forbiddenIf example


function hook_jsonapi_entity_field_filter_access(\Drupal\Core\Field\FieldDefinitionInterface $field_definition, \Drupal\Core\Session\AccountInterface $account) {
  if ($field_definition->getTargetEntityTypeId() === 'node' && $field_definition->getName() === 'field_sensitive_data') {
    $has_sufficient_access = FALSE;
    foreach (['administer nodes', 'view all sensitive field data'] as $permission) {
      $has_sufficient_access = $has_sufficient_access ?: $account->hasPermission($permission);
    }
    return AccessResult::forbiddenIf(!$has_sufficient_access)->cachePerPermissions();
  }
  return AccessResult::neutral();
}

/** * @} End of "addtogroup hooks". */

function hook_block_access(\Drupal\block\Entity\Block $block$operation, \Drupal\Core\Session\AccountInterface $account) {
  // Example code that would prevent displaying the 'Powered by Drupal' block in   // a region different than the footer.   if ($operation == 'view' && $block->getPluginId() == 'system_powered_by_block') {
    return AccessResult::forbiddenIf($block->getRegion() != 'footer')->addCacheableDependency($block);
  }

  // No opinion.   return AccessResult::neutral();
}

/** * Allow modules to alter the block plugin definitions. * * @param array[] $definitions * The array of block definitions, keyed by plugin ID. * * @ingroup block_api */
$entity_type,
      $container->get('event_dispatcher')
    );
  }

  /** * {@inheritdoc} */
  protected function checkAccess(EntityInterface $entity$operation, AccountInterface $account) {
    assert($entity instanceof BlockContentInterface);
    $bundle = $entity->bundle();
    $forbidIfNotDefaultAndLatest = fn (): AccessResultInterface => AccessResult::forbiddenIf($entity->isDefaultRevision() && $entity->isLatestRevision());
    $forbidIfNotReusable = fn (): AccessResultInterface => AccessResult::forbiddenIf($entity->isReusable() === FALSE, sprintf('Block content must be reusable to use `%s` operation', $operation));
    $access = match ($operation) {
      // Allow view and update access to user with the 'edit any (type) block       // content' permission or the 'administer blocks' permission.       'view' => AccessResult::allowedIf($entity->isPublished())
        ->orIf(AccessResult::allowedIfHasPermissions($account[
          'access block library',
        ]))->orIf(AccessResult::allowedIfHasPermissions($account[
          'administer block content',
        ])),
      'update' => AccessResult::allowedIfHasPermissions($account[
        
$this->assertInstanceOf(AccessResultReasonInterface::class$access);
      $this->assertSame($reason$access->getReason());
    };

    $b = AccessResult::forbidden();
    $verify($b, '');

    $reason = $this->getRandomGenerator()->string();
    $b = AccessResult::forbidden($reason);
    $verify($b$reason);

    $b = AccessResult::forbiddenIf(TRUE, $reason);
    $verify($b$reason);
  }

  /** * @covers ::allowedIf * @covers ::isAllowed * @covers ::isForbidden * @covers ::isNeutral */
  public function testAccessConditionallyAllowed() {
    $verify = function DAccessResult $access$allowed) {
      
Home | Imprint | This part of the site doesn't use cookies.