class AccessManager

Same name in other branches
  1. 9 core/lib/Drupal/Core/Access/AccessManager.php \Drupal\Core\Access\AccessManager
  2. 8.9.x core/lib/Drupal/Core/Access/AccessManager.php \Drupal\Core\Access\AccessManager
  3. 11.x core/lib/Drupal/Core/Access/AccessManager.php \Drupal\Core\Access\AccessManager

Attaches access check services to routes and runs them on request.

Hierarchy

  • class \Drupal\Core\Access\AccessManager implements \Drupal\Core\Access\AccessManagerInterface

Expanded class hierarchy of AccessManager

See also

\Drupal\Tests\Core\Access\AccessManagerTest

1 file declares its use of AccessManager
AccessManagerTest.php in core/tests/Drupal/Tests/Core/Access/AccessManagerTest.php
2 string references to 'AccessManager'
core.services.yml in core/core.services.yml
core/core.services.yml
LocalTaskIntegrationTestBase::getLocalTaskManager in core/tests/Drupal/Tests/Core/Menu/LocalTaskIntegrationTestBase.php
Sets up the local task manager for the test.
1 service uses AccessManager
access_manager in core/core.services.yml
Drupal\Core\Access\AccessManager

File

core/lib/Drupal/Core/Access/AccessManager.php, line 21

Namespace

Drupal\Core\Access
View source
class AccessManager implements AccessManagerInterface {
    
    /**
     * The route provider.
     *
     * @var \Drupal\Core\Routing\RouteProviderInterface
     */
    protected $routeProvider;
    
    /**
     * The paramconverter manager.
     *
     * @var \Drupal\Core\ParamConverter\ParamConverterManagerInterface
     */
    protected $paramConverterManager;
    
    /**
     * The access arguments resolver.
     *
     * @var \Drupal\Core\Access\AccessArgumentsResolverFactoryInterface
     */
    protected $argumentsResolverFactory;
    
    /**
     * The current user.
     *
     * @var \Drupal\Core\Session\AccountInterface
     */
    protected $currentUser;
    
    /**
     * The check provider.
     *
     * @var \Drupal\Core\Access\CheckProviderInterface
     */
    protected $checkProvider;
    
    /**
     * Constructs an AccessManager instance.
     *
     * @param \Drupal\Core\Routing\RouteProviderInterface $route_provider
     *   The route provider.
     * @param \Drupal\Core\ParamConverter\ParamConverterManagerInterface $paramconverter_manager
     *   The param converter manager.
     * @param \Drupal\Core\Access\AccessArgumentsResolverFactoryInterface $arguments_resolver_factory
     *   The access arguments resolver.
     * @param \Drupal\Core\Session\AccountInterface $current_user
     *   The current user.
     * @param CheckProviderInterface $check_provider
     *   The check access provider.
     */
    public function __construct(RouteProviderInterface $route_provider, ParamConverterManagerInterface $paramconverter_manager, AccessArgumentsResolverFactoryInterface $arguments_resolver_factory, AccountInterface $current_user, CheckProviderInterface $check_provider) {
        $this->routeProvider = $route_provider;
        $this->paramConverterManager = $paramconverter_manager;
        $this->argumentsResolverFactory = $arguments_resolver_factory;
        $this->currentUser = $current_user;
        $this->checkProvider = $check_provider;
    }
    
    /**
     * {@inheritdoc}
     */
    public function checkNamedRoute($route_name, array $parameters = [], ?AccountInterface $account = NULL, $return_as_object = FALSE) {
        try {
            $route = $this->routeProvider
                ->getRouteByName($route_name);
            // ParamConverterManager relies on the route name and object being
            // available from the parameters array.
            $parameters[RouteObjectInterface::ROUTE_NAME] = $route_name;
            $parameters[RouteObjectInterface::ROUTE_OBJECT] = $route;
            $upcasted_parameters = $this->paramConverterManager
                ->convert($parameters + $route->getDefaults());
            $route_match = new RouteMatch($route_name, $route, $upcasted_parameters, $parameters);
            return $this->check($route_match, $account, NULL, $return_as_object);
        } catch (RouteNotFoundException $e) {
            // Cacheable until extensions change.
            $result = AccessResult::forbidden()->addCacheTags([
                'config:core.extension',
            ]);
            return $return_as_object ? $result : $result->isAllowed();
        } catch (ParamNotConvertedException $e) {
            // Uncacheable because conversion of the parameter may not have been
            // possible due to dynamic circumstances.
            $result = AccessResult::forbidden()->setCacheMaxAge(0);
            return $return_as_object ? $result : $result->isAllowed();
        }
    }
    
    /**
     * {@inheritdoc}
     */
    public function checkRequest(Request $request, ?AccountInterface $account = NULL, $return_as_object = FALSE) {
        $route_match = RouteMatch::createFromRequest($request);
        return $this->check($route_match, $account, $request, $return_as_object);
    }
    
    /**
     * {@inheritdoc}
     */
    public function check(RouteMatchInterface $route_match, ?AccountInterface $account = NULL, ?Request $request = NULL, $return_as_object = FALSE) {
        if (!isset($account)) {
            $account = $this->currentUser;
        }
        $route = $route_match->getRouteObject();
        $checks = $route->getOption('_access_checks') ?: [];
        // Filter out checks which require the incoming request.
        if (!isset($request)) {
            $checks = array_diff($checks, $this->checkProvider
                ->getChecksNeedRequest());
        }
        $result = AccessResult::neutral();
        if (!empty($checks)) {
            $arguments_resolver = $this->argumentsResolverFactory
                ->getArgumentsResolver($route_match, $account, $request);
            $result = AccessResult::allowed();
            foreach ($checks as $service_id) {
                $result = $result->andIf($this->performCheck($service_id, $arguments_resolver));
            }
        }
        return $return_as_object ? $result : $result->isAllowed();
    }
    
    /**
     * Performs the specified access check.
     *
     * @param string $service_id
     *   The access check service ID to use.
     * @param \Drupal\Component\Utility\ArgumentsResolverInterface $arguments_resolver
     *   The parametrized arguments resolver instance.
     *
     * @return \Drupal\Core\Access\AccessResultInterface
     *   The access result.
     *
     * @throws \Drupal\Core\Access\AccessException
     *   Thrown when the access check returns an invalid value.
     */
    protected function performCheck($service_id, ArgumentsResolverInterface $arguments_resolver) {
        $callable = $this->checkProvider
            ->loadCheck($service_id);
        $arguments = $arguments_resolver->getArguments($callable);
        
        /** @var \Drupal\Core\Access\AccessResultInterface $service_access **/
        $service_access = call_user_func_array($callable, $arguments);
        if (!$service_access instanceof AccessResultInterface) {
            throw new AccessException("Access error in {$service_id}. Access services must return an object that implements AccessResultInterface.");
        }
        return $service_access;
    }

}

Members

Title Sort descending Modifiers Object type Summary
AccessManager::$argumentsResolverFactory protected property The access arguments resolver.
AccessManager::$checkProvider protected property The check provider.
AccessManager::$currentUser protected property The current user.
AccessManager::$paramConverterManager protected property The paramconverter manager.
AccessManager::$routeProvider protected property The route provider.
AccessManager::check public function
AccessManager::checkNamedRoute public function
AccessManager::checkRequest public function
AccessManager::performCheck protected function Performs the specified access check.
AccessManager::__construct public function Constructs an AccessManager instance.

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.