interface AccessPolicyInterface
Same name in other branches
- 10 core/lib/Drupal/Core/Session/AccessPolicyInterface.php \Drupal\Core\Session\AccessPolicyInterface
Defines the access policy interface.
Make sure that when calculating permissions, you attach the right cacheable metadata. This includes cache contexts if your implementation causes the calculated permissions to vary by something. Any cache contexts defined in the getPersistentCacheContexts() methods must also be added to the corresponding calculated permissions but Drupal\Core\Session\AccessPolicyBase takes care of this for you.
Do NOT use any cache context that relies on calculated permissions in any of the calculations as you will end up in an infinite loop. E.g.: The cache context "user.permissions" relies on your calculated Drupal permissions.
Hierarchy
- interface \Drupal\Core\Session\AccessPolicyInterface
Expanded class hierarchy of AccessPolicyInterface
All classes that implement AccessPolicyInterface
2 files declare their use of AccessPolicyInterface
- SuperUserAccessPolicyTest.php in core/
tests/ Drupal/ Tests/ Core/ Session/ SuperUserAccessPolicyTest.php - UserRolesAccessPolicyTest.php in core/
tests/ Drupal/ Tests/ Core/ Session/ UserRolesAccessPolicyTest.php
File
-
core/
lib/ Drupal/ Core/ Session/ AccessPolicyInterface.php, line 19
Namespace
Drupal\Core\SessionView source
interface AccessPolicyInterface {
/**
* Scope ID for general Drupal access.
*/
const SCOPE_DRUPAL = 'drupal';
/**
* Checks whether this access policy applies to a given scope.
*
* @param string $scope
* The scope to check for.
*
* @return bool
* Whether this access policy applies to the given scope.
*/
public function applies(string $scope) : bool;
/**
* Calculates the permissions for an account within a given scope.
*
* @param \Drupal\Core\Session\AccountInterface $account
* The user account for which to calculate the permissions.
* @param string $scope
* The scope to calculate the permissions for.
*
* @return \Drupal\Core\Session\RefinableCalculatedPermissionsInterface
* An object representing the permissions within the given scope.
*/
public function calculatePermissions(AccountInterface $account, string $scope) : RefinableCalculatedPermissionsInterface;
/**
* Alter the permissions after all policies have finished building them.
*
* This should only be used to revoke permissions. If you wish to add
* permissions, you should write another access policy that uses the
* calculatePermissions method instead.
*
* Keep in mind that there are many ways to alter access policy results.
* Because each access policy itself is a service, the best way to get rid of
* a specific access policy's permissions as a whole, is by removing said
* access policy in your module's service provider.
*
* A good example use case of alterPermissions would be to revoke a banned
* list of permissions outside of office hours. This would make it so no-one
* can perform any destructive actions while the help desk is offline.
*
* @param \Drupal\Core\Session\AccountInterface $account
* The user account for which to alter the permissions.
* @param string $scope
* The scope to alter the permissions for.
* @param \Drupal\Core\Session\RefinableCalculatedPermissionsInterface $calculated_permissions
* The completely built calculated permissions.
*/
public function alterPermissions(AccountInterface $account, string $scope, RefinableCalculatedPermissionsInterface $calculated_permissions) : void;
/**
* Gets the persistent cache contexts.
*
* These inform the system what your access policy's calculations always vary
* by. If you have any further cache contexts that you want to conditionally
* add, you can do so in calculatePermissions and alterPermissions.
*
* @return string[]
* The persistent cache contexts.
*/
public function getPersistentCacheContexts() : array;
}Members
| Title Sort descending | Modifiers | Object type | Summary | Overrides |
|---|---|---|---|---|
| AccessPolicyInterface::alterPermissions | public | function | Alter the permissions after all policies have finished building them. | 1 |
| AccessPolicyInterface::applies | public | function | Checks whether this access policy applies to a given scope. | 1 |
| AccessPolicyInterface::calculatePermissions | public | function | Calculates the permissions for an account within a given scope. | 1 |
| AccessPolicyInterface::getPersistentCacheContexts | public | function | Gets the persistent cache contexts. | 1 |
| AccessPolicyInterface::SCOPE_DRUPAL | constant | Scope ID for general Drupal access. |
Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.