How to Create custom Access Checking on Routes in Drupal 8

Category:

To create a custom access check on a route all you need to do is create a service that implements AccessInterface and use that to check access. Then in your routing.yml file enter the string that is returned by the appliesTo() method as the requirements.

Below are some non-custom ways of adding access checks:

By role

your_module.some_page:
  path: '/path/to/page'
  defaults:
    _controller: '\Drupal\your_module\Controller\ControllerClassName::build'
    _title: 'My Title'
  requirements:
    _role: 'administrator'

By Permission

your_module.some_page:
  path: '/path/to/page'
  defaults:
    _controller: '\Drupal\your_module\Controller\ControllerClassName::build'
    _title: 'My Title'
  requirements:
    _permission: 'access content'

An example below of creating custom access checking on routes.

Add the service to mymodule.services.yml

services:
  mymodule.mycustom_access_check:
    class: Drupal\mymodule\Access\MyCustomAccessCheck
    arguments: ['@current_user']
    tags:
      - { name: access_check, applies_to: _mycustom_access_check }

Create the service Class MyCustomAccessCheck.php

<?php

namespace Drupal\mymodule\Access;

use Drupal\Core\Access\AccessResult;
use Drupal\Core\Routing\Access\AccessInterface;
use Drupal\Core\Session\AccountInterface;
use Symfony\Component\Routing\Route;
use Symfony\Component\HttpFoundation\Request;

/**
 * Class MyCustomAccessCheck
 * @package Drupal\mymodule\Access
 */
class MyCustomAccessCheck implements AccessInterface
{
  /**
   * @return string
   */
  public function appliesTo()
  {
    return '_mycustom_access_check';
  }

  /**
   * @param Route $route
   * @param Request $request
   * @param AccountInterface $account
   * @return AccessResult|\Drupal\Core\Access\AccessResultAllowed
   */
  public function access(Route $route, Request $request, AccountInterface $account)
  {
    // an example
    if ($account->isAnonymous()) {
      return AccessResult::allowed();
    } else {
      return AccessResult::forbidden();
    }
  }

}

Add custom permission in mymodule.routing.yml

mymodule.mypage:
  path: '/mypage'
  defaults:
    _controller: '\Drupal\mymodule\Controller\MyModuleController::index'
    _title: 'My Module Title'
  requirements:
    _mycustom_access_check: 'TRUE'

also you can use this method to add custom check access on routes.

Add the controller class

<?php
namespace Drupal\mymodule\Controller;

use Drupal\Core\Controller\ControllerBase;


class MyModuleController extends ControllerBase {

  /**
   * @return string[]
   */
  public function index() {
    return [
      '#markup' => 'Hello world',
    ];
  }

}

then you can check now if you have access to "/mypage" page. this page accessible just for anonymous users.

Tags :

Drupal 8 & 9 & 10 Tutorial Drupal Tips Drupal