function UserRegistrationResource::ensureAccountCanRegister

Same name and namespace in other branches
  1. 9 core/modules/user/src/Plugin/rest/resource/UserRegistrationResource.php \Drupal\user\Plugin\rest\resource\UserRegistrationResource::ensureAccountCanRegister()
  2. 8.9.x core/modules/user/src/Plugin/rest/resource/UserRegistrationResource.php \Drupal\user\Plugin\rest\resource\UserRegistrationResource::ensureAccountCanRegister()
  3. 11.x core/modules/user/src/Plugin/rest/resource/UserRegistrationResource.php \Drupal\user\Plugin\rest\resource\UserRegistrationResource::ensureAccountCanRegister()

Ensure the account can be registered in this request.

Parameters

\Drupal\user\UserInterface $account: The user account to register.

1 call to UserRegistrationResource::ensureAccountCanRegister()
UserRegistrationResource::post in core/modules/user/src/Plugin/rest/resource/UserRegistrationResource.php
Responds to user registration POST request.

File

core/modules/user/src/Plugin/rest/resource/UserRegistrationResource.php, line 154

Class

UserRegistrationResource
Represents user registration as a resource.

Namespace

Drupal\user\Plugin\rest\resource

Code

protected function ensureAccountCanRegister(?UserInterface $account = NULL) {
  if ($account === NULL) {
    throw new BadRequestHttpException('No user account data for registration received.');
  }
  // POSTed user accounts must not have an ID set, because we always want to
  // create new entities here.
  if (!$account->isNew()) {
    throw new BadRequestHttpException('An ID has been set and only new user accounts can be registered.');
  }
  // Only allow anonymous users to register, authenticated users with the
  // necessary permissions can POST a new user to the "user" REST resource.
  // @see \Drupal\rest\Plugin\rest\resource\EntityResource
  if (!$this->currentUser
    ->isAnonymous()) {
    throw new AccessDeniedHttpException('Only anonymous users can register a user.');
  }
  // Verify that the current user can register a user account.
  if ($this->userSettings
    ->get('register') == UserInterface::REGISTER_ADMINISTRATORS_ONLY) {
    throw new AccessDeniedHttpException('You cannot register a new user account.');
  }
  if (!$this->userSettings
    ->get('verify_mail')) {
    if (empty($account->getPassword())) {
      // If no email verification then the user must provide a password.
      throw new UnprocessableEntityHttpException('No password provided.');
    }
  }
  else {
    if (!empty($account->getPassword())) {
      // If email verification required then a password cannot provided.
      // The password will be set when the user logs in.
      throw new UnprocessableEntityHttpException('A Password cannot be specified. It will be generated on login.');
    }
  }
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.