Drupal 8.0.0 beta 12. More info: https://www.drupal.org/node/2514176

core/modules/user/src/Access/LoginStatusCheck.php

@@ -0,0 +1,37 @@
+<?php
+
+/**
+ * @file
+ * Contains \Drupal\user\Access\LoginStatusCheck.
+ */
+
+namespace Drupal\user\Access;
+
+use Drupal\Core\Access\AccessResult;
+use Drupal\Core\Routing\Access\AccessInterface;
+use Drupal\Core\Session\AccountInterface;
+use Symfony\Component\Routing\Route;
+
+/**
+ * Determines access to routes based on login status of current user.
+ */
+class LoginStatusCheck implements AccessInterface {
+
+  /**
+   * Checks access.
+   *
+   * @param \Drupal\Core\Session\AccountInterface $account
+   *   The currently logged in account.
+   * @param \Symfony\Component\Routing\Route $route
+   *   The route to check against.
+   *
+   * @return \Drupal\Core\Access\AccessResultInterface
+   *   The access result.
+   */
+  public function access(AccountInterface $account, Route $route) {
+    $required_status = filter_var($route->getRequirement('_user_is_logged_in'), FILTER_VALIDATE_BOOLEAN);
+    $actual_status = $account->isAuthenticated();
+    return AccessResult::allowedIf($required_status === $actual_status)->addCacheContexts(['user.roles:authenticated']);
+  }
+
+}

core/modules/user/src/Access/PermissionAccessCheck.php

@@ -0,0 +1,50 @@
+<?php
+
+/**
+ * @file
+ * Contains \Drupal\user\Access\PermissionAccessCheck.
+ */
+
+namespace Drupal\user\Access;
+
+use Drupal\Core\Access\AccessResult;
+use Drupal\Core\Routing\Access\AccessInterface;
+use Drupal\Core\Session\AccountInterface;
+use Symfony\Component\Routing\Route;
+
+/**
+ * Determines access to routes based on permissions defined via
+ * $module.permissions.yml files.
+ */
+class PermissionAccessCheck implements AccessInterface {
+
+  /**
+   * Checks access.
+   *
+   * @param \Symfony\Component\Routing\Route $route
+   *   The route to check against.
+   * @param \Drupal\Core\Session\AccountInterface $account
+   *   The currently logged in account.
+   *
+   * @return \Drupal\Core\Access\AccessResultInterface
+   *   The access result.
+   */
+  public function access(Route $route, AccountInterface $account) {
+    $permission = $route->getRequirement('_permission');
+
+    if ($permission === NULL) {
+      return AccessResult::neutral();
+    }
+
+    // Allow to conjunct the permissions with OR ('+') or AND (',').
+    $split = explode(',', $permission);
+    if (count($split) > 1) {
+      return AccessResult::allowedIfHasPermissions($account, $split, 'AND');
+    }
+    else {
+      $split = explode('+', $permission);
+      return AccessResult::allowedIfHasPermissions($account, $split, 'OR');
+    }
+  }
+
+}

core/modules/user/src/Access/RegisterAccessCheck.php

@@ -0,0 +1,32 @@
+<?php
+
+/**
+ * @file
+ * Contains \Drupal\user\Access\RegisterAccessCheck.
+ */
+
+namespace Drupal\user\Access;
+
+use Drupal\Core\Access\AccessResult;
+use Drupal\Core\Routing\Access\AccessInterface;
+use Drupal\Core\Session\AccountInterface;
+
+/**
+ * Access check for user registration routes.
+ */
+class RegisterAccessCheck implements AccessInterface {
+
+  /**
+   * Checks access.
+   *
+   * @param \Drupal\Core\Session\AccountInterface $account
+   *   The currently logged in account.
+   *
+   * @return \Drupal\Core\Access\AccessResultInterface
+   *   The access result.
+   */
+  public function access(AccountInterface $account) {
+    $user_settings = \Drupal::config('user.settings');
+    return AccessResult::allowedIf($account->isAnonymous() && $user_settings->get('register') != USER_REGISTER_ADMINISTRATORS_ONLY)->cacheUntilConfigurationChanges($user_settings);
+  }
+}

core/modules/user/src/Access/RoleAccessCheck.php

@@ -0,0 +1,58 @@
+<?php
+
+/**
+ * @file
+ * Contains \Drupal\user\Access\RoleAccessCheck.
+ */
+
+namespace Drupal\user\Access;
+
+use Drupal\Core\Access\AccessResult;
+use Drupal\Core\Routing\Access\AccessInterface;
+use Drupal\Core\Session\AccountInterface;
+use Symfony\Component\Routing\Route;
+
+/**
+ * Determines access to routes based on roles.
+ *
+ * You can specify the '_role' key on route requirements. If you specify a
+ * single role, users with that role with have access. If you specify multiple
+ * ones you can conjunct them with AND by using a "," and with OR by using "+".
+ */
+class RoleAccessCheck implements AccessInterface {
+
+  /**
+   * Checks access.
+   *
+   * @param \Symfony\Component\Routing\Route $route
+   *   The route to check against.
+   * @param \Drupal\Core\Session\AccountInterface $account
+   *   The currently logged in account.
+   *
+   * @return \Drupal\Core\Access\AccessResultInterface
+   *   The access result.
+   */
+  public function access(Route $route, AccountInterface $account) {
+    // Requirements just allow strings, so this might be a comma separated list.
+    $rid_string = $route->getRequirement('_role');
+
+    $explode_and = array_filter(array_map('trim', explode(',', $rid_string)));
+    if (count($explode_and) > 1) {
+      $diff = array_diff($explode_and, $account->getRoles());
+      if (empty($diff)) {
+        return AccessResult::allowed()->addCacheContexts(['user.roles']);
+      }
+    }
+    else {
+      $explode_or = array_filter(array_map('trim', explode('+', $rid_string)));
+      $intersection = array_intersect($explode_or, $account->getRoles());
+      if (!empty($intersection)) {
+        return AccessResult::allowed()->addCacheContexts(['user.roles']);
+      }
+    }
+
+    // If there is no allowed role, give other access checks a chance.
+    return AccessResult::neutral()->addCacheContexts(['user.roles']);
+  }
+
+}