Mercurial > hg > isophonics-drupal-site
view core/modules/user/src/Access/RoleAccessCheck.php @ 0:4c8ae668cc8c
Initial import (non-working)
author | Chris Cannam |
---|---|
date | Wed, 29 Nov 2017 16:09:58 +0000 |
parents | |
children |
line wrap: on
line source
<?php namespace Drupal\user\Access; use Drupal\Core\Access\AccessResult; use Drupal\Core\Routing\Access\AccessInterface; use Drupal\Core\Session\AccountInterface; use Symfony\Component\Routing\Route; /** * Determines access to routes based on roles. * * You can specify the '_role' key on route requirements. If you specify a * single role, users with that role with have access. If you specify multiple * ones you can conjunct them with AND by using a "," and with OR by using "+". */ class RoleAccessCheck implements AccessInterface { /** * Checks access. * * @param \Symfony\Component\Routing\Route $route * The route to check against. * @param \Drupal\Core\Session\AccountInterface $account * The currently logged in account. * * @return \Drupal\Core\Access\AccessResultInterface * The access result. */ public function access(Route $route, AccountInterface $account) { // Requirements just allow strings, so this might be a comma separated list. $rid_string = $route->getRequirement('_role'); $explode_and = array_filter(array_map('trim', explode(',', $rid_string))); if (count($explode_and) > 1) { $diff = array_diff($explode_and, $account->getRoles()); if (empty($diff)) { return AccessResult::allowed()->addCacheContexts(['user.roles']); } } else { $explode_or = array_filter(array_map('trim', explode('+', $rid_string))); $intersection = array_intersect($explode_or, $account->getRoles()); if (!empty($intersection)) { return AccessResult::allowed()->addCacheContexts(['user.roles']); } } // If there is no allowed role, give other access checks a chance. return AccessResult::neutral()->addCacheContexts(['user.roles']); } }