I have created a custom access check as described in this link (https://www.drupal.org/docs/8/api/routing-system/access-checking-on-routes/advanced-route-access-checking). I also create custom menu link linked to a route which uses the access check, so therefore if they do not have access, it will not appear.

However, I have noticed that when I am logged in as an admin, this access check is being skipped, showing the link.

I was checking if there is any information that states if this is the expected result when logged in as an admin or if I am missing something?

routing.yml

aw_jiraengine.createTicket:
  path: '/projects/{project}/issues/new'
  defaults:
    _controller: '\Drupal\aw_jiraengine\Controller\CreateTicketController::getCreateTicketForm'
    _title_callback: '\Drupal\aw_jiraengine\Controller\CreateTicketController::createTicketTitle'
  options:
    parameters:
      project:
        type: 'project'
  requirements:
    _create_access_check: 'TRUE'

Access Check

class CreateTicketAccessCheck implements AccessInterface {

  public function access(AccountInterface $account, ProjectInterface $project = NULL) {

    if ($project == NULL) {
      return AccessResult::forbidden();
    }

    $parameters = \Drupal::routeMatch()->getParameters();
    if ($parameters->has('project')) {
      return AccessResult::allowed();
    }

    return AccessResult::forbidden();
  }

}

Menu Link

class CreateTicketMenuLink extends MenuLinkDefault {

  public function getCacheMaxAge() {
    return 0;
  }


  public function getRouteParameters() {
    $parameters = \Drupal::routeMatch()->getParameters();

    if ($parameters->has('project')) {

      return [
        'project' => $parameters->get('project')->getCode(),
      ];
    }

    return ['project' => 0];
  }
}

links.menu.yml

awjira.createTicketLink:
  title: Create a Ticket
  description: 'Link to Create a Ticket form'
  menu_name: main
  class: '\Drupal\aw_jiraengine\Plugin\Menu\CreateTicketMenuLink'
  route_name: aw_jiraengine.createTicket

Comments

VM’s picture

by admin do you mean the first created user in Drupal? if yes, that user has access to all view as root user. You would need to generate a separate user, and add that user to a role of admin.

alex_adaptive’s picture

Ahh, I didn't know the first user created would become the root user, although makes sense now I think about it. 

Although I have created another user, set them to have the administrator role, but the access check is still being ignored as an administrator. Could there be anything else that would be affecting this?

Vivek Panicker’s picture

Hi alex_adaptive,

From the code I can see that you are checking for the project parameter in the url and denying access if it is present.

I cannot see the code where you have specified admins are not allowed access. Could you please point that snippet out to me?

alex_adaptive’s picture

Hi Vivek,

Looking at the code, I am not denying access if it is present, I am allowing access? Anyways, it turns out I had to implement something in the isEnabled check for the menu link in order for it to work. If there is a way to close this, I will. Thanks for offering to help!!