class RoleAccessCheck

Same name and namespace in other branches
  1. 9 core/modules/user/src/Access/RoleAccessCheck.php \Drupal\user\Access\RoleAccessCheck
  2. 8.9.x core/modules/user/src/Access/RoleAccessCheck.php \Drupal\user\Access\RoleAccessCheck
  3. 10 core/modules/user/src/Access/RoleAccessCheck.php \Drupal\user\Access\RoleAccessCheck

Determines access to routes based on roles.

You can specify the '_role' key on route requirements. If you specify a single role, users with that role with have access. If you specify multiple ones you can conjunct them with AND by using a "," and with OR by using "+".

Hierarchy

Expanded class hierarchy of RoleAccessCheck

1 file declares its use of RoleAccessCheck
RoleAccessCheckTest.php in core/tests/Drupal/Tests/Core/Route/RoleAccessCheckTest.php
1 string reference to 'RoleAccessCheck'
user.services.yml in core/modules/user/user.services.yml
core/modules/user/user.services.yml
1 service uses RoleAccessCheck
access_check.user.role in core/modules/user/user.services.yml
Drupal\user\Access\RoleAccessCheck

File

core/modules/user/src/Access/RoleAccessCheck.php, line 17

Namespace

Drupal\user\Access
View source 
class RoleAccessCheck implements AccessInterface {
    
    /**
     * Checks access.
     *
     * @param \Symfony\Component\Routing\Route $route
     *   The route to check against.
     * @param \Drupal\Core\Session\AccountInterface $account
     *   The currently logged in account.
     *
     * @return \Drupal\Core\Access\AccessResultInterface
     *   The access result.
     */
    public function access(Route $route, AccountInterface $account) {
        // Requirements just allow strings, so this might be a comma separated list.
        $rid_string = $route->getRequirement('_role');
        $explode_and = array_filter(array_map('trim', explode(',', $rid_string)));
        if (count($explode_and) > 1) {
            $diff = array_diff($explode_and, $account->getRoles());
            if (empty($diff)) {
                return AccessResult::allowed()->addCacheContexts([
                    'user.roles',
                ]);
            }
        }
        else {
            $explode_or = array_filter(array_map('trim', explode('+', $rid_string)));
            $intersection = array_intersect($explode_or, $account->getRoles());
            if (!empty($intersection)) {
                return AccessResult::allowed()->addCacheContexts([
                    'user.roles',
                ]);
            }
        }
        // If there is no allowed role, give other access checks a chance.
        return AccessResult::neutral()->addCacheContexts([
            'user.roles',
        ]);
    }

}

Members

Title Modifiers Object type Summary
RoleAccessCheck::access public function Checks access.

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.