PermissionsHashGenerator.php

Same filename in other branches
  1. 9 core/lib/Drupal/Core/Session/PermissionsHashGenerator.php
  2. 8.9.x core/lib/Drupal/Core/Session/PermissionsHashGenerator.php
  3. 10 core/lib/Drupal/Core/Session/PermissionsHashGenerator.php

Namespace

Drupal\Core\Session

File

core/lib/Drupal/Core/Session/PermissionsHashGenerator.php

View source 
<?php

namespace Drupal\Core\Session;

use Drupal\Core\Cache\CacheableMetadata;
use Drupal\Core\PrivateKey;
use Drupal\Core\Cache\Cache;
use Drupal\Core\Cache\CacheBackendInterface;
use Drupal\Core\Site\Settings;

/**
 * Generates and caches the permissions hash for a user.
 */
class PermissionsHashGenerator implements PermissionsHashGeneratorInterface {
    
    /**
     * Constructs a PermissionsHashGenerator object.
     *
     * @param \Drupal\Core\PrivateKey $privateKey
     *   The private key service.
     * @param \Drupal\Core\Cache\CacheBackendInterface $static
     *   The cache backend interface to use for the static cache.
     * @param \Drupal\Core\Session\AccessPolicyProcessorInterface $processor
     *   The access policy processor.
     */
    public function __construct(PrivateKey $privateKey, CacheBackendInterface $static, AccessPolicyProcessorInterface $processor) {
    }
    
    /**
     * {@inheritdoc}
     */
    public function generate(AccountInterface $account) {
        // We can use a simple per-user static cache here because we already cache
        // the permissions more efficiently in the access policy processor. On top
        // of that, there is only a tiny chance of a hash being generated for more
        // than one account during a single request.
        $cid = 'permissions_hash_' . $account->id();
        // Retrieve the hash from the static cache if available.
        if ($static_cache = $this->static
            ->get($cid)) {
            return $static_cache->data;
        }
        // Otherwise hash the permissions and store them in the static cache.
        $calculated_permissions = $this->processor
            ->processAccessPolicies($account);
        $item = $calculated_permissions->getItem();
        // This should never happen, but in case nothing defined permissions for the
        // current user, even if empty, we need to have _some_ hash too.
        if ($item === FALSE) {
            $hash = 'no-access-policies';
        }
        elseif ($item->isAdmin()) {
            $hash = 'is-admin';
        }
        else {
            $permissions = $item->getPermissions();
            sort($permissions);
            $hash = $this->hash(serialize($permissions));
        }
        $this->static
            ->set($cid, $hash, Cache::PERMANENT, $calculated_permissions->getCacheTags());
        return $hash;
    }
    
    /**
     * {@inheritdoc}
     */
    public function getCacheableMetadata(AccountInterface $account) : CacheableMetadata {
        return CacheableMetadata::createFromObject($this->processor
            ->processAccessPolicies($account));
    }
    
    /**
     * Hashes the given string.
     *
     * @param string $identifier
     *   The string to be hashed.
     *
     * @return string
     *   The hash.
     */
    protected function hash($identifier) {
        return hash('sha256', $this->privateKey
            ->get() . Settings::getHashSalt() . $identifier);
    }

}

Classes

Title Deprecated Summary
PermissionsHashGenerator Generates and caches the permissions hash for a user.

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.