Chris@0: <?php
Chris@0: 
Chris@0: namespace Drupal\Core\Access;
Chris@0: 
Chris@0: use Drupal\Core\ParamConverter\ParamConverterManagerInterface;
Chris@0: use Drupal\Core\ParamConverter\ParamNotConvertedException;
Chris@0: use Drupal\Core\Routing\RouteMatch;
Chris@0: use Drupal\Core\Routing\RouteMatchInterface;
Chris@0: use Drupal\Core\Routing\RouteProviderInterface;
Chris@0: use Drupal\Core\Session\AccountInterface;
Chris@0: use Drupal\Component\Utility\ArgumentsResolverInterface;
Chris@0: use Symfony\Component\HttpFoundation\Request;
Chris@0: use Symfony\Component\Routing\Exception\RouteNotFoundException;
Chris@0: use Symfony\Cmf\Component\Routing\RouteObjectInterface;
Chris@0: 
Chris@0: /**
Chris@0:  * Attaches access check services to routes and runs them on request.
Chris@0:  *
Chris@0:  * @see \Drupal\Tests\Core\Access\AccessManagerTest
Chris@0:  */
Chris@0: class AccessManager implements AccessManagerInterface {
Chris@0:   /**
Chris@0:    * The route provider.
Chris@0:    *
Chris@0:    * @var \Drupal\Core\Routing\RouteProviderInterface
Chris@0:    */
Chris@0:   protected $routeProvider;
Chris@0: 
Chris@0:   /**
Chris@0:    * The paramconverter manager.
Chris@0:    *
Chris@0:    * @var \Drupal\Core\ParamConverter\ParamConverterManagerInterface
Chris@0:    */
Chris@0:   protected $paramConverterManager;
Chris@0: 
Chris@0:   /**
Chris@0:    * The access arguments resolver.
Chris@0:    *
Chris@0:    * @var \Drupal\Core\Access\AccessArgumentsResolverFactoryInterface
Chris@0:    */
Chris@0:   protected $argumentsResolverFactory;
Chris@0: 
Chris@0:   /**
Chris@0:    * The current user.
Chris@0:    *
Chris@0:    * @var \Drupal\Core\Session\AccountInterface
Chris@0:    */
Chris@0:   protected $currentUser;
Chris@0: 
Chris@0:   /**
Chris@0:    * The check provider.
Chris@0:    *
Chris@0:    * @var \Drupal\Core\Access\CheckProviderInterface
Chris@0:    */
Chris@0:   protected $checkProvider;
Chris@0: 
Chris@0:   /**
Chris@0:    * Constructs a AccessManager instance.
Chris@0:    *
Chris@0:    * @param \Drupal\Core\Routing\RouteProviderInterface $route_provider
Chris@0:    *   The route provider.
Chris@0:    * @param \Drupal\Core\ParamConverter\ParamConverterManagerInterface $paramconverter_manager
Chris@0:    *   The param converter manager.
Chris@0:    * @param \Drupal\Core\Access\AccessArgumentsResolverFactoryInterface $arguments_resolver_factory
Chris@0:    *   The access arguments resolver.
Chris@0:    * @param \Drupal\Core\Session\AccountInterface $current_user
Chris@0:    *   The current user.
Chris@0:    * @param CheckProviderInterface $check_provider
Chris@0:    */
Chris@0:   public function __construct(RouteProviderInterface $route_provider, ParamConverterManagerInterface $paramconverter_manager, AccessArgumentsResolverFactoryInterface $arguments_resolver_factory, AccountInterface $current_user, CheckProviderInterface $check_provider) {
Chris@0:     $this->routeProvider = $route_provider;
Chris@0:     $this->paramConverterManager = $paramconverter_manager;
Chris@0:     $this->argumentsResolverFactory = $arguments_resolver_factory;
Chris@0:     $this->currentUser = $current_user;
Chris@0:     $this->checkProvider = $check_provider;
Chris@0:   }
Chris@0: 
Chris@0:   /**
Chris@0:    * {@inheritdoc}
Chris@0:    */
Chris@0:   public function checkNamedRoute($route_name, array $parameters = [], AccountInterface $account = NULL, $return_as_object = FALSE) {
Chris@0:     try {
Chris@0:       $route = $this->routeProvider->getRouteByName($route_name, $parameters);
Chris@0: 
Chris@0:       // ParamConverterManager relies on the route name and object being
Chris@0:       // available from the parameters array.
Chris@0:       $parameters[RouteObjectInterface::ROUTE_NAME] = $route_name;
Chris@0:       $parameters[RouteObjectInterface::ROUTE_OBJECT] = $route;
Chris@0:       $upcasted_parameters = $this->paramConverterManager->convert($parameters + $route->getDefaults());
Chris@0: 
Chris@0:       $route_match = new RouteMatch($route_name, $route, $upcasted_parameters, $parameters);
Chris@0:       return $this->check($route_match, $account, NULL, $return_as_object);
Chris@0:     }
Chris@0:     catch (RouteNotFoundException $e) {
Chris@0:       // Cacheable until extensions change.
Chris@0:       $result = AccessResult::forbidden()->addCacheTags(['config:core.extension']);
Chris@0:       return $return_as_object ? $result : $result->isAllowed();
Chris@0:     }
Chris@0:     catch (ParamNotConvertedException $e) {
Chris@0:       // Uncacheable because conversion of the parameter may not have been
Chris@0:       // possible due to dynamic circumstances.
Chris@0:       $result = AccessResult::forbidden()->setCacheMaxAge(0);
Chris@0:       return $return_as_object ? $result : $result->isAllowed();
Chris@0:     }
Chris@0:   }
Chris@0: 
Chris@0:   /**
Chris@0:    * {@inheritdoc}
Chris@0:    */
Chris@0:   public function checkRequest(Request $request, AccountInterface $account = NULL, $return_as_object = FALSE) {
Chris@0:     $route_match = RouteMatch::createFromRequest($request);
Chris@0:     return $this->check($route_match, $account, $request, $return_as_object);
Chris@0:   }
Chris@0: 
Chris@0:   /**
Chris@0:    * {@inheritdoc}
Chris@0:    */
Chris@0:   public function check(RouteMatchInterface $route_match, AccountInterface $account = NULL, Request $request = NULL, $return_as_object = FALSE) {
Chris@0:     if (!isset($account)) {
Chris@0:       $account = $this->currentUser;
Chris@0:     }
Chris@0:     $route = $route_match->getRouteObject();
Chris@0:     $checks = $route->getOption('_access_checks') ?: [];
Chris@0: 
Chris@0:     // Filter out checks which require the incoming request.
Chris@0:     if (!isset($request)) {
Chris@0:       $checks = array_diff($checks, $this->checkProvider->getChecksNeedRequest());
Chris@0:     }
Chris@0: 
Chris@0:     $result = AccessResult::neutral();
Chris@0:     if (!empty($checks)) {
Chris@0:       $arguments_resolver = $this->argumentsResolverFactory->getArgumentsResolver($route_match, $account, $request);
Chris@0:       $result = AccessResult::allowed();
Chris@0:       foreach ($checks as $service_id) {
Chris@0:         $result = $result->andIf($this->performCheck($service_id, $arguments_resolver));
Chris@0:       }
Chris@0:     }
Chris@0:     return $return_as_object ? $result : $result->isAllowed();
Chris@0:   }
Chris@0: 
Chris@0:   /**
Chris@0:    * Performs the specified access check.
Chris@0:    *
Chris@0:    * @param string $service_id
Chris@0:    *   The access check service ID to use.
Chris@0:    * @param \Drupal\Component\Utility\ArgumentsResolverInterface $arguments_resolver
Chris@0:    *   The parametrized arguments resolver instance.
Chris@0:    *
Chris@0:    * @return \Drupal\Core\Access\AccessResultInterface
Chris@0:    *   The access result.
Chris@0:    *
Chris@0:    * @throws \Drupal\Core\Access\AccessException
Chris@0:    *   Thrown when the access check returns an invalid value.
Chris@0:    */
Chris@0:   protected function performCheck($service_id, ArgumentsResolverInterface $arguments_resolver) {
Chris@0:     $callable = $this->checkProvider->loadCheck($service_id);
Chris@0:     $arguments = $arguments_resolver->getArguments($callable);
Chris@0:     /** @var \Drupal\Core\Access\AccessResultInterface $service_access **/
Chris@0:     $service_access = call_user_func_array($callable, $arguments);
Chris@0: 
Chris@0:     if (!$service_access instanceof AccessResultInterface) {
Chris@0:       throw new AccessException("Access error in $service_id. Access services must return an object that implements AccessResultInterface.");
Chris@0:     }
Chris@0: 
Chris@0:     return $service_access;
Chris@0:   }
Chris@0: 
Chris@0: }