From 354ff8f7d327ec69e3127589011afb71bced3d4f Mon Sep 17 00:00:00 2001 From: webchick Date: Fri, 24 Jan 2014 21:52:17 -0800 Subject: [PATCH] Issue #2062039 by InternetDevels, Xano, h3rj4n: Replace user_access() calls with ->hasPermission() in user module. --- .../lib/Drupal/user/AccountFormController.php | 11 +++++---- .../MaintenanceModeSubscriber.php | 7 +++--- .../selection/UserSelection.php | 6 ++--- .../Drupal/user/RegisterFormController.php | 6 ++--- .../Drupal/user/Tests/UserPermissionsTest.php | 24 +++++++++---------- .../lib/Drupal/user/UserAccessController.php | 8 +++---- core/modules/user/user.api.php | 5 ++-- core/modules/user/user.module | 6 ++--- 8 files changed, 37 insertions(+), 36 deletions(-) diff --git a/core/modules/user/lib/Drupal/user/AccountFormController.php b/core/modules/user/lib/Drupal/user/AccountFormController.php index c1c3735b2a9..c40c695f930 100644 --- a/core/modules/user/lib/Drupal/user/AccountFormController.php +++ b/core/modules/user/lib/Drupal/user/AccountFormController.php @@ -55,13 +55,14 @@ abstract class AccountFormController extends ContentEntityFormController { * {@inheritdoc} */ public function form(array $form, array &$form_state) { + /** @var \Drupal\user\UserInterface $account */ $account = $this->entity; $user = $this->currentUser(); $config = \Drupal::config('user.settings'); $language_interface = language(Language::TYPE_INTERFACE); $register = $account->isAnonymous(); - $admin = user_access('administer users'); + $admin = $user->hasPermission('administer users'); // Account information. $form['account'] = array( @@ -79,7 +80,7 @@ abstract class AccountFormController extends ContentEntityFormController { '#attributes' => array('class' => array('username'), 'autocorrect' => 'off', 'autocomplete' => 'off', 'autocapitalize' => 'off', 'spellcheck' => 'false'), '#default_value' => (!$register ? $account->getUsername() : ''), - '#access' => ($register || ($user->id() == $account->id() && user_access('change own username')) || $admin), + '#access' => ($register || ($user->id() == $account->id() && $user->hasPermission('change own username')) || $admin), '#weight' => -10, ); @@ -90,7 +91,7 @@ abstract class AccountFormController extends ContentEntityFormController { '#type' => 'email', '#title' => $this->t('E-mail address'), '#description' => $this->t('A valid e-mail address. All e-mails from the system will be sent to this address. The e-mail address is not made public and will only be used if you wish to receive a new password or wish to receive certain news or notifications by e-mail.'), - '#required' => !(!$account->getEmail() && user_access('administer users')), + '#required' => !(!$account->getEmail() && $user->hasPermission('administer users')), '#default_value' => (!$register ? $account->getEmail() : ''), '#attributes' => array('autocomplete' => 'off'), ); @@ -187,7 +188,7 @@ abstract class AccountFormController extends ContentEntityFormController { '#title' => $this->t('Roles'), '#default_value' => (!$register ? $account->getRoles() : array()), '#options' => $roles, - '#access' => $roles && user_access('administer permissions'), + '#access' => $roles && $user->hasPermission('administer permissions'), DRUPAL_AUTHENTICATED_RID => $checkbox_authenticated, ); @@ -228,7 +229,7 @@ abstract class AccountFormController extends ContentEntityFormController { '#title' => $this->t('Language settings'), // Display language selector when either creating a user on the admin // interface or editing a user account. - '#access' => !$register || user_access('administer users'), + '#access' => !$register || $user->hasPermission('administer users'), ); $form['language']['preferred_langcode'] = array( diff --git a/core/modules/user/lib/Drupal/user/EventSubscriber/MaintenanceModeSubscriber.php b/core/modules/user/lib/Drupal/user/EventSubscriber/MaintenanceModeSubscriber.php index 3c230867113..0a42c917be0 100644 --- a/core/modules/user/lib/Drupal/user/EventSubscriber/MaintenanceModeSubscriber.php +++ b/core/modules/user/lib/Drupal/user/EventSubscriber/MaintenanceModeSubscriber.php @@ -24,12 +24,13 @@ class MaintenanceModeSubscriber implements EventSubscriberInterface { * The event to process. */ public function onKernelRequestMaintenance(GetResponseEvent $event) { + $user = \Drupal::currentUser(); $request = $event->getRequest(); $site_status = $request->attributes->get('_maintenance'); $path = $request->attributes->get('_system_path'); if ($site_status == MENU_SITE_OFFLINE) { // If the site is offline, log out unprivileged users. - if ($GLOBALS['user']->isAuthenticated() && !user_access('access site in maintenance mode')) { + if ($user->isAuthenticated() && !$user->hasPermission('access site in maintenance mode')) { user_logout(); // Redirect to homepage. $event->setResponse(new RedirectResponse(url('', array('absolute' => TRUE)))); @@ -56,7 +57,7 @@ class MaintenanceModeSubscriber implements EventSubscriberInterface { } } } - if ($GLOBALS['user']->isAuthenticated()) { + if ($user->isAuthenticated()) { if ($path == 'user/login') { // If user is logged in, redirect to 'user' instead of giving 403. $event->setResponse(new RedirectResponse(url('user', array('absolute' => TRUE)))); @@ -64,7 +65,7 @@ class MaintenanceModeSubscriber implements EventSubscriberInterface { } if ($path == 'user/register') { // Authenticated user should be redirected to user edit page. - $event->setResponse(new RedirectResponse(url('user/' . $GLOBALS['user']->id() . '/edit', array('absolute' => TRUE)))); + $event->setResponse(new RedirectResponse(url('user/' . $user->id() . '/edit', array('absolute' => TRUE)))); return; } } diff --git a/core/modules/user/lib/Drupal/user/Plugin/entity_reference/selection/UserSelection.php b/core/modules/user/lib/Drupal/user/Plugin/entity_reference/selection/UserSelection.php index f14bc4e72fc..dc7475f3fdc 100644 --- a/core/modules/user/lib/Drupal/user/Plugin/entity_reference/selection/UserSelection.php +++ b/core/modules/user/lib/Drupal/user/Plugin/entity_reference/selection/UserSelection.php @@ -88,9 +88,9 @@ class UserSelection extends SelectionBase { $query->condition('name', $match, $match_operator); } - // Adding the 'user_access' tag is sadly insufficient for users: core + // Adding the permission check is sadly insufficient for users: core // requires us to also know about the concept of 'blocked' and 'active'. - if (!user_access('administer users')) { + if (!\Drupal::currentUser()->hasPermission('administer users')) { $query->condition('status', 1); } return $query; @@ -100,7 +100,7 @@ class UserSelection extends SelectionBase { * {@inheritdoc} */ public function entityQueryAlter(SelectInterface $query) { - if (user_access('administer users')) { + if (\Drupal::currentUser()->hasPermission('administer users')) { // In addition, if the user is administrator, we need to make sure to // match the anonymous user, that doesn't actually have a name in the // database. diff --git a/core/modules/user/lib/Drupal/user/RegisterFormController.php b/core/modules/user/lib/Drupal/user/RegisterFormController.php index 38612a27b6b..9062eb456ee 100644 --- a/core/modules/user/lib/Drupal/user/RegisterFormController.php +++ b/core/modules/user/lib/Drupal/user/RegisterFormController.php @@ -18,11 +18,9 @@ class RegisterFormController extends AccountFormController { * Overrides Drupal\Core\Entity\EntityFormController::form(). */ public function form(array $form, array &$form_state) { - global $user; + $user = $this->currentUser(); $account = $this->entity; - - $admin = user_access('administer users'); - + $admin = $user->hasPermission('administer users'); // Pass access information to the submit handler. Running an access check // inside the submit function interferes with form processing and breaks // hook_form_alter(). diff --git a/core/modules/user/lib/Drupal/user/Tests/UserPermissionsTest.php b/core/modules/user/lib/Drupal/user/Tests/UserPermissionsTest.php index 06d49944610..fac4a544819 100644 --- a/core/modules/user/lib/Drupal/user/Tests/UserPermissionsTest.php +++ b/core/modules/user/lib/Drupal/user/Tests/UserPermissionsTest.php @@ -34,7 +34,7 @@ class UserPermissionsTest extends WebTestBase { } /** - * Change user permissions and check user_access(). + * Test changing user permissions through the permissions page. */ function testUserPermissionChanges() { $permissions_hash_generator = $this->container->get('user.permissions_hash'); @@ -46,27 +46,27 @@ class UserPermissionsTest extends WebTestBase { $this->assertIdentical($previous_permissions_hash, $permissions_hash_generator->generate($this->loggedInUser)); // Add a permission. - $this->assertFalse(user_access('administer nodes', $account), 'User does not have "administer nodes" permission.'); + $this->assertFalse($account->hasPermission('administer nodes'), 'User does not have "administer nodes" permission.'); $edit = array(); $edit[$rid . '[administer nodes]'] = TRUE; $this->drupalPostForm('admin/people/permissions', $edit, t('Save permissions')); $this->assertText(t('The changes have been saved.'), 'Successful save message displayed.'); $storage_controller = $this->container->get('entity.manager')->getStorageController('user_role'); $storage_controller->resetCache(); - $this->assertTrue(user_access('administer nodes', $account), 'User now has "administer nodes" permission.'); + $this->assertTrue($account->hasPermission('administer nodes'), 'User now has "administer nodes" permission.'); $current_permissions_hash = $permissions_hash_generator->generate($account); $this->assertIdentical($current_permissions_hash, $permissions_hash_generator->generate($this->loggedInUser)); $this->assertNotEqual($previous_permissions_hash, $current_permissions_hash, 'Permissions hash has changed.'); $previous_permissions_hash = $current_permissions_hash; // Remove a permission. - $this->assertTrue(user_access('access user profiles', $account), 'User has "access user profiles" permission.'); + $this->assertTrue($account->hasPermission('access user profiles'), 'User has "access user profiles" permission.'); $edit = array(); $edit[$rid . '[access user profiles]'] = FALSE; $this->drupalPostForm('admin/people/permissions', $edit, t('Save permissions')); $this->assertText(t('The changes have been saved.'), 'Successful save message displayed.'); $storage_controller->resetCache(); - $this->assertFalse(user_access('access user profiles', $account), 'User no longer has "access user profiles" permission.'); + $this->assertFalse($account->hasPermission('access user profiles'), 'User no longer has "access user profiles" permission.'); $current_permissions_hash = $permissions_hash_generator->generate($account); $this->assertIdentical($current_permissions_hash, $permissions_hash_generator->generate($this->loggedInUser)); $this->assertNotEqual($previous_permissions_hash, $current_permissions_hash, 'Permissions hash has changed.'); @@ -91,7 +91,7 @@ class UserPermissionsTest extends WebTestBase { // Aggregator depends on file module, enable that as well. $edit['modules[Field types][file][enable]'] = TRUE; $this->drupalPostForm('admin/modules', $edit, t('Save configuration')); - $this->assertTrue(user_access('administer news feeds', $this->admin_user), 'The permission was automatically assigned to the administrator role'); + $this->assertTrue($this->admin_user->hasPermission('administer news feeds'), 'The permission was automatically assigned to the administrator role'); } /** @@ -105,9 +105,9 @@ class UserPermissionsTest extends WebTestBase { $previous_permissions_hash = $permissions_hash_generator->generate($account); // Verify current permissions. - $this->assertFalse(user_access('administer nodes', $account), 'User does not have "administer nodes" permission.'); - $this->assertTrue(user_access('access user profiles', $account), 'User has "access user profiles" permission.'); - $this->assertTrue(user_access('administer site configuration', $account), 'User has "administer site configuration" permission.'); + $this->assertFalse($account->hasPermission('administer nodes'), 'User does not have "administer nodes" permission.'); + $this->assertTrue($account->hasPermission('access user profiles'), 'User has "access user profiles" permission.'); + $this->assertTrue($account->hasPermission('administer site configuration'), 'User has "administer site configuration" permission.'); // Change permissions. $permissions = array( @@ -117,9 +117,9 @@ class UserPermissionsTest extends WebTestBase { user_role_change_permissions($rid, $permissions); // Verify proper permission changes. - $this->assertTrue(user_access('administer nodes', $account), 'User now has "administer nodes" permission.'); - $this->assertFalse(user_access('access user profiles', $account), 'User no longer has "access user profiles" permission.'); - $this->assertTrue(user_access('administer site configuration', $account), 'User still has "administer site configuration" permission.'); + $this->assertTrue($account->hasPermission('administer nodes'), 'User now has "administer nodes" permission.'); + $this->assertFalse($account->hasPermission('access user profiles'), 'User no longer has "access user profiles" permission.'); + $this->assertTrue($account->hasPermission('administer site configuration'), 'User still has "administer site configuration" permission.'); // Verify the permissions hash has changed. $current_permissions_hash = $permissions_hash_generator->generate($account); diff --git a/core/modules/user/lib/Drupal/user/UserAccessController.php b/core/modules/user/lib/Drupal/user/UserAccessController.php index 618dfe3ca2a..9aed19e946e 100644 --- a/core/modules/user/lib/Drupal/user/UserAccessController.php +++ b/core/modules/user/lib/Drupal/user/UserAccessController.php @@ -28,14 +28,14 @@ class UserAccessController extends EntityAccessController { case 'update': // Users can always edit their own account. Users with the 'administer // users' permission can edit any account except the anonymous account. - return (($account->id() == $entity->id()) || user_access('administer users', $account)) && $entity->id() > 0; + return (($account->id() == $entity->id()) || $account->hasPermission('administer users')) && $entity->id() > 0; break; case 'delete': // Users with 'cancel account' permission can cancel their own account, // users with 'administer users' permission can cancel any account // except the anonymous account. - return ((($account->id() == $entity->id()) && user_access('cancel account', $account)) || user_access('administer users', $account)) && $entity->id() > 0; + return ((($account->id() == $entity->id()) && $account->hasPermission('cancel account')) || $account->hasPermission('administer users')) && $entity->id() > 0; break; } } @@ -49,10 +49,10 @@ class UserAccessController extends EntityAccessController { // Never allow access to view the anonymous user account. if ($entity->id()) { // Admins can view all, users can view own profiles at all times. - if ($account->id() == $entity->id() || user_access('administer users', $account)) { + if ($account->id() == $entity->id() || $account->hasPermission('administer users')) { return TRUE; } - elseif (user_access('access user profiles', $account)) { + elseif ($account->hasPermission('access user profiles')) { // Only allow view access if the account is active. return $entity->status->value; } diff --git a/core/modules/user/user.api.php b/core/modules/user/user.api.php index 2d2fbd9a474..cc18e927265 100644 --- a/core/modules/user/user.api.php +++ b/core/modules/user/user.api.php @@ -167,8 +167,9 @@ function hook_user_cancel($edit, $account, $method) { * @see user_cancel_confirm_form() */ function hook_user_cancel_methods_alter(&$methods) { + $account = \Drupal::currentUser(); // Limit access to disable account and unpublish content method. - $methods['user_cancel_block_unpublish']['access'] = user_access('administer site configuration'); + $methods['user_cancel_block_unpublish']['access'] = $account->hasPermission('administer site configuration'); // Remove the content re-assigning method. unset($methods['user_cancel_reassign']); @@ -178,7 +179,7 @@ function hook_user_cancel_methods_alter(&$methods) { 'title' => t('Delete the account and remove all content.'), 'description' => t('All your content will be replaced by empty strings.'), // access should be used for administrative methods only. - 'access' => user_access('access zero-out account cancellation method'), + 'access' => $account->hasPermission('access zero-out account cancellation method'), ); } diff --git a/core/modules/user/user.module b/core/modules/user/user.module index 88862d510a2..8cb2810b34b 100644 --- a/core/modules/user/user.module +++ b/core/modules/user/user.module @@ -575,7 +575,7 @@ function user_format_name(AccountInterface $account) { * @see user_user_logout() */ function user_template_preprocess_default_variables_alter(&$variables) { - global $user; + $user = \Drupal::currentUser(); // If this function is called from the installer after Drupal has been // installed then $user will not be set. @@ -587,7 +587,7 @@ function user_template_preprocess_default_variables_alter(&$variables) { // Remove password and session IDs, $form_state, since themes should not need nor see them. unset($variables['user']->pass, $variables['user']->sid, $variables['user']->ssid); - $variables['is_admin'] = user_access('access administration pages'); + $variables['is_admin'] = $user->hasPermission('access administration pages'); $variables['logged_in'] = $user->isAuthenticated(); } @@ -619,7 +619,7 @@ function template_preprocess_username(&$variables) { $name = drupal_substr($name, 0, 15) . '...'; } $variables['name'] = check_plain($name); - $variables['profile_access'] = user_access('access user profiles'); + $variables['profile_access'] = \Drupal::currentUser()->hasPermission('access user profiles'); // Populate link path and attributes if appropriate. if ($variables['uid'] && $variables['profile_access']) {