You are here

protected function BlockAccessControlHandler::checkAccess in Drupal 10

Same name and namespace in other branches
  1. 8 core/modules/block/src/BlockAccessControlHandler.php \Drupal\block\BlockAccessControlHandler::checkAccess()
  2. 9 core/modules/block/src/BlockAccessControlHandler.php \Drupal\block\BlockAccessControlHandler::checkAccess()

Performs access checks.

This method is supposed to be overwritten by extending classes that do their own custom access checking.

Parameters

\Drupal\Core\Entity\EntityInterface $entity: The entity for which to check access.

string $operation: The entity operation. Usually one of 'view', 'view label', 'update' or 'delete'.

\Drupal\Core\Session\AccountInterface $account: The user for which to check access.

Return value

\Drupal\Core\Access\AccessResultInterface The access result.

Overrides EntityAccessControlHandler::checkAccess

File

core/modules/block/src/BlockAccessControlHandler.php, line 74

Class

BlockAccessControlHandler
Defines the access control handler for the block entity type.

Namespace

Drupal\block

Code

protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {

  /** @var \Drupal\block\BlockInterface $entity */
  if ($operation != 'view') {
    return parent::checkAccess($entity, $operation, $account);
  }

  // Don't grant access to disabled blocks.
  if (!$entity
    ->status()) {
    return AccessResult::forbidden()
      ->addCacheableDependency($entity);
  }
  else {
    $conditions = [];
    $missing_context = FALSE;
    $missing_value = FALSE;
    foreach ($entity
      ->getVisibilityConditions() as $condition_id => $condition) {
      if ($condition instanceof ContextAwarePluginInterface) {
        try {
          $contexts = $this->contextRepository
            ->getRuntimeContexts(array_values($condition
            ->getContextMapping()));
          $this->contextHandler
            ->applyContextMapping($condition, $contexts);
        } catch (MissingValueContextException $e) {
          $missing_value = TRUE;
        } catch (ContextException $e) {
          $missing_context = TRUE;
        }
      }
      $conditions[$condition_id] = $condition;
    }
    if ($missing_context) {

      // If any context is missing then we might be missing cacheable
      // metadata, and don't know based on what conditions the block is
      // accessible or not. Make sure the result cannot be cached.
      $access = AccessResult::forbidden()
        ->setCacheMaxAge(0);
    }
    elseif ($missing_value) {

      // The contexts exist but have no value. Deny access without
      // disabling caching. For example the node type condition will have a
      // missing context on any non-node route like the frontpage.
      $access = AccessResult::forbidden();
    }
    elseif ($this
      ->resolveConditions($conditions, 'and') !== FALSE) {

      // Delegate to the plugin.
      $block_plugin = $entity
        ->getPlugin();
      try {
        if ($block_plugin instanceof ContextAwarePluginInterface) {
          $contexts = $this->contextRepository
            ->getRuntimeContexts(array_values($block_plugin
            ->getContextMapping()));
          $this->contextHandler
            ->applyContextMapping($block_plugin, $contexts);
        }
        $access = $block_plugin
          ->access($account, TRUE);
      } catch (MissingValueContextException $e) {

        // The contexts exist but have no value. Deny access without
        // disabling caching.
        $access = AccessResult::forbidden();
      } catch (ContextException $e) {

        // If any context is missing then we might be missing cacheable
        // metadata, and don't know based on what conditions the block is
        // accessible or not. Make sure the result cannot be cached.
        $access = AccessResult::forbidden()
          ->setCacheMaxAge(0);
      }
    }
    else {
      $reason = count($conditions) > 1 ? "One of the block visibility conditions ('%s') denied access." : "The block visibility condition '%s' denied access.";
      $access = AccessResult::forbidden(sprintf($reason, implode("', '", array_keys($conditions))));
    }
    $this
      ->mergeCacheabilityFromConditions($access, $conditions);

    // Ensure that access is evaluated again when the block changes.
    return $access
      ->addCacheableDependency($entity);
  }
}