Drupal
/
drupal
mirror of https://git.drupalcode.org/project/drupal.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Issue #2101119 by Xano, tim.plunkett: Convert Filter routes to use entity access instead of permissions.

8.0.x
Nathaniel Catchpole 2014-04-15 20:26:52 +01:00
parent 56ace1cb34
commit 973948edf5
8 changed files with 27 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
core/modules/editor/editor.routing.yml
View File

@ -3,7 +3,7 @@ editor.filter_xss:
defaults: defaults:
_controller: '\Drupal\editor\EditorController::filterXss' _controller: '\Drupal\editor\EditorController::filterXss'
requirements: requirements:
_entity_access: 'filter_format.view' _entity_access: 'filter_format.use'
editor.field_untransformed_text: editor.field_untransformed_text:
path: '/editor/{entity_type}/{entity}/{field_name}/{langcode}/{view_mode_id}' path: '/editor/{entity_type}/{entity}/{field_name}/{langcode}/{view_mode_id}'
@ -20,11 +20,11 @@ editor.image_dialog:
defaults: defaults:
_form: '\Drupal\editor\Form\EditorImageDialog' _form: '\Drupal\editor\Form\EditorImageDialog'
requirements: requirements:
_entity_access: 'filter_format.view' _entity_access: 'filter_format.use'
editor.link_dialog: editor.link_dialog:
path: '/editor/dialog/link/{filter_format}' path: '/editor/dialog/link/{filter_format}'
defaults: defaults:
_form: '\Drupal\editor\Form\EditorLinkDialog' _form: '\Drupal\editor\Form\EditorLinkDialog'
requirements: requirements:
_entity_access: 'filter_format.view' _entity_access: 'filter_format.use'

2
core/modules/filter/filter.module
View File

@ -162,7 +162,7 @@ function filter_formats(AccountInterface $account = NULL) {
if (!isset($formats['user'][$account_id])) { if (!isset($formats['user'][$account_id])) {
$formats['user'][$account_id] = array(); $formats['user'][$account_id] = array();
foreach ($formats['all'] as $format) { foreach ($formats['all'] as $format) {
if ($format->access('view', $account)) { if ($format->access('use', $account)) {
$formats['user'][$account_id][$format->format] = $format; $formats['user'][$account_id][$format->format] = $format;
} }
} }

9
core/modules/filter/filter.routing.yml
View File

@ -12,7 +12,7 @@ filter.tips:
_content: '\Drupal\filter\Controller\FilterController::filterTips' _content: '\Drupal\filter\Controller\FilterController::filterTips'
_title: 'Compose tips' _title: 'Compose tips'
requirements: requirements:
_entity_access: 'filter_format.view' _entity_access: 'filter_format.use'
filter.admin_overview: filter.admin_overview:
path: '/admin/config/content/formats' path: '/admin/config/content/formats'
@ -29,14 +29,14 @@ filter.format_add:
_entity_form: filter_format.add _entity_form: filter_format.add
_title: 'Add text format' _title: 'Add text format'
requirements: requirements:
_permission: 'administer filters' _entity_create_access: 'filter_format'
filter.format_edit: filter.format_edit:
path: '/admin/config/content/formats/manage/{filter_format}' path: '/admin/config/content/formats/manage/{filter_format}'
defaults: defaults:
_entity_form: filter_format.edit _entity_form: filter_format.edit
requirements: requirements:
_permission: 'administer filters' _entity_access: 'filter_format.update'
filter.admin_disable: filter.admin_disable:
path: '/admin/config/content/formats/manage/{filter_format}/disable' path: '/admin/config/content/formats/manage/{filter_format}/disable'
@ -44,5 +44,4 @@ filter.admin_disable:
_entity_form: 'filter_format.disable' _entity_form: 'filter_format.disable'
_title: 'Disable text format' _title: 'Disable text format'
requirements: requirements:
_filter_disable_format_access: 'TRUE' _entity_access: 'filter_format.disable'
_permission: 'administer filters'

4
core/modules/filter/filter.services.yml
View File

@ -6,10 +6,6 @@ services:
factory_method: get factory_method: get
factory_service: cache_factory factory_service: cache_factory
arguments: [filter] arguments: [filter]
access_check.filter_disable:
class: Drupal\filter\Access\FormatDisableCheck
tags:
- { name: access_check, applies_to: _filter_disable_format_access }
plugin.manager.filter: plugin.manager.filter:
class: Drupal\filter\FilterPluginManager class: Drupal\filter\FilterPluginManager
parent: default_plugin_manager parent: default_plugin_manager

28
core/modules/filter/lib/Drupal/filter/Access/FormatDisableCheck.php
View File

@ -1,28 +0,0 @@
<?php
/**
* @file
* Contains \Drupal\filter\Access\FormatDisableCheck.
*/
namespace Drupal\filter\Access;
use Drupal\Core\Routing\Access\AccessInterface;
use Drupal\Core\Session\AccountInterface;
use Symfony\Component\Routing\Route;
use Symfony\Component\HttpFoundation\Request;
/**
* Checks access for disabling text formats.
*/
class FormatDisableCheck implements AccessInterface {
/**
* {@inheritdoc}
*/
public function access(Route $route, Request $request, AccountInterface $account) {
$format = $request->attributes->get('filter_format');
return ($format && !$format->isFallbackFormat()) ? static::ALLOW : static::DENY;
}
}

26
core/modules/filter/lib/Drupal/filter/FilterFormatAccessController.php
View File

@ -19,26 +19,28 @@ class FilterFormatAccessController extends EntityAccessController {
/** /**
* {@inheritdoc} * {@inheritdoc}
*/ */
protected function checkAccess(EntityInterface $entity, $operation, $langcode, AccountInterface $account) { protected function checkAccess(EntityInterface $filter_format, $operation, $langcode, AccountInterface $account) {
// Handle special cases up front. All users have access to the fallback /** @var \Drupal\filter\FilterFormatInterface $filter_format */
// format.
if ($operation == 'view' && $entity->isFallbackFormat()) { // All users are allowed to use the fallback filter.
return TRUE; if ($operation == 'use') {
return $filter_format->isFallbackFormat() || $account->hasPermission($filter_format->getPermissionName());
} }
// The fallback format may not be disabled.
if ($operation == 'disable' && $filter_format->isFallbackFormat()) {
return FALSE;
}
// We do not allow filter formats to be deleted through the UI, because that // We do not allow filter formats to be deleted through the UI, because that
// would render any content that uses them unusable. // would render any content that uses them unusable.
if ($operation == 'delete') { if ($operation == 'delete') {
return FALSE; return FALSE;
} }
if ($operation != 'view' && parent::checkAccess($entity, $operation, $langcode, $account)) { if (in_array($operation, array('disable', 'update'))) {
return TRUE; return parent::checkAccess($filter_format, $operation, $langcode, $account);
} }
// Check the permission if one exists; otherwise, we have a non-existent
// format so we return FALSE.
$permission = $entity->getPermissionName();
return !empty($permission) && $account->hasPermission($permission);
} }
} }

4
core/modules/filter/lib/Drupal/filter/Tests/FilterAdminTest.php
View File

@ -143,8 +143,8 @@ class FilterAdminTest extends WebTestBase {
// Verify access permissions to Full HTML format. // Verify access permissions to Full HTML format.
$full_format = entity_load('filter_format', $full); $full_format = entity_load('filter_format', $full);
$this->assertTrue($full_format->access('view', $this->admin_user), 'Admin user may use Full HTML.'); $this->assertTrue($full_format->access('use', $this->admin_user), 'Admin user may use Full HTML.');
$this->assertFalse($full_format->access('view', $this->web_user), 'Web user may not use Full HTML.'); $this->assertFalse($full_format->access('use', $this->web_user), 'Web user may not use Full HTML.');
// Add an additional tag. // Add an additional tag.
$edit = array(); $edit = array();

6
core/modules/filter/lib/Drupal/filter/Tests/FilterFormatAccessTest.php
View File

@ -126,9 +126,9 @@ class FilterFormatAccessTest extends WebTestBase {
// Make sure that a regular user only has access to the text formats for // Make sure that a regular user only has access to the text formats for
// which they were granted access. // which they were granted access.
$fallback_format = entity_load('filter_format', filter_fallback_format()); $fallback_format = entity_load('filter_format', filter_fallback_format());
$this->assertTrue($this->allowed_format->access('view', $this->web_user), 'A regular user has access to a text format they were granted access to.'); $this->assertTrue($this->allowed_format->access('use', $this->web_user), 'A regular user has access to use a text format they were granted access to.');
$this->assertFalse($this->disallowed_format->access('view', $this->web_user), 'A regular user does not have access to a text format they were not granted access to.'); $this->assertFalse($this->disallowed_format->access('use', $this->web_user), 'A regular user does not have access to use a text format they were not granted access to.');
$this->assertTrue($fallback_format->access('view', $this->web_user), 'A regular user has access to the fallback format.'); $this->assertTrue($fallback_format->access('use', $this->web_user), 'A regular user has access to use the fallback format.');
// Perform similar checks as above, but now against the entire list of // Perform similar checks as above, but now against the entire list of
// available formats for this user. // available formats for this user.