class RoleAccessCheck in Drupal 9
Same name and namespace in other branches
- 8 core/modules/user/src/Access/RoleAccessCheck.php \Drupal\user\Access\RoleAccessCheck
- 10 core/modules/user/src/Access/RoleAccessCheck.php \Drupal\user\Access\RoleAccessCheck
Determines access to routes based on roles.
You can specify the '_role' key on route requirements. If you specify a single role, users with that role with have access. If you specify multiple ones you can conjunct them with AND by using a "," and with OR by using "+".
Hierarchy
- class \Drupal\user\Access\RoleAccessCheck implements AccessInterface
Expanded class hierarchy of RoleAccessCheck
1 file declares its use of RoleAccessCheck
- RoleAccessCheckTest.php in core/
tests/ Drupal/ Tests/ Core/ Route/ RoleAccessCheckTest.php
1 string reference to 'RoleAccessCheck'
- user.services.yml in core/
modules/ user/ user.services.yml - core/modules/user/user.services.yml
1 service uses RoleAccessCheck
- access_check.user.role in core/
modules/ user/ user.services.yml - Drupal\user\Access\RoleAccessCheck
File
- core/
modules/ user/ src/ Access/ RoleAccessCheck.php, line 17
Namespace
Drupal\user\AccessView source
class RoleAccessCheck implements AccessInterface {
/**
* Checks access.
*
* @param \Symfony\Component\Routing\Route $route
* The route to check against.
* @param \Drupal\Core\Session\AccountInterface $account
* The currently logged in account.
*
* @return \Drupal\Core\Access\AccessResultInterface
* The access result.
*/
public function access(Route $route, AccountInterface $account) {
// Requirements just allow strings, so this might be a comma separated list.
$rid_string = $route
->getRequirement('_role');
$explode_and = array_filter(array_map('trim', explode(',', $rid_string)));
if (count($explode_and) > 1) {
$diff = array_diff($explode_and, $account
->getRoles());
if (empty($diff)) {
return AccessResult::allowed()
->addCacheContexts([
'user.roles',
]);
}
}
else {
$explode_or = array_filter(array_map('trim', explode('+', $rid_string)));
$intersection = array_intersect($explode_or, $account
->getRoles());
if (!empty($intersection)) {
return AccessResult::allowed()
->addCacheContexts([
'user.roles',
]);
}
}
// If there is no allowed role, give other access checks a chance.
return AccessResult::neutral()
->addCacheContexts([
'user.roles',
]);
}
}
Members
Name | Modifiers | Type | Description | Overrides |
---|---|---|---|---|
RoleAccessCheck:: |
public | function | Checks access. |