class BlockAccessControlHandler

Same name in other branches
  1. 9 core/modules/block/src/BlockAccessControlHandler.php \Drupal\block\BlockAccessControlHandler
  2. 8.9.x core/modules/block/src/BlockAccessControlHandler.php \Drupal\block\BlockAccessControlHandler
  3. 10 core/modules/block/src/BlockAccessControlHandler.php \Drupal\block\BlockAccessControlHandler

Defines the access control handler for the content block entity type.

Hierarchy

Expanded class hierarchy of BlockAccessControlHandler

See also

\Drupal\block\Entity\Block

File

core/modules/block/src/BlockAccessControlHandler.php, line 26

Namespace

Drupal\block
View source
class BlockAccessControlHandler extends EntityAccessControlHandler implements EntityHandlerInterface {
    use ConditionAccessResolverTrait;
    
    /**
     * The plugin context handler.
     *
     * @var \Drupal\Core\Plugin\Context\ContextHandlerInterface
     */
    protected $contextHandler;
    
    /**
     * The context manager service.
     *
     * @var \Drupal\Core\Plugin\Context\ContextRepositoryInterface
     */
    protected $contextRepository;
    
    /**
     * {@inheritdoc}
     */
    public static function createInstance(ContainerInterface $container, EntityTypeInterface $entity_type) {
        return new static($entity_type, $container->get('context.handler'), $container->get('context.repository'));
    }
    
    /**
     * Constructs the block access control handler instance.
     *
     * @param \Drupal\Core\Entity\EntityTypeInterface $entity_type
     *   The entity type definition.
     * @param \Drupal\Core\Plugin\Context\ContextHandlerInterface $context_handler
     *   The ContextHandler for applying contexts to conditions properly.
     * @param \Drupal\Core\Plugin\Context\ContextRepositoryInterface $context_repository
     *   The lazy context repository service.
     */
    public function __construct(EntityTypeInterface $entity_type, ContextHandlerInterface $context_handler, ContextRepositoryInterface $context_repository) {
        parent::__construct($entity_type);
        $this->contextHandler = $context_handler;
        $this->contextRepository = $context_repository;
    }
    
    /**
     * {@inheritdoc}
     */
    protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {
        
        /** @var \Drupal\block\BlockInterface $entity */
        if ($operation != 'view') {
            return parent::checkAccess($entity, $operation, $account);
        }
        // Don't grant access to disabled blocks.
        if (!$entity->status()) {
            return AccessResult::forbidden()->addCacheableDependency($entity);
        }
        else {
            $conditions = [];
            $missing_context = FALSE;
            $missing_value = FALSE;
            foreach ($entity->getVisibilityConditions() as $condition_id => $condition) {
                if ($condition instanceof ContextAwarePluginInterface) {
                    try {
                        $contexts = $this->contextRepository
                            ->getRuntimeContexts(array_values($condition->getContextMapping()));
                        $this->contextHandler
                            ->applyContextMapping($condition, $contexts);
                    } catch (MissingValueContextException) {
                        $missing_value = TRUE;
                    } catch (ContextException) {
                        $missing_context = TRUE;
                    }
                }
                $conditions[$condition_id] = $condition;
            }
            if ($missing_context) {
                // If any context is missing then we might be missing cacheable
                // metadata, and don't know based on what conditions the block is
                // accessible or not. Make sure the result cannot be cached.
                $access = AccessResult::forbidden()->setCacheMaxAge(0);
            }
            elseif ($missing_value) {
                // The contexts exist but have no value. Deny access without
                // disabling caching. For example the node type condition will have a
                // missing context on any non-node route like the frontpage.
                $access = AccessResult::forbidden();
            }
            elseif ($this->resolveConditions($conditions, 'and') !== FALSE) {
                // Delegate to the plugin.
                $block_plugin = $entity->getPlugin();
                try {
                    if ($block_plugin instanceof ContextAwarePluginInterface) {
                        $contexts = $this->contextRepository
                            ->getRuntimeContexts(array_values($block_plugin->getContextMapping()));
                        $this->contextHandler
                            ->applyContextMapping($block_plugin, $contexts);
                    }
                    $access = $block_plugin->access($account, TRUE);
                } catch (MissingValueContextException) {
                    // The contexts exist but have no value. Deny access without
                    // disabling caching.
                    $access = AccessResult::forbidden();
                } catch (ContextException) {
                    // If any context is missing then we might be missing cacheable
                    // metadata, and don't know based on what conditions the block is
                    // accessible or not. Make sure the result cannot be cached.
                    $access = AccessResult::forbidden()->setCacheMaxAge(0);
                }
            }
            else {
                $reason = count($conditions) > 1 ? "One of the block visibility conditions ('%s') denied access." : "The block visibility condition '%s' denied access.";
                $access = AccessResult::forbidden(sprintf($reason, implode("', '", array_keys($conditions))));
            }
            $this->mergeCacheabilityFromConditions($access, $conditions);
            // Ensure that access is evaluated again when the block changes.
            return $access->addCacheableDependency($entity);
        }
    }
    
    /**
     * Merges cacheable metadata from conditions onto the access result object.
     *
     * @param \Drupal\Core\Access\AccessResult $access
     *   The access result object.
     * @param \Drupal\Core\Condition\ConditionInterface[] $conditions
     *   List of visibility conditions.
     */
    protected function mergeCacheabilityFromConditions(AccessResult $access, array $conditions) {
        foreach ($conditions as $condition) {
            if ($condition instanceof CacheableDependencyInterface) {
                $access->addCacheTags($condition->getCacheTags());
                $access->addCacheContexts($condition->getCacheContexts());
                $access->setCacheMaxAge(Cache::mergeMaxAges($access->getCacheMaxAge(), $condition->getCacheMaxAge()));
            }
        }
    }

}

Members

Title Sort descending Modifiers Object type Summary Overriden Title Overrides
BlockAccessControlHandler::$contextHandler protected property The plugin context handler.
BlockAccessControlHandler::$contextRepository protected property The context manager service.
BlockAccessControlHandler::checkAccess protected function Performs access checks. Overrides EntityAccessControlHandler::checkAccess
BlockAccessControlHandler::createInstance public static function Instantiates a new instance of this entity handler. Overrides EntityHandlerInterface::createInstance
BlockAccessControlHandler::mergeCacheabilityFromConditions protected function Merges cacheable metadata from conditions onto the access result object.
BlockAccessControlHandler::__construct public function Constructs the block access control handler instance. Overrides EntityAccessControlHandler::__construct
ConditionAccessResolverTrait::resolveConditions protected function Resolves the given conditions based on the condition logic ('and'/'or').
DependencySerializationTrait::$_entityStorages protected property
DependencySerializationTrait::$_serviceIds protected property
DependencySerializationTrait::__sleep public function 1
DependencySerializationTrait::__wakeup public function 2
EntityAccessControlHandler::$accessCache protected property Stores calculated access check results.
EntityAccessControlHandler::$entityType protected property Information about the entity type.
EntityAccessControlHandler::$entityTypeId protected property The entity type ID of the access control handler instance.
EntityAccessControlHandler::$viewLabelOperation protected property Allows to grant access to just the labels. 7
EntityAccessControlHandler::access public function Checks access to an operation on a given entity or entity translation. Overrides EntityAccessControlHandlerInterface::access 1
EntityAccessControlHandler::checkCreateAccess protected function Performs create access checks. 14
EntityAccessControlHandler::checkFieldAccess protected function Default field access as determined by this access control handler. 4
EntityAccessControlHandler::createAccess public function Checks access to create an entity. Overrides EntityAccessControlHandlerInterface::createAccess 1
EntityAccessControlHandler::fieldAccess public function Checks access to an operation on a given entity field. Overrides EntityAccessControlHandlerInterface::fieldAccess
EntityAccessControlHandler::getCache protected function Tries to retrieve a previously cached access value from the static cache.
EntityAccessControlHandler::prepareUser protected function Loads the current account object, if it does not exist yet.
EntityAccessControlHandler::processAccessHookResults protected function Determines entity access.
EntityAccessControlHandler::resetCache public function Clears all cached access checks. Overrides EntityAccessControlHandlerInterface::resetCache
EntityAccessControlHandler::setCache protected function Statically caches whether the given user has access.
EntityHandlerBase::$moduleHandler protected property The module handler to invoke hooks on. 5
EntityHandlerBase::moduleHandler protected function Gets the module handler. 5
EntityHandlerBase::setModuleHandler public function Sets the module handler for this handler.
StringTranslationTrait::$stringTranslation protected property The string translation service. 3
StringTranslationTrait::formatPlural protected function Formats a string containing a count of items.
StringTranslationTrait::getNumberOfPlurals protected function Returns the number of plurals supported by a given language.
StringTranslationTrait::getStringTranslation protected function Gets the string translation service.
StringTranslationTrait::setStringTranslation public function Sets the string translation service to use. 2
StringTranslationTrait::t protected function Translates a string to the current language or to a given language.

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.