public function AccessToken::hasPermission in Simple OAuth (OAuth2) & OpenID Connect 8

Checks if the current token allows the provided permission.

Parameters

string $permission: The requested permission.

Return value

bool TRUE if the permission is included. FALSE otherwise.

Overrides AccessTokenInterface::hasPermission

File

src/Entity/AccessToken.php, line 366

Class

AccessToken: Defines the Access Token entity.

Namespace

Drupal\simple_oauth\Entity

Code

public function hasPermission($permission) {
  if ($permission == 'refresh access token') {

    // You can only refresh the access token with a refresh token.
    return $this
      ->isRefreshToken();
  }
  $resource = $this
    ->get('resource')->entity;
  $token_permissions = $resource
    ->get('permissions') ?: [];

  // If the selected permission is not included in the list of permissions
  // for the resource attached to the token, then return FALSE.
  return $resource
    ->id() == 'global' || in_array($permission, $token_permissions);
}

You are here

public function AccessToken::hasPermission in Simple OAuth (OAuth2) & OpenID Connect 8

Parameters

Return value

File

Class

Namespace

Code

API Navigation