PHP AccessResult::allowedIfHasPermissions方法代码示例

 /**
  * {@inheritdoc}
  */
 public function defaultAccess($operation = 'view', AccountInterface $account = NULL)
 {
     if ($operation == 'view') {
         return AccessResult::allowed();
     }
     return AccessResult::allowedIfHasPermissions($account, ['create url aliases', 'administer url aliases'], 'OR')->cachePerPermissions();
 }

 /**
  * {@inheritdoc}
  */
 protected function checkFieldAccess($operation, FieldDefinitionInterface $field_definition, AccountInterface $account, FieldItemListInterface $items = NULL)
 {
     if ($operation == 'edit') {
         return AccessResult::allowedIfHasPermissions($account, ['administer tmgmt', 'administer translation tasks']);
     }
     return parent::checkFieldAccess($operation, $field_definition, $account, $items);
 }

 /**
  * {@inheritdoc}
  */
 protected function blockAccess(AccountInterface $account)
 {
     if ($this->masquerade->isMasquerading()) {
         return AccessResult::forbidden()->addCacheContexts(['is_masquerading']);
     }
     // Display block for all users that has any of masquerade permissions.
     return AccessResult::allowedIfHasPermissions($account, $this->masquerade->getPermissions(), 'OR');
 }

 /**
  * Check to see if user has any permissions to masquerade.
  *
  * @param \Drupal\Core\Session\AccountInterface $account
  *   Run access checks for this account.
  *
  * @return \Drupal\Core\Access\AccessResultInterface
  *   The access result.
  */
 public function access(AccountInterface $account)
 {
     // Uid 1 may masquerade as anyone.
     if ($account->id() == 1) {
         return AccessResult::allowed()->cachePerUser();
     }
     $permissions = $this->masquerade->getPermissions();
     return AccessResult::allowedIfHasPermissions($account, $permissions, 'OR');
 }

  /**
   * {@inheritdoc}
   */
  protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) {
    $access_result = AccessResult::allowedIfHasPermissions($account, ["create {$entity_bundle} entityqueue", 'manipulate all entityqueues', 'administer entityqueue'], 'OR');

    if ($entity_bundle) {
      $queue = EntityQueue::load($entity_bundle);
      $access_result = AccessResult::allowedIf(!$queue->getHandlerPlugin()->hasAutomatedSubqueues());
    }

    return $access_result;
  }

 /**
  * {@inheritdoc}
  */
 protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL)
 {
     $contact_type_is_active = empty($entity_bundle);
     // Load the contact type entity.
     if (!empty($entity_bundle)) {
         /* @var \Drupal\crm_core_contact\Entity\ContactType $contact_type_entity */
         $contact_type_entity = ContactType::load($entity_bundle);
         $contact_type_is_active = $contact_type_entity->status();
     }
     return AccessResult::allowedIf($contact_type_is_active)->andIf(AccessResult::allowedIfHasPermissions($account, ['administer crm_core_contact entities', 'create crm_core_contact entities', 'create crm_core_contact entities of bundle ' . $entity_bundle], 'OR'));
 }

 /**
  * Checks access.
  *
  * @param \Symfony\Component\Routing\Route $route
  *   The route to check against.
  * @param \Drupal\Core\Session\AccountInterface $account
  *   The currently logged in account.
  *
  * @return \Drupal\Core\Access\AccessResultInterface
  *   The access result.
  */
 public function access(Route $route, AccountInterface $account)
 {
     $permission = $route->getRequirement('_permission');
     // Allow to conjunct the permissions with OR ('+') or AND (',').
     $split = explode(',', $permission);
     if (count($split) > 1) {
         return AccessResult::allowedIfHasPermissions($account, $split, 'AND');
     } else {
         $split = explode('+', $permission);
         return AccessResult::allowedIfHasPermissions($account, $split, 'OR');
     }
 }

 /**
  * {@inheritdoc}
  */
 protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account)
 {
     /** @var ScheduledUpdate $entity */
     if ($operation == 'view') {
         return AccessResult::allowedIfHasPermission($account, 'view scheduled update entities');
     }
     $type_id = $entity->bundle();
     if ($entity->getOwnerId() == $account->id()) {
         // If owner that needs either own or any permission, not both.
         return AccessResult::allowedIfHasPermissions($account, ["{$operation} any {$type_id} scheduled updates", "{$operation} own {$type_id} scheduled updates"], 'OR');
     } else {
         return AccessResult::allowedIfHasPermission($account, "{$operation} any {$type_id} scheduled updates");
     }
 }

 /**
  * {@inheritdoc}
  */
 protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account)
 {
     switch ($operation) {
         case 'view':
             return AccessResult::allowedIfHasPermission($account, 'access content');
         case 'update':
             return AccessResult::allowedIfHasPermissions($account, ["edit terms in {$entity->bundle()}", 'administer taxonomy'], 'OR');
         case 'delete':
             return AccessResult::allowedIfHasPermissions($account, ["delete terms in {$entity->bundle()}", 'administer taxonomy'], 'OR');
         default:
             // No opinion.
             return AccessResult::neutral();
     }
 }

 /**
  * {@inheritdoc}
  */
 public function access(AccountInterface $account)
 {
     $domain = $this->domainNegotiator->getActiveDomain();
     // Is the domain allowed?
     // No domain, let it pass.
     if (empty($domain)) {
         return AccessResult::allowed()->setCacheMaxAge(0);
     }
     // Active domain, let it pass.
     if ($domain->status()) {
         return AccessResult::allowed()->setCacheMaxAge(0);
     } else {
         $permissions = array('administer domains', 'access inactive domains');
         $operator = 'OR';
         return AccessResult::allowedIfHasPermissions($account, $permissions, $operator)->setCacheMaxAge(0);
     }
 }

 /**
  * {@inheritdoc}
  */
 protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL)
 {
     return AccessResult::allowedIfHasPermission($account, 'administer shortcuts')->orIf(AccessResult::allowedIfHasPermissions($account, ['access shortcuts', 'customize shortcut links'], 'AND'));
 }

 /**
  * Custom access check for continuous job form.
  *
  * @param \Drupal\Core\Session\AccountInterface $account
  *   Run access checks for this account.
  *
  * @return \Drupal\Core\Access\AccessResult
  *   Returns allowed if we have a translator with ContinuousSourceInterface
  *   and the logged in user has permission to create translation jobs.
  */
 public function access(AccountInterface $account)
 {
     if (\Drupal::service('tmgmt.continuous')->checkIfContinuousTranslatorAvailable()) {
         return AccessResult::allowedIfHasPermissions($account, ['administer tmgmt'])->addCacheTags(['config:tmgmt_translator_list']);
     }
     return AccessResult::forbidden()->addCacheTags(['config:tmgmt_translator_list']);
 }

 /**
  * {@inheritdoc}
  */
 protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL)
 {
     return AccessResult::allowedIfHasPermissions($account, ['add any ' . $entity_bundle . ' profile', 'add own ' . $entity_bundle . ' profile'], 'OR');
 }

 /**
  * Determine access to update add page.
  *
  * If user has permission to add any types they should have access to this page.
  *
  * @param \Drupal\Core\Session\AccountInterface $account
  *
  * @return \Drupal\Core\Access\AccessResult
  */
 public function addPageAccess(AccountInterface $account)
 {
     $types = $this->typeStorage->loadMultiple();
     $perms = [];
     foreach ($types as $type_id => $type) {
         $perms[] = "create {$type_id} scheduled updates";
     }
     return AccessResult::allowedIfHasPermissions($account, $perms, 'OR');
 }

 /**
  * Tests allowedIfHasPermissions().
  *
  * @covers ::allowedIfHasPermissions
  *
  * @dataProvider providerTestAllowedIfHasPermissions
  */
 public function testAllowedIfHasPermissions($permissions, $conjunction, $expected_access)
 {
     $account = $this->getMock('\\Drupal\\Core\\Session\\AccountInterface');
     $account->expects($this->any())->method('hasPermission')->willReturnMap([['allowed', TRUE], ['denied', FALSE]]);
     $access_result = AccessResult::allowedIfHasPermissions($account, $permissions, $conjunction);
     $this->assertEquals($expected_access, $access_result);
 }