From 25afa8100ab9a3786594e8fc791c1d76490c42d0 Mon Sep 17 00:00:00 2001 From: webchick Date: Fri, 11 Jul 2014 22:41:12 -0700 Subject: [PATCH] Issue #2061977 by InternetDevels, kim.pepper, ianthomas_uk, herom: Replace user_access() calls with ->hasPermission() in all core modules except user. --- core/modules/comment/comment.module | 14 ++++++++------ .../comment/src/CommentAccessController.php | 10 +++++----- .../selection/CommentSelection.php | 4 ++-- .../comment/src/Tests/CommentLinksTest.php | 2 +- core/modules/contact/src/MessageForm.php | 2 +- .../content_translation.admin.inc | 4 ++-- .../content_translation.module | 14 +++++++++----- .../src/ContentTranslationHandler.php | 7 ++++--- core/modules/field_ui/field_ui.module | 7 ++++--- core/modules/filter/filter.module | 2 +- .../filter/src/Tests/FilterFormatAccessTest.php | 4 ++-- core/modules/node/node.api.php | 12 ++++++------ core/modules/node/node.module | 10 +++++----- core/modules/node/node.views_execution.inc | 7 ++++--- core/modules/node/src/NodeAccessController.php | 14 ++++++++------ core/modules/node/src/NodeForm.php | 15 ++++++++------- .../entity_reference/selection/NodeSelection.php | 2 +- .../src/Tests/NodeRevisionPermissionsTest.php | 4 ++-- .../node_access_test/node_access_test.module | 2 +- core/modules/system/entity.api.php | 2 +- core/modules/system/src/Form/ModulesListForm.php | 2 +- core/modules/system/system.api.php | 6 +++--- core/modules/system/system.module | 2 +- .../src/EntityTestAccessController.php | 8 ++++---- core/modules/system/theme.api.php | 2 +- core/modules/toolbar/toolbar.module | 2 +- core/modules/update/update.module | 2 +- core/modules/views/views.api.php | 8 ++++++-- core/modules/views/views.module | 2 +- 29 files changed, 94 insertions(+), 78 deletions(-) diff --git a/core/modules/comment/comment.module b/core/modules/comment/comment.module index 401a3cf99b3..78426546494 100644 --- a/core/modules/comment/comment.module +++ b/core/modules/comment/comment.module @@ -297,6 +297,7 @@ function comment_node_links_alter(array &$node_links, NodeInterface $node, array } $fields = \Drupal::service('comment.manager')->getFields('node'); + $current_user = \Drupal::currentUser(); foreach ($fields as $field_name => $detail) { // Skip fields that the node does not have. if (!$node->hasField($field_name)) { @@ -322,7 +323,7 @@ function comment_node_links_alter(array &$node_links, NodeInterface $node, array // Teaser view: display the number of comments that have been posted, // or a link to add new comments if the user has permission, the node // is open to new comments, and there currently are none. - if (user_access('access comments')) { + if ($current_user->hasPermission('access comments')) { if (!empty($node->get($field_name)->comment_count)) { $links['comment-comments'] = array( 'title' => format_plural($node->get($field_name)->comment_count, '1 comment', '@count comments'), @@ -348,7 +349,7 @@ function comment_node_links_alter(array &$node_links, NodeInterface $node, array // Provide a link to new comment form. if ($commenting_status == CommentItemInterface::OPEN) { $comment_form_location = $field_definition->getSetting('form_location'); - if (user_access('post comments')) { + if ($current_user->hasPermission('post comments')) { $links['comment-add'] = array( 'title' => t('Add new comment'), 'language' => $node->language(), @@ -380,10 +381,10 @@ function comment_node_links_alter(array &$node_links, NodeInterface $node, array // allowed to post comments and if this node is allowing new comments. if ($commenting_status == CommentItemInterface::OPEN) { $comment_form_location = $field_definition->getSetting('form_location'); - if (user_access('post comments')) { + if ($current_user->hasPermission('post comments')) { // Show the "post comment" link if the form is on another page, or // if there are existing comments that the link will skip past. - if ($comment_form_location == COMMENT_FORM_SEPARATE_PAGE || (!empty($node->get($field_name)->comment_count) && user_access('access comments'))) { + if ($comment_form_location == COMMENT_FORM_SEPARATE_PAGE || (!empty($node->get($field_name)->comment_count) && $current_user->hasPermission('access comments'))) { $links['comment-add'] = array( 'title' => t('Add new comment'), 'attributes' => array('title' => t('Share your thoughts and opinions related to this posting.')), @@ -546,7 +547,7 @@ function comment_get_thread(EntityInterface $entity, $field_name, $mode, $commen ->addMetaData('entity', $entity) ->addMetaData('field_name', $field_name); - if (!user_access('administer comments')) { + if (!\Drupal::currentUser()->hasPermission('administer comments')) { $query->condition('c.status', CommentInterface::PUBLISHED); $count_query->condition('c.status', CommentInterface::PUBLISHED); } @@ -1250,7 +1251,8 @@ function comment_ranking() { */ function comment_file_download_access($field, EntityInterface $entity, FileInterface $file) { if ($entity instanceof CommentInterface) { - if (user_access('access comments') && $entity->isPublished() || user_access('administer comments')) { + $current_user = \Drupal::currentUser(); + if ($current_user->hasPermission('access comments') && $entity->isPublished() || $current_user->hasPermission('administer comments')) { $commented_entity = $entity->getCommentedEntity(); // Check access to parent entity. return $commented_entity->access('view'); diff --git a/core/modules/comment/src/CommentAccessController.php b/core/modules/comment/src/CommentAccessController.php index fe03f3b9448..81b426ebfb7 100644 --- a/core/modules/comment/src/CommentAccessController.php +++ b/core/modules/comment/src/CommentAccessController.php @@ -25,19 +25,19 @@ class CommentAccessController extends EntityAccessController { /** @var \Drupal\Core\Entity\EntityInterface|\Drupal\user\EntityOwnerInterface $entity */ switch ($operation) { case 'view': - return user_access('access comments', $account); + return $account->hasPermission('access comments'); break; case 'update': - return ($account->id() && $account->id() == $entity->getOwnerId() && $entity->status->value == CommentInterface::PUBLISHED && user_access('edit own comments', $account)) || user_access('administer comments', $account); + return ($account->id() && $account->id() == $entity->getOwnerId() && $entity->status->value == CommentInterface::PUBLISHED && $account->hasPermission('edit own comments')) || $account->hasPermission('administer comments'); break; case 'delete': - return user_access('administer comments', $account); + return $account->hasPermission('administer comments'); break; case 'approve': - return user_access('administer comments', $account); + return $account->hasPermission('administer comments'); break; } } @@ -46,7 +46,7 @@ class CommentAccessController extends EntityAccessController { * {@inheritdoc} */ protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) { - return user_access('post comments', $account); + return $account->hasPermission('post comments'); } } diff --git a/core/modules/comment/src/Plugin/entity_reference/selection/CommentSelection.php b/core/modules/comment/src/Plugin/entity_reference/selection/CommentSelection.php index a1ebe2afafa..b6f63a0bb18 100644 --- a/core/modules/comment/src/Plugin/entity_reference/selection/CommentSelection.php +++ b/core/modules/comment/src/Plugin/entity_reference/selection/CommentSelection.php @@ -33,7 +33,7 @@ class CommentSelection extends SelectionBase { // Adding the 'comment_access' tag is sadly insufficient for comments: // core requires us to also know about the concept of 'published' and // 'unpublished'. - if (!user_access('administer comments')) { + if (!\Drupal::currentUser()->hasPermission('administer comments')) { $query->condition('status', CommentInterface::PUBLISHED); } return $query; @@ -61,7 +61,7 @@ class CommentSelection extends SelectionBase { // Passing the query to node_query_node_access_alter() is sadly // insufficient for nodes. // @see SelectionEntityTypeNode::entityQueryAlter() - if (!user_access('bypass node access') && !count(\Drupal::moduleHandler()->getImplementations('node_grants'))) { + if (!\Drupal::currentUser()->hasPermission('bypass node access') && !count(\Drupal::moduleHandler()->getImplementations('node_grants'))) { $query->condition($node_alias . '.status', 1); } } diff --git a/core/modules/comment/src/Tests/CommentLinksTest.php b/core/modules/comment/src/Tests/CommentLinksTest.php index 3b40bdd308a..5b2debba2a0 100644 --- a/core/modules/comment/src/Tests/CommentLinksTest.php +++ b/core/modules/comment/src/Tests/CommentLinksTest.php @@ -258,7 +258,7 @@ class CommentLinksTest extends CommentTestBase { // authenticated users are allowed to post comments. // @see \Drupal\comment\CommentManagerInterface::forbiddenMessage() if (!$this->loggedInUser) { - if (user_access('post comments', $this->web_user)) { + if ($this->web_user->hasPermission('post comments')) { // The note depends on whether users are actually able to register. if ($info['user_register'] != USER_REGISTER_ADMINISTRATORS_ONLY) { $this->assertText('Log in or register to post comments'); diff --git a/core/modules/contact/src/MessageForm.php b/core/modules/contact/src/MessageForm.php index 5915fd0cf5d..85dabd1afb9 100644 --- a/core/modules/contact/src/MessageForm.php +++ b/core/modules/contact/src/MessageForm.php @@ -248,7 +248,7 @@ class MessageForm extends ContentEntityForm { // To avoid false error messages caused by flood control, redirect away from // the contact form; either to the contacted user account or the front page. - if ($message->isPersonal() && user_access('access user profiles')) { + if ($message->isPersonal() && $user->hasPermission('access user profiles')) { $form_state['redirect_route'] = $message->getPersonalRecipient()->urlInfo(); } else { diff --git a/core/modules/content_translation/content_translation.admin.inc b/core/modules/content_translation/content_translation.admin.inc index 343a108e351..7e7e790eeac 100644 --- a/core/modules/content_translation/content_translation.admin.inc +++ b/core/modules/content_translation/content_translation.admin.inc @@ -63,7 +63,7 @@ function content_translation_field_sync_widget(FieldDefinitionInterface $field) function _content_translation_form_language_content_settings_form_alter(array &$form, array &$form_state) { // Inject into the content language settings the translation settings if the // user has the required permission. - if (!user_access('administer content translation')) { + if (!\Drupal::currentUser()->hasPermission('administer content translation')) { return; } @@ -139,7 +139,7 @@ function _content_translation_form_language_content_settings_form_alter(array &$ function _content_translation_preprocess_language_content_settings_table(&$variables) { // Alter the 'build' variable injecting the translation settings if the user // has the required permission. - if (!user_access('administer content translation')) { + if (!\Drupal::currentUser()->hasPermission('administer content translation')) { return; } diff --git a/core/modules/content_translation/content_translation.module b/core/modules/content_translation/content_translation.module index 0d22898397b..858ffba4b01 100644 --- a/core/modules/content_translation/content_translation.module +++ b/core/modules/content_translation/content_translation.module @@ -249,8 +249,9 @@ function _content_translation_menu_strip_loaders($path) { * The entity whose translation overview should be displayed. */ function content_translation_translate_access(EntityInterface $entity) { + $account = \Drupal::currentUser(); return $entity instanceof ContentEntityInterface && empty($entity->getUntranslated()->language()->locked) && \Drupal::languageManager()->isMultilingual() && $entity->isTranslatable() && - (user_access('create content translations') || user_access('update content translations') || user_access('delete content translations')); + ($account->hasPermission('create content translations') || $account->hasPermission('update content translations') || $account->hasPermission('delete content translations')); } /** @@ -494,9 +495,12 @@ function content_translation_language_fallback_candidates_entity_view_alter(&$ca $entity_type_id = $entity->getEntityTypeId(); $entity_type = $entity->getEntityType(); $permission = $entity_type->getPermissionGranularity() == 'bundle' ? $permission = "translate {$entity->bundle()} $entity_type_id" : "translate $entity_type_id"; - foreach ($entity->getTranslationLanguages() as $langcode => $language) { - if (empty($entity->translation[$langcode]['status']) && !user_access('translate any entity') && !user_access($permission)) { - unset($candidates[$langcode]); + $current_user = \Drupal::currentuser(); + if (!$current_user->hasPermission('translate any entity') && !$current_user->hasPermission($permission)) { + foreach ($entity->getTranslationLanguages() as $langcode => $language) { + if (empty($entity->translation[$langcode]['status'])) { + unset($candidates[$langcode]); + } } } } @@ -742,7 +746,7 @@ function content_translation_enable_widget($entity_type, $bundle, array &$form, * Processed language configuration element. */ function content_translation_language_configuration_element_process(array $element, array &$form_state, array &$form) { - if (empty($element['#content_translation_skip_alter']) && user_access('administer content translation')) { + if (empty($element['#content_translation_skip_alter']) && \Drupal::currentUser()->hasPermission('administer content translation')) { $form_state['content_translation']['key'] = $element['#name']; $context = $form_state['language'][$element['#name']]; diff --git a/core/modules/content_translation/src/ContentTranslationHandler.php b/core/modules/content_translation/src/ContentTranslationHandler.php index 500ae4978ef..7510d2e0799 100644 --- a/core/modules/content_translation/src/ContentTranslationHandler.php +++ b/core/modules/content_translation/src/ContentTranslationHandler.php @@ -65,10 +65,11 @@ class ContentTranslationHandler implements ContentTranslationHandlerInterface { $translate_permission = TRUE; // If no permission granularity is defined this entity type does not need an // explicit translate permission. - if (!user_access('translate any entity') && $permission_granularity = $entity_type->getPermissionGranularity()) { - $translate_permission = user_access($permission_granularity == 'bundle' ? "translate {$entity->bundle()} {$entity->getEntityTypeId()}" : "translate {$entity->getEntityTypeId()}"); + $current_user = \Drupal::currentUser(); + if (!$current_user->hasPermission('translate any entity') && $permission_granularity = $entity_type->getPermissionGranularity()) { + $translate_permission = $current_user->hasPermission($permission_granularity == 'bundle' ? "translate {$entity->bundle()} {$entity->getEntityTypeId()}" : "translate {$entity->getEntityTypeId()}"); } - return $translate_permission && user_access("$op content translations"); + return $translate_permission && $current_user->hasPermission("$op content translations"); } /** diff --git a/core/modules/field_ui/field_ui.module b/core/modules/field_ui/field_ui.module index 1dbee70c449..4fe550ccd3a 100644 --- a/core/modules/field_ui/field_ui.module +++ b/core/modules/field_ui/field_ui.module @@ -169,19 +169,20 @@ function field_ui_entity_operation(EntityInterface $entity) { // Add manage fields and display links if this entity type is the bundle // of another. if ($bundle_of = $info->getBundleOf()) { - if (user_access('administer '. $bundle_of . ' fields')) { + $account = \Drupal::currentUser(); + if ($account->hasPermission('administer '. $bundle_of . ' fields')) { $operations['manage-fields'] = array( 'title' => t('Manage fields'), 'weight' => 15, ) + $entity->urlInfo('field_ui-fields')->toArray(); } - if (user_access('administer '. $bundle_of . ' form display')) { + if ($account->hasPermission('administer '. $bundle_of . ' form display')) { $operations['manage-form-display'] = array( 'title' => t('Manage form display'), 'weight' => 20, ) + $entity->urlInfo('field_ui-form-display')->toArray(); } - if (user_access('administer '. $bundle_of . ' display')) { + if ($account->hasPermission('administer '. $bundle_of . ' display')) { $operations['manage-display'] = array( 'title' => t('Manage display'), 'weight' => 25, diff --git a/core/modules/filter/filter.module b/core/modules/filter/filter.module index 9d38bba0514..68b445e8d96 100644 --- a/core/modules/filter/filter.module +++ b/core/modules/filter/filter.module @@ -622,7 +622,7 @@ function filter_process_format($element) { $format_exists = isset($all_formats[$element['#format']]); $format_allowed = !isset($element['#allowed_formats']) || in_array($element['#format'], $element['#allowed_formats']); $user_has_access = isset($formats[$element['#format']]); - $user_is_admin = user_access('administer filters'); + $user_is_admin = \Drupal::currentUser()->hasPermission('administer filters'); // If the stored format does not exist or if it is not among the allowed // formats for this textarea, administrators have to assign a new format. diff --git a/core/modules/filter/src/Tests/FilterFormatAccessTest.php b/core/modules/filter/src/Tests/FilterFormatAccessTest.php index 8689305ea48..9f4234f6a58 100644 --- a/core/modules/filter/src/Tests/FilterFormatAccessTest.php +++ b/core/modules/filter/src/Tests/FilterFormatAccessTest.php @@ -132,8 +132,8 @@ class FilterFormatAccessTest extends WebTestBase { // Make sure that a regular user only has permission to use the format // they were granted access to. - $this->assertTrue(user_access($this->allowed_format->getPermissionName(), $this->web_user), 'A regular user has permission to use the allowed text format.'); - $this->assertFalse(user_access($this->disallowed_format->getPermissionName(), $this->web_user), 'A regular user does not have permission to use the disallowed text format.'); + $this->assertTrue($this->web_user->hasPermission($this->allowed_format->getPermissionName()), 'A regular user has permission to use the allowed text format.'); + $this->assertFalse($this->web_user->hasPermission($this->disallowed_format->getPermissionName()), 'A regular user does not have permission to use the disallowed text format.'); // Make sure that the allowed format appears on the node form and that // the disallowed format does not. diff --git a/core/modules/node/node.api.php b/core/modules/node/node.api.php index 247c239ca4e..dd47b47c7ce 100644 --- a/core/modules/node/node.api.php +++ b/core/modules/node/node.api.php @@ -79,7 +79,7 @@ use Drupal\Component\Utility\Xss; * @ingroup node_access */ function hook_node_grants(\Drupal\Core\Session\AccountInterface $account, $op) { - if (user_access('access private content', $account)) { + if ($account->hasPermission('access private content')) { $grants['example'] = array(1); } $grants['example_owner'] = array($account->id()); @@ -311,7 +311,7 @@ function hook_node_grants_alter(&$grants, \Drupal\Core\Session\AccountInterface * - "delete" * - "update" * - "view" - * @param object $account + * @param \Drupal\Core\Session\AccountInterface $account * The user object to perform the access check operation on. * @param object $langcode * The language code to perform the access check operation on. @@ -323,23 +323,23 @@ function hook_node_grants_alter(&$grants, \Drupal\Core\Session\AccountInterface * * @ingroup node_access */ -function hook_node_access(\Drupal\node\NodeInterface $node, $op, $account, $langcode) { +function hook_node_access(\Drupal\node\NodeInterface $node, $op, \Drupal\Core\Session\AccountInterface $account, $langcode) { $type = is_string($node) ? $node : $node->getType(); $configured_types = node_permissions_get_configured_types(); if (isset($configured_types[$type])) { - if ($op == 'create' && user_access('create ' . $type . ' content', $account)) { + if ($op == 'create' && $account->hasPermission('create ' . $type . ' content')) { return NODE_ACCESS_ALLOW; } if ($op == 'update') { - if (user_access('edit any ' . $type . ' content', $account) || (user_access('edit own ' . $type . ' content', $account) && ($account->id() == $node->getOwnerId()))) { + if ($account->hasPermission('edit any ' . $type . ' content', $account) || ($account->hasPermission('edit own ' . $type . ' content') && ($account->id() == $node->getOwnerId()))) { return NODE_ACCESS_ALLOW; } } if ($op == 'delete') { - if (user_access('delete any ' . $type . ' content', $account) || (user_access('delete own ' . $type . ' content', $account) && ($account->id() == $node->getOwnerId()))) { + if ($account->hasPermission('delete any ' . $type . ' content', $account) || ($account->hasPermission('delete own ' . $type . ' content') && ($account->id() == $node->getOwnerId()))) { return NODE_ACCESS_ALLOW; } } diff --git a/core/modules/node/node.module b/core/modules/node/node.module index a34ca8225c0..f23559e533b 100644 --- a/core/modules/node/node.module +++ b/core/modules/node/node.module @@ -93,7 +93,7 @@ function node_help($route_name, RouteMatchInterface $route_match) { // for rebuild. We don't need to issue the message on the confirm form, or // while the rebuild is being processed. if ($route_name != 'node.configure_rebuild_confirm' && $route_name != 'system.batch_page.normal' && $route_name != 'help.page.node' && $route_name != 'help.main' - && user_access('access administration pages') && node_access_needs_rebuild()) { + && \Drupal::currentUser()->hasPermission('access administration pages') && node_access_needs_rebuild()) { if ($route_name == 'system.status') { $message = t('The content access permissions need to be rebuilt.'); } @@ -1159,18 +1159,18 @@ function node_node_access(NodeInterface $node, $op, $account) { $configured_types = node_permissions_get_configured_types(); if (isset($configured_types[$type])) { - if ($op == 'create' && user_access('create ' . $type . ' content', $account)) { + if ($op == 'create' && $account->hasPermission('create ' . $type . ' content', $account)) { return NODE_ACCESS_ALLOW; } if ($op == 'update') { - if (user_access('edit any ' . $type . ' content', $account) || (user_access('edit own ' . $type . ' content', $account) && ($account->id() == $node->getOwnerId()))) { + if ($account->hasPermission('edit any ' . $type . ' content', $account) || ($account->hasPermission('edit own ' . $type . ' content', $account) && ($account->id() == $node->getOwnerId()))) { return NODE_ACCESS_ALLOW; } } if ($op == 'delete') { - if (user_access('delete any ' . $type . ' content', $account) || (user_access('delete own ' . $type . ' content', $account) && ($account->id() == $node->getOwnerId()))) { + if ($account->hasPermission('delete any ' . $type . ' content', $account) || ($account->hasPermission('delete own ' . $type . ' content', $account) && ($account->id() == $node->getOwnerId()))) { return NODE_ACCESS_ALLOW; } } @@ -1349,7 +1349,7 @@ function node_query_node_access_alter(AlterableInterface $query) { // If $account can bypass node access, or there are no node access modules, // or the operation is 'view' and the $account has a global view grant // (such as a view grant for node ID 0), we don't need to alter the query. - if (user_access('bypass node access', $account)) { + if ($account->hasPermission('bypass node access')) { return; } if (!count(\Drupal::moduleHandler()->getImplementations('node_grants'))) { diff --git a/core/modules/node/node.views_execution.inc b/core/modules/node/node.views_execution.inc index daedc338810..f97b8adeccb 100644 --- a/core/modules/node/node.views_execution.inc +++ b/core/modules/node/node.views_execution.inc @@ -11,10 +11,11 @@ use Drupal\views\ViewExecutable; * Implements hook_views_query_substitutions(). */ function node_views_query_substitutions(ViewExecutable $view) { + $account = \Drupal::currentUser(); return array( - '***ADMINISTER_NODES***' => intval(user_access('administer nodes')), - '***VIEW_OWN_UNPUBLISHED_NODES***' => intval(user_access('view own unpublished content')), - '***BYPASS_NODE_ACCESS***' => intval(user_access('bypass node access')), + '***ADMINISTER_NODES***' => intval($account->hasPermission('administer nodes')), + '***VIEW_OWN_UNPUBLISHED_NODES***' => intval($account->hasPermission('view own unpublished content')), + '***BYPASS_NODE_ACCESS***' => intval($account->hasPermission('bypass node access')), ); } diff --git a/core/modules/node/src/NodeAccessController.php b/core/modules/node/src/NodeAccessController.php index 6c058ad7b21..ab38a266c17 100644 --- a/core/modules/node/src/NodeAccessController.php +++ b/core/modules/node/src/NodeAccessController.php @@ -59,10 +59,12 @@ class NodeAccessController extends EntityAccessController implements NodeAccessC * {@inheritdoc} */ public function access(EntityInterface $entity, $operation, $langcode = LanguageInterface::LANGCODE_DEFAULT, AccountInterface $account = NULL) { - if (user_access('bypass node access', $account)) { + $account = $this->prepareUser($account); + + if ($account->hasPermission('bypass node access')) { return TRUE; } - if (!user_access('access content', $account)) { + if (!$account->hasPermission('access content')) { return FALSE; } return parent::access($entity, $operation, $langcode, $account); @@ -74,10 +76,10 @@ class NodeAccessController extends EntityAccessController implements NodeAccessC public function createAccess($entity_bundle = NULL, AccountInterface $account = NULL, array $context = array()) { $account = $this->prepareUser($account); - if (user_access('bypass node access', $account)) { + if ($account->hasPermission('bypass node access')) { return TRUE; } - if (!user_access('access content', $account)) { + if (!$account->hasPermission('access content')) { return FALSE; } @@ -96,7 +98,7 @@ class NodeAccessController extends EntityAccessController implements NodeAccessC $uid = $translation->getOwnerId(); // Check if authors can view their own unpublished nodes. - if ($operation === 'view' && !$status && user_access('view own unpublished content', $account)) { + if ($operation === 'view' && !$status && $account->hasPermission('view own unpublished content')) { if ($account->id() != 0 && $account->id() == $uid) { return TRUE; @@ -122,7 +124,7 @@ class NodeAccessController extends EntityAccessController implements NodeAccessC protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) { $configured_types = node_permissions_get_configured_types(); if (isset($configured_types[$entity_bundle])) { - return user_access('create ' . $entity_bundle . ' content', $account); + return $account->hasPermission('create ' . $entity_bundle . ' content'); } } diff --git a/core/modules/node/src/NodeForm.php b/core/modules/node/src/NodeForm.php index 9e3dafc9dc1..69d91a5d776 100644 --- a/core/modules/node/src/NodeForm.php +++ b/core/modules/node/src/NodeForm.php @@ -53,6 +53,7 @@ class NodeForm extends ContentEntityForm { $form['#title'] = $this->t('Edit @type @title', array('@type' => node_get_type_label($node), '@title' => $node->label())); } + $current_user = \Drupal::currentUser(); $user_config = \Drupal::config('user.settings'); // Some special stuff when previewing a node. if (isset($form_state['node_preview'])) { @@ -112,7 +113,7 @@ class NodeForm extends ContentEntityForm { '#type' => 'checkbox', '#title' => t('Create new revision'), '#default_value' => !empty($this->settings['options']['revision']), - '#access' => $node->isNewRevision() || user_access('administer nodes'), + '#access' => $node->isNewRevision() || $current_user->hasPermission('administer nodes'), '#group' => 'revision_information', ); @@ -128,7 +129,7 @@ class NodeForm extends ContentEntityForm { ), ), '#group' => 'revision_information', - '#access' => $node->isNewRevision() || user_access('administer nodes'), + '#access' => $node->isNewRevision() || $current_user->hasPermission('administer nodes'), ); // Node author information for administrators. @@ -161,7 +162,7 @@ class NodeForm extends ContentEntityForm { '#weight' => -1, '#description' => t('Leave blank for %anonymous.', array('%anonymous' => $user_config->get('anonymous'))), '#group' => 'author', - '#access' => user_access('administer nodes'), + '#access' => $current_user->hasPermission('administer nodes'), ); $form['created'] = array( '#type' => 'textfield', @@ -170,7 +171,7 @@ class NodeForm extends ContentEntityForm { '#description' => t('Format: %time. The date format is YYYY-MM-DD and %timezone is the time zone offset from UTC. Leave blank to use the time of form submission.', array('%time' => !empty($node->date) ? date_format(date_create($node->date), 'Y-m-d H:i:s O') : format_date($node->getCreatedTime(), 'custom', 'Y-m-d H:i:s O'), '%timezone' => !empty($node->date) ? date_format(date_create($node->date), 'O') : format_date($node->getCreatedTime(), 'custom', 'O'))), '#default_value' => !empty($node->date) ? $node->date : '', '#group' => 'author', - '#access' => user_access('administer nodes'), + '#access' => $current_user->hasPermission('administer nodes'), ); // Node options for administrators. @@ -193,7 +194,7 @@ class NodeForm extends ContentEntityForm { '#title' => t('Promoted to front page'), '#default_value' => $node->isPromoted(), '#group' => 'options', - '#access' => user_access('administer nodes'), + '#access' => $current_user->hasPermission('administer nodes'), ); $form['sticky'] = array( @@ -201,7 +202,7 @@ class NodeForm extends ContentEntityForm { '#title' => t('Sticky at top of lists'), '#default_value' => $node->isSticky(), '#group' => 'options', - '#access' => user_access('administer nodes'), + '#access' => $current_user->hasPermission('administer nodes'), ); return parent::form($form, $form_state, $node); @@ -223,7 +224,7 @@ class NodeForm extends ContentEntityForm { // modules to integrate with "the Save operation" of this form. Modules // need a way to plug themselves into 1) the ::submit() step, and // 2) the ::save() step, both decoupled from the pressed form button. - if ($element['submit']['#access'] && user_access('administer nodes')) { + if ($element['submit']['#access'] && \Drupal::currentUser()->hasPermission('administer nodes')) { // isNew | prev status » default & publish label & unpublish label // 1 | 1 » publish & Save and publish & Save as unpublished // 1 | 0 » unpublish & Save and publish & Save as unpublished diff --git a/core/modules/node/src/Plugin/entity_reference/selection/NodeSelection.php b/core/modules/node/src/Plugin/entity_reference/selection/NodeSelection.php index dbbda10e234..f850270cd8d 100644 --- a/core/modules/node/src/Plugin/entity_reference/selection/NodeSelection.php +++ b/core/modules/node/src/Plugin/entity_reference/selection/NodeSelection.php @@ -32,7 +32,7 @@ class NodeSelection extends SelectionBase { // 'unpublished'. We need to do that as long as there are no access control // modules in use on the site. As long as one access control module is there, // it is supposed to handle this check. - if (!user_access('bypass node access') && !count(\Drupal::moduleHandler()->getImplementations('node_grants'))) { + if (!\Drupal::currentUser()->hasPermission('bypass node access') && !count(\Drupal::moduleHandler()->getImplementations('node_grants'))) { $query->condition('status', NODE_PUBLISHED); } return $query; diff --git a/core/modules/node/src/Tests/NodeRevisionPermissionsTest.php b/core/modules/node/src/Tests/NodeRevisionPermissionsTest.php index bba2587c046..57c32c37c0f 100644 --- a/core/modules/node/src/Tests/NodeRevisionPermissionsTest.php +++ b/core/modules/node/src/Tests/NodeRevisionPermissionsTest.php @@ -94,7 +94,7 @@ class NodeRevisionPermissionsTest extends NodeTestBase { foreach ($permutations as $case) { // Skip this test if there are no revisions for the node. if (!($revision->isDefaultRevision() && (db_query('SELECT COUNT(vid) FROM {node_field_revision} WHERE nid = :nid', array(':nid' => $revision->id()))->fetchField() == 1 || $case['op'] == 'update' || $case['op'] == 'delete'))) { - if (!empty($case['account']->is_admin) || user_access($this->map[$case['op']], $case['account'])) { + if (!empty($case['account']->is_admin) || $case['account']->hasPermission($this->map[$case['op']])) { $this->assertTrue($node_revision_access->checkAccess($revision, $case['account'], $case['op']), "{$this->map[$case['op']]} granted."); } else { @@ -141,7 +141,7 @@ class NodeRevisionPermissionsTest extends NodeTestBase { foreach ($permutations as $case) { // Skip this test if there are no revisions for the node. if (!($revision->isDefaultRevision() && (db_query('SELECT COUNT(vid) FROM {node_field_revision} WHERE nid = :nid', array(':nid' => $revision->id()))->fetchField() == 1 || $case['op'] == 'update' || $case['op'] == 'delete'))) { - if (!empty($case['account']->is_admin) || user_access($this->type_map[$case['op']], $case['account'])) { + if (!empty($case['account']->is_admin) || $case['account']->hasPermission($this->type_map[$case['op']], $case['account'])) { $this->assertTrue($node_revision_access->checkAccess($revision, $case['account'], $case['op']), "{$this->type_map[$case['op']]} granted."); } else { diff --git a/core/modules/node/tests/modules/node_access_test/node_access_test.module b/core/modules/node/tests/modules/node_access_test/node_access_test.module index 696f29ef9bb..64c7476d4b3 100644 --- a/core/modules/node/tests/modules/node_access_test/node_access_test.module +++ b/core/modules/node/tests/modules/node_access_test/node_access_test.module @@ -49,7 +49,7 @@ use Drupal\node\NodeInterface; function node_access_test_node_grants($account, $op) { $grants = array(); $grants['node_access_test_author'] = array($account->id()); - if ($op == 'view' && user_access('node test view', $account)) { + if ($op == 'view' && $account->hasPermission('node test view', $account)) { $grants['node_access_test'] = array(8888, 8889); } diff --git a/core/modules/system/entity.api.php b/core/modules/system/entity.api.php index 1bab346dd20..5388dab3cf2 100644 --- a/core/modules/system/entity.api.php +++ b/core/modules/system/entity.api.php @@ -1521,7 +1521,7 @@ function hook_entity_operation_alter(array &$operations, \Drupal\Core\Entity\Ent */ function hook_entity_field_access($operation, \Drupal\Core\Field\FieldDefinitionInterface $field_definition, \Drupal\Core\Session\AccountInterface $account, \Drupal\Core\Field\FieldItemListInterface $items = NULL) { if ($field_definition->getName() == 'field_of_interest' && $operation == 'edit') { - return user_access('update field of interest', $account); + return $account->hasPermission('update field of interest'); } } diff --git a/core/modules/system/src/Form/ModulesListForm.php b/core/modules/system/src/Form/ModulesListForm.php index f825071da6a..da1ecd05bbc 100644 --- a/core/modules/system/src/Form/ModulesListForm.php +++ b/core/modules/system/src/Form/ModulesListForm.php @@ -235,7 +235,7 @@ class ModulesListForm extends FormBase { // Generate link for module's permission, if the user has access to it. $row['links']['permissions'] = array(); - if ($module->status && user_access('administer permissions') && in_array($module->getName(), $this->moduleHandler->getImplementations('permission'))) { + if ($module->status && \Drupal::currentUser()->hasPermission('administer permissions') && in_array($module->getName(), $this->moduleHandler->getImplementations('permission'))) { $row['links']['permissions'] = array( '#type' => 'link', '#title' => $this->t('Permissions'), diff --git a/core/modules/system/system.api.php b/core/modules/system/system.api.php index 461c4317236..049375b943a 100644 --- a/core/modules/system/system.api.php +++ b/core/modules/system/system.api.php @@ -946,7 +946,7 @@ function hook_system_info_alter(array &$info, \Drupal\Core\Extension\Extension $ * can be selected on the user permissions page and used to grant or restrict * access to actions the module performs. * - * Permissions are checked using user_access(). + * Permissions are checked using \Drupal::currentUser()->hasPermission(). * * For a detailed usage example, see page_example.module. * @@ -1232,7 +1232,7 @@ function hook_theme_registry_alter(&$theme_registry) { * @see _template_preprocess_default_variables() */ function hook_template_preprocess_default_variables_alter(&$variables) { - $variables['is_admin'] = user_access('access administration pages'); + $variables['is_admin'] = \Drupal::currentUser()->hasPermission('access administration pages'); } /** @@ -1834,7 +1834,7 @@ function hook_query_TAG_alter(Drupal\Core\Database\Query\AlterableInterface $que $op = 'view'; } // Skip the extra joins and conditions for node admins. - if (!user_access('bypass node access')) { + if (!\Drupal::currentUser()->hasPermission('bypass node access')) { // The node_access table has the access grants for any given node. $access_alias = $query->join('node_access', 'na', '%alias.nid = n.nid'); $or = db_or(); diff --git a/core/modules/system/system.module b/core/modules/system/system.module index 4a57520bdbc..74fc69b008f 100644 --- a/core/modules/system/system.module +++ b/core/modules/system/system.module @@ -754,7 +754,7 @@ function system_stream_wrappers() { * Menu item access callback - only enabled themes can be accessed. */ function _system_themes_access($theme) { - return user_access('administer themes') && drupal_theme_access($theme); + return \Drupal::currentUser()->hasPermission('administer themes') && drupal_theme_access($theme); } /** diff --git a/core/modules/system/tests/modules/entity_test/src/EntityTestAccessController.php b/core/modules/system/tests/modules/entity_test/src/EntityTestAccessController.php index 5f2348738fb..9f5fd46d848 100644 --- a/core/modules/system/tests/modules/entity_test/src/EntityTestAccessController.php +++ b/core/modules/system/tests/modules/entity_test/src/EntityTestAccessController.php @@ -23,12 +23,12 @@ class EntityTestAccessController extends EntityAccessController { protected function checkAccess(EntityInterface $entity, $operation, $langcode, AccountInterface $account) { if ($operation === 'view') { if ($langcode != LanguageInterface::LANGCODE_DEFAULT) { - return user_access('view test entity translations', $account); + return $account->hasPermission('view test entity translations'); } - return user_access('view test entity', $account); + return $account->hasPermission('view test entity'); } elseif (in_array($operation, array('update', 'delete'))) { - return user_access('administer entity_test content', $account); + return $account->hasPermission('administer entity_test content'); } } @@ -36,7 +36,7 @@ class EntityTestAccessController extends EntityAccessController { * {@inheritdoc} */ protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) { - return user_access('administer entity_test content', $account); + return $account->hasPermission('administer entity_test content'); } } diff --git a/core/modules/system/theme.api.php b/core/modules/system/theme.api.php index 08c9cf0df59..ecfa2290611 100644 --- a/core/modules/system/theme.api.php +++ b/core/modules/system/theme.api.php @@ -199,7 +199,7 @@ function hook_preprocess(&$variables, $hook) { // Add contextual links to the variables, if the user has permission. - if (!user_access('access contextual links')) { + if (!\Drupal::currentUser()->hasPermission('access contextual links')) { return; } diff --git a/core/modules/toolbar/toolbar.module b/core/modules/toolbar/toolbar.module index 83917807c61..c80387238cf 100644 --- a/core/modules/toolbar/toolbar.module +++ b/core/modules/toolbar/toolbar.module @@ -151,7 +151,7 @@ function _toolbar_initialize_page_cache() { function toolbar_page_build(&$page) { $page['page_top']['toolbar'] = array( '#type' => 'toolbar', - '#access' => user_access('access toolbar'), + '#access' => \Drupal::currentUser()->hasPermission('access toolbar'), ); } diff --git a/core/modules/update/update.module b/core/modules/update/update.module index 243eae9ace0..1dbfcf972e6 100644 --- a/core/modules/update/update.module +++ b/core/modules/update/update.module @@ -164,7 +164,7 @@ function update_page_build() { * @see update_menu() */ function update_manager_access() { - return Settings::get('allow_authorize_operations', TRUE) && user_access('administer software updates'); + return Settings::get('allow_authorize_operations', TRUE) && \Drupal::currentUser()->hasPermission('administer software updates'); } /** diff --git a/core/modules/views/views.api.php b/core/modules/views/views.api.php index 578e376d7d3..836f4bea3cb 100644 --- a/core/modules/views/views.api.php +++ b/core/modules/views/views.api.php @@ -480,7 +480,9 @@ function hook_views_form_substitutions() { function hook_views_pre_view(ViewExecutable $view, $display_id, array &$args) { // Modify contextual filters for my_special_view if user has 'my special permission'. - if ($view->name == 'my_special_view' && user_access('my special permission')) { + $account = \Drupal::currentUser(); + + if ($view->name == 'my_special_view' && $account->hasPermission('my special permission') && $display_id == 'public_display') { $args[0] = 'custom value'; } } @@ -547,7 +549,9 @@ function hook_views_pre_execute(ViewExecutable $view) { // view administrators that the query might be heavy. // (This action could be performed later in the execution process, but not // earlier.) - if (count($view->query->tables) > 2 && user_access('administer views')) { + $account = \Drupal::currentUser(); + + if (count($view->query->tables) > 2 && $account->hasPermission('administer views')) { drupal_set_message(t('The view %view may be heavy to execute.', array('%view' => $view->name)), 'warning'); } } diff --git a/core/modules/views/views.module b/core/modules/views/views.module index 886a599410d..f92f39e1ee0 100644 --- a/core/modules/views/views.module +++ b/core/modules/views/views.module @@ -338,7 +338,7 @@ function views_page_alter(&$page) { */ function views_preprocess_page(&$variables) { // Early-return to prevent adding unnecessary JavaScript. - if (!user_access('access contextual links')) { + if (!\Drupal::currentUser()->hasPermission('access contextual links')) { return; }