interface AccessResultInterface
Same name and namespace in other branches
- 8.9.x core/lib/Drupal/Core/Access/AccessResultInterface.php \Drupal\Core\Access\AccessResultInterface
- 10 core/lib/Drupal/Core/Access/AccessResultInterface.php \Drupal\Core\Access\AccessResultInterface
- 11.x core/lib/Drupal/Core/Access/AccessResultInterface.php \Drupal\Core\Access\AccessResultInterface
Interface for access result value objects.
IMPORTANT NOTE: You have to call isAllowed() when you want to know whether someone has access. Just using
if ($access_result) {
// The user has access!
}
else {
// The user doesn't have access!
}would never enter the else-statement and hence introduce a critical security issue.
Hierarchy
- interface \Drupal\Core\Access\AccessResultInterface
Expanded class hierarchy of AccessResultInterface
All classes that implement AccessResultInterface
16 files declare their use of AccessResultInterface
- AccessibleTestingTrait.php in core/
modules/ block_content/ tests/ src/ Unit/ Access/ AccessibleTestingTrait.php - AccessResultTest.php in core/
tests/ Drupal/ Tests/ Core/ Access/ AccessResultTest.php - Contains \Drupal\Tests\Core\Access\AccessResultTest.
- BlockPluginHasSettingsTrayFormAccessCheckTest.php in core/
modules/ settings_tray/ tests/ src/ Unit/ Access/ BlockPluginHasSettingsTrayFormAccessCheckTest.php - CKEditor5MediaController.php in core/
modules/ ckeditor5/ src/ Controller/ CKEditor5MediaController.php - Element.php in core/
lib/ Drupal/ Core/ Render/ Element.php
File
-
core/
lib/ Drupal/ Core/ Access/ AccessResultInterface.php, line 21
Namespace
Drupal\Core\AccessView source
interface AccessResultInterface {
/**
* Checks whether this access result indicates access is explicitly allowed.
*
* Call this method to check whether someone has access, to convert an access
* result object to boolean.
*
* @return bool
* When TRUE then isForbidden() and isNeutral() are FALSE.
*/
public function isAllowed();
/**
* Checks whether this access result indicates access is explicitly forbidden.
*
* Call this when optimizing an access checker (for hook_entity_access() or a
* route requirement): if this is TRUE, the final result will be forbidden and
* no further checking is necessary.
*
* Do not use this method to decide whether someone has access, to convert an
* access result to boolean: just because this returns FALSE, the end result
* might be neutral which is not allowed. Always use isAllowed() for this.
*
* @return bool
* When TRUE then isAllowed() and isNeutral() are FALSE.
*/
public function isForbidden();
/**
* Checks whether this access result indicates access is not yet determined.
*
* @return bool
* When TRUE then isAllowed() and isForbidden() are FALSE.
*
* @internal
*/
public function isNeutral();
/**
* Combine this access result with another using OR.
*
* When ORing two access results, the result is:
* - isForbidden() in either ⇒ isForbidden()
* - otherwise if isAllowed() in either ⇒ isAllowed()
* - otherwise both must be isNeutral() ⇒ isNeutral()
*
* Truth table:
* @code
* |A N F
* --+-----
* A |A A F
* N |A N F
* F |F F F
* @endcode
*
* @param \Drupal\Core\Access\AccessResultInterface $other
* The other access result to OR this one with.
*
* @return static
*/
public function orIf(AccessResultInterface $other);
/**
* Combine this access result with another using AND.
*
* When AND is performed on two access results, the result is:
* - isForbidden() in either ⇒ isForbidden()
* - otherwise, if isAllowed() in both ⇒ isAllowed()
* - otherwise, one of them is isNeutral() ⇒ isNeutral()
*
* Truth table:
* @code
* |A N F
* --+-----
* A |A N F
* N |N N F
* F |F F F
* @endcode
*
* @param \Drupal\Core\Access\AccessResultInterface $other
* The other access result to AND this one with.
*
* @return static
*/
public function andIf(AccessResultInterface $other);
}Members
| Title Sort descending | Modifiers | Object type | Summary | Overrides |
|---|---|---|---|---|
| AccessResultInterface::andIf | public | function | Combine this access result with another using AND. | 2 |
| AccessResultInterface::isAllowed | public | function | Checks whether this access result indicates access is explicitly allowed. | 2 |
| AccessResultInterface::isForbidden | public | function | Checks whether this access result indicates access is explicitly forbidden. | 2 |
| AccessResultInterface::isNeutral | public | function | Checks whether this access result indicates access is not yet determined. | 2 |
| AccessResultInterface::orIf | public | function | Combine this access result with another using OR. | 2 |
Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.