interface AccessResultInterface

Same name in other branches
  1. 9 core/lib/Drupal/Core/Access/AccessResultInterface.php \Drupal\Core\Access\AccessResultInterface
  2. 10 core/lib/Drupal/Core/Access/AccessResultInterface.php \Drupal\Core\Access\AccessResultInterface
  3. 11.x core/lib/Drupal/Core/Access/AccessResultInterface.php \Drupal\Core\Access\AccessResultInterface

Interface for access result value objects.

IMPORTANT NOTE: You have to call isAllowed() when you want to know whether someone has access. Just using

if ($access_result) {
    // The user has access!
}
else {
    // The user doesn't have access!
}

would never enter the else-statement and hence introduce a critical security issue.

Hierarchy

Expanded class hierarchy of AccessResultInterface

All classes that implement AccessResultInterface

13 files declare their use of AccessResultInterface
AccessibleTestingTrait.php in core/modules/block_content/tests/src/Unit/Access/AccessibleTestingTrait.php
AccessResultTest.php in core/tests/Drupal/Tests/Core/Access/AccessResultTest.php
Contains \Drupal\Tests\Core\Access\AccessResultTest.
BlockPluginHasSettingsTrayFormAccessCheckTest.php in core/modules/settings_tray/tests/src/Unit/Access/BlockPluginHasSettingsTrayFormAccessCheckTest.php
Element.php in core/lib/Drupal/Core/Render/Element.php
EntityAccessDeniedHttpException.php in core/modules/jsonapi/src/Exception/EntityAccessDeniedHttpException.php

... See full list

File

core/lib/Drupal/Core/Access/AccessResultInterface.php, line 21

Namespace

Drupal\Core\Access
View source
interface AccessResultInterface {
    
    /**
     * Checks whether this access result indicates access is explicitly allowed.
     *
     * @return bool
     *   When TRUE then isForbidden() and isNeutral() are FALSE.
     */
    public function isAllowed();
    
    /**
     * Checks whether this access result indicates access is explicitly forbidden.
     *
     * This is a kill switch — both orIf() and andIf() will result in
     * isForbidden() if either results are isForbidden().
     *
     * @return bool
     *   When TRUE then isAllowed() and isNeutral() are FALSE.
     */
    public function isForbidden();
    
    /**
     * Checks whether this access result indicates access is not yet determined.
     *
     * @return bool
     *   When TRUE then isAllowed() and isForbidden() are FALSE.
     */
    public function isNeutral();
    
    /**
     * Combine this access result with another using OR.
     *
     * When OR-ing two access results, the result is:
     * - isForbidden() in either ⇒ isForbidden()
     * - otherwise if isAllowed() in either ⇒ isAllowed()
     * - otherwise both must be isNeutral() ⇒ isNeutral()
     *
     * Truth table:
     * @code
     *   |A N F
     * --+-----
     * A |A A F
     * N |A N F
     * F |F F F
     * @endcode
     *
     * @param \Drupal\Core\Access\AccessResultInterface $other
     *   The other access result to OR this one with.
     *
     * @return static
     */
    public function orIf(AccessResultInterface $other);
    
    /**
     * Combine this access result with another using AND.
     *
     * When AND-ing two access results, the result is:
     * - isForbidden() in either ⇒ isForbidden()
     * - otherwise, if isAllowed() in both ⇒ isAllowed()
     * - otherwise, one of them is isNeutral()  ⇒ isNeutral()
     *
     * Truth table:
     * @code
     *   |A N F
     * --+-----
     * A |A N F
     * N |N N F
     * F |F F F
     * @endcode
     *
     * @param \Drupal\Core\Access\AccessResultInterface $other
     *   The other access result to AND this one with.
     *
     * @return static
     */
    public function andIf(AccessResultInterface $other);

}

Members

Title Sort descending Modifiers Object type Summary Overrides
AccessResultInterface::andIf public function Combine this access result with another using AND. 2
AccessResultInterface::isAllowed public function Checks whether this access result indicates access is explicitly allowed. 2
AccessResultInterface::isForbidden public function Checks whether this access result indicates access is explicitly forbidden. 2
AccessResultInterface::isNeutral public function Checks whether this access result indicates access is not yet determined. 2
AccessResultInterface::orIf public function Combine this access result with another using OR. 2

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.