CodeExplorer
You are a developer and looking for Shopware projects?
Apply Now!
forbiddenIf example
function hook_jsonapi_entity_field_filter_access(\Drupal\Core\Field\FieldDefinitionInterface $field_definition, \Drupal\Core\Session\AccountInterface $account) {
if ($field_definition->getTargetEntityTypeId() === 'node' && $field_definition->getName() === 'field_sensitive_data') {
$has_sufficient_access = FALSE;
foreach (['administer nodes', 'view all sensitive field data'] as $permission) {
$has_sufficient_access = $has_sufficient_access ?: $account->hasPermission($permission);
}
return AccessResult::forbiddenIf(!$has_sufficient_access)->cachePerPermissions();
}
return AccessResult::neutral();
}
/** * @} End of "addtogroup hooks". */
function hook_block_access(\Drupal\block\Entity\Block $block, $operation, \Drupal\Core\Session\AccountInterface $account) {
// Example code that would prevent displaying the 'Powered by Drupal' block in // a region different than the footer. if ($operation == 'view' && $block->getPluginId() == 'system_powered_by_block') {
return AccessResult::forbiddenIf($block->getRegion() != 'footer')->addCacheableDependency($block);
}
// No opinion. return AccessResult::neutral();
}
/** * Allow modules to alter the block plugin definitions. * * @param array[] $definitions * The array of block definitions, keyed by plugin ID. * * @ingroup block_api */
$entity_type,
$container->get('event_dispatcher')
);
}
/** * {@inheritdoc} */
protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {
assert($entity instanceof BlockContentInterface);
$bundle = $entity->bundle();
$forbidIfNotDefaultAndLatest = fn (): AccessResultInterface => AccessResult::forbiddenIf($entity->isDefaultRevision() && $entity->isLatestRevision());
$forbidIfNotReusable = fn (): AccessResultInterface => AccessResult::forbiddenIf($entity->isReusable() === FALSE, sprintf('Block content must be reusable to use `%s` operation', $operation));
$access = match ($operation) {
// Allow view and update access to user with the 'edit any (type) block // content' permission or the 'administer blocks' permission. 'view' => AccessResult::allowedIf($entity->isPublished())
->orIf(AccessResult::allowedIfHasPermissions($account, [
'access block library',
]))->orIf(AccessResult::allowedIfHasPermissions($account, [
'administer block content',
])),
'update' => AccessResult::allowedIfHasPermissions($account, [
$container->get('event_dispatcher')
);
}
/** * {@inheritdoc} */
protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {
assert($entity instanceof BlockContentInterface);
$bundle = $entity->bundle();
$forbidIfNotDefaultAndLatest = fn (): AccessResultInterface => AccessResult::forbiddenIf($entity->isDefaultRevision() && $entity->isLatestRevision());
$forbidIfNotReusable = fn (): AccessResultInterface => AccessResult::forbiddenIf($entity->isReusable() === FALSE, sprintf('Block content must be reusable to use `%s` operation', $operation));
$access = match ($operation) {
// Allow view and update access to user with the 'edit any (type) block // content' permission or the 'administer blocks' permission. 'view' => AccessResult::allowedIf($entity->isPublished())
->orIf(AccessResult::allowedIfHasPermissions($account, [
'access block library',
]))->orIf(AccessResult::allowedIfHasPermissions($account, [
'administer block content',
])),
'update' => AccessResult::allowedIfHasPermissions($account, [
$this->assertInstanceOf(AccessResultReasonInterface::class, $access);
$this->assertSame($reason, $access->getReason());
};
$b = AccessResult::forbidden();
$verify($b, '');
$reason = $this->getRandomGenerator()->string();
$b = AccessResult::forbidden($reason);
$verify($b, $reason);
$b = AccessResult::forbiddenIf(TRUE, $reason);
$verify($b, $reason);
}
/** * @covers ::allowedIf * @covers ::isAllowed * @covers ::isForbidden * @covers ::isNeutral */
public function testAccessConditionallyAllowed() {
$verify = function DAccessResult $access, $allowed) {
$this->assertSame($reason, $access->getReason());
};
$b = AccessResult::forbidden();
$verify($b, '');
$reason = $this->getRandomGenerator()->string();
$b = AccessResult::forbidden($reason);
$verify($b, $reason);
$b = AccessResult::forbiddenIf(TRUE, $reason);
$verify($b, $reason);
}
/** * @covers ::allowedIf * @covers ::isAllowed * @covers ::isForbidden * @covers ::isNeutral */
public function testAccessConditionallyAllowed() {
$verify = function DAccessResult $access, $allowed) {