Issue #2095125 by Xano: Use access constants in every access control context.

2013-10-16 13:10:57 +01:00 · 2013-10-16 13:10:57 +01:00 · 5085cb35c7
parent 5ba91c7155
commit 5085cb35c7
14 changed files with 78 additions and 71 deletions
--- a/core/lib/Drupal/Core/Access/AccessInterface.php
+++ b/core/lib/Drupal/Core/Access/AccessInterface.php
@ -11,23 +11,21 @@ use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\Routing\Route;

 /**
- * An access check service determines access rules for particular routes.
+ * Provides access check results.
 */
 interface AccessInterface {

  /**
   * Grant access.
   *
-   * A checker should return this value to indicate that it grants access to a
-   * route.
+   * A checker should return this value to indicate that it grants access.
   */
  const ALLOW = TRUE;

  /**
   * Deny access.
   *
-   * A checker should return this value to indicate it does not grant access to
-   * a route.
+   * A checker should return this value to indicate it does not grant access.
   */
  const DENY = NULL;

@ -35,24 +33,9 @@ interface AccessInterface {
   * Block access.
   *
   * A checker should return this value to indicate that it wants to completely
-   * block access to this route, regardless of any other access checkers. Most
-   * checkers should prefer DENY.
+   * block access, regardless of any other access checkers. Most checkers
+   * should prefer DENY.
   */
  const KILL = FALSE;

-  /**
-   * Checks for access to a route.
-   *
-   * @param \Symfony\Component\Routing\Route $route
-   *   The route to check against.
-   * @param \Symfony\Component\HttpFoundation\Request $request
-   *   The request object.
-   *
-   * @return mixed
-   *   TRUE if access is allowed.
-   *   FALSE if not.
-   *   NULL if no opinion.
-   */
-  public function access(Route $route, Request $request);
-
 }
--- a/core/lib/Drupal/Core/Access/AccessibleInterface.php
+++ b/core/lib/Drupal/Core/Access/AccessibleInterface.php
@ -0,0 +1,31 @@
+<?php
+
+/**
+ * @file
+ * Contains \Drupal\Core\Access\AccessibleInterface.
+ */
+
+namespace Drupal\Core\Access;
+
+use Drupal\Core\Session\AccountInterface;
+
+/**
+ * Interface for checking access.
+ */
+interface AccessibleInterface extends AccessInterface {
+
+  /**
+   * Checks data value access.
+   *
+   * @param string $operation
+   *   The operation to be performed.
+   * @param \Drupal\Core\Session\AccountInterface $account
+   *   (optional) The user for which to check access, or NULL to check access
+   *   for the current user. Defaults to NULL.
+   *
+   * @return bool|null
+   *   self::ALLOW, self::DENY, or self::KILL.
+   */
+  public function access($operation, AccountInterface $account = NULL);
+
+}
--- a/core/lib/Drupal/Core/Entity/EntityInterface.php
+++ b/core/lib/Drupal/Core/Entity/EntityInterface.php
@ -7,7 +7,7 @@

 namespace Drupal\Core\Entity;

-use Drupal\Core\TypedData\AccessibleInterface;
+use Drupal\Core\Access\AccessibleInterface;

 /**
 * Defines a common interface for all entity objects.
--- a/core/lib/Drupal/Core/Entity/Field/FieldItemListInterface.php
+++ b/core/lib/Drupal/Core/Entity/Field/FieldItemListInterface.php
@ -8,7 +8,7 @@
 namespace Drupal\Core\Entity\Field;

 use Drupal\Core\Session\AccountInterface;
-use Drupal\Core\TypedData\AccessibleInterface;
+use Drupal\Core\Access\AccessibleInterface;
 use Drupal\Core\TypedData\ListInterface;

 /**
--- a/core/lib/Drupal/Core/Routing/Access/AccessInterface.php
+++ b/core/lib/Drupal/Core/Routing/Access/AccessInterface.php
@ -0,0 +1,32 @@
+<?php
+
+/**
+ * @file
+ * Contains \Drupal\Core\Routing\Access\AccessInterface.
+ */
+
+namespace Drupal\Core\Routing\Access;
+
+use Drupal\Core\Access\AccessInterface as GenericAccessInterface;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\Routing\Route;
+
+/**
+ * An access check service determines access rules for particular routes.
+ */
+interface AccessInterface extends GenericAccessInterface {
+
+  /**
+   * Checks for access to a route.
+   *
+   * @param \Symfony\Component\Routing\Route $route
+   *   The route to check against.
+   * @param \Symfony\Component\HttpFoundation\Request $request
+   *   The request object.
+   *
+   * @return bool|null
+   *   self::ALLOW, self::DENY, or self::KILL.
+   */
+  public function access(Route $route, Request $request);
+
+}
--- a/core/lib/Drupal/Core/TypedData/AccessibleInterface.php
+++ b/core/lib/Drupal/Core/TypedData/AccessibleInterface.php
@ -1,39 +0,0 @@
-<?php
-
-/**
- * @file
- * Contains \Drupal\Core\TypedData\AccessibleInterface.
- */
-
-namespace Drupal\Core\TypedData;
-
-use Drupal\Core\Session\AccountInterface;
-
-/**
- * Interface for checking access.
- */
-interface AccessibleInterface {
-
-  /**
-   * Checks data value access.
-   *
-   * @param string $operation
-   *   (optional) The operation to be performed. Supported values are:
-   *   - view
-   *   - create
-   *   - update
-   *   - delete
-   *   Defaults to 'view'.
-   * @param \Drupal\Core\Session\AccountInterface $account
-   *   (optional) The user for which to check access, or NULL to check access
-   *   for the current user. Defaults to NULL.
-   *
-   * @return bool
-   *   TRUE if the given user has access for the given operation, FALSE
-   *   otherwise.
-   *
-   * @todo Don't depend on module level code.
-   */
-  public function access($operation = 'view', AccountInterface $account = NULL);
-
-}
--- a/core/lib/Drupal/Core/TypedData/Annotation/DataType.php
+++ b/core/lib/Drupal/Core/TypedData/Annotation/DataType.php
@ -20,7 +20,7 @@ use Drupal\Component\Annotation\Plugin;
 * or more data properties. Typed data objects for complex data types have to
 * implement the \Drupal\Core\TypedData\ComplexDataInterface. Further interface
 * that may be implemented are:
- *  - \Drupal\Core\TypedData\AccessibleInterface
+ *  - \Drupal\Core\Access\AccessibleInterface
 *  - \Drupal\Core\TypedData\TranslatableInterface
 *
 * Furthermore, lists of data items are represented by objects implementing the
--- a/core/modules/node/lib/Drupal/node/Plugin/Search/NodeSearch.php
+++ b/core/modules/node/lib/Drupal/node/Plugin/Search/NodeSearch.php
@ -18,7 +18,7 @@ use Drupal\Core\KeyValueStore\KeyValueStoreInterface;
 use Drupal\Core\Language\Language;
 use Drupal\Core\Plugin\PluginFormInterface;
 use Drupal\Core\Session\AccountInterface;
-use Drupal\Core\TypedData\AccessibleInterface;
+use Drupal\Core\Access\AccessibleInterface;
 use Drupal\Core\Database\Query\Condition;
 use Drupal\search\Annotation\SearchPlugin;
 use Drupal\search\Plugin\SearchPluginBase;
--- a/core/modules/search/lib/Drupal/search/SearchPluginManager.php
+++ b/core/modules/search/lib/Drupal/search/SearchPluginManager.php
@ -114,7 +114,7 @@ class SearchPluginManager extends DefaultPluginManager {
      return FALSE;
    }
    // Plugins that implement AccessibleInterface can deny access.
-    if (is_subclass_of($definition['class'], '\Drupal\Core\TypedData\AccessibleInterface')) {
+    if (is_subclass_of($definition['class'], '\Drupal\Core\Access\AccessibleInterface')) {
      return $this->createInstance($plugin_id)->access('view', $account);
    }
    return TRUE;
--- a/core/modules/system/entity.api.php
+++ b/core/modules/system/entity.api.php
@ -710,7 +710,7 @@ function hook_entity_operation_alter(array &$operations, \Drupal\Core\Entity\Ent
 *
 * @param string $operation
 *   The operation to be performed. See
- *   \Drupal\Core\TypedData\AccessibleInterface::access() for possible values.
+ *   \Drupal\Core\Access\AccessibleInterface::access() for possible values.
 * @param \Drupal\Core\Entity\Field\FieldDefinitionInterface $field_definition
 *   The field definition.
 * @param \Drupal\Core\Session\AccountInterface $account
--- a/core/modules/system/lib/Drupal/system/Tests/Entity/EntityAccessTest.php
+++ b/core/modules/system/lib/Drupal/system/Tests/Entity/EntityAccessTest.php
@ -9,7 +9,7 @@ namespace Drupal\system\Tests\Entity;

 use Drupal\Core\Language\Language;
 use Drupal\Core\Session\AccountInterface;
-use Drupal\Core\TypedData\AccessibleInterface;
+use Drupal\Core\Access\AccessibleInterface;
 use Drupal\Core\Entity\EntityAccessController;

 /**
--- a/core/modules/user/lib/Drupal/user/Plugin/Search/UserSearch.php
+++ b/core/modules/user/lib/Drupal/user/Plugin/Search/UserSearch.php
@ -12,7 +12,7 @@ use Drupal\Core\Database\Connection;
 use Drupal\Core\Entity\EntityManager;
 use Drupal\Core\Extension\ModuleHandlerInterface;
 use Drupal\Core\Session\AccountInterface;
-use Drupal\Core\TypedData\AccessibleInterface;
+use Drupal\Core\Access\AccessibleInterface;
 use Drupal\search\Annotation\SearchPlugin;
 use Drupal\search\Plugin\SearchPluginBase;
 use Symfony\Component\DependencyInjection\ContainerInterface;
--- a/core/modules/views_ui/lib/Drupal/views_ui/ViewUI.php
+++ b/core/modules/views_ui/lib/Drupal/views_ui/ViewUI.php
@ -892,7 +892,7 @@ class ViewUI implements ViewStorageInterface {
  }

  /**
-   * Implements \Drupal\Core\TypedData\AccessibleInterface::access().
+   * {@inheritdoc}
   */
  public function access($operation = 'view', AccountInterface $account = NULL) {
    return $this->storage->access($operation, $account);
--- a/core/tests/Drupal/Tests/Core/Access/AccessManagerTest.php
+++ b/core/tests/Drupal/Tests/Core/Access/AccessManagerTest.php
@ -8,7 +8,7 @@
 namespace Drupal\Tests\Core\Access;

 use Drupal\Core\Access\AccessCheckInterface;
-use Drupal\Core\Access\AccessInterface;
+use Drupal\Core\Routing\Access\AccessInterface;
 use Drupal\Core\Access\AccessManager;
 use Drupal\Core\Access\DefaultAccessCheck;
 use Drupal\system\Tests\Routing\MockRouteProvider;