From f812be0deffb713bd180caa4d5e6a4ea6ad35de4 Mon Sep 17 00:00:00 2001
From: catch <catch@35733.no-reply.drupal.org>
Date: Wed, 1 Feb 2023 09:56:06 +0000
Subject: [PATCH] Issue #3087868 by Charlie ChX Negyesi, Wim Leers, joachim,
smustgrave: Make the AccessResult API even clearer
---
.../Drupal/Core/Access/AccessResultInterface.php | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/core/lib/Drupal/Core/Access/AccessResultInterface.php b/core/lib/Drupal/Core/Access/AccessResultInterface.php
index 199ef3c22703..e912acb07894 100644
--- a/core/lib/Drupal/Core/Access/AccessResultInterface.php
+++ b/core/lib/Drupal/Core/Access/AccessResultInterface.php
@@ -23,6 +23,9 @@ interface AccessResultInterface {
/**
* Checks whether this access result indicates access is explicitly allowed.
*
+ * Call this method to check whether someone has access, to convert an access
+ * result object to boolean.
+ *
* @return bool
* When TRUE then isForbidden() and isNeutral() are FALSE.
*/
@@ -31,8 +34,13 @@ public function isAllowed();
/**
* Checks whether this access result indicates access is explicitly forbidden.
*
- * This is a kill switch — both orIf() and andIf() will result in
- * isForbidden() if either results are isForbidden().
+ * Call this when optimizing an access checker (for hook_entity_access() or a
+ * route requirement): if this is TRUE, the final result will be forbidden and
+ * no further checking is necessary.
+ *
+ * Do not use this method to decide whether someone has access, to convert an
+ * access result to boolean: just because this returns FALSE, the end result
+ * might be neutral which is not allowed. Always use isAllowed() for this.
*
* @return bool
* When TRUE then isAllowed() and isNeutral() are FALSE.
@@ -44,6 +52,8 @@ public function isForbidden();
*
* @return bool
* When TRUE then isAllowed() and isForbidden() are FALSE.
+ *
+ * @internal
*/
public function isNeutral();
--
GitLab