To create a custom access check on a route all you need to do is create a service that implements AccessInterface and use that to check access. Then in your routing.yml file enter the string that is returned by the appliesTo() method as the requirements.
Below are some non-custom ways of adding access checks:
By role
your_module.some_page:
path: '/path/to/page'
defaults:
_controller: '\Drupal\your_module\Controller\ControllerClassName::build'
_title: 'My Title'
requirements:
_role: 'administrator'
By Permission
your_module.some_page:
path: '/path/to/page'
defaults:
_controller: '\Drupal\your_module\Controller\ControllerClassName::build'
_title: 'My Title'
requirements:
_permission: 'access content'
An example below of creating custom access checking on routes.
Add the service to mymodule.services.yml
services:
mymodule.mycustom_access_check:
class: Drupal\mymodule\Access\MyCustomAccessCheck
arguments: ['@current_user']
tags:
- { name: access_check, applies_to: _mycustom_access_check }
Create the service Class MyCustomAccessCheck.php
<?php
namespace Drupal\mymodule\Access;
use Drupal\Core\Access\AccessResult;
use Drupal\Core\Routing\Access\AccessInterface;
use Drupal\Core\Session\AccountInterface;
use Symfony\Component\Routing\Route;
use Symfony\Component\HttpFoundation\Request;
/**
* Class MyCustomAccessCheck
* @package Drupal\mymodule\Access
*/
class MyCustomAccessCheck implements AccessInterface
{
/**
* @return string
*/
public function appliesTo()
{
return '_mycustom_access_check';
}
/**
* @param Route $route
* @param Request $request
* @param AccountInterface $account
* @return AccessResult|\Drupal\Core\Access\AccessResultAllowed
*/
public function access(Route $route, Request $request, AccountInterface $account)
{
// an example
if ($account->isAnonymous()) {
return AccessResult::allowed();
} else {
return AccessResult::forbidden();
}
}
}
Add custom permission in mymodule.routing.yml
mymodule.mypage:
path: '/mypage'
defaults:
_controller: '\Drupal\mymodule\Controller\MyModuleController::index'
_title: 'My Module Title'
requirements:
_mycustom_access_check: 'TRUE'
also you can use this method to add custom check access on routes.
Add the controller class
<?php
namespace Drupal\mymodule\Controller;
use Drupal\Core\Controller\ControllerBase;
class MyModuleController extends ControllerBase {
/**
* @return string[]
*/
public function index() {
return [
'#markup' => 'Hello world',
];
}
}
then you can check now if you have access to "/mypage" page. this page accessible just for anonymous users.
