Drupal Core 10.3 Introduces New Access Policy API

people working in laptop

A new access policy API has been introduced in Drupal core version 10.3.0, allowing for the assignment of permissions through various methods beyond user roles or UID1. This new API enables the addition or removal of permissions based on contextual data such as domain, time of day, and user field values, creating a more flexible and customizable permission system. The API's build and alter phases ensure that permissions are calculated during the build phase, respecting cache contexts and allowing for potential alterations before the final immutable object is cached.

 Additionally, the concept of scopes and identifiers is introduced, allowing for the specification of permissions within specific scopes, and providing enhanced control over access policies. The AccessPolicyProcessor and VariationCache services play a crucial role in this system, while the use of Permission Checkers streamlines the process of utilizing the built permissions. This significant development in the Drupal core was detailed by Kristiaan Van den Eynde  on 18 November 2023 and is expected to enhance the platform's flexibility and customization capabilities.  

Read in detail here.

Note: The vision of this web portal is to help promote news and stories around the Drupal community and promote and celebrate the people and organizations in the community. We strive to create and distribute our content based on these content policy. If you see any omission/variation on this please let us know in the comments below and we will try to address the issue as best we can.

Advertisement Here

Upcoming Events

Latest Opportunities

Advertisement Here