class RoleAccessCheck

Determines access to routes based on roles.

You can specify the '_role' key on route requirements. If you specify a single role, users with that role with have access. If you specify multiple ones you can conjunct them with AND by using a "+" and with OR by using ",".

Hierarchy

Expanded class hierarchy of RoleAccessCheck

1 file declares its use of RoleAccessCheck
RoleAccessCheckTest.php in drupal/core/tests/Drupal/Tests/Core/Route/RoleAccessCheckTest.php
Contains \Drupal\Tests\Core\Route\RoleAccessCheckTest.
1 string reference to 'RoleAccessCheck'
user.services.yml in drupal/core/modules/user/user.services.yml
drupal/core/modules/user/user.services.yml
1 service uses RoleAccessCheck
access_check.user.role in drupal/core/modules/user/user.services.yml
Drupal\user\Access\RoleAccessCheck

File

drupal/core/modules/user/lib/Drupal/user/Access/RoleAccessCheck.php, line 21
Contains \Drupal\user\Access\RoleAccessCheck.

Namespace

Drupal\user\Access
View source
class RoleAccessCheck implements AccessCheckInterface {

  /**
   * {@inheritdoc}
   */
  public function applies(Route $route) {
    return array_key_exists('_role', $route
      ->getRequirements());
  }

  /**
   * {@inheritdoc}
   */
  public function access(Route $route, Request $request) {

    // Requirements just allow strings, so this might be a comma separated list.
    $rid_string = $route
      ->getRequirement('_role');

    // @todo Replace the role check with a correctly injected and session-using
    //   alternative.
    $account = $GLOBALS['user'];
    $explode_and = array_filter(array_map('trim', explode('+', $rid_string)));
    if (count($explode_and) > 1) {
      $diff = array_diff($explode_and, $account->roles);
      if (empty($diff)) {
        return static::ALLOW;
      }
    }
    else {
      $explode_or = array_filter(array_map('trim', explode(',', $rid_string)));
      $intersection = array_intersect($explode_or, $account->roles);
      if (!empty($intersection)) {
        return static::ALLOW;
      }
    }

    // If there is no allowed role, return NULL to give other checks a chance.
    return static::DENY;
  }

}

Members

Namesort descending Modifiers Type Description Overrides
AccessCheckInterface::ALLOW constant Grant access.
AccessCheckInterface::DENY constant Deny access.
AccessCheckInterface::KILL constant Block access.
RoleAccessCheck::access public function Checks for access to route. Overrides AccessCheckInterface::access
RoleAccessCheck::applies public function Declares whether the access check applies to a specific route or not. Overrides AccessCheckInterface::applies