You are here

class CasUserAccessCheck in CAS 8

Same name and namespace in other branches
  1. 2.x src/Access/CasUserAccessCheck.php \Drupal\cas\Access\CasUserAccessCheck

Defines an access checker that restricts CAS users for certain routes.

Hierarchy

Expanded class hierarchy of CasUserAccessCheck

1 string reference to 'CasUserAccessCheck'
cas.services.yml in ./cas.services.yml
cas.services.yml
1 service uses CasUserAccessCheck
cas.cas_user_access_checker in ./cas.services.yml
Drupal\cas\Access\CasUserAccessCheck

File

src/Access/CasUserAccessCheck.php, line 14

Namespace

Drupal\cas\Access
View source
class CasUserAccessCheck implements AccessInterface {

  /**
   * The CAS settings.
   *
   * @var \Drupal\Core\Config\ImmutableConfig
   */
  protected $settings;

  /**
   * The CAS user manager service.
   *
   * @var \Drupal\cas\Service\CasUserManager
   */
  protected $casUserManager;

  /**
   * Constructs a new access checker instance.
   *
   * @param \Drupal\Core\Config\ConfigFactoryInterface $config_factory
   *   The configuration factory service.
   * @param \Drupal\cas\Service\CasUserManager $cas_user_manager
   *   The CAS user manager service.
   */
  public function __construct(ConfigFactoryInterface $config_factory, CasUserManager $cas_user_manager) {
    $this->settings = $config_factory
      ->get('cas.settings');
    $this->casUserManager = $cas_user_manager;
  }

  /**
   * Checks the access to routes tagged with '_cas_user_access'.
   *
   * If the current user account is linked to a CAS account and the setting
   * 'restrict_password_management' is TRUE, deny the access.
   *
   * @param \Drupal\Core\Session\AccountInterface $account
   *   Run access checks for this account.
   *
   * @return \Drupal\Core\Access\AccessResultInterface
   *   The access result object.
   */
  public function access(AccountInterface $account) {
    if (!$this->settings
      ->get('user_accounts.restrict_password_management') || $account
      ->isAnonymous() || !$this->casUserManager
      ->getCasUsernameForAccount($account
      ->id())) {
      return AccessResult::allowed();
    }
    return AccessResult::forbidden("Is logged in CAS user and 'restrict_password_management' is TRUE");
  }

}

Members

Namesort descending Modifiers Type Description Overrides
CasUserAccessCheck::$casUserManager protected property The CAS user manager service.
CasUserAccessCheck::$settings protected property The CAS settings.
CasUserAccessCheck::access public function Checks the access to routes tagged with '_cas_user_access'.
CasUserAccessCheck::__construct public function Constructs a new access checker instance.