class AccessDeniedSubscriber

Same name in other branches
  1. 9 core/modules/user/src/EventSubscriber/AccessDeniedSubscriber.php \Drupal\user\EventSubscriber\AccessDeniedSubscriber
  2. 8.9.x core/modules/user/src/EventSubscriber/AccessDeniedSubscriber.php \Drupal\user\EventSubscriber\AccessDeniedSubscriber
  3. 10 core/modules/user/src/EventSubscriber/AccessDeniedSubscriber.php \Drupal\user\EventSubscriber\AccessDeniedSubscriber

Redirects users when access is denied.

Anonymous users are taken to the login page when attempting to access the user profile pages. Authenticated users are redirected from the login form to their profile page and from the user registration form to their profile edit form.

Hierarchy

  • class \Drupal\Core\EventSubscriber\HttpExceptionSubscriberBase implements \Symfony\Component\EventDispatcher\EventSubscriberInterface
    • class \Drupal\user\EventSubscriber\AccessDeniedSubscriber extends \Drupal\Core\EventSubscriber\HttpExceptionSubscriberBase

Expanded class hierarchy of AccessDeniedSubscriber

1 string reference to 'AccessDeniedSubscriber'
user.services.yml in core/modules/user/user.services.yml
core/modules/user/user.services.yml
1 service uses AccessDeniedSubscriber
user_access_denied_subscriber in core/modules/user/user.services.yml
Drupal\user\EventSubscriber\AccessDeniedSubscriber

File

core/modules/user/src/EventSubscriber/AccessDeniedSubscriber.php, line 20

Namespace

Drupal\user\EventSubscriber
View source 
class AccessDeniedSubscriber extends HttpExceptionSubscriberBase {
    
    /**
     * The current user.
     *
     * @var \Drupal\Core\Session\AccountInterface
     */
    protected $account;
    
    /**
     * Constructs a new redirect subscriber.
     *
     * @param \Drupal\Core\Session\AccountInterface $account
     *   The current user.
     */
    public function __construct(AccountInterface $account) {
        $this->account = $account;
    }
    
    /**
     * {@inheritdoc}
     */
    protected function getHandledFormats() : array {
        return [
            'html',
        ];
    }
    
    /**
     * {@inheritdoc}
     */
    protected static function getPriority() : int {
        // Use a higher priority than ExceptionLoggingSubscriber, because there's
        // no need to log the exception if we can redirect.
        // @see Drupal\Core\EventSubscriber\ExceptionLoggingSubscriber
        return 75;
    }
    
    /**
     * Redirects users when access is denied.
     *
     * @param \Symfony\Component\HttpKernel\Event\ExceptionEvent $event
     *   The event to process.
     */
    public function on403(ExceptionEvent $event) : void {
        $route_name = RouteMatch::createFromRequest($event->getRequest())
            ->getRouteName();
        $redirect_url = NULL;
        if ($this->account
            ->isAuthenticated()) {
            switch ($route_name) {
                case 'user.login':
                    // Redirect an authenticated user to the profile page.
                    $redirect_url = Url::fromRoute('entity.user.canonical', [
                        'user' => $this->account
                            ->id(),
                    ], [
                        'absolute' => TRUE,
                    ]);
                    break;
                case 'user.register':
                    // Redirect an authenticated user to the profile form.
                    $redirect_url = Url::fromRoute('entity.user.edit_form', [
                        'user' => $this->account
                            ->id(),
                    ], [
                        'absolute' => TRUE,
                    ]);
                    break;
            }
        }
        elseif ($route_name === 'user.page') {
            $redirect_url = Url::fromRoute('user.login', [], [
                'absolute' => TRUE,
            ]);
        }
        elseif (in_array($route_name, [
            'user.logout',
            'user.logout.confirm',
        ], TRUE)) {
            $redirect_url = Url::fromRoute('<front>', [], [
                'absolute' => TRUE,
            ]);
        }
        if ($redirect_url) {
            $event->setResponse(new RedirectResponse($redirect_url->toString()));
        }
    }

}

Members

Title Modifiers Object type Summary Overriden Title Overrides
AccessDeniedSubscriber::$account protected property The current user.
AccessDeniedSubscriber::getHandledFormats protected function Specifies the request formats this subscriber will respond to. Overrides HttpExceptionSubscriberBase::getHandledFormats
AccessDeniedSubscriber::getPriority protected static function Specifies the priority of all listeners in this class. Overrides HttpExceptionSubscriberBase::getPriority
AccessDeniedSubscriber::on403 public function Redirects users when access is denied.
AccessDeniedSubscriber::__construct public function Constructs a new redirect subscriber.
HttpExceptionSubscriberBase::getSubscribedEvents public static function Registers the methods in this class that should be listeners. 1
HttpExceptionSubscriberBase::onException public function Handles errors for this subscriber. 1

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.