You are here

protected function UpdateKernel::handleAccess in Drupal 10

Same name and namespace in other branches
  1. 8 core/lib/Drupal/Core/Update/UpdateKernel.php \Drupal\Core\Update\UpdateKernel::handleAccess()
  2. 9 core/lib/Drupal/Core/Update/UpdateKernel.php \Drupal\Core\Update\UpdateKernel::handleAccess()

Checks if the current user has rights to access updates page.

If the current user does not have the rights, an exception is thrown.

Parameters

\Symfony\Component\HttpFoundation\Request $request: The incoming request.

Throws

\Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException Thrown when update.php should not be accessible.

File

core/lib/Drupal/Core/Update/UpdateKernel.php, line 177

Class

UpdateKernel
Defines a kernel which is used primarily to run the update of Drupal.

Namespace

Drupal\Core\Update

Code

protected function handleAccess(Request $request) {

  /** @var \Drupal\Core\Authentication\AuthenticationManager $authentication_manager */
  $authentication_manager = $this
    ->getContainer()
    ->get('authentication');
  $account = $authentication_manager
    ->authenticate($request) ?: new AnonymousUserSession();

  /** @var \Drupal\Core\Session\AccountProxyInterface $current_user */
  $current_user = $this
    ->getContainer()
    ->get('current_user');
  $current_user
    ->setAccount($account);

  /** @var \Drupal\system\Access\DbUpdateAccessCheck $db_update_access */
  $db_update_access = $this
    ->getContainer()
    ->get('access_check.db_update');
  if (!Settings::get('update_free_access', FALSE) && !$db_update_access
    ->access($account)
    ->isAllowed()) {
    throw new AccessDeniedHttpException('In order to run update.php you need to either have "Administer software updates" permission or have set $settings[\'update_free_access\'] in your settings.php.');
  }
}