Drupal
/
drupal
mirror of https://git.drupalcode.org/project/drupal.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Issue #2062039 by InternetDevels, Xano, h3rj4n: Replace user_access() calls with ->hasPermission() in user module.

8.0.x
webchick 2014-01-24 21:52:17 -08:00
parent 6740e95373
commit 354ff8f7d3
8 changed files with 37 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
core/modules/user/lib/Drupal/user/AccountFormController.php
View File

@ -55,13 +55,14 @@ abstract class AccountFormController extends ContentEntityFormController {
* {@inheritdoc}
*/
public function form(array $form, array &$form_state) {
/** @var \Drupal\user\UserInterface $account */
$account = $this->entity;
$user = $this->currentUser();
$config = \Drupal::config('user.settings');
$language_interface = language(Language::TYPE_INTERFACE);
$register = $account->isAnonymous();
$admin = user_access('administer users');
$admin = $user->hasPermission('administer users');
// Account information.
$form['account'] = array(
@ -79,7 +80,7 @@ abstract class AccountFormController extends ContentEntityFormController {
'#attributes' => array('class' => array('username'), 'autocorrect' => 'off', 'autocomplete' => 'off', 'autocapitalize' => 'off',
'spellcheck' => 'false'),
'#default_value' => (!$register ? $account->getUsername() : ''),
'#access' => ($register || ($user->id() == $account->id() && user_access('change own username')) || $admin),
'#access' => ($register || ($user->id() == $account->id() && $user->hasPermission('change own username')) || $admin),
'#weight' => -10,
);
@ -90,7 +91,7 @@ abstract class AccountFormController extends ContentEntityFormController {
'#type' => 'email',
'#title' => $this->t('E-mail address'),
'#description' => $this->t('A valid e-mail address. All e-mails from the system will be sent to this address. The e-mail address is not made public and will only be used if you wish to receive a new password or wish to receive certain news or notifications by e-mail.'),
'#required' => !(!$account->getEmail() && user_access('administer users')),
'#required' => !(!$account->getEmail() && $user->hasPermission('administer users')),
'#default_value' => (!$register ? $account->getEmail() : ''),
'#attributes' => array('autocomplete' => 'off'),
);
@ -187,7 +188,7 @@ abstract class AccountFormController extends ContentEntityFormController {
'#title' => $this->t('Roles'),
'#default_value' => (!$register ? $account->getRoles() : array()),
'#options' => $roles,
'#access' => $roles && user_access('administer permissions'),
'#access' => $roles && $user->hasPermission('administer permissions'),
DRUPAL_AUTHENTICATED_RID => $checkbox_authenticated,
);
@ -228,7 +229,7 @@ abstract class AccountFormController extends ContentEntityFormController {
'#title' => $this->t('Language settings'),
// Display language selector when either creating a user on the admin
// interface or editing a user account.
'#access' => !$register || user_access('administer users'),
'#access' => !$register || $user->hasPermission('administer users'),
);
$form['language']['preferred_langcode'] = array(

7
core/modules/user/lib/Drupal/user/EventSubscriber/MaintenanceModeSubscriber.php
View File

@ -24,12 +24,13 @@ class MaintenanceModeSubscriber implements EventSubscriberInterface {
* The event to process.
*/
public function onKernelRequestMaintenance(GetResponseEvent $event) {
$user = \Drupal::currentUser();
$request = $event->getRequest();
$site_status = $request->attributes->get('_maintenance');
$path = $request->attributes->get('_system_path');
if ($site_status == MENU_SITE_OFFLINE) {
// If the site is offline, log out unprivileged users.
if ($GLOBALS['user']->isAuthenticated() && !user_access('access site in maintenance mode')) {
if ($user->isAuthenticated() && !$user->hasPermission('access site in maintenance mode')) {
user_logout();
// Redirect to homepage.
$event->setResponse(new RedirectResponse(url('<front>', array('absolute' => TRUE))));
@ -56,7 +57,7 @@ class MaintenanceModeSubscriber implements EventSubscriberInterface {
}
}
}
if ($GLOBALS['user']->isAuthenticated()) {
if ($user->isAuthenticated()) {
if ($path == 'user/login') {
// If user is logged in, redirect to 'user' instead of giving 403.
$event->setResponse(new RedirectResponse(url('user', array('absolute' => TRUE))));
@ -64,7 +65,7 @@ class MaintenanceModeSubscriber implements EventSubscriberInterface {
}
if ($path == 'user/register') {
// Authenticated user should be redirected to user edit page.
$event->setResponse(new RedirectResponse(url('user/' . $GLOBALS['user']->id() . '/edit', array('absolute' => TRUE))));
$event->setResponse(new RedirectResponse(url('user/' . $user->id() . '/edit', array('absolute' => TRUE))));
return;
}
}

6
core/modules/user/lib/Drupal/user/Plugin/entity_reference/selection/UserSelection.php
View File

@ -88,9 +88,9 @@ class UserSelection extends SelectionBase {
$query->condition('name', $match, $match_operator);
}
// Adding the 'user_access' tag is sadly insufficient for users: core
// Adding the permission check is sadly insufficient for users: core
// requires us to also know about the concept of 'blocked' and 'active'.
if (!user_access('administer users')) {
if (!\Drupal::currentUser()->hasPermission('administer users')) {
$query->condition('status', 1);
}
return $query;
@ -100,7 +100,7 @@ class UserSelection extends SelectionBase {
* {@inheritdoc}
*/
public function entityQueryAlter(SelectInterface $query) {
if (user_access('administer users')) {
if (\Drupal::currentUser()->hasPermission('administer users')) {
// In addition, if the user is administrator, we need to make sure to
// match the anonymous user, that doesn't actually have a name in the
// database.

6
core/modules/user/lib/Drupal/user/RegisterFormController.php
View File

@ -18,11 +18,9 @@ class RegisterFormController extends AccountFormController {
* Overrides Drupal\Core\Entity\EntityFormController::form().
*/
public function form(array $form, array &$form_state) {
global $user;
$user = $this->currentUser();
$account = $this->entity;
$admin = user_access('administer users');
$admin = $user->hasPermission('administer users');
// Pass access information to the submit handler. Running an access check
// inside the submit function interferes with form processing and breaks
// hook_form_alter().

24
core/modules/user/lib/Drupal/user/Tests/UserPermissionsTest.php
View File

@ -34,7 +34,7 @@ class UserPermissionsTest extends WebTestBase {
}
/**
* Change user permissions and check user_access().
* Test changing user permissions through the permissions page.
*/
function testUserPermissionChanges() {
$permissions_hash_generator = $this->container->get('user.permissions_hash');
@ -46,27 +46,27 @@ class UserPermissionsTest extends WebTestBase {
$this->assertIdentical($previous_permissions_hash, $permissions_hash_generator->generate($this->loggedInUser));
// Add a permission.
$this->assertFalse(user_access('administer nodes', $account), 'User does not have "administer nodes" permission.');
$this->assertFalse($account->hasPermission('administer nodes'), 'User does not have "administer nodes" permission.');
$edit = array();
$edit[$rid . '[administer nodes]'] = TRUE;
$this->drupalPostForm('admin/people/permissions', $edit, t('Save permissions'));
$this->assertText(t('The changes have been saved.'), 'Successful save message displayed.');
$storage_controller = $this->container->get('entity.manager')->getStorageController('user_role');
$storage_controller->resetCache();
$this->assertTrue(user_access('administer nodes', $account), 'User now has "administer nodes" permission.');
$this->assertTrue($account->hasPermission('administer nodes'), 'User now has "administer nodes" permission.');
$current_permissions_hash = $permissions_hash_generator->generate($account);
$this->assertIdentical($current_permissions_hash, $permissions_hash_generator->generate($this->loggedInUser));
$this->assertNotEqual($previous_permissions_hash, $current_permissions_hash, 'Permissions hash has changed.');
$previous_permissions_hash = $current_permissions_hash;
// Remove a permission.
$this->assertTrue(user_access('access user profiles', $account), 'User has "access user profiles" permission.');
$this->assertTrue($account->hasPermission('access user profiles'), 'User has "access user profiles" permission.');
$edit = array();
$edit[$rid . '[access user profiles]'] = FALSE;
$this->drupalPostForm('admin/people/permissions', $edit, t('Save permissions'));
$this->assertText(t('The changes have been saved.'), 'Successful save message displayed.');
$storage_controller->resetCache();
$this->assertFalse(user_access('access user profiles', $account), 'User no longer has "access user profiles" permission.');
$this->assertFalse($account->hasPermission('access user profiles'), 'User no longer has "access user profiles" permission.');
$current_permissions_hash = $permissions_hash_generator->generate($account);
$this->assertIdentical($current_permissions_hash, $permissions_hash_generator->generate($this->loggedInUser));
$this->assertNotEqual($previous_permissions_hash, $current_permissions_hash, 'Permissions hash has changed.');
@ -91,7 +91,7 @@ class UserPermissionsTest extends WebTestBase {
// Aggregator depends on file module, enable that as well.
$edit['modules[Field types][file][enable]'] = TRUE;
$this->drupalPostForm('admin/modules', $edit, t('Save configuration'));
$this->assertTrue(user_access('administer news feeds', $this->admin_user), 'The permission was automatically assigned to the administrator role');
$this->assertTrue($this->admin_user->hasPermission('administer news feeds'), 'The permission was automatically assigned to the administrator role');
}
/**
@ -105,9 +105,9 @@ class UserPermissionsTest extends WebTestBase {
$previous_permissions_hash = $permissions_hash_generator->generate($account);
// Verify current permissions.
$this->assertFalse(user_access('administer nodes', $account), 'User does not have "administer nodes" permission.');
$this->assertTrue(user_access('access user profiles', $account), 'User has "access user profiles" permission.');
$this->assertTrue(user_access('administer site configuration', $account), 'User has "administer site configuration" permission.');
$this->assertFalse($account->hasPermission('administer nodes'), 'User does not have "administer nodes" permission.');
$this->assertTrue($account->hasPermission('access user profiles'), 'User has "access user profiles" permission.');
$this->assertTrue($account->hasPermission('administer site configuration'), 'User has "administer site configuration" permission.');
// Change permissions.
$permissions = array(
@ -117,9 +117,9 @@ class UserPermissionsTest extends WebTestBase {
user_role_change_permissions($rid, $permissions);
// Verify proper permission changes.
$this->assertTrue(user_access('administer nodes', $account), 'User now has "administer nodes" permission.');
$this->assertFalse(user_access('access user profiles', $account), 'User no longer has "access user profiles" permission.');
$this->assertTrue(user_access('administer site configuration', $account), 'User still has "administer site configuration" permission.');
$this->assertTrue($account->hasPermission('administer nodes'), 'User now has "administer nodes" permission.');
$this->assertFalse($account->hasPermission('access user profiles'), 'User no longer has "access user profiles" permission.');
$this->assertTrue($account->hasPermission('administer site configuration'), 'User still has "administer site configuration" permission.');
// Verify the permissions hash has changed.
$current_permissions_hash = $permissions_hash_generator->generate($account);

8
core/modules/user/lib/Drupal/user/UserAccessController.php
View File

@ -28,14 +28,14 @@ class UserAccessController extends EntityAccessController {
case 'update':
// Users can always edit their own account. Users with the 'administer
// users' permission can edit any account except the anonymous account.
return (($account->id() == $entity->id()) || user_access('administer users', $account)) && $entity->id() > 0;
return (($account->id() == $entity->id()) || $account->hasPermission('administer users')) && $entity->id() > 0;
break;
case 'delete':
// Users with 'cancel account' permission can cancel their own account,
// users with 'administer users' permission can cancel any account
// except the anonymous account.
return ((($account->id() == $entity->id()) && user_access('cancel account', $account)) || user_access('administer users', $account)) && $entity->id() > 0;
return ((($account->id() == $entity->id()) && $account->hasPermission('cancel account')) || $account->hasPermission('administer users')) && $entity->id() > 0;
break;
}
}
@ -49,10 +49,10 @@ class UserAccessController extends EntityAccessController {
// Never allow access to view the anonymous user account.
if ($entity->id()) {
// Admins can view all, users can view own profiles at all times.
if ($account->id() == $entity->id() || user_access('administer users', $account)) {
if ($account->id() == $entity->id() || $account->hasPermission('administer users')) {
return TRUE;
}
elseif (user_access('access user profiles', $account)) {
elseif ($account->hasPermission('access user profiles')) {
// Only allow view access if the account is active.
return $entity->status->value;
}

5
core/modules/user/user.api.php
View File

@ -167,8 +167,9 @@ function hook_user_cancel($edit, $account, $method) {
* @see user_cancel_confirm_form()
*/
function hook_user_cancel_methods_alter(&$methods) {
$account = \Drupal::currentUser();
// Limit access to disable account and unpublish content method.
$methods['user_cancel_block_unpublish']['access'] = user_access('administer site configuration');
$methods['user_cancel_block_unpublish']['access'] = $account->hasPermission('administer site configuration');
// Remove the content re-assigning method.
unset($methods['user_cancel_reassign']);
@ -178,7 +179,7 @@ function hook_user_cancel_methods_alter(&$methods) {
'title' => t('Delete the account and remove all content.'),
'description' => t('All your content will be replaced by empty strings.'),
// access should be used for administrative methods only.
'access' => user_access('access zero-out account cancellation method'),
'access' => $account->hasPermission('access zero-out account cancellation method'),
);
}

6
core/modules/user/user.module
View File

@ -575,7 +575,7 @@ function user_format_name(AccountInterface $account) {
* @see user_user_logout()
*/
function user_template_preprocess_default_variables_alter(&$variables) {
global $user;
$user = \Drupal::currentUser();
// If this function is called from the installer after Drupal has been
// installed then $user will not be set.
@ -587,7 +587,7 @@ function user_template_preprocess_default_variables_alter(&$variables) {
// Remove password and session IDs, $form_state, since themes should not need nor see them.
unset($variables['user']->pass, $variables['user']->sid, $variables['user']->ssid);
$variables['is_admin'] = user_access('access administration pages');
$variables['is_admin'] = $user->hasPermission('access administration pages');
$variables['logged_in'] = $user->isAuthenticated();
}
@ -619,7 +619,7 @@ function template_preprocess_username(&$variables) {
$name = drupal_substr($name, 0, 15) . '...';
}
$variables['name'] = check_plain($name);
$variables['profile_access'] = user_access('access user profiles');
$variables['profile_access'] = \Drupal::currentUser()->hasPermission('access user profiles');
// Populate link path and attributes if appropriate.
if ($variables['uid'] && $variables['profile_access']) {