UpdateKernel::handleAccess

protected UpdateKernel::handleAccess(Request $request)

Checks if the current user has rights to access updates page.

If the current user does not have the rights, an exception is thrown.

Parameters

\Symfony\Component\HttpFoundation\Request $request: The incoming request.

Throws

\Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException Thrown when update.php should not be accessible.

File

core/lib/Drupal/Core/Update/UpdateKernel.php, line 172

Class

UpdateKernel: Defines a kernel which is used primarily to run the update of Drupal.

Namespace

Drupal\Core\Update

Code

protected function handleAccess(Request $request) {
  /** @var \Drupal\Core\Authentication\AuthenticationManager $authentication_manager */
  $authentication_manager = $this->getContainer()->get('authentication');
  $account = $authentication_manager->authenticate($request) ? : new AnonymousUserSession();

  /** @var \Drupal\Core\Session\AccountProxyInterface $current_user */
  $current_user = $this->getContainer()->get('current_user');
  $current_user->setAccount($account);

  /** @var \Drupal\system\Access\DbUpdateAccessCheck $db_update_access */
  $db_update_access = $this->getContainer()->get('access_check.db_update');

  if (!Settings::get('update_free_access', FALSE) && !$db_update_access->access($account)->isAllowed()) {
    throw new AccessDeniedHttpException('In order to run update.php you need to either be logged in as admin or have set $settings[\'update_free_access\'] in your settings.php.');
  }
}

Links:

https://api.drupal.org/api/drupal/core%21lib%21Drupal%21Core%21Update%21UpdateKernel.php/function/UpdateKernel%3A%3AhandleAccess/8.2.x

doc_Drupal

2025-01-10 15:47:30

Comments