Issue #2101119 by Xano, tim.plunkett: Convert Filter routes to use entity access instead of permissions.
Nathaniel Catchpole
parent
56ace1cb34
commit
973948edf5
|
|
@ -3,7 +3,7 @@ editor.filter_xss:
|
|||
defaults:
|
||||
_controller: '\Drupal\editor\EditorController::filterXss'
|
||||
requirements:
|
||||
_entity_access: 'filter_format.view'
|
||||
_entity_access: 'filter_format.use'
|
||||
|
||||
editor.field_untransformed_text:
|
||||
path: '/editor/{entity_type}/{entity}/{field_name}/{langcode}/{view_mode_id}'
|
||||
|
|
@ -20,11 +20,11 @@ editor.image_dialog:
|
|||
defaults:
|
||||
_form: '\Drupal\editor\Form\EditorImageDialog'
|
||||
requirements:
|
||||
_entity_access: 'filter_format.view'
|
||||
_entity_access: 'filter_format.use'
|
||||
|
||||
editor.link_dialog:
|
||||
path: '/editor/dialog/link/{filter_format}'
|
||||
defaults:
|
||||
_form: '\Drupal\editor\Form\EditorLinkDialog'
|
||||
requirements:
|
||||
_entity_access: 'filter_format.view'
|
||||
_entity_access: 'filter_format.use'
|
||||
|
|
|
|||
|
|
@ -162,7 +162,7 @@ function filter_formats(AccountInterface $account = NULL) {
|
|||
if (!isset($formats['user'][$account_id])) {
|
||||
$formats['user'][$account_id] = array();
|
||||
foreach ($formats['all'] as $format) {
|
||||
if ($format->access('view', $account)) {
|
||||
if ($format->access('use', $account)) {
|
||||
$formats['user'][$account_id][$format->format] = $format;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ filter.tips:
|
|||
_content: '\Drupal\filter\Controller\FilterController::filterTips'
|
||||
_title: 'Compose tips'
|
||||
requirements:
|
||||
_entity_access: 'filter_format.view'
|
||||
_entity_access: 'filter_format.use'
|
||||
|
||||
filter.admin_overview:
|
||||
path: '/admin/config/content/formats'
|
||||
|
|
@ -29,14 +29,14 @@ filter.format_add:
|
|||
_entity_form: filter_format.add
|
||||
_title: 'Add text format'
|
||||
requirements:
|
||||
_permission: 'administer filters'
|
||||
_entity_create_access: 'filter_format'
|
||||
|
||||
filter.format_edit:
|
||||
path: '/admin/config/content/formats/manage/{filter_format}'
|
||||
defaults:
|
||||
_entity_form: filter_format.edit
|
||||
requirements:
|
||||
_permission: 'administer filters'
|
||||
_entity_access: 'filter_format.update'
|
||||
|
||||
filter.admin_disable:
|
||||
path: '/admin/config/content/formats/manage/{filter_format}/disable'
|
||||
|
|
@ -44,5 +44,4 @@ filter.admin_disable:
|
|||
_entity_form: 'filter_format.disable'
|
||||
_title: 'Disable text format'
|
||||
requirements:
|
||||
_filter_disable_format_access: 'TRUE'
|
||||
_permission: 'administer filters'
|
||||
_entity_access: 'filter_format.disable'
|
||||
|
|
|
|||
|
|
@ -6,10 +6,6 @@ services:
|
|||
factory_method: get
|
||||
factory_service: cache_factory
|
||||
arguments: [filter]
|
||||
access_check.filter_disable:
|
||||
class: Drupal\filter\Access\FormatDisableCheck
|
||||
tags:
|
||||
- { name: access_check, applies_to: _filter_disable_format_access }
|
||||
plugin.manager.filter:
|
||||
class: Drupal\filter\FilterPluginManager
|
||||
parent: default_plugin_manager
|
||||
|
|
|
|||
|
|
@ -1,28 +0,0 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* @file
|
||||
* Contains \Drupal\filter\Access\FormatDisableCheck.
|
||||
*/
|
||||
|
||||
namespace Drupal\filter\Access;
|
||||
|
||||
use Drupal\Core\Routing\Access\AccessInterface;
|
||||
use Drupal\Core\Session\AccountInterface;
|
||||
use Symfony\Component\Routing\Route;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
|
||||
/**
|
||||
* Checks access for disabling text formats.
|
||||
*/
|
||||
class FormatDisableCheck implements AccessInterface {
|
||||
|
||||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function access(Route $route, Request $request, AccountInterface $account) {
|
||||
$format = $request->attributes->get('filter_format');
|
||||
return ($format && !$format->isFallbackFormat()) ? static::ALLOW : static::DENY;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -19,26 +19,28 @@ class FilterFormatAccessController extends EntityAccessController {
|
|||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
protected function checkAccess(EntityInterface $entity, $operation, $langcode, AccountInterface $account) {
|
||||
// Handle special cases up front. All users have access to the fallback
|
||||
// format.
|
||||
if ($operation == 'view' && $entity->isFallbackFormat()) {
|
||||
return TRUE;
|
||||
protected function checkAccess(EntityInterface $filter_format, $operation, $langcode, AccountInterface $account) {
|
||||
/** @var \Drupal\filter\FilterFormatInterface $filter_format */
|
||||
|
||||
// All users are allowed to use the fallback filter.
|
||||
if ($operation == 'use') {
|
||||
return $filter_format->isFallbackFormat() || $account->hasPermission($filter_format->getPermissionName());
|
||||
}
|
||||
|
||||
// The fallback format may not be disabled.
|
||||
if ($operation == 'disable' && $filter_format->isFallbackFormat()) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
// We do not allow filter formats to be deleted through the UI, because that
|
||||
// would render any content that uses them unusable.
|
||||
if ($operation == 'delete') {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
if ($operation != 'view' && parent::checkAccess($entity, $operation, $langcode, $account)) {
|
||||
return TRUE;
|
||||
if (in_array($operation, array('disable', 'update'))) {
|
||||
return parent::checkAccess($filter_format, $operation, $langcode, $account);
|
||||
}
|
||||
|
||||
// Check the permission if one exists; otherwise, we have a non-existent
|
||||
// format so we return FALSE.
|
||||
$permission = $entity->getPermissionName();
|
||||
return !empty($permission) && $account->hasPermission($permission);
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -143,8 +143,8 @@ class FilterAdminTest extends WebTestBase {
|
|||
|
||||
// Verify access permissions to Full HTML format.
|
||||
$full_format = entity_load('filter_format', $full);
|
||||
$this->assertTrue($full_format->access('view', $this->admin_user), 'Admin user may use Full HTML.');
|
||||
$this->assertFalse($full_format->access('view', $this->web_user), 'Web user may not use Full HTML.');
|
||||
$this->assertTrue($full_format->access('use', $this->admin_user), 'Admin user may use Full HTML.');
|
||||
$this->assertFalse($full_format->access('use', $this->web_user), 'Web user may not use Full HTML.');
|
||||
|
||||
// Add an additional tag.
|
||||
$edit = array();
|
||||
|
|
|
|||
|
|
@ -126,9 +126,9 @@ class FilterFormatAccessTest extends WebTestBase {
|
|||
// Make sure that a regular user only has access to the text formats for
|
||||
// which they were granted access.
|
||||
$fallback_format = entity_load('filter_format', filter_fallback_format());
|
||||
$this->assertTrue($this->allowed_format->access('view', $this->web_user), 'A regular user has access to a text format they were granted access to.');
|
||||
$this->assertFalse($this->disallowed_format->access('view', $this->web_user), 'A regular user does not have access to a text format they were not granted access to.');
|
||||
$this->assertTrue($fallback_format->access('view', $this->web_user), 'A regular user has access to the fallback format.');
|
||||
$this->assertTrue($this->allowed_format->access('use', $this->web_user), 'A regular user has access to use a text format they were granted access to.');
|
||||
$this->assertFalse($this->disallowed_format->access('use', $this->web_user), 'A regular user does not have access to use a text format they were not granted access to.');
|
||||
$this->assertTrue($fallback_format->access('use', $this->web_user), 'A regular user has access to use the fallback format.');
|
||||
|
||||
// Perform similar checks as above, but now against the entire list of
|
||||
// available formats for this user.
|
||||
|
|
|
|||
Loading…
Reference in New Issue