protected function BlockAccessControlHandler::checkAccess in Drupal 9
Same name and namespace in other branches
- 8 core/modules/block/src/BlockAccessControlHandler.php \Drupal\block\BlockAccessControlHandler::checkAccess()
Performs access checks.
This method is supposed to be overwritten by extending classes that do their own custom access checking.
Parameters
\Drupal\Core\Entity\EntityInterface $entity: The entity for which to check access.
string $operation: The entity operation. Usually one of 'view', 'view label', 'update' or 'delete'.
\Drupal\Core\Session\AccountInterface $account: The user for which to check access.
Return value
\Drupal\Core\Access\AccessResultInterface The access result.
Overrides EntityAccessControlHandler::checkAccess
File
- core/
modules/ block/ src/ BlockAccessControlHandler.php, line 74
Class
- BlockAccessControlHandler
- Defines the access control handler for the block entity type.
Namespace
Drupal\blockCode
protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {
/** @var \Drupal\block\BlockInterface $entity */
if ($operation != 'view') {
return parent::checkAccess($entity, $operation, $account);
}
// Don't grant access to disabled blocks.
if (!$entity
->status()) {
return AccessResult::forbidden()
->addCacheableDependency($entity);
}
else {
$conditions = [];
$missing_context = FALSE;
$missing_value = FALSE;
foreach ($entity
->getVisibilityConditions() as $condition_id => $condition) {
if ($condition instanceof ContextAwarePluginInterface) {
try {
$contexts = $this->contextRepository
->getRuntimeContexts(array_values($condition
->getContextMapping()));
$this->contextHandler
->applyContextMapping($condition, $contexts);
} catch (MissingValueContextException $e) {
$missing_value = TRUE;
} catch (ContextException $e) {
$missing_context = TRUE;
}
}
$conditions[$condition_id] = $condition;
}
if ($missing_context) {
// If any context is missing then we might be missing cacheable
// metadata, and don't know based on what conditions the block is
// accessible or not. Make sure the result cannot be cached.
$access = AccessResult::forbidden()
->setCacheMaxAge(0);
}
elseif ($missing_value) {
// The contexts exist but have no value. Deny access without
// disabling caching. For example the node type condition will have a
// missing context on any non-node route like the frontpage.
$access = AccessResult::forbidden();
}
elseif ($this
->resolveConditions($conditions, 'and') !== FALSE) {
// Delegate to the plugin.
$block_plugin = $entity
->getPlugin();
try {
if ($block_plugin instanceof ContextAwarePluginInterface) {
$contexts = $this->contextRepository
->getRuntimeContexts(array_values($block_plugin
->getContextMapping()));
$this->contextHandler
->applyContextMapping($block_plugin, $contexts);
}
$access = $block_plugin
->access($account, TRUE);
} catch (MissingValueContextException $e) {
// The contexts exist but have no value. Deny access without
// disabling caching.
$access = AccessResult::forbidden();
} catch (ContextException $e) {
// If any context is missing then we might be missing cacheable
// metadata, and don't know based on what conditions the block is
// accessible or not. Make sure the result cannot be cached.
$access = AccessResult::forbidden()
->setCacheMaxAge(0);
}
}
else {
$reason = count($conditions) > 1 ? "One of the block visibility conditions ('%s') denied access." : "The block visibility condition '%s' denied access.";
$access = AccessResult::forbidden(sprintf($reason, implode("', '", array_keys($conditions))));
}
$this
->mergeCacheabilityFromConditions($access, $conditions);
// Ensure that access is evaluated again when the block changes.
return $access
->addCacheableDependency($entity);
}
}