Extracted code sample

code_samples/back_office/limitation/src/Controller/CustomController.php

@@ -0,0 +1,51 @@
+<?php declare(strict_types=1);
+
+namespace App\Controller;
+
+use Ibexa\Contracts\AdminUi\Controller\Controller;
+use Ibexa\Contracts\AdminUi\Permission\PermissionCheckerInterface;
+use Ibexa\Contracts\Core\Repository\PermissionResolver;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\Response;
+
+class CustomController extends Controller
+{
+    // ...
+    /** @var \Ibexa\Contracts\Core\Repository\PermissionResolver */
+    private $permissionResolver;
+
+    /** @var \Ibexa\Contracts\AdminUi\Permission\PermissionCheckerInterface */
+    private $permissionChecker;
+
+    public function __construct(
+        // ...,
+        PermissionResolver $permissionResolver,
+        PermissionCheckerInterface $permissionChecker
+    ) {
+        // ...
+        $this->permissionResolver = $permissionResolver;
+        $this->permissionChecker = $permissionChecker;
+    }
+
+    // Controller actions...
+    public function customAction(Request $request): Response
+    {
+        // ...
+        if ($this->getCustomLimitationValue()) {
+            // Action only for user having the custom limitation checked
+        }
+    }
+
+    private function getCustomLimitationValue(): bool
+    {
+        $customLimitationValues = $this->permissionChecker->getRestrictions($this->permissionResolver->hasAccess('custom_module', 'custom_function_2'), CustomLimitationValue::class);
+
+        return $customLimitationValues['value'] ?? false;
+    }
+
+    public function performAccessCheck()
+    {
+        parent::performAccessCheck();
+        $this->denyAccessUnlessGranted(new Attribute('custom_module', 'custom_function_2'));
+    }
+}