checking route access for authenticated role

joachim

12/30/23, 11:29 AM

I'm outputting a link, made using Url::fromRoute(). If the current user is anonymous, and the route is not accessible to them, I'd like to show a 'Log in to use this link' text instead, simular to what comment module does.

But I want to show that link only if logging in would actually allow that. So I want to check $url->access() for an authenticated user.

I've tried making a temporary user entity with the authenticate role like this:

$dummy_authenticated_user = User::create([
  'roles' => [
    AccountInterface::AUTHENTICATED_ROLE,
  ],
]);

if ($url->access($dummy_authenticated_user)) {
  // ...
}

but that doesn't work because in the User entity class, the check for authenticated uses the uid:

public function isAuthenticated() {
  return $this->id() > 0;
}

Is there a way to do this?

160

1 + 5

users

routes

berliner

12/30/23, 11:30 PM

I think this question would benefit from more information. You don't have sufficient prior knowledge about the created links to be able to know before-hand if logging in would grant a user access to that link? In that case, it might help to know more about those links and how they get created.

apaderno

12/31/23, 10:11 PM

Generally speaking, you cannot know if a link will be accessible after a user logs in, without knowing which account will be used. That depends from the roles that account has, the permissions given to that account, and what the modules allow to that account. For example, a user could use the account with the ID equal to 1, but that account could not have access to the linked page because that page is only accessible to anonymous users.

joachim

1/1/24, 9:09 AM

Yes, I know that once the user logs in they might have additional roles. So the check might fail incorrectly. But I at least don't want it to show the log in link if the auth user role hasn't the permission.

joachim

1/1/24, 9:10 AM

In other words -- it might lie by omission (no link shown, but logging in DOES get you access to it) but not lie outright (don't show the link if logging in still won't get you access).

joachim

1/1/24, 9:11 AM

@berliner We don't know about the links. The access to the route is controlled by plugins, which have their own ideas about access. The only way to check access is to check access on the route.

Score:2

Drupal

4uk4

1/3/24, 7:53 AM

It's not necessary to create a user entity, you only need a user session object. Minimum requirement is that it implements AccountInterface:

$account = new UserSession([
  'uid' => 42,
  'roles' => ['authenticated'],
]);

$access = $url->access($account);

+ 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: checking route access for authenticated role

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.