PHP AccessResult::forbidden方法代码示例

 /**
  * {@inheritdoc}
  */
 protected function blockAccess(AccountInterface $account)
 {
     if ($account->hasPermission('search content')) {
         return AccessResult::allowed();
     }
     return AccessResult::forbidden();
 }

 public function access(AccountInterface $account)
 {
     if (!$account->id() == 1) {
         return AccessResult::forbidden();
     }
     return AccessResult::allowed();
 }

 /**
  * {@inheritdoc}
  */
 protected function checkAccess(EntityInterface $payment, $operation, AccountInterface $account)
 {
     /** @var \Drupal\payment\Entity\PaymentInterface $payment */
     if ($operation == 'update_status') {
         $payment_method = $payment->getPaymentMethod();
         if ($payment_method instanceof PaymentMethodUpdatePaymentStatusInterface && !$payment_method->updatePaymentStatusAccess($account)) {
             return AccessResult::forbidden();
         }
     } elseif ($operation == 'capture') {
         $payment_method = $payment->getPaymentMethod();
         if ($payment_method instanceof PaymentMethodCapturePaymentInterface) {
             return AccessResult::allowedIf($payment_method instanceof PaymentMethodCapturePaymentInterface)->andIf(AccessResult::allowedIf($payment_method->capturePaymentAccess($account)))->andIf($this->checkAccessPermission($payment, $operation, $account));
         }
         return AccessResult::forbidden();
     } elseif ($operation == 'refund') {
         $payment_method = $payment->getPaymentMethod();
         if ($payment_method instanceof PaymentMethodRefundPaymentInterface) {
             return AccessResult::allowedIf($payment_method->refundPaymentAccess($account))->andIf($this->checkAccessPermission($payment, $operation, $account));
         }
         return AccessResult::forbidden();
     } elseif ($operation == 'complete') {
         if ($payment->getPaymentMethod()) {
             return AccessResult::allowedIf($payment->getOwnerId() == $account->id())->orIf(AccessResult::forbiddenIf($payment->getPaymentMethod()->getPaymentExecutionResult()->isCompleted()));
         } else {
             return AccessResult::forbidden();
         }
     }
     return $this->checkAccessPermission($payment, $operation, $account);
 }

 /**
  * {@inheritdoc}
  */
 protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account)
 {
     if ($account->hasPermission('administer tmgmt')) {
         // Administrators can do everything.
         return AccessResult::allowed()->cachePerPermissions();
     }
     switch ($operation) {
         case 'view':
         case 'update':
             return AccessResult::allowedIfHasPermission($account, 'create translation jobs')->orIf(AccessResult::allowedIfHasPermission($account, 'accept translation jobs'));
             break;
         case 'delete':
             // Only administrators can delete jobs.
             return AccessResult::forbidden();
             break;
             // Custom operations.
         // Custom operations.
         case 'submit':
             return AccessResult::allowedIfHasPermission($account, 'submit translation jobs');
             break;
         case 'accept':
             return AccessResult::allowedIfHasPermission($account, 'accept translation jobs');
             break;
         case 'abort':
         case 'resubmit':
             return AccessResult::allowedIfHasPermission($account, 'submit translation jobs');
             break;
     }
 }

 /**
  * {@inheritdoc}
  */
 protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account)
 {
     /** @var \Drupal\crm_core_contact\Entity\ContactType $entity */
     // First check permission.
     if (parent::checkAccess($entity, $operation, $account)->isForbidden()) {
         return AccessResult::forbidden();
     }
     switch ($operation) {
         case 'enable':
             // Only disabled contact type can be enabled.
             return AccessResult::allowedIf(!$entity->status());
         case 'disable':
             return AccessResult::allowedIf($entity->status());
         case 'delete':
             // If contact instance of this contact type exist, you can't delete it.
             $results = \Drupal::entityQuery('crm_core_contact')->condition('type', $entity->id())->execute();
             return AccessResult::allowedIf(empty($results));
             // @todo Which is it?
         // @todo Which is it?
         case 'edit':
         case 'update':
             // If the contact type is locked, you can't edit it.
             return AccessResult::allowed();
     }
 }

 /**
  * {@inheritdoc}
  */
 public function access(Route $route, AccountInterface $account, NodeInterface $node = NULL)
 {
     if ($node->bundle() && \Drupal::config('webform.settings')->get('node_' . $node->bundle())) {
         return AccessResult::allowed();
     }
     return AccessResult::forbidden();
 }

 public function providerBlocksConfig()
 {
     $blocks_config = array('block1' => array(AccessResult::allowed(), 'top', 0), 'block2' => array(AccessResult::forbidden(), 'bottom', 0), 'block3' => array(AccessResult::allowed(), 'bottom', 5), 'block4' => array(AccessResult::allowed(), 'bottom', -5));
     $test_cases = [];
     $test_cases[] = [$blocks_config, ['top' => ['block1'], 'center' => [], 'bottom' => ['block4', 'block3']]];
     return $test_cases;
 }

 /**
  * Checks that there is a forward revision available.
  *
  * This checker assumes the presence of an '_entity_access' requirement key
  * in the same form as used by EntityAccessCheck.
  *
  * @see EntityAccessCheck.
  *
  * @param \Symfony\Component\Routing\Route $route
  *   The route to check against.
  * @param \Drupal\Core\Routing\RouteMatchInterface $route_match
  *   The parametrized route
  *
  * @return \Drupal\Core\Access\AccessResultInterface
  *   The access result.
  */
 public function access(Route $route, RouteMatchInterface $route_match)
 {
     // This tab should not show up period unless there's a reason to show it.
     // @todo Do we need any extra cache tags here?
     $entity = $this->loadEntity($route, $route_match);
     return $this->moderationInfo->hasForwardRevision($entity) ? AccessResult::allowed()->addCacheableDependency($entity) : AccessResult::forbidden()->addCacheableDependency($entity);
 }

 /**
  * Checks Quick Edit access to the field.
  *
  * @param \Drupal\Core\Entity\EntityInterface $entity
  *   The entity containing the field.
  * @param string $field_name
  *   The field name.
  * @param string $langcode
  *   The langcode.
  * @param \Drupal\Core\Session\AccountInterface $account
  *   The currently logged in account.
  *
  * @return \Drupal\Core\Access\AccessResultInterface
  *   The access result.
  *
  * @todo Use the $account argument: https://www.drupal.org/node/2266809.
  */
 public function access(EntityInterface $entity, $field_name, $langcode, AccountInterface $account)
 {
     if (!$this->validateRequestAttributes($entity, $field_name, $langcode)) {
         return AccessResult::forbidden();
     }
     return $this->accessEditEntityField($entity, $field_name);
 }

 /**
  * Handles access to the rdf_entity proposal form.
  *
  * @param \Drupal\rdf_entity\RdfEntityTypeInterface $rdf_type
  *   The RDF entity type for which the proposal form is built.
  *
  * @return \Drupal\Core\Access\AccessResult
  *   The access result object.
  */
 public function createAssetReleaseAccess(RdfEntityTypeInterface $rdf_type)
 {
     if (!in_array($rdf_type->id(), ['collection', 'solution'])) {
         return AccessResult::forbidden();
     }
     return AccessResult::allowedIf($this->currentUser()->hasPermission("propose {$rdf_type->id()} rdf entity"));
 }

 /**
  * Limit access to the Library between 9:00 and 18:30.
  *
  * @param \Drupal\Core\Session\AccountInterface $account
  */
 public function accessLibrary(AccountInterface $account)
 {
     if (time() >= strtotime('today 9:00') && time() <= strtotime('today 18:30')) {
         return AccessResult::allowed();
     }
     return AccessResult::forbidden();
 }

 /**
  * Checks access to the given user's contact page.
  *
  * @param \Drupal\user\UserInterface $user
  *   The user being contacted.
  * @param \Drupal\Core\Session\AccountInterface $account
  *   The currently logged in account.
  *
  * @return \Drupal\Core\Access\AccessResultInterface
  *   The access result.
  */
 public function access(UserInterface $user, AccountInterface $account)
 {
     $contact_account = $user;
     // Anonymous users cannot have contact forms.
     if ($contact_account->isAnonymous()) {
         return AccessResult::forbidden();
     }
     // Users may not contact themselves.
     if ($account->id() == $contact_account->id()) {
         return AccessResult::forbidden()->cachePerUser();
     }
     // User administrators should always have access to personal contact forms.
     $access = AccessResult::neutral()->cachePerRole();
     $permission_access = AccessResult::allowedIfHasPermission($account, 'administer users');
     if ($permission_access->isAllowed()) {
         return $access->orIf($permission_access);
     }
     // If requested user has been blocked, do not allow users to contact them.
     $access->cacheUntilEntityChanges($contact_account);
     if ($contact_account->isBlocked()) {
         return $access;
     }
     // If the requested user has disabled their contact form, do not allow users
     // to contact them.
     $account_data = $this->userData->get('contact', $contact_account->id(), 'enabled');
     if (isset($account_data) && empty($account_data)) {
         return $access;
     } else {
         if (!$this->configFactory->get('contact.settings')->get('user_default_enabled')) {
             return $access;
         }
     }
     return $access->orIf(AccessResult::allowedIfHasPermission($account, 'access user contact forms'));
 }

 /**
  * {@inheritdoc}
  */
 protected function checkAccess(EntityInterface $filter_format, $operation, $langcode, AccountInterface $account)
 {
     /** @var \Drupal\filter\FilterFormatInterface $filter_format */
     // All users are allowed to use the fallback filter.
     if ($operation == 'use') {
         if ($filter_format->isFallbackFormat()) {
             return AccessResult::allowed();
         } else {
             return AccessResult::allowedIfHasPermission($account, $filter_format->getPermissionName());
         }
     }
     // The fallback format may not be disabled.
     if ($operation == 'disable' && $filter_format->isFallbackFormat()) {
         return AccessResult::forbidden();
     }
     // We do not allow filter formats to be deleted through the UI, because that
     // would render any content that uses them unusable.
     if ($operation == 'delete') {
         return AccessResult::forbidden();
     }
     if (in_array($operation, array('disable', 'update'))) {
         return parent::checkAccess($filter_format, $operation, $langcode, $account);
     }
     // No opinion.
     return AccessResult::neutral();
 }

 /**
  * {@inheritdoc}
  *
  * When the $operation is 'add' then the $entity is of type 'profile_type',
  * otherwise $entity is of type 'profile'.
  */
 protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account)
 {
     $account = $this->prepareUser($account);
     $user_page = \Drupal::request()->attributes->get('user');
     // Some times, operation edit is called update.
     // Use edit in any case.
     if ($operation == 'update') {
         $operation = 'edit';
     }
     // Check that if profile type has require roles, the user the profile is
     // being added to has any of the required roles.
     if ($entity->getEntityTypeId() == 'profile') {
         $profile_roles = ProfileType::load($entity->bundle())->getRoles();
         $user_roles = $entity->getOwner()->getRoles(TRUE);
         if (!empty(array_filter($profile_roles)) && !array_intersect($user_roles, $profile_roles)) {
             return AccessResult::forbidden();
         }
     } elseif ($entity->getEntityTypeId() == 'profile_type') {
         $profile_roles = $entity->getRoles();
         $user_roles = User::load($user_page->id())->getRoles(TRUE);
         if (!empty(array_filter($profile_roles)) && !array_intersect($user_roles, $profile_roles)) {
             return AccessResult::forbidden();
         }
     }
     if ($account->hasPermission('bypass profile access')) {
         return AccessResult::allowed()->cachePerPermissions();
     } elseif ($operation == 'add' && ($user_page->id() == $account->id() && $account->hasPermission($operation . ' own ' . $entity->id() . ' profile') || $account->hasPermission($operation . ' any ' . $entity->id() . ' profile')) || $operation != 'add' && ($entity->getOwnerId() == $account->id() && $account->hasPermission($operation . ' own ' . $entity->getType() . ' profile') || $account->hasPermission($operation . ' any ' . $entity->getType() . ' profile'))) {
         return AccessResult::allowed()->cachePerPermissions();
     } else {
         return AccessResult::forbidden()->cachePerPermissions();
     }
 }

 /**
  * Grants access only to UID 1.
  *
  * @param \Drupal\Core\Session\AccountInterface $account
  *   The currently logged in account.
  *
  * @return \Drupal\Core\Access\AccessResultInterface
  *   The access result.
  */
 public function access(AccountInterface $account)
 {
     if ($account->id() == 1) {
         return AccessResult::allowed()->addCacheContexts(['user']);
     }
     return AccessResult::forbidden()->addCacheContexts(['user']);
 }