You are here

protected function PermissionsHashGenerator::doGenerate in Drupal 8

Same name and namespace in other branches
  1. 9 core/lib/Drupal/Core/Session/PermissionsHashGenerator.php \Drupal\Core\Session\PermissionsHashGenerator::doGenerate()

Generates a hash that uniquely identifies the user's permissions.

Parameters

string[] $roles: The user's roles.

Return value

string The permissions hash.

1 call to PermissionsHashGenerator::doGenerate()
PermissionsHashGenerator::generate in core/lib/Drupal/Core/Session/PermissionsHashGenerator.php
Cached by role, invalidated whenever permissions change.

File

core/lib/Drupal/Core/Session/PermissionsHashGenerator.php, line 95

Class

PermissionsHashGenerator
Generates and caches the permissions hash for a user.

Namespace

Drupal\Core\Session

Code

protected function doGenerate(array $roles) {

  // @todo Once Drupal gets rid of user_role_permissions(), we should be able
  // to inject the user role controller and call a method on that instead.
  $permissions_by_role = user_role_permissions($roles);
  foreach ($permissions_by_role as $role => $permissions) {
    sort($permissions);

    // Note that for admin roles (\Drupal\user\RoleInterface::isAdmin()), the
    // permissions returned will be empty ($permissions = []). Therefore the
    // presence of the role ID as a key in $permissions_by_role is essential
    // to ensure that the hash correctly recognizes admin roles. (If the hash
    // was based solely on the union of $permissions, the admin roles would
    // effectively be no-ops, allowing for hash collisions.)
    $permissions_by_role[$role] = $permissions;
  }
  return $this
    ->hash(serialize($permissions_by_role));
}