public function QueryAccessCheck::access in GraphQL 8.4
Same name and namespace in other branches
- 8.3 src/Access/QueryAccessCheck.php \Drupal\graphql\Access\QueryAccessCheck::access()
Checks access.
Parameters
\Drupal\Core\Session\AccountInterface $account: The currently logged in account.
\Drupal\graphql\Entity\ServerInterface $graphql_server: The server instance.
Return value
\Drupal\Core\Access\AccessResultInterface The access result.
File
- src/
Access/ QueryAccessCheck.php, line 44
Class
- QueryAccessCheck
- Grants access to executing arbitrary GraphQL queries on the defined servers.
Namespace
Drupal\graphql\AccessCode
public function access(AccountInterface $account, ServerInterface $graphql_server) {
if ($account
->hasPermission('bypass graphql access')) {
return AccessResult::allowed();
}
$id = $graphql_server
->id();
// If the user has the global permission to execute any query, let them.
if ($account
->hasPermission("execute {$id} arbitrary graphql requests")) {
return AccessResult::allowed();
}
$request = $this->requestStack
->getCurrentRequest();
$operations = $request->attributes
->get('operations', []);
if (!$operations) {
return AccessResult::forbidden();
}
$operations = is_array($operations) ? $operations : [
$operations,
];
foreach ($operations as $operation) {
// If a query was provided by the user, this is an arbitrary query (it's
// not a persisted query). Hence, we only grant access if the user has the
// permission to execute any query.
/** @var \GraphQL\Server\OperationParams $operation */
if ($operation
->getOriginalInput('query')) {
return AccessResult::allowedIfHasPermission($account, "execute {$id} arbitrary graphql requests");
}
}
// If we reach this point, this is a persisted query.
return AccessResult::allowedIfHasPermission($account, "execute {$id} persisted graphql requests");
}