class AccessManager
Same name in other branches
- 9 core/lib/Drupal/Core/Access/AccessManager.php \Drupal\Core\Access\AccessManager
- 8.9.x core/lib/Drupal/Core/Access/AccessManager.php \Drupal\Core\Access\AccessManager
- 11.x core/lib/Drupal/Core/Access/AccessManager.php \Drupal\Core\Access\AccessManager
Attaches access check services to routes and runs them on request.
Hierarchy
- class \Drupal\Core\Access\AccessManager implements \Drupal\Core\Access\AccessManagerInterface
Expanded class hierarchy of AccessManager
See also
\Drupal\Tests\Core\Access\AccessManagerTest
1 file declares its use of AccessManager
- AccessManagerTest.php in core/
tests/ Drupal/ Tests/ Core/ Access/ AccessManagerTest.php
2 string references to 'AccessManager'
- core.services.yml in core/
core.services.yml - core/core.services.yml
- LocalTaskIntegrationTestBase::getLocalTaskManager in core/
tests/ Drupal/ Tests/ Core/ Menu/ LocalTaskIntegrationTestBase.php - Sets up the local task manager for the test.
1 service uses AccessManager
File
-
core/
lib/ Drupal/ Core/ Access/ AccessManager.php, line 21
Namespace
Drupal\Core\AccessView source
class AccessManager implements AccessManagerInterface {
/**
* The route provider.
*
* @var \Drupal\Core\Routing\RouteProviderInterface
*/
protected $routeProvider;
/**
* The paramconverter manager.
*
* @var \Drupal\Core\ParamConverter\ParamConverterManagerInterface
*/
protected $paramConverterManager;
/**
* The access arguments resolver.
*
* @var \Drupal\Core\Access\AccessArgumentsResolverFactoryInterface
*/
protected $argumentsResolverFactory;
/**
* The current user.
*
* @var \Drupal\Core\Session\AccountInterface
*/
protected $currentUser;
/**
* The check provider.
*
* @var \Drupal\Core\Access\CheckProviderInterface
*/
protected $checkProvider;
/**
* Constructs an AccessManager instance.
*
* @param \Drupal\Core\Routing\RouteProviderInterface $route_provider
* The route provider.
* @param \Drupal\Core\ParamConverter\ParamConverterManagerInterface $paramconverter_manager
* The param converter manager.
* @param \Drupal\Core\Access\AccessArgumentsResolverFactoryInterface $arguments_resolver_factory
* The access arguments resolver.
* @param \Drupal\Core\Session\AccountInterface $current_user
* The current user.
* @param CheckProviderInterface $check_provider
* The check access provider.
*/
public function __construct(RouteProviderInterface $route_provider, ParamConverterManagerInterface $paramconverter_manager, AccessArgumentsResolverFactoryInterface $arguments_resolver_factory, AccountInterface $current_user, CheckProviderInterface $check_provider) {
$this->routeProvider = $route_provider;
$this->paramConverterManager = $paramconverter_manager;
$this->argumentsResolverFactory = $arguments_resolver_factory;
$this->currentUser = $current_user;
$this->checkProvider = $check_provider;
}
/**
* {@inheritdoc}
*/
public function checkNamedRoute($route_name, array $parameters = [], ?AccountInterface $account = NULL, $return_as_object = FALSE) {
try {
$route = $this->routeProvider
->getRouteByName($route_name);
// ParamConverterManager relies on the route name and object being
// available from the parameters array.
$parameters[RouteObjectInterface::ROUTE_NAME] = $route_name;
$parameters[RouteObjectInterface::ROUTE_OBJECT] = $route;
$upcasted_parameters = $this->paramConverterManager
->convert($parameters + $route->getDefaults());
$route_match = new RouteMatch($route_name, $route, $upcasted_parameters, $parameters);
return $this->check($route_match, $account, NULL, $return_as_object);
} catch (RouteNotFoundException $e) {
// Cacheable until extensions change.
$result = AccessResult::forbidden()->addCacheTags([
'config:core.extension',
]);
return $return_as_object ? $result : $result->isAllowed();
} catch (ParamNotConvertedException $e) {
// Uncacheable because conversion of the parameter may not have been
// possible due to dynamic circumstances.
$result = AccessResult::forbidden()->setCacheMaxAge(0);
return $return_as_object ? $result : $result->isAllowed();
}
}
/**
* {@inheritdoc}
*/
public function checkRequest(Request $request, ?AccountInterface $account = NULL, $return_as_object = FALSE) {
$route_match = RouteMatch::createFromRequest($request);
return $this->check($route_match, $account, $request, $return_as_object);
}
/**
* {@inheritdoc}
*/
public function check(RouteMatchInterface $route_match, ?AccountInterface $account = NULL, ?Request $request = NULL, $return_as_object = FALSE) {
if (!isset($account)) {
$account = $this->currentUser;
}
$route = $route_match->getRouteObject();
$checks = $route->getOption('_access_checks') ?: [];
// Filter out checks which require the incoming request.
if (!isset($request)) {
$checks = array_diff($checks, $this->checkProvider
->getChecksNeedRequest());
}
$result = AccessResult::neutral();
if (!empty($checks)) {
$arguments_resolver = $this->argumentsResolverFactory
->getArgumentsResolver($route_match, $account, $request);
$result = AccessResult::allowed();
foreach ($checks as $service_id) {
$result = $result->andIf($this->performCheck($service_id, $arguments_resolver));
}
}
return $return_as_object ? $result : $result->isAllowed();
}
/**
* Performs the specified access check.
*
* @param string $service_id
* The access check service ID to use.
* @param \Drupal\Component\Utility\ArgumentsResolverInterface $arguments_resolver
* The parametrized arguments resolver instance.
*
* @return \Drupal\Core\Access\AccessResultInterface
* The access result.
*
* @throws \Drupal\Core\Access\AccessException
* Thrown when the access check returns an invalid value.
*/
protected function performCheck($service_id, ArgumentsResolverInterface $arguments_resolver) {
$callable = $this->checkProvider
->loadCheck($service_id);
$arguments = $arguments_resolver->getArguments($callable);
/** @var \Drupal\Core\Access\AccessResultInterface $service_access **/
$service_access = call_user_func_array($callable, $arguments);
if (!$service_access instanceof AccessResultInterface) {
throw new AccessException("Access error in {$service_id}. Access services must return an object that implements AccessResultInterface.");
}
return $service_access;
}
}
Members
Title Sort descending | Modifiers | Object type | Summary |
---|---|---|---|
AccessManager::$argumentsResolverFactory | protected | property | The access arguments resolver. |
AccessManager::$checkProvider | protected | property | The check provider. |
AccessManager::$currentUser | protected | property | The current user. |
AccessManager::$paramConverterManager | protected | property | The paramconverter manager. |
AccessManager::$routeProvider | protected | property | The route provider. |
AccessManager::check | public | function | |
AccessManager::checkNamedRoute | public | function | |
AccessManager::checkRequest | public | function | |
AccessManager::performCheck | protected | function | Performs the specified access check. |
AccessManager::__construct | public | function | Constructs an AccessManager instance. |
Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.