BlockAccessControlHandler::checkAccess

protected BlockAccessControlHandler::checkAccess(EntityInterface $entity, $operation, AccountInterface $account)

Performs access checks.

This method is supposed to be overwritten by extending classes that do their own custom access checking.

Parameters

\Drupal\Core\Entity\EntityInterface $entity: The entity for which to check access.

string $operation: The entity operation. Usually one of 'view', 'view label', 'update' or 'delete'.

\Drupal\Core\Session\AccountInterface $account: The user for which to check access.

Return value

\Drupal\Core\Access\AccessResultInterface The access result.

Overrides EntityAccessControlHandler::checkAccess

File

core/modules/block/src/BlockAccessControlHandler.php, line 86

Class

BlockAccessControlHandler: Defines the access control handler for the block entity type.

Namespace

Drupal\block

Code

protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {
  /** @var \Drupal\block\BlockInterface $entity */
  if ($operation != 'view') {
    return parent::checkAccess($entity, $operation, $account);
  }
 
  // Don't grant access to disabled blocks.
  if (!$entity->status()) {
    return AccessResult::forbidden()->addCacheableDependency($entity);
  }
  else {
    $conditions = [];
    $missing_context = FALSE;
    foreach ($entity->getVisibilityConditions() as $condition_id => $condition) {
      if ($condition instanceof ContextAwarePluginInterface) {
        try {
          $contexts = $this->contextRepository->getRuntimeContexts(array_values($condition->getContextMapping()));
          $this->contextHandler->applyContextMapping($condition, $contexts);
        }
        catch (ContextException $e) {
          $missing_context = TRUE;
        }
      }
      $conditions[$condition_id] = $condition;
    }
 
    if ($missing_context) {
      // If any context is missing then we might be missing cacheable
      // metadata, and don't know based on what conditions the block is
      // accessible or not. For example, blocks that have a node type
      // condition will have a missing context on any non-node route like the
      // frontpage.
      // @todo Avoid setting max-age 0 for some or all cases, for example by
      //   treating available contexts without value differently in
      //   https://www.drupal.org/node/2521956.
      $access = AccessResult::forbidden()->setCacheMaxAge(0);
    }
    elseif ($this->resolveConditions($conditions, 'and') !== FALSE) {
      // Delegate to the plugin.
      $block_plugin = $entity->getPlugin();
      try {
        if ($block_plugin instanceof ContextAwarePluginInterface) {
          $contexts = $this->contextRepository->getRuntimeContexts(array_values($block_plugin->getContextMapping()));
          $this->contextHandler->applyContextMapping($block_plugin, $contexts);
        }
        $access = $block_plugin->access($account, TRUE);
      }
      catch (ContextException $e) {
        // Setting access to forbidden if any context is missing for the same
        // reasons as with conditions (described in the comment above).
        // @todo Avoid setting max-age 0 for some or all cases, for example by
        //   treating available contexts without value differently in
        //   https://www.drupal.org/node/2521956.
        $access = AccessResult::forbidden()->setCacheMaxAge(0);
      }
    }
    else {
      $access = AccessResult::forbidden();
    }
 
    $this->mergeCacheabilityFromConditions($access, $conditions);
 
    // Ensure that access is evaluated again when the block changes.
    return $access->addCacheableDependency($entity);
  }
}

Links:

https://api.drupal.org/api/drupal/core%21modules%21block%21src%21BlockAccessControlHandler.php/function/BlockAccessControlHandler%3A%3AcheckAccess/8.2.x

doc_Drupal

2025-01-10 15:47:30

Comments