diff --git a/core/lib/Drupal/Core/Access/AccessManager.php b/core/lib/Drupal/Core/Access/AccessManager.php index 94dba60..693d470 100644 --- a/core/lib/Drupal/Core/Access/AccessManager.php +++ b/core/lib/Drupal/Core/Access/AccessManager.php @@ -22,7 +22,7 @@ class AccessManager extends ContainerAware { * * @var array */ - protected $checkIds; + protected $checkIds = array(); /** * Array of access check objects keyed by service id. @@ -96,24 +96,39 @@ protected function applies(Route $route) { * If any access check denies access or none explicitly approve. */ public function check(Route $route, Request $request) { - $access = FALSE; $checks = $route->getOption('_access_checks') ?: array(); + $conjunction = $route->getRequirement('_access_conjunction') ?: 'AND'; + $access = $conjunction == 'AND' ? TRUE : FALSE; + // No checks == deny by default. - foreach ($checks as $service_id) { - if (empty($this->checks[$service_id])) { - $this->loadCheck($service_id); - } - $service_access = $this->checks[$service_id]->access($route, $request); - if ($service_access === FALSE) { - // A check has denied access, no need to continue checking. - $access = FALSE; - break; + if ($conjunction == 'AND') { + // If there are no checks return FALSE. + if (!$checks) { + return FALSE; + } + foreach ($checks as $service_id) { + if (empty($this->checks[$service_id])) { + $this->loadCheck($service_id); + } + + $service_access = $this->checks[$service_id]->access($route, $request); + if ($service_access === FALSE) { + return FALSE; + } } - elseif ($service_access === TRUE) { - // A check has explicitly granted access, so we need to remember that. - $access = TRUE; + } + else { + foreach ($checks as $service_id) { + if (empty($this->checks[$service_id])) { + $this->loadCheck($service_id); + } + + $service_access = $this->checks[$service_id]->access($route, $request); + if ($service_access === TRUE) { + return TRUE; + } } } diff --git a/core/modules/system/tests/modules/router_test/lib/Drupal/router_test/Access/DefinedTestAccessCheck.php b/core/modules/system/tests/modules/router_test/lib/Drupal/router_test/Access/DefinedTestAccessCheck.php new file mode 100644 index 0000000..744c836 --- /dev/null +++ b/core/modules/system/tests/modules/router_test/lib/Drupal/router_test/Access/DefinedTestAccessCheck.php @@ -0,0 +1,33 @@ +getRequirements()); + } + + /** + * {@inheritdoc} + */ + public function access(Route $route, Request $request) { + return $route->getRequirement('_test_access') === 'TRUE'; + } + +} diff --git a/core/tests/Drupal/Tests/Core/Access/AccessManagerTest.php b/core/tests/Drupal/Tests/Core/Access/AccessManagerTest.php new file mode 100644 index 0000000..f1f8c83 --- /dev/null +++ b/core/tests/Drupal/Tests/Core/Access/AccessManagerTest.php @@ -0,0 +1,177 @@ +container = new ContainerBuilder(); + $this->accessManager = new AccessManager(); + $this->accessManager->setContainer($this->container); + + $this->routeCollection = new RouteCollection(); + $this->routeCollection->add('test_route_1', new Route('/test-route-1')); + $this->routeCollection->add('test_route_2', new Route('/test-route-2', array(), array('_access' => 'TRUE'))); + $this->routeCollection->add('test_route_3', new Route('/test-route-3', array(), array('_access' => 'FALSE'))); + } + + /** + * Tests \Drupal\Core\Access\AccessManager::setChecks(). + */ + public function testSetChecks() { + // Check setChecks without any access checker defined yet. + $this->accessManager->setChecks($this->routeCollection); + + foreach ($this->routeCollection->all() as $route) { + $this->assertNull($route->getOption('_access_checks')); + } + + + $this->setupAccessChecker(); + + $this->accessManager->setChecks($this->routeCollection); + + $this->assertEquals($this->routeCollection->get('test_route_1')->getOption('_access_checks'), NULL); + $this->assertEquals($this->routeCollection->get('test_route_2')->getOption('_access_checks'), array('test_access_default')); + $this->assertEquals($this->routeCollection->get('test_route_3')->getOption('_access_checks'), array('test_access_default')); + } + + /** + * Tests \Drupal\Core\Access\AccessManager::check(). + */ + public function testCheck() { + $request = new Request(); + + // Check check without any access checker defined yet. + foreach ($this->routeCollection->all() as $route) { + $this->assertFalse($this->accessManager->check($route, $request)); + } + + $this->setupAccessChecker(); + + // An access checker got setup, but the routes haven't been setup using + // setChecks. + foreach ($this->routeCollection->all() as $route) { + $this->assertFalse($this->accessManager->check($route, $request)); + } + + $this->accessManager->setChecks($this->routeCollection); + + $this->assertFalse($this->accessManager->check($this->routeCollection->get('test_route_1'), $request)); + $this->assertTrue($this->accessManager->check($this->routeCollection->get('test_route_2'), $request)); + $this->assertFalse($this->accessManager->check($this->routeCollection->get('test_route_3'), $request)); + } + + /** + * Test \Drupal\Core\Access\AccessManager::check() with conjunctions. + */ + public function testCheckConjunctions() { + $this->setupAccessChecker(); + $access_check = new DefinedTestAccessCheck(); + $this->container->register('test_access_defined', $access_check); + $this->accessManager->addCheckService('test_access_defined'); + + $request = new Request(); + + $this->routeCollection->add('test_route_4', new Route('/test-route-4', array(), array( + '_access' => 'TRUE', + '_test_access' => 'TRUE', + ))); + + $this->routeCollection->add('test_route_5', new Route('/test-route-5', array(), array( + '_access' => 'TRUE', + '_test_access' => 'TRUE', + '_access_conjunction' => 'OR', + ))); + + $this->routeCollection->add('test_route_6', new Route('/test-route-6', array(), array( + '_access' => 'TRUE', + '_test_access' => 'TRUE', + '_access_conjunction' => 'AND', + ))); + + $this->routeCollection->add('test_route_7', new Route('/test-route-7', array(), array( + '_access' => 'FALSE', + '_test_access' => 'TRUE', + '_access_conjunction' => 'OR', + ))); + $this->routeCollection->add('test_route_8', new Route('/test-route-8', array(), array( + '_access' => 'FALSE', + '_test_access' => 'TRUE', + '_access_conjunction' => 'AND', + ))); + + $this->accessManager->setChecks($this->routeCollection); + + $expected = array(); + $expected['test_route_4'] = TRUE; + $expected['test_route_5'] = TRUE; + $expected['test_route_6'] = TRUE; + $expected['test_route_7'] = TRUE; + $expected['test_route_8'] = FALSE; + + foreach ($expected as $route_name => $expected_access) { + try{ + $this->assertSame($this->accessManager->check($this->routeCollection->get($route_name), $request), $expected_access); + } + catch (\Exception $e) { + $foo = 123; + } + } + } + + /** + * Add a default access check service to the container and the access manager. + */ + protected function setupAccessChecker() { + $access_check = new DefaultAccessCheck(); + $this->container->register('test_access_default', $access_check); + $this->accessManager->addCheckService('test_access_default'); + } + +}