public function QueryAccessCheck::access in GraphQL 8.3
Same name and namespace in other branches
- 8.4 src/Access/QueryAccessCheck.php \Drupal\graphql\Access\QueryAccessCheck::access()
Checks access.
Parameters
\Drupal\Core\Session\AccountInterface $account: The currently logged in account.
Return value
\Drupal\Core\Access\AccessResultInterface The access result.
File
- src/
Access/ QueryAccessCheck.php, line 38
Class
Namespace
Drupal\graphql\AccessCode
public function access(AccountInterface $account) {
// If the user has the global permission to execute any query, let them.
if ($account
->hasPermission('execute graphql requests')) {
return AccessResult::allowed();
}
$request = $this->requestStack
->getCurrentRequest();
/** @var \GraphQL\Server\OperationParams[] $operations */
if (!($operations = $request->attributes
->get('operations', []))) {
return AccessResult::forbidden();
}
$operations = is_array($operations) ? $operations : [
$operations,
];
foreach ($operations as $operation) {
// If a query was provided by the user, this is an arbitrary query (it's
// not a persisted query). Hence, we only grant access if the user has the
// permission to execute any query.
if ($operation
->getOriginalInput('query')) {
return AccessResult::allowedIfHasPermission($account, 'execute graphql requests');
}
}
// If we reach this point, this is a persisted query.
return AccessResult::allowedIfHasPermission($account, 'execute persisted graphql requests');
}