entity. if (isset($file_uid[0]['target_id']) && $account->id() == $file_uid[0]['target_id']) {
return AccessResult::allowed();
}
return AccessResult::forbidden('Only the file owner can update the file entity.');
}
elseif ($operation == 'delete') {
$access = AccessResult::allowedIfHasPermission($account, 'delete any file');
if (!$access->isAllowed() && $account->hasPermission('delete own files')) {
$access = $access->orIf(AccessResult::allowedIf($account->id() == $entity->getOwnerId()))->cachePerUser()->addCacheableDependency($entity);
}
return $access;
}
// No opinion. return AccessResult::neutral();
}