Issue #2048223 by dawehner, ParisLiakos, herom, fubhy, damiankloip, vijaycs85, joelpittet, tim.plunkett: Add $account argument to AccessCheckInterface::access() method and use the current_user() service.
Nathaniel Catchpole
parent
9b5afa85e3
commit
9d5aefb739
|
|
@ -192,10 +192,11 @@ services:
|
|||
arguments: ['@container.namespaces']
|
||||
plugin.manager.menu.local_action:
|
||||
class: Drupal\Core\Menu\LocalActionManager
|
||||
arguments: ['@controller_resolver', '@request', '@router.route_provider', '@module_handler', '@cache.cache', '@language_manager', '@access_manager']
|
||||
arguments: ['@controller_resolver', '@request', '@router.route_provider', '@module_handler', '@cache.cache', '@language_manager', '@access_manager', '@current_user']
|
||||
plugin.manager.menu.local_task:
|
||||
class: Drupal\Core\Menu\LocalTaskManager
|
||||
arguments: ['@controller_resolver', '@request', '@router.route_provider', '@module_handler', '@cache.cache', '@language_manager', '@access_manager']
|
||||
arguments: ['@controller_resolver', '@request', '@router.route_provider', '@module_handler', '@cache.cache', '@language_manager', '@access_manager', '@current_user']
|
||||
scope: request
|
||||
request:
|
||||
class: Symfony\Component\HttpFoundation\Request
|
||||
# @TODO the synthetic setting must be uncommented whenever drupal_session_initialize()
|
||||
|
|
@ -348,6 +349,8 @@ services:
|
|||
arguments: ['@settings']
|
||||
route_enhancer.authentication:
|
||||
class: Drupal\Core\Routing\Enhancer\AuthenticationEnhancer
|
||||
calls:
|
||||
- [setContainer, ['@service_container']]
|
||||
tags:
|
||||
- { name: route_enhancer, priority: 1000 }
|
||||
arguments: ['@authentication']
|
||||
|
|
@ -410,6 +413,14 @@ services:
|
|||
- [setRequest, ['@?request']]
|
||||
access_subscriber:
|
||||
class: Drupal\Core\EventSubscriber\AccessSubscriber
|
||||
arguments: ['@access_manager', '@current_user']
|
||||
calls:
|
||||
- [setCurrentUser, ['@?current_user']]
|
||||
tags:
|
||||
- { name: event_subscriber }
|
||||
scope: request
|
||||
access_route_subscriber:
|
||||
class: Drupal\Core\EventSubscriber\AccessRouteSubscriber
|
||||
tags:
|
||||
- { name: event_subscriber }
|
||||
arguments: ['@access_manager']
|
||||
|
|
@ -631,6 +642,7 @@ services:
|
|||
factory_method: authenticate
|
||||
factory_service: authentication
|
||||
arguments: ['@request']
|
||||
synchronized: true
|
||||
asset.css.collection_renderer:
|
||||
class: Drupal\Core\Asset\CssCollectionRenderer
|
||||
arguments: [ '@state' ]
|
||||
|
|
|
|||
|
|
@ -2176,7 +2176,7 @@ function form_process_autocomplete($element, &$form_state) {
|
|||
$parameters = isset($element['#autocomplete_route_parameters']) ? $element['#autocomplete_route_parameters'] : array();
|
||||
|
||||
$path = \Drupal::urlGenerator()->generate($element['#autocomplete_route_name'], $parameters);
|
||||
$access = \Drupal::service('access_manager')->checkNamedRoute($element['#autocomplete_route_name'], $parameters);
|
||||
$access = \Drupal::service('access_manager')->checkNamedRoute($element['#autocomplete_route_name'], $parameters, \Drupal::currentUser());
|
||||
}
|
||||
if ($access) {
|
||||
$element['#attributes']['class'][] = 'form-autocomplete';
|
||||
|
|
|
|||
|
|
@ -1018,7 +1018,7 @@ function menu_item_route_access(Route $route, $href, &$map) {
|
|||
}
|
||||
}
|
||||
|
||||
return \Drupal::service('access_manager')->check($route, $request);
|
||||
return \Drupal::service('access_manager')->check($route, $request, \Drupal::currentUser());
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -10,6 +10,7 @@ namespace Drupal\Core\Access;
|
|||
use Drupal\Core\ParamConverter\ParamConverterManager;
|
||||
use Drupal\Core\Routing\RequestHelper;
|
||||
use Drupal\Core\Routing\RouteProviderInterface;
|
||||
use Drupal\Core\Session\AccountInterface;
|
||||
use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
|
||||
use Symfony\Component\Routing\RouteCollection;
|
||||
use Symfony\Component\Routing\Route;
|
||||
|
|
@ -180,6 +181,8 @@ class AccessManager extends ContainerAware {
|
|||
* The route to check access to.
|
||||
* @param array $parameters
|
||||
* Optional array of values to substitute into the route path patern.
|
||||
* @param \Drupal\Core\Session\AccountInterface $account
|
||||
* The current user.
|
||||
* @param \Symfony\Component\HttpFoundation\Request $route_request
|
||||
* Optional incoming request object. If not provided, one will be built
|
||||
* using the route information and the current request from the container.
|
||||
|
|
@ -187,18 +190,17 @@ class AccessManager extends ContainerAware {
|
|||
* @return bool
|
||||
* Returns TRUE if the user has access to the route, otherwise FALSE.
|
||||
*/
|
||||
public function checkNamedRoute($route_name, array $parameters = array(), Request $route_request = NULL) {
|
||||
public function checkNamedRoute($route_name, array $parameters = array(), AccountInterface $account, Request $route_request = NULL) {
|
||||
try {
|
||||
$route = $this->routeProvider->getRouteByName($route_name, $parameters);
|
||||
if (empty($route_request)) {
|
||||
// Create a request and copy the account from the current request.
|
||||
$route_request = RequestHelper::duplicate($this->request, $this->urlGenerator->generate($route_name, $parameters));
|
||||
$defaults = $parameters;
|
||||
$defaults['_account'] = $this->request->attributes->get('_account');
|
||||
$defaults[RouteObjectInterface::ROUTE_OBJECT] = $route;
|
||||
$route_request->attributes->add($this->paramConverterManager->enhance($defaults, $route_request));
|
||||
}
|
||||
return $this->check($route, $route_request);
|
||||
return $this->check($route, $route_request, $account);
|
||||
}
|
||||
catch (RouteNotFoundException $e) {
|
||||
return FALSE;
|
||||
|
|
@ -217,23 +219,21 @@ class AccessManager extends ContainerAware {
|
|||
* The route to check access to.
|
||||
* @param \Symfony\Component\HttpFoundation\Request $request
|
||||
* The incoming request object.
|
||||
* @param \Drupal\Core\Session\AccountInterface $account
|
||||
* The current account.
|
||||
*
|
||||
* @return bool
|
||||
* Returns TRUE if the user has access to the route, otherwise FALSE.
|
||||
*
|
||||
* @throws \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException
|
||||
* If any access check denies access or none explicitly approve.
|
||||
*/
|
||||
public function check(Route $route, Request $request) {
|
||||
public function check(Route $route, Request $request, AccountInterface $account) {
|
||||
$checks = $route->getOption('_access_checks') ?: array();
|
||||
|
||||
$conjunction = $route->getOption('_access_mode') ?: 'ALL';
|
||||
|
||||
if ($conjunction == 'ALL') {
|
||||
return $this->checkAll($checks, $route, $request);
|
||||
return $this->checkAll($checks, $route, $request, $account);
|
||||
}
|
||||
else {
|
||||
return $this->checkAny($checks, $route, $request);
|
||||
return $this->checkAny($checks, $route, $request, $account);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -246,11 +246,13 @@ class AccessManager extends ContainerAware {
|
|||
* The route to check access to.
|
||||
* @param \Symfony\Component\HttpFoundation\Request $request
|
||||
* The incoming request object.
|
||||
* @param \Drupal\Core\Session\AccountInterface $account
|
||||
* The current user.
|
||||
*
|
||||
* @return bool
|
||||
* Returns TRUE if the user has access to the route, else FALSE.
|
||||
*/
|
||||
protected function checkAll(array $checks, Route $route, Request $request) {
|
||||
protected function checkAll(array $checks, Route $route, Request $request, AccountInterface $account) {
|
||||
$access = FALSE;
|
||||
|
||||
foreach ($checks as $service_id) {
|
||||
|
|
@ -258,7 +260,7 @@ class AccessManager extends ContainerAware {
|
|||
$this->loadCheck($service_id);
|
||||
}
|
||||
|
||||
$service_access = $this->checks[$service_id]->access($route, $request);
|
||||
$service_access = $this->checks[$service_id]->access($route, $request, $account);
|
||||
if ($service_access === AccessInterface::ALLOW) {
|
||||
$access = TRUE;
|
||||
}
|
||||
|
|
@ -281,11 +283,13 @@ class AccessManager extends ContainerAware {
|
|||
* The route to check access to.
|
||||
* @param \Symfony\Component\HttpFoundation\Request $request
|
||||
* The incoming request object.
|
||||
* @param \Drupal\Core\Session\AccountInterface $account
|
||||
* The current user.
|
||||
*
|
||||
* @return bool
|
||||
* Returns TRUE if the user has access to the route, else FALSE.
|
||||
*/
|
||||
protected function checkAny(array $checks, $route, $request) {
|
||||
protected function checkAny(array $checks, $route, $request, AccountInterface $account) {
|
||||
// No checks == deny by default.
|
||||
$access = FALSE;
|
||||
|
||||
|
|
@ -294,7 +298,7 @@ class AccessManager extends ContainerAware {
|
|||
$this->loadCheck($service_id);
|
||||
}
|
||||
|
||||
$service_access = $this->checks[$service_id]->access($route, $request);
|
||||
$service_access = $this->checks[$service_id]->access($route, $request, $account);
|
||||
if ($service_access === AccessInterface::ALLOW) {
|
||||
$access = TRUE;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@
|
|||
namespace Drupal\Core\Access;
|
||||
|
||||
use Drupal\Core\Controller\ControllerResolverInterface;
|
||||
use Drupal\Core\Session\AccountInterface;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
use Symfony\Component\Routing\Route;
|
||||
|
||||
|
|
@ -50,7 +51,7 @@ class CustomAccessCheck implements StaticAccessCheckInterface {
|
|||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function access(Route $route, Request $request) {
|
||||
public function access(Route $route, Request $request, AccountInterface $account) {
|
||||
$access_controller = $route->getRequirement('_custom_access');
|
||||
|
||||
$controller = $this->controllerResolver->getControllerFromDefinition($access_controller);
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@
|
|||
|
||||
namespace Drupal\Core\Access;
|
||||
|
||||
use Drupal\Core\Session\AccountInterface;
|
||||
use Symfony\Component\Routing\Route;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
|
||||
|
|
@ -25,7 +26,7 @@ class DefaultAccessCheck implements StaticAccessCheckInterface {
|
|||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function access(Route $route, Request $request) {
|
||||
public function access(Route $route, Request $request, AccountInterface $account) {
|
||||
if ($route->getRequirement('_access') === 'TRUE') {
|
||||
return static::ALLOW;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -107,6 +107,10 @@ class YamlFileLoader {
|
|||
$definition->setSynthetic($service['synthetic']);
|
||||
}
|
||||
|
||||
if (isset($service['synchronized'])) {
|
||||
$definition->setSynchronized($service['synchronized']);
|
||||
}
|
||||
|
||||
if (isset($service['public'])) {
|
||||
$definition->setPublic($service['public']);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@
|
|||
namespace Drupal\Core\Entity;
|
||||
|
||||
use Drupal\Core\Entity\EntityInterface;
|
||||
use Drupal\Core\Session\AccountInterface;
|
||||
use Symfony\Component\Routing\Route;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
use Drupal\Core\Access\StaticAccessCheckInterface;
|
||||
|
|
@ -37,7 +38,7 @@ class EntityAccessCheck implements StaticAccessCheckInterface {
|
|||
* @endcode
|
||||
* Available operations are 'view', 'update', 'create', and 'delete'.
|
||||
*/
|
||||
public function access(Route $route, Request $request) {
|
||||
public function access(Route $route, Request $request, AccountInterface $account) {
|
||||
// Split the entity type and the operation.
|
||||
$requirement = $route->getRequirement('_entity_access');
|
||||
list($entity_type, $operation) = explode('.', $requirement);
|
||||
|
|
@ -45,7 +46,7 @@ class EntityAccessCheck implements StaticAccessCheckInterface {
|
|||
if ($request->attributes->has($entity_type)) {
|
||||
$entity = $request->attributes->get($entity_type);
|
||||
if ($entity instanceof EntityInterface) {
|
||||
return $entity->access($operation) ? static::ALLOW : static::DENY;
|
||||
return $entity->access($operation, $account) ? static::ALLOW : static::DENY;
|
||||
}
|
||||
}
|
||||
// No opinion, so other access checks should decide if access should be
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@
|
|||
namespace Drupal\Core\Entity;
|
||||
|
||||
use Drupal\Core\Access\StaticAccessCheckInterface;
|
||||
use Drupal\Core\Session\AccountInterface;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
use Symfony\Component\Routing\Route;
|
||||
|
||||
|
|
@ -50,7 +51,7 @@ class EntityCreateAccessCheck implements StaticAccessCheckInterface {
|
|||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function access(Route $route, Request $request) {
|
||||
public function access(Route $route, Request $request, AccountInterface $account) {
|
||||
list($entity_type, $bundle) = explode(':', $route->getRequirement($this->requirementsKey) . ':');
|
||||
|
||||
// The bundle argument can contain request argument placeholders like
|
||||
|
|
@ -65,7 +66,7 @@ class EntityCreateAccessCheck implements StaticAccessCheckInterface {
|
|||
return static::DENY;
|
||||
}
|
||||
}
|
||||
return $this->entityManager->getAccessController($entity_type)->createAccess($bundle) ? static::ALLOW : static::DENY;
|
||||
return $this->entityManager->getAccessController($entity_type)->createAccess($bundle, $account) ? static::ALLOW : static::DENY;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -0,0 +1,61 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* @file
|
||||
* Contains \Drupal\Core\EventSubscriber\AccessRouteSubscriber.
|
||||
*/
|
||||
|
||||
namespace Drupal\Core\EventSubscriber;
|
||||
|
||||
use Drupal\Core\Access\AccessManager;
|
||||
use Drupal\Core\Routing\RouteBuildEvent;
|
||||
use Drupal\Core\Routing\RoutingEvents;
|
||||
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
|
||||
|
||||
/**
|
||||
* Provides a subscriber to set access checkers on route building.
|
||||
*/
|
||||
class AccessRouteSubscriber implements EventSubscriberInterface {
|
||||
|
||||
/**
|
||||
* The access manager.
|
||||
*
|
||||
* @var \Drupal\Core\Access\AccessManager
|
||||
*/
|
||||
protected $accessManager;
|
||||
|
||||
/**
|
||||
* Constructs a new AccessSubscriber.
|
||||
*
|
||||
* @param \Drupal\Core\Access\AccessManager $access_manager
|
||||
* The access check manager that will be responsible for applying
|
||||
* AccessCheckers against routes.
|
||||
*/
|
||||
public function __construct(AccessManager $access_manager) {
|
||||
$this->accessManager = $access_manager;
|
||||
}
|
||||
|
||||
/**
|
||||
* Apply access checks to routes.
|
||||
*
|
||||
* @param \Drupal\Core\Routing\RouteBuildEvent $event
|
||||
* The event to process.
|
||||
*/
|
||||
public function onRoutingRouteAlterSetAccessCheck(RouteBuildEvent $event) {
|
||||
$this->accessManager->setChecks($event->getRouteCollection());
|
||||
}
|
||||
|
||||
/**
|
||||
* Registers the methods in this class that should be listeners.
|
||||
*
|
||||
* @return array
|
||||
* An array of event listener definitions.
|
||||
*/
|
||||
static function getSubscribedEvents() {
|
||||
// Setting very low priority to ensure access checks are run after alters.
|
||||
$events[RoutingEvents::ALTER][] = array('onRoutingRouteAlterSetAccessCheck', -50);
|
||||
|
||||
return $events;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -7,29 +7,45 @@
|
|||
|
||||
namespace Drupal\Core\EventSubscriber;
|
||||
|
||||
use Drupal\Core\Access\AccessManager;
|
||||
use Drupal\Core\Session\AccountInterface;
|
||||
use Symfony\Cmf\Component\Routing\RouteObjectInterface;
|
||||
use Symfony\Component\HttpKernel\KernelEvents;
|
||||
use Symfony\Component\HttpKernel\Event\GetResponseEvent;
|
||||
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
|
||||
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
|
||||
use Drupal\Core\Routing\RoutingEvents;
|
||||
use Drupal\Core\Access\AccessManager;
|
||||
use Drupal\Core\Routing\RouteBuildEvent;
|
||||
|
||||
/**
|
||||
* Access subscriber for controller requests.
|
||||
*/
|
||||
class AccessSubscriber implements EventSubscriberInterface {
|
||||
|
||||
/**
|
||||
* The current user.
|
||||
*
|
||||
* @var \Drupal\Core\Session\AccountInterface
|
||||
*/
|
||||
protected $currentUser;
|
||||
|
||||
/**
|
||||
* The access manager.
|
||||
*
|
||||
* @var \Drupal\Core\Access\AccessManager
|
||||
*/
|
||||
protected $accessManager;
|
||||
|
||||
/**
|
||||
* Constructs a new AccessSubscriber.
|
||||
*
|
||||
* @param \Drupal\Core\Access\AccessManager $access_manager
|
||||
* The access check manager that will be responsible for applying
|
||||
* AccessCheckers against routes.
|
||||
* @param \Drupal\Core\Session\AccountInterface $current_user
|
||||
* The current user.
|
||||
*/
|
||||
public function __construct(AccessManager $access_manager) {
|
||||
public function __construct(AccessManager $access_manager, AccountInterface $current_user) {
|
||||
$this->accessManager = $access_manager;
|
||||
$this->currentUser = $current_user;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -37,6 +53,9 @@ class AccessSubscriber implements EventSubscriberInterface {
|
|||
*
|
||||
* @param \Symfony\Component\HttpKernel\Event\GetResponseEvent $event
|
||||
* The Event to process.
|
||||
*
|
||||
* @throws \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException
|
||||
* Thrown when the access got denied.
|
||||
*/
|
||||
public function onKernelRequestAccessCheck(GetResponseEvent $event) {
|
||||
$request = $event->getRequest();
|
||||
|
|
@ -46,20 +65,20 @@ class AccessSubscriber implements EventSubscriberInterface {
|
|||
return;
|
||||
}
|
||||
|
||||
$access = $this->accessManager->check($request->attributes->get(RouteObjectInterface::ROUTE_OBJECT), $request);
|
||||
$access = $this->accessManager->check($request->attributes->get(RouteObjectInterface::ROUTE_OBJECT), $request, $this->currentUser);
|
||||
if (!$access) {
|
||||
throw new AccessDeniedHttpException();
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Apply access checks to routes.
|
||||
* Sets the current user.
|
||||
*
|
||||
* @param \Drupal\Core\Routing\RouteBuildEvent $event
|
||||
* The event to process.
|
||||
* @param \Drupal\Core\Session\AccountInterface|null $current_user
|
||||
* The current user service.
|
||||
*/
|
||||
public function onRoutingRouteAlterSetAccessCheck(RouteBuildEvent $event) {
|
||||
$this->accessManager->setChecks($event->getRouteCollection());
|
||||
public function setCurrentUser(AccountInterface $current_user = NULL) {
|
||||
$this->currentUser = $current_user;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -70,9 +89,8 @@ class AccessSubscriber implements EventSubscriberInterface {
|
|||
*/
|
||||
static function getSubscribedEvents() {
|
||||
$events[KernelEvents::REQUEST][] = array('onKernelRequestAccessCheck', 30);
|
||||
// Setting very low priority to ensure access checks are run after alters.
|
||||
$events[RoutingEvents::ALTER][] = array('onRoutingRouteAlterSetAccessCheck', -50);
|
||||
|
||||
return $events;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -20,6 +20,7 @@ use Drupal\Core\Plugin\Factory\ContainerFactory;
|
|||
use Drupal\Core\Routing\RouteProviderInterface;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
use Symfony\Component\HttpKernel\Controller\ControllerResolverInterface;
|
||||
use Drupal\Core\Session\AccountInterface;
|
||||
|
||||
/**
|
||||
* Manages discovery and instantiation of menu local action plugins.
|
||||
|
|
@ -83,6 +84,13 @@ class LocalActionManager extends DefaultPluginManager {
|
|||
*/
|
||||
protected $accessManager;
|
||||
|
||||
/**
|
||||
* The current user.
|
||||
*
|
||||
* @var \Drupal\Core\Session\AccountInterface
|
||||
*/
|
||||
protected $account;
|
||||
|
||||
/**
|
||||
* The plugin instances.
|
||||
*
|
||||
|
|
@ -109,7 +117,7 @@ class LocalActionManager extends DefaultPluginManager {
|
|||
* @param \Drupal\Core\Access\AccessManager $access_manager
|
||||
* The access manager.
|
||||
*/
|
||||
public function __construct(ControllerResolverInterface $controller_resolver, Request $request, RouteProviderInterface $route_provider, ModuleHandlerInterface $module_handler, CacheBackendInterface $cache_backend, LanguageManager $language_manager, AccessManager $access_manager) {
|
||||
public function __construct(ControllerResolverInterface $controller_resolver, Request $request, RouteProviderInterface $route_provider, ModuleHandlerInterface $module_handler, CacheBackendInterface $cache_backend, LanguageManager $language_manager, AccessManager $access_manager, AccountInterface $account) {
|
||||
// Skip calling the parent constructor, since that assumes annotation-based
|
||||
// discovery.
|
||||
$this->discovery = new YamlDiscovery('local_actions', $module_handler->getModuleDirectories());
|
||||
|
|
@ -117,6 +125,7 @@ class LocalActionManager extends DefaultPluginManager {
|
|||
$this->factory = new ContainerFactory($this);
|
||||
$this->routeProvider = $route_provider;
|
||||
$this->accessManager = $access_manager;
|
||||
$this->account = $account;
|
||||
$this->controllerResolver = $controller_resolver;
|
||||
$this->request = $request;
|
||||
$this->alterInfo($module_handler, 'menu_local_actions');
|
||||
|
|
@ -181,7 +190,7 @@ class LocalActionManager extends DefaultPluginManager {
|
|||
'route_parameters' => $route_parameters,
|
||||
'localized_options' => $plugin->getOptions($this->request),
|
||||
),
|
||||
'#access' => $this->accessManager->checkNamedRoute($route_name, $route_parameters),
|
||||
'#access' => $this->accessManager->checkNamedRoute($route_name, $route_parameters, $this->account),
|
||||
'#weight' => $plugin->getWeight(),
|
||||
);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -18,6 +18,7 @@ use Drupal\Core\Plugin\Discovery\ContainerDerivativeDiscoveryDecorator;
|
|||
use Drupal\Core\Plugin\Discovery\YamlDiscovery;
|
||||
use Drupal\Core\Plugin\Factory\ContainerFactory;
|
||||
use Drupal\Core\Routing\RouteProviderInterface;
|
||||
use Drupal\Core\Session\AccountInterface;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
|
||||
/**
|
||||
|
|
@ -88,6 +89,13 @@ class LocalTaskManager extends DefaultPluginManager {
|
|||
*/
|
||||
protected $accessManager;
|
||||
|
||||
/**
|
||||
* The current user.
|
||||
*
|
||||
* @var \Drupal\Core\Session\AccountInterface
|
||||
*/
|
||||
protected $account;
|
||||
|
||||
/**
|
||||
* Constructs a \Drupal\Core\Menu\LocalTaskManager object.
|
||||
*
|
||||
|
|
@ -105,8 +113,10 @@ class LocalTaskManager extends DefaultPluginManager {
|
|||
* The language manager.
|
||||
* @param \Drupal\Core\Access\AccessManager $access_manager
|
||||
* The access manager.
|
||||
* @param \Drupal\Core\Session\AccountInterface $account
|
||||
* The current user.
|
||||
*/
|
||||
public function __construct(ControllerResolverInterface $controller_resolver, Request $request, RouteProviderInterface $route_provider, ModuleHandlerInterface $module_handler, CacheBackendInterface $cache, LanguageManager $language_manager, AccessManager $access_manager) {
|
||||
public function __construct(ControllerResolverInterface $controller_resolver, Request $request, RouteProviderInterface $route_provider, ModuleHandlerInterface $module_handler, CacheBackendInterface $cache, LanguageManager $language_manager, AccessManager $access_manager, AccountInterface $account) {
|
||||
$this->discovery = new YamlDiscovery('local_tasks', $module_handler->getModuleDirectories());
|
||||
$this->discovery = new ContainerDerivativeDiscoveryDecorator($this->discovery);
|
||||
$this->factory = new ContainerFactory($this);
|
||||
|
|
@ -114,6 +124,7 @@ class LocalTaskManager extends DefaultPluginManager {
|
|||
$this->request = $request;
|
||||
$this->routeProvider = $route_provider;
|
||||
$this->accessManager = $access_manager;
|
||||
$this->account = $account;
|
||||
$this->alterInfo($module_handler, 'local_tasks');
|
||||
$this->setCacheBackend($cache, $language_manager, 'local_task_plugins', array('local_task' => 1));
|
||||
}
|
||||
|
|
@ -265,7 +276,7 @@ class LocalTaskManager extends DefaultPluginManager {
|
|||
$route_parameters = $child->getRouteParameters($this->request);
|
||||
|
||||
// Find out whether the user has access to the task.
|
||||
$access = $this->accessManager->checkNamedRoute($route_name, $route_parameters);
|
||||
$access = $this->accessManager->checkNamedRoute($route_name, $route_parameters, $this->account);
|
||||
if ($access) {
|
||||
$active = $this->isRouteActive($current_route_name, $route_name, $route_parameters);
|
||||
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@
|
|||
namespace Drupal\Core\Routing\Access;
|
||||
|
||||
use Drupal\Core\Access\AccessInterface as GenericAccessInterface;
|
||||
use Drupal\Core\Session\AccountInterface;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
use Symfony\Component\Routing\Route;
|
||||
|
||||
|
|
@ -23,10 +24,12 @@ interface AccessInterface extends GenericAccessInterface {
|
|||
* The route to check against.
|
||||
* @param \Symfony\Component\HttpFoundation\Request $request
|
||||
* The request object.
|
||||
* @param \Drupal\Core\Session\AccountInterface $account
|
||||
* The currently logged in account.
|
||||
*
|
||||
* @return bool|null
|
||||
* self::ALLOW, self::DENY, or self::KILL.
|
||||
*/
|
||||
public function access(Route $route, Request $request);
|
||||
public function access(Route $route, Request $request, AccountInterface $account);
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@ namespace Drupal\Core\Routing\Enhancer;
|
|||
|
||||
use Drupal\Core\Authentication\AuthenticationManagerInterface;
|
||||
use Symfony\Cmf\Component\Routing\Enhancer\RouteEnhancerInterface;
|
||||
use Symfony\Component\DependencyInjection\ContainerAware;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
use Symfony\Cmf\Component\Routing\RouteObjectInterface;
|
||||
|
||||
|
|
@ -20,7 +21,7 @@ use Symfony\Cmf\Component\Routing\RouteObjectInterface;
|
|||
* all authentication mechanisms. Instead, we check if the used provider is
|
||||
* valid for the matched route and if not, force the user to anonymous.
|
||||
*/
|
||||
class AuthenticationEnhancer implements RouteEnhancerInterface {
|
||||
class AuthenticationEnhancer extends ContainerAware implements RouteEnhancerInterface {
|
||||
|
||||
/**
|
||||
* The authentication manager.
|
||||
|
|
@ -52,6 +53,9 @@ class AuthenticationEnhancer implements RouteEnhancerInterface {
|
|||
// force the user back to anonymous.
|
||||
if (!in_array($auth_provider_triggered, $auth_providers)) {
|
||||
$anonymous_user = drupal_anonymous_user();
|
||||
|
||||
$this->container->set('current_user', $anonymous_user, 'request');
|
||||
// @todo Remove this in https://drupal.org/node/2073531
|
||||
$request->attributes->set('_account', $anonymous_user);
|
||||
|
||||
// The global $user object is included for backward compatibility only
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@
|
|||
namespace Drupal\Core\Theme;
|
||||
|
||||
use Drupal\Core\Access\StaticAccessCheckInterface;
|
||||
use Drupal\Core\Session\AccountInterface;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
use Symfony\Component\Routing\Route;
|
||||
|
||||
|
|
@ -26,7 +27,7 @@ class ThemeAccessCheck implements StaticAccessCheckInterface {
|
|||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function access(Route $route, Request $request) {
|
||||
public function access(Route $route, Request $request, AccountInterface $account) {
|
||||
return $this->checkAccess($request->attributes->get('theme')) ? static::ALLOW : static::DENY;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@ namespace Drupal\aggregator\Access;
|
|||
|
||||
use Drupal\Core\Access\StaticAccessCheckInterface;
|
||||
use Drupal\Core\Database\Connection;
|
||||
use Drupal\Core\Session\AccountInterface;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
use Symfony\Component\Routing\Route;
|
||||
|
||||
|
|
@ -44,10 +45,8 @@ class CategoriesAccessCheck implements StaticAccessCheckInterface {
|
|||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function access(Route $route, Request $request) {
|
||||
// @todo Replace user_access() with a correctly injected and session-using
|
||||
// alternative.
|
||||
return user_access('access news feeds') && (bool) $this->database->queryRange('SELECT 1 FROM {aggregator_category}', 0, 1)->fetchField() ? static::ALLOW : static::DENY;
|
||||
public function access(Route $route, Request $request, AccountInterface $account) {
|
||||
return $account->hasPermission('access news feeds') && (bool) $this->database->queryRange('SELECT 1 FROM {aggregator_category}', 0, 1)->fetchField() ? static::ALLOW : static::DENY;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
services:
|
||||
book.breadcrumb:
|
||||
class: Drupal\book\BookBreadcrumbBuilder
|
||||
arguments: ['@entity.manager', '@access_manager']
|
||||
arguments: ['@entity.manager', '@access_manager', '@current_user']
|
||||
tags:
|
||||
- { name: breadcrumb_builder, priority: 701 }
|
||||
book.manager:
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@ namespace Drupal\book\Access;
|
|||
|
||||
use Drupal\book\BookManager;
|
||||
use Drupal\Core\Access\StaticAccessCheckInterface;
|
||||
use Drupal\Core\Session\AccountInterface;
|
||||
use Symfony\Component\Routing\Route;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
|
||||
|
|
@ -44,7 +45,7 @@ class BookNodeIsRemovableAccessCheck implements StaticAccessCheckInterface {
|
|||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function access(Route $route, Request $request) {
|
||||
public function access(Route $route, Request $request, AccountInterface $account) {
|
||||
$node = $request->attributes->get('node');
|
||||
if (!empty($node)) {
|
||||
return $this->bookManager->checkNodeIsRemovable($node) ? static::ALLOW : static::DENY;
|
||||
|
|
|
|||
|
|
@ -10,6 +10,7 @@ namespace Drupal\book;
|
|||
use Drupal\Core\Access\AccessManager;
|
||||
use Drupal\Core\Breadcrumb\BreadcrumbBuilderBase;
|
||||
use Drupal\Core\Entity\EntityManager;
|
||||
use Drupal\Core\Session\AccountInterface;
|
||||
use Drupal\node\NodeInterface;
|
||||
|
||||
/**
|
||||
|
|
@ -31,6 +32,13 @@ class BookBreadcrumbBuilder extends BreadcrumbBuilderBase {
|
|||
*/
|
||||
protected $accessManager;
|
||||
|
||||
/**
|
||||
* The current user account.
|
||||
*
|
||||
* @var \Drupal\Core\Session\AccountInterface
|
||||
*/
|
||||
protected $account;
|
||||
|
||||
/**
|
||||
* Constructs the BookBreadcrumbBuilder.
|
||||
*
|
||||
|
|
@ -38,10 +46,13 @@ class BookBreadcrumbBuilder extends BreadcrumbBuilderBase {
|
|||
* The entity manager service.
|
||||
* @param \Drupal\Core\Access\AccessManager $access_manager
|
||||
* The access manager.
|
||||
* @param \Drupal\Core\Session\AccountInterface $account
|
||||
* The current user account.
|
||||
*/
|
||||
public function __construct(EntityManager $entity_manager, AccessManager $access_manager) {
|
||||
public function __construct(EntityManager $entity_manager, AccessManager $access_manager, AccountInterface $account) {
|
||||
$this->menuLinkStorage = $entity_manager->getStorageController('menu_link');
|
||||
$this->accessManager = $access_manager;
|
||||
$this->account = $account;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -63,7 +74,7 @@ class BookBreadcrumbBuilder extends BreadcrumbBuilderBase {
|
|||
$depth = 1;
|
||||
while (!empty($book['p' . ($depth + 1)])) {
|
||||
if (!empty($menu_links[$book['p' . $depth]]) && ($menu_link = $menu_links[$book['p' . $depth]])) {
|
||||
if ($this->accessManager->checkNamedRoute($menu_link->route_name, $menu_link->route_parameters)) {
|
||||
if ($this->accessManager->checkNamedRoute($menu_link->route_name, $menu_link->route_parameters, $this->account)) {
|
||||
$links[] = $this->l($menu_link->label(), $menu_link->route_name, $menu_link->route_parameters, $menu_link->options);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -109,7 +109,7 @@ function contact_menu() {
|
|||
* @see contact_menu()
|
||||
*/
|
||||
function _contact_personal_tab_access(UserInterface $account) {
|
||||
return \Drupal::service('access_manager')->checkNamedRoute('contact.personal_page', array('user' => $account->id()));
|
||||
return \Drupal::service('access_manager')->checkNamedRoute('contact.personal_page', array('user' => $account->id()), \Drupal::currentUser());
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@ namespace Drupal\contact\Access;
|
|||
|
||||
use Drupal\Core\Access\StaticAccessCheckInterface;
|
||||
use Drupal\Core\Config\ConfigFactory;
|
||||
use Drupal\Core\Session\AccountInterface;
|
||||
use Drupal\user\UserDataInterface;
|
||||
use Symfony\Component\Routing\Route;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
|
|
@ -55,10 +56,8 @@ class ContactPageAccess implements StaticAccessCheckInterface {
|
|||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function access(Route $route, Request $request) {
|
||||
public function access(Route $route, Request $request, AccountInterface $account) {
|
||||
$contact_account = $request->attributes->get('user');
|
||||
// @todo revisit after https://drupal.org/node/2048223
|
||||
$user = \Drupal::currentUser();
|
||||
|
||||
// Anonymous users cannot have contact forms.
|
||||
if ($contact_account->isAnonymous()) {
|
||||
|
|
@ -66,12 +65,12 @@ class ContactPageAccess implements StaticAccessCheckInterface {
|
|||
}
|
||||
|
||||
// Users may not contact themselves.
|
||||
if ($user->id() == $contact_account->id()) {
|
||||
if ($account->id() == $contact_account->id()) {
|
||||
return static::DENY;
|
||||
}
|
||||
|
||||
// User administrators should always have access to personal contact forms.
|
||||
if ($user->hasPermission('administer users')) {
|
||||
if ($account->hasPermission('administer users')) {
|
||||
return static::ALLOW;
|
||||
}
|
||||
|
||||
|
|
@ -92,7 +91,7 @@ class ContactPageAccess implements StaticAccessCheckInterface {
|
|||
return static::DENY;
|
||||
}
|
||||
|
||||
return $user->hasPermission('access user contact forms') ? static::ALLOW : static::DENY;
|
||||
return $account->hasPermission('access user contact forms') ? static::ALLOW : static::DENY;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -10,6 +10,7 @@ namespace Drupal\content_translation\Access;
|
|||
use Drupal\Core\Entity\EntityManager;
|
||||
use Drupal\Core\Access\StaticAccessCheckInterface;
|
||||
use Drupal\Core\Language\Language;
|
||||
use Drupal\Core\Session\AccountInterface;
|
||||
use Symfony\Component\Routing\Route;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
|
||||
|
|
@ -45,7 +46,7 @@ class ContentTranslationManageAccessCheck implements StaticAccessCheckInterface
|
|||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function access(Route $route, Request $request) {
|
||||
public function access(Route $route, Request $request, AccountInterface $account) {
|
||||
$entity_type = $request->attributes->get('_entity_type');
|
||||
if ($entity = $request->attributes->get($entity_type)) {
|
||||
$route_requirements = $route->getRequirements();
|
||||
|
|
|
|||
|
|
@ -7,8 +7,9 @@
|
|||
|
||||
namespace Drupal\content_translation\Access;
|
||||
|
||||
use Drupal\Core\Entity\EntityManager;
|
||||
use Drupal\Core\Access\StaticAccessCheckInterface;
|
||||
use Drupal\Core\Entity\EntityManager;
|
||||
use Drupal\Core\Session\AccountInterface;
|
||||
use Symfony\Component\Routing\Route;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
|
||||
|
|
@ -44,15 +45,12 @@ class ContentTranslationOverviewAccess implements StaticAccessCheckInterface {
|
|||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function access(Route $route, Request $request) {
|
||||
public function access(Route $route, Request $request, AccountInterface $account) {
|
||||
$entity_type = $request->attributes->get('_entity_type');
|
||||
if ($entity = $request->attributes->get($entity_type)) {
|
||||
// Get entity base info.
|
||||
$bundle = $entity->bundle();
|
||||
|
||||
// Get account details from request.
|
||||
$account = \Drupal::currentUser();
|
||||
|
||||
// Get entity access callback.
|
||||
$definitions = $this->entityManager->getDefinitions();
|
||||
$access_callback = $definitions[$entity_type]['translation']['content_translation']['access_callback'];
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@
|
|||
namespace Drupal\edit\Access;
|
||||
|
||||
use Drupal\Core\Access\StaticAccessCheckInterface;
|
||||
use Drupal\Core\Session\AccountInterface;
|
||||
use Symfony\Component\Routing\Route;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
|
||||
|
|
@ -47,20 +48,20 @@ class EditEntityAccessCheck implements StaticAccessCheckInterface {
|
|||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function access(Route $route, Request $request) {
|
||||
public function access(Route $route, Request $request, AccountInterface $account) {
|
||||
// @todo Request argument validation and object loading should happen
|
||||
// elsewhere in the request processing pipeline:
|
||||
// http://drupal.org/node/1798214.
|
||||
$this->validateAndUpcastRequestAttributes($request);
|
||||
|
||||
return $this->accessEditEntity($request->attributes->get('entity')) ? static::ALLOW : static::DENY;
|
||||
return $this->accessEditEntity($request->attributes->get('entity'), $account) ? static::ALLOW : static::DENY;
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
protected function accessEditEntity(EntityInterface $entity) {
|
||||
return $entity->access('update');
|
||||
protected function accessEditEntity(EntityInterface $entity, $account) {
|
||||
return $entity->access('update', $account);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@ namespace Drupal\edit\Access;
|
|||
|
||||
use Drupal\Core\Access\StaticAccessCheckInterface;
|
||||
use Drupal\edit\Access\EditEntityFieldAccessCheckInterface;
|
||||
use Drupal\Core\Session\AccountInterface;
|
||||
use Symfony\Component\Routing\Route;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
|
||||
|
|
@ -58,7 +59,7 @@ class EditEntityFieldAccessCheck implements StaticAccessCheckInterface, EditEnti
|
|||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function access(Route $route, Request $request) {
|
||||
public function access(Route $route, Request $request, AccountInterface $account) {
|
||||
// @todo Request argument validation and object loading should happen
|
||||
// elsewhere in the request processing pipeline:
|
||||
// http://drupal.org/node/1798214.
|
||||
|
|
|
|||
|
|
@ -119,7 +119,8 @@ class EditEntityAccessCheckTest extends UnitTestCase {
|
|||
$request->attributes->set('entity', $entity);
|
||||
$request->attributes->set('entity_type', 'test_entity');
|
||||
|
||||
$access = $this->editAccessCheck->access($route, $request);
|
||||
$account = $this->getMock('Drupal\Core\Session\AccountInterface');
|
||||
$access = $this->editAccessCheck->access($route, $request, $account);
|
||||
$this->assertSame($expected_result, $access);
|
||||
}
|
||||
|
||||
|
|
@ -138,7 +139,8 @@ class EditEntityAccessCheckTest extends UnitTestCase {
|
|||
->with('non_valid')
|
||||
->will($this->returnValue(NULL));
|
||||
|
||||
$this->editAccessCheck->access($route, $request);
|
||||
$account = $this->getMock('Drupal\Core\Session\AccountInterface');
|
||||
$this->editAccessCheck->access($route, $request, $account);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -162,7 +164,8 @@ class EditEntityAccessCheckTest extends UnitTestCase {
|
|||
->with(1)
|
||||
->will($this->returnValue(NULL));
|
||||
|
||||
$this->editAccessCheck->access($route, $request);
|
||||
$account = $this->getMock('Drupal\Core\Session\AccountInterface');
|
||||
$this->editAccessCheck->access($route, $request, $account);
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -164,7 +164,8 @@ class EditEntityFieldAccessCheckTest extends UnitTestCase {
|
|||
)
|
||||
)));
|
||||
|
||||
$access = $this->editAccessCheck->access($route, $request);
|
||||
$account = $this->getMock('Drupal\Core\Session\AccountInterface');
|
||||
$access = $this->editAccessCheck->access($route, $request, $account);
|
||||
$this->assertSame($expected_result, $access);
|
||||
}
|
||||
|
||||
|
|
@ -183,7 +184,8 @@ class EditEntityFieldAccessCheckTest extends UnitTestCase {
|
|||
->with('non_valid')
|
||||
->will($this->returnValue(NULL));
|
||||
|
||||
$this->editAccessCheck->access($route, $request);
|
||||
$account = $this->getMock('Drupal\Core\Session\AccountInterface');
|
||||
$this->editAccessCheck->access($route, $request, $account);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -207,7 +209,8 @@ class EditEntityFieldAccessCheckTest extends UnitTestCase {
|
|||
->with(1)
|
||||
->will($this->returnValue(NULL));
|
||||
|
||||
$this->editAccessCheck->access($route, $request);
|
||||
$account = $this->getMock('Drupal\Core\Session\AccountInterface');
|
||||
$this->editAccessCheck->access($route, $request, $account);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -226,7 +229,8 @@ class EditEntityFieldAccessCheckTest extends UnitTestCase {
|
|||
|
||||
$request->attributes->set('entity', $entity);
|
||||
|
||||
$this->editAccessCheck->access($route, $request);
|
||||
$account = $this->getMock('Drupal\Core\Session\AccountInterface');
|
||||
$this->editAccessCheck->access($route, $request, $account);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -257,7 +261,8 @@ class EditEntityFieldAccessCheckTest extends UnitTestCase {
|
|||
->with('entity_test', 'test_bundle', 'not_valid')
|
||||
->will($this->returnValue(NULL));
|
||||
|
||||
$this->editAccessCheck->access($route, $request);
|
||||
$account = $this->getMock('Drupal\Core\Session\AccountInterface');
|
||||
$this->editAccessCheck->access($route, $request, $account);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -285,7 +290,8 @@ class EditEntityFieldAccessCheckTest extends UnitTestCase {
|
|||
->method('getInstance')
|
||||
->will($this->returnValue($field));
|
||||
|
||||
$this->editAccessCheck->access($route, $request);
|
||||
$account = $this->getMock('Drupal\Core\Session\AccountInterface');
|
||||
$this->editAccessCheck->access($route, $request, $account);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -314,7 +320,8 @@ class EditEntityFieldAccessCheckTest extends UnitTestCase {
|
|||
->method('getInstance')
|
||||
->will($this->returnValue($field));
|
||||
|
||||
$this->editAccessCheck->access($route, $request);
|
||||
$account = $this->getMock('Drupal\Core\Session\AccountInterface');
|
||||
$this->editAccessCheck->access($route, $request, $account);
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@
|
|||
namespace Drupal\field_ui\Access;
|
||||
|
||||
use Drupal\Core\Access\StaticAccessCheckInterface;
|
||||
use Drupal\Core\Session\AccountInterface;
|
||||
use Symfony\Component\Routing\Route;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
|
||||
|
|
@ -26,7 +27,7 @@ class FormModeAccessCheck implements StaticAccessCheckInterface {
|
|||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function access(Route $route, Request $request) {
|
||||
public function access(Route $route, Request $request, AccountInterface $account) {
|
||||
if ($entity_type = $request->attributes->get('entity_type')) {
|
||||
$bundle = $request->attributes->get('bundle');
|
||||
$form_mode = $request->attributes->get('mode');
|
||||
|
|
@ -43,7 +44,7 @@ class FormModeAccessCheck implements StaticAccessCheckInterface {
|
|||
|
||||
if ($visibility) {
|
||||
$permission = $route->getRequirement('_field_ui_form_mode_access');
|
||||
return user_access($permission) ? static::ALLOW : static::DENY;
|
||||
return $account->hasPermission($permission) ? static::ALLOW : static::DENY;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@
|
|||
namespace Drupal\field_ui\Access;
|
||||
|
||||
use Drupal\Core\Access\StaticAccessCheckInterface;
|
||||
use Drupal\Core\Session\AccountInterface;
|
||||
use Symfony\Component\Routing\Route;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
|
||||
|
|
@ -26,7 +27,7 @@ class ViewModeAccessCheck implements StaticAccessCheckInterface {
|
|||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function access(Route $route, Request $request) {
|
||||
public function access(Route $route, Request $request, AccountInterface $account) {
|
||||
if ($entity_type = $request->attributes->get('entity_type')) {
|
||||
$bundle = $request->attributes->get('bundle');
|
||||
$view_mode = $request->attributes->get('mode');
|
||||
|
|
@ -43,7 +44,7 @@ class ViewModeAccessCheck implements StaticAccessCheckInterface {
|
|||
|
||||
if ($visibility) {
|
||||
$permission = $route->getRequirement('_field_ui_view_mode_access');
|
||||
return user_access($permission) ? static::ALLOW : static::DENY;
|
||||
return $account->hasPermission($permission) ? static::ALLOW : static::DENY;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@
|
|||
namespace Drupal\filter\Access;
|
||||
|
||||
use Drupal\Core\Access\StaticAccessCheckInterface;
|
||||
use Drupal\Core\Session\AccountInterface;
|
||||
use Symfony\Component\Routing\Route;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
|
||||
|
|
@ -26,7 +27,7 @@ class FormatDisableCheck implements StaticAccessCheckInterface {
|
|||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function access(Route $route, Request $request) {
|
||||
public function access(Route $route, Request $request, AccountInterface $account) {
|
||||
$format = $request->attributes->get('filter_format');
|
||||
return ($format && !$format->isFallbackFormat()) ? static::ALLOW : static::DENY;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@
|
|||
namespace Drupal\node\Access;
|
||||
|
||||
use Drupal\Core\Entity\EntityCreateAccessCheck;
|
||||
use Drupal\Core\Session\AccountInterface;
|
||||
use Symfony\Component\Routing\Route;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
|
||||
|
|
@ -24,14 +25,14 @@ class NodeAddAccessCheck extends EntityCreateAccessCheck {
|
|||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function access(Route $route, Request $request) {
|
||||
public function access(Route $route, Request $request, AccountInterface $account) {
|
||||
$access_controller = $this->entityManager->getAccessController('node');
|
||||
// If a node type is set on the request, just check that.
|
||||
if ($request->attributes->has('node_type')) {
|
||||
return $access_controller->createAccess($request->attributes->get('node_type')->type) ? static::ALLOW : static::DENY;
|
||||
return $access_controller->createAccess($request->attributes->get('node_type')->type, $account) ? static::ALLOW : static::DENY;
|
||||
}
|
||||
foreach (node_permissions_get_configured_types() as $type) {
|
||||
if ($access_controller->createAccess($type->type)) {
|
||||
if ($access_controller->createAccess($type->type, $account)) {
|
||||
// Allow access if at least one type is permitted.
|
||||
return static::ALLOW;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -72,7 +72,7 @@ class NodeRevisionAccessCheck implements AccessCheckInterface {
|
|||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function access(Route $route, Request $request) {
|
||||
public function access(Route $route, Request $request, AccountInterface $account) {
|
||||
// If the route has a {node_revision} placeholder, load the node for that
|
||||
// revision. Otherwise, try to use a {node} placeholder.
|
||||
if ($request->attributes->has('node_revision')) {
|
||||
|
|
@ -84,7 +84,7 @@ class NodeRevisionAccessCheck implements AccessCheckInterface {
|
|||
else {
|
||||
return static::DENY;
|
||||
}
|
||||
return $this->checkAccess($node, $route->getRequirement('_access_node_revision')) ? static::ALLOW : static::DENY;
|
||||
return $this->checkAccess($node, $account, $route->getRequirement('_access_node_revision')) ? static::ALLOW : static::DENY;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -92,12 +92,11 @@ class NodeRevisionAccessCheck implements AccessCheckInterface {
|
|||
*
|
||||
* @param \Drupal\node\NodeInterface $node
|
||||
* The node to check.
|
||||
* @param \Drupal\Core\Session\AccountInterface $account
|
||||
* A user object representing the user for whom the operation is to be
|
||||
* performed.
|
||||
* @param string $op
|
||||
* (optional) The specific operation being checked. Defaults to 'view.'
|
||||
* @param \Drupal\Core\Session\AccountInterface|null $account
|
||||
* (optional) A user object representing the user for whom the operation is
|
||||
* to be performed. Determines access for a user other than the current user.
|
||||
* Defaults to NULL.
|
||||
* @param string|null $langcode
|
||||
* (optional) Language code for the variant of the node. Different language
|
||||
* variants might have different permissions associated. If NULL, the
|
||||
|
|
@ -106,7 +105,7 @@ class NodeRevisionAccessCheck implements AccessCheckInterface {
|
|||
* @return bool
|
||||
* TRUE if the operation may be performed, FALSE otherwise.
|
||||
*/
|
||||
public function checkAccess(NodeInterface $node, $op = 'view', AccountInterface $account = NULL, $langcode = NULL) {
|
||||
public function checkAccess(NodeInterface $node, AccountInterface $account, $op = 'view', $langcode = NULL) {
|
||||
$map = array(
|
||||
'view' => 'view all revisions',
|
||||
'update' => 'revert all revisions',
|
||||
|
|
@ -125,10 +124,6 @@ class NodeRevisionAccessCheck implements AccessCheckInterface {
|
|||
return FALSE;
|
||||
}
|
||||
|
||||
if (!isset($account)) {
|
||||
$account = \Drupal::currentUser();
|
||||
}
|
||||
|
||||
// If no language code was provided, default to the node revision's langcode.
|
||||
if (empty($langcode)) {
|
||||
$langcode = $node->language()->id;
|
||||
|
|
|
|||
|
|
@ -906,7 +906,10 @@ function theme_node_search_admin($variables) {
|
|||
* @see node_menu()
|
||||
*/
|
||||
function _node_revision_access(EntityInterface $node, $op = 'view', $account = NULL, $langcode = NULL) {
|
||||
return \Drupal::service('access_check.node.revision')->checkAccess($node, $op, $account, $langcode);
|
||||
if ($account === NULL) {
|
||||
$account = \Drupal::currentUser();
|
||||
}
|
||||
return \Drupal::service('access_check.node.revision')->checkAccess($node, $account, $op, $langcode);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -921,7 +924,7 @@ function _node_revision_access(EntityInterface $node, $op = 'view', $account = N
|
|||
* Use \Drupal::service('access_manager')->checkNamedRoute('node.add_page');
|
||||
*/
|
||||
function _node_add_access() {
|
||||
return \Drupal::service('access_manager')->checkNamedRoute('node.add_page');
|
||||
return \Drupal::service('access_manager')->checkNamedRoute('node.add_page', array(), \Drupal::currentUser());
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@
|
|||
namespace Drupal\overlay\Access;
|
||||
|
||||
use Drupal\Core\Access\AccessCheckInterface;
|
||||
use Drupal\Core\Session\AccountInterface;
|
||||
use Symfony\Component\Routing\Route;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
|
||||
|
|
@ -26,8 +27,7 @@ class DismissMessageAccessCheck implements AccessCheckInterface {
|
|||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function access(Route $route, Request $request) {
|
||||
$account = $request->attributes->get('_account');
|
||||
public function access(Route $route, Request $request, AccountInterface $account) {
|
||||
if (!$account->hasPermission('access overlay')) {
|
||||
return static::DENY;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@
|
|||
namespace Drupal\rest\Access;
|
||||
|
||||
use Drupal\Core\Access\AccessCheckInterface;
|
||||
use Drupal\Core\Session\AccountInterface;
|
||||
use Symfony\Component\Routing\Route;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
|
||||
|
|
@ -42,7 +43,7 @@ class CSRFAccessCheck implements AccessCheckInterface {
|
|||
/**
|
||||
* Implements AccessCheckInterface::access().
|
||||
*/
|
||||
public function access(Route $route, Request $request) {
|
||||
public function access(Route $route, Request $request, AccountInterface $account) {
|
||||
$method = $request->getMethod();
|
||||
$cookie = $request->cookies->get(session_name(), FALSE);
|
||||
// This check only applies if
|
||||
|
|
@ -50,7 +51,7 @@ class CSRFAccessCheck implements AccessCheckInterface {
|
|||
// 2. the user was successfully authenticated and
|
||||
// 3. the request comes with a session cookie.
|
||||
if (!in_array($method, array('GET', 'HEAD', 'OPTIONS', 'TRACE'))
|
||||
&& $GLOBALS['user']->isAuthenticated()
|
||||
&& $account->isAuthenticated()
|
||||
&& $cookie
|
||||
) {
|
||||
$csrf_token = $request->headers->get('X-CSRF-Token');
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@
|
|||
namespace Drupal\search\Access;
|
||||
|
||||
use Drupal\Core\Access\StaticAccessCheckInterface;
|
||||
use Drupal\Core\Session\AccountInterface;
|
||||
use Drupal\search\SearchPluginManager;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
use Symfony\Component\Routing\Route;
|
||||
|
|
@ -44,7 +45,7 @@ class SearchAccessCheck implements StaticAccessCheckInterface {
|
|||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function access(Route $route, Request $request) {
|
||||
public function access(Route $route, Request $request, AccountInterface $account) {
|
||||
return $this->searchManager->getActiveDefinitions() ? static::ALLOW : static::DENY;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@
|
|||
|
||||
namespace Drupal\search\Access;
|
||||
|
||||
use Drupal\Core\Session\AccountInterface;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
use Symfony\Component\Routing\Route;
|
||||
|
||||
|
|
@ -25,8 +26,7 @@ class SearchPluginAccessCheck extends SearchAccessCheck {
|
|||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function access(Route $route, Request $request) {
|
||||
$account = \Drupal::currentUser();
|
||||
public function access(Route $route, Request $request, AccountInterface $account) {
|
||||
$plugin_id = $route->getRequirement('_search_plugin_view_access');
|
||||
return $this->searchManager->pluginAccess($plugin_id, $account) ? static::ALLOW : static::DENY;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@
|
|||
namespace Drupal\shortcut\Access;
|
||||
|
||||
use Drupal\Core\Access\StaticAccessCheckInterface;
|
||||
use Drupal\Core\Session\AccountInterface;
|
||||
use Symfony\Component\Routing\Route;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
|
||||
|
|
@ -26,7 +27,7 @@ class LinkAccessCheck implements StaticAccessCheckInterface {
|
|||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function access(Route $route, Request $request) {
|
||||
public function access(Route $route, Request $request, AccountInterface $account) {
|
||||
$menu_link = $request->attributes->get('menu_link');
|
||||
$set_name = str_replace('shortcut-', '', $menu_link['menu_name']);
|
||||
if ($shortcut_set = shortcut_set_load($set_name)) {
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@
|
|||
namespace Drupal\shortcut\Access;
|
||||
|
||||
use Drupal\Core\Access\StaticAccessCheckInterface;
|
||||
use Drupal\Core\Session\AccountInterface;
|
||||
use Symfony\Component\Routing\Route;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
|
||||
|
|
@ -26,7 +27,7 @@ class ShortcutSetEditAccessCheck implements StaticAccessCheckInterface {
|
|||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function access(Route $route, Request $request) {
|
||||
public function access(Route $route, Request $request, AccountInterface $account) {
|
||||
$account = \Drupal::currentUser();
|
||||
$shortcut_set = $request->attributes->get('shortcut_set');
|
||||
// Sufficiently-privileged users can edit their currently displayed shortcut
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@
|
|||
namespace Drupal\shortcut\Access;
|
||||
|
||||
use Drupal\Core\Access\StaticAccessCheckInterface;
|
||||
use Drupal\Core\Session\AccountInterface;
|
||||
use Symfony\Component\Routing\Route;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
|
||||
|
|
@ -26,21 +27,19 @@ class ShortcutSetSwitchAccessCheck implements StaticAccessCheckInterface {
|
|||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function access(Route $route, Request $request) {
|
||||
$user = \Drupal::currentUser();
|
||||
$account = $request->attributes->get('account');
|
||||
|
||||
if ($user->hasPermission('administer shortcuts')) {
|
||||
public function access(Route $route, Request $request, AccountInterface $account) {
|
||||
if ($account->hasPermission('administer shortcuts')) {
|
||||
// Administrators can switch anyone's shortcut set.
|
||||
return static::ALLOW;
|
||||
}
|
||||
|
||||
if (!$user->hasPermission('switch shortcut sets')) {
|
||||
if (!$account->hasPermission('switch shortcut sets')) {
|
||||
// The user has no permission to switch anyone's shortcut set.
|
||||
return static::DENY;
|
||||
}
|
||||
|
||||
if (!isset($account) || $user->id() == $account->id()) {
|
||||
$user = $request->attributes->get('account');
|
||||
if (!isset($user) || $user->id() == $account->id()) {
|
||||
// Users with the 'switch shortcut sets' permission can switch their own
|
||||
// shortcuts sets.
|
||||
return static::ALLOW;
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@
|
|||
namespace Drupal\system\Access;
|
||||
|
||||
use Drupal\Core\Access\StaticAccessCheckInterface;
|
||||
use Drupal\Core\Session\AccountInterface;
|
||||
use Symfony\Component\Routing\Route;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
|
||||
|
|
@ -26,7 +27,7 @@ class CronAccessCheck implements StaticAccessCheckInterface {
|
|||
/**
|
||||
* Implements AccessCheckInterface::access().
|
||||
*/
|
||||
public function access(Route $route, Request $request) {
|
||||
public function access(Route $route, Request $request, AccountInterface $account) {
|
||||
$key = $request->attributes->get('key');
|
||||
if ($key != \Drupal::state()->get('system.cron_key')) {
|
||||
watchdog('cron', 'Cron could not run because an invalid key was used.', array(), WATCHDOG_NOTICE);
|
||||
|
|
|
|||
|
|
@ -198,7 +198,7 @@ class ModulesListForm extends FormBase {
|
|||
// Generate link for module's configuration page, if it has one.
|
||||
$row['links']['configure'] = array();
|
||||
if ($module->status && isset($module->info['configure'])) {
|
||||
if ($this->accessManager->checkNamedRoute($module->info['configure'])) {
|
||||
if ($this->accessManager->checkNamedRoute($module->info['configure'], array(), \Drupal::currentUser())) {
|
||||
$item = menu_get_item(trim($this->url($module->info['configure']), '/'));
|
||||
$row['links']['configure'] = array(
|
||||
'#type' => 'link',
|
||||
|
|
|
|||
|
|
@ -131,7 +131,7 @@ class PathBasedBreadcrumbBuilder extends BreadcrumbBuilderBase {
|
|||
// Note that the parameters don't really matter here since we're
|
||||
// passing in the request which already has the upcast attributes.
|
||||
$parameters = array();
|
||||
$access = $this->accessManager->checkNamedRoute($route_name, $parameters, $route_request);
|
||||
$access = $this->accessManager->checkNamedRoute($route_name, $parameters, \Drupal::currentUser(), $route_request);
|
||||
if ($access) {
|
||||
$title = $this->titleResolver->getTitle($route_request, $route_request->attributes->get(RouteObjectInterface::ROUTE_OBJECT));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@
|
|||
namespace Drupal\router_test\Access;
|
||||
|
||||
use Drupal\Core\Access\AccessCheckInterface;
|
||||
use Drupal\Core\Session\AccountInterface;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
use Symfony\Component\Routing\Route;
|
||||
|
||||
|
|
@ -26,7 +27,7 @@ class DefinedTestAccessCheck implements AccessCheckInterface {
|
|||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function access(Route $route, Request $request) {
|
||||
public function access(Route $route, Request $request, AccountInterface $account) {
|
||||
if ($route->getRequirement('_test_access') === 'TRUE') {
|
||||
return static::ALLOW;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@
|
|||
namespace Drupal\router_test\Access;
|
||||
|
||||
use Drupal\Core\Access\AccessCheckInterface;
|
||||
use Drupal\Core\Session\AccountInterface;
|
||||
use Symfony\Component\Routing\Route;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
|
||||
|
|
@ -26,7 +27,7 @@ class TestAccessCheck implements AccessCheckInterface {
|
|||
/**
|
||||
* Implements AccessCheckInterface::access().
|
||||
*/
|
||||
public function access(Route $route, Request $request) {
|
||||
public function access(Route $route, Request $request, AccountInterface $account) {
|
||||
// No opinion, so other access checks should decide if access should be
|
||||
// allowed or not.
|
||||
return static::DENY;
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@
|
|||
namespace Drupal\tracker\Access;
|
||||
|
||||
use Drupal\Core\Access\StaticAccessCheckInterface;
|
||||
use Drupal\Core\Session\AccountInterface;
|
||||
use Symfony\Component\Routing\Route;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
|
||||
|
|
@ -26,12 +27,9 @@ class ViewOwnTrackerAccessCheck implements StaticAccessCheckInterface {
|
|||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function access(Route $route, Request $request) {
|
||||
public function access(Route $route, Request $request, AccountInterface $account) {
|
||||
// The user object from the User ID in the path.
|
||||
$user = $request->attributes->get('user');
|
||||
// @todo - $account should be passed in.
|
||||
// The \Drupal\Core\Session\AccountInterface $account trying to access this.
|
||||
$account = \Drupal::currentUser();
|
||||
return $user && $account->isAuthenticated() && ($user->id() == $account->id());
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@ namespace Drupal\update\Access;
|
|||
|
||||
use Drupal\Component\Utility\Settings;
|
||||
use Drupal\Core\Access\StaticAccessCheckInterface;
|
||||
use Drupal\Core\Session\AccountInterface;
|
||||
use Symfony\Component\Routing\Route;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
|
||||
|
|
@ -44,7 +45,7 @@ class UpdateManagerAccessCheck implements StaticAccessCheckInterface {
|
|||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function access(Route $route, Request $request) {
|
||||
public function access(Route $route, Request $request, AccountInterface $account) {
|
||||
return $this->settings->get('allow_authorize_operations', TRUE) ? static::ALLOW : static::DENY;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@
|
|||
namespace Drupal\user\Access;
|
||||
|
||||
use Drupal\Core\Access\StaticAccessCheckInterface;
|
||||
use Drupal\Core\Session\AccountInterface;
|
||||
use Symfony\Component\Routing\Route;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
|
||||
|
|
@ -26,8 +27,8 @@ class LoginStatusCheck implements StaticAccessCheckInterface {
|
|||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function access(Route $route, Request $request) {
|
||||
return $GLOBALS['user']->isAuthenticated() ? static::ALLOW : static::DENY;
|
||||
public function access(Route $route, Request $request, AccountInterface $account) {
|
||||
return $account->isAuthenticated() ? static::ALLOW : static::DENY;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@
|
|||
namespace Drupal\user\Access;
|
||||
|
||||
use Drupal\Core\Access\StaticAccessCheckInterface;
|
||||
use Drupal\Core\Session\AccountInterface;
|
||||
use Symfony\Component\Routing\Route;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
|
||||
|
|
@ -26,11 +27,9 @@ class PermissionAccessCheck implements StaticAccessCheckInterface {
|
|||
/**
|
||||
* Implements AccessCheckInterface::access().
|
||||
*/
|
||||
public function access(Route $route, Request $request) {
|
||||
public function access(Route $route, Request $request, AccountInterface $account) {
|
||||
$permission = $route->getRequirement('_permission');
|
||||
// @todo Replace user_access() with a correctly injected and session-using
|
||||
// alternative.
|
||||
// If user_access() fails, return NULL to give other checks a chance.
|
||||
return user_access($permission) ? static::ALLOW : static::DENY;
|
||||
// If the access check fails, return NULL to give other checks a chance.
|
||||
return $account->hasPermission($permission) ? static::ALLOW : static::DENY;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@
|
|||
namespace Drupal\user\Access;
|
||||
|
||||
use Drupal\Core\Access\StaticAccessCheckInterface;
|
||||
use Drupal\Core\Session\AccountInterface;
|
||||
use Symfony\Component\Routing\Route;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
|
||||
|
|
@ -26,7 +27,7 @@ class RegisterAccessCheck implements StaticAccessCheckInterface {
|
|||
/**
|
||||
* Implements AccessCheckInterface::access().
|
||||
*/
|
||||
public function access(Route $route, Request $request) {
|
||||
return (user_is_anonymous() && (\Drupal::config('user.settings')->get('register') != USER_REGISTER_ADMINISTRATORS_ONLY)) ? static::ALLOW : static::DENY;
|
||||
public function access(Route $route, Request $request, AccountInterface $account) {
|
||||
return ($account->isAnonymous() && (\Drupal::config('user.settings')->get('register') != USER_REGISTER_ADMINISTRATORS_ONLY)) ? static::ALLOW : static::DENY;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@
|
|||
namespace Drupal\user\Access;
|
||||
|
||||
use Drupal\Core\Access\StaticAccessCheckInterface;
|
||||
use Drupal\Core\Session\AccountInterface;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
use Symfony\Component\Routing\Route;
|
||||
|
||||
|
|
@ -30,12 +31,10 @@ class RoleAccessCheck implements StaticAccessCheckInterface {
|
|||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function access(Route $route, Request $request) {
|
||||
public function access(Route $route, Request $request, AccountInterface $account) {
|
||||
// Requirements just allow strings, so this might be a comma separated list.
|
||||
$rid_string = $route->getRequirement('_role');
|
||||
|
||||
$account = $request->attributes->get('_account');
|
||||
|
||||
$explode_and = array_filter(array_map('trim', explode('+', $rid_string)));
|
||||
if (count($explode_and) > 1) {
|
||||
$diff = array_diff($explode_and, $account->getRoles());
|
||||
|
|
|
|||
|
|
@ -84,14 +84,11 @@ class HandlerFilterUserNameTest extends ViewTestBase {
|
|||
public function testUserNameApi() {
|
||||
$view = views_get_view('test_user_name');
|
||||
|
||||
// Test all of the accounts with a single entry.
|
||||
$view->initHandlers();
|
||||
foreach ($this->accounts as $account) {
|
||||
$view->filter['uid']->value = array($account->id());
|
||||
}
|
||||
$view->filter['uid']->value = array($this->accounts[0]->id());
|
||||
|
||||
$this->executeView($view);
|
||||
$this->assertIdenticalResultset($view, array(array('uid' => $account->id())), $this->columnMap);
|
||||
$this->assertIdenticalResultset($view, array(array('uid' => $this->accounts[0]->id())), $this->columnMap);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -226,6 +226,9 @@ abstract class ViewTestBase extends WebTestBase {
|
|||
* (optional) An array of the view arguments to use for the view.
|
||||
*/
|
||||
protected function executeView($view, $args = array()) {
|
||||
// A view does not really work outside of a request scope, due to many
|
||||
// dependencies like the current user.
|
||||
$this->container->enterScope('request');
|
||||
$view->setDisplay();
|
||||
$view->preExecute($args);
|
||||
$view->execute();
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@
|
|||
namespace Drupal\views;
|
||||
|
||||
use Drupal\Core\Access\StaticAccessCheckInterface;
|
||||
use Drupal\Core\Session\AccountInterface;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
use Symfony\Component\Routing\Route;
|
||||
|
||||
|
|
@ -28,8 +29,8 @@ class ViewsAccessCheck implements StaticAccessCheckInterface {
|
|||
/**
|
||||
* Implements AccessCheckInterface::applies().
|
||||
*/
|
||||
public function access(Route $route, Request $request) {
|
||||
$access = user_access('access all views');
|
||||
public function access(Route $route, Request $request, AccountInterface $account) {
|
||||
$access = $account->hasPermission('access all views');
|
||||
|
||||
return $access ? static::ALLOW : static::DENY;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -70,6 +70,13 @@ class AccessManagerTest extends UnitTestCase {
|
|||
*/
|
||||
protected $paramConverter;
|
||||
|
||||
/**
|
||||
* The mocked account.
|
||||
*
|
||||
* @var \Drupal\Core\Session\AccountInterface|\PHPUnit_Framework_MockObject_MockObject
|
||||
*/
|
||||
protected $account;
|
||||
|
||||
public static function getInfo() {
|
||||
return array(
|
||||
'name' => 'Access manager tests',
|
||||
|
|
@ -115,7 +122,9 @@ class AccessManagerTest extends UnitTestCase {
|
|||
|
||||
$this->paramConverter = $this->getMock('\Drupal\Core\ParamConverter\ParamConverterManager');
|
||||
|
||||
$this->accessManager = new AccessManager($this->routeProvider, $this->urlGenerator, $this->paramConverter);
|
||||
$this->account = $this->getMock('Drupal\Core\Session\AccountInterface');
|
||||
|
||||
$this->accessManager = new AccessManager($this->routeProvider, $this->urlGenerator, $this->paramConverter, $this->account);
|
||||
$this->accessManager->setContainer($this->container);
|
||||
}
|
||||
|
||||
|
|
@ -147,7 +156,7 @@ class AccessManagerTest extends UnitTestCase {
|
|||
|
||||
// Check check without any access checker defined yet.
|
||||
foreach ($this->routeCollection->all() as $route) {
|
||||
$this->assertFalse($this->accessManager->check($route, $request));
|
||||
$this->assertFalse($this->accessManager->check($route, $request, $this->account));
|
||||
}
|
||||
|
||||
$this->setupAccessChecker();
|
||||
|
|
@ -155,14 +164,14 @@ class AccessManagerTest extends UnitTestCase {
|
|||
// An access checker got setup, but the routes haven't been setup using
|
||||
// setChecks.
|
||||
foreach ($this->routeCollection->all() as $route) {
|
||||
$this->assertFalse($this->accessManager->check($route, $request));
|
||||
$this->assertFalse($this->accessManager->check($route, $request, $this->account));
|
||||
}
|
||||
|
||||
$this->accessManager->setChecks($this->routeCollection);
|
||||
|
||||
$this->assertFalse($this->accessManager->check($this->routeCollection->get('test_route_1'), $request));
|
||||
$this->assertTrue($this->accessManager->check($this->routeCollection->get('test_route_2'), $request));
|
||||
$this->assertFalse($this->accessManager->check($this->routeCollection->get('test_route_3'), $request));
|
||||
$this->assertFalse($this->accessManager->check($this->routeCollection->get('test_route_1'), $request, $this->account));
|
||||
$this->assertTrue($this->accessManager->check($this->routeCollection->get('test_route_2'), $request, $this->account));
|
||||
$this->assertFalse($this->accessManager->check($this->routeCollection->get('test_route_3'), $request, $this->account));
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -329,7 +338,7 @@ class AccessManagerTest extends UnitTestCase {
|
|||
$route_collection->add($name, $route);
|
||||
|
||||
$this->accessManager->setChecks($route_collection);
|
||||
$this->assertSame($this->accessManager->check($route, $request), $expected_access);
|
||||
$this->assertSame($this->accessManager->check($route, $request, $this->account), $expected_access);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -358,18 +367,17 @@ class AccessManagerTest extends UnitTestCase {
|
|||
|
||||
// Tests the access with routes without parameters.
|
||||
$request = new Request();
|
||||
$this->assertTrue($this->accessManager->checkNamedRoute('test_route_2', array(), $request));
|
||||
$this->assertFalse($this->accessManager->checkNamedRoute('test_route_3', array(), $request));
|
||||
$this->assertTrue($this->accessManager->checkNamedRoute('test_route_2', array(), $this->account, $request));
|
||||
$this->assertFalse($this->accessManager->checkNamedRoute('test_route_3', array(), $this->account, $request));
|
||||
|
||||
// Tests the access with routes with parameters with given request.
|
||||
$request = new Request();
|
||||
$request->attributes->set('value', 'example');
|
||||
$request->attributes->set('value2', 'example2');
|
||||
$this->assertTrue($this->accessManager->checkNamedRoute('test_route_4', array(), $request));
|
||||
$this->assertTrue($this->accessManager->checkNamedRoute('test_route_4', array(), $this->account, $request));
|
||||
|
||||
// Tests the access with routes without given request.
|
||||
$account = $this->getMock('Drupal\Core\Session\AccountInterface');
|
||||
$this->accessManager->setRequest(new Request(array(), array(), array('_account' => $account)));
|
||||
$this->accessManager->setRequest(new Request());
|
||||
|
||||
$this->paramConverter->expects($this->at(0))
|
||||
->method('enhance')
|
||||
|
|
@ -380,8 +388,8 @@ class AccessManagerTest extends UnitTestCase {
|
|||
->will($this->returnValue(array()));
|
||||
|
||||
// Tests the access with routes with parameters without given request.
|
||||
$this->assertTrue($this->accessManager->checkNamedRoute('test_route_2', array()));
|
||||
$this->assertTrue($this->accessManager->checkNamedRoute('test_route_4', array('value' => 'example')));
|
||||
$this->assertTrue($this->accessManager->checkNamedRoute('test_route_2', array(), $this->account));
|
||||
$this->assertTrue($this->accessManager->checkNamedRoute('test_route_4', array('value' => 'example'), $this->account));
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -423,9 +431,9 @@ class AccessManagerTest extends UnitTestCase {
|
|||
->with('/test-route-1/example')
|
||||
->will($this->returnValue($subrequest));
|
||||
|
||||
$this->accessManager = new AccessManager($this->routeProvider, $this->urlGenerator, $this->paramConverter);
|
||||
$this->accessManager = new AccessManager($this->routeProvider, $this->urlGenerator, $this->paramConverter, $this->account);
|
||||
$this->accessManager->setContainer($this->container);
|
||||
$this->accessManager->setRequest(new Request(array(), array(), array('_account' => $account)));
|
||||
$this->accessManager->setRequest(new Request());
|
||||
|
||||
$access_check = $this->getMock('Drupal\Core\Access\AccessCheckInterface');
|
||||
$access_check->expects($this->any())
|
||||
|
|
@ -442,7 +450,7 @@ class AccessManagerTest extends UnitTestCase {
|
|||
$this->accessManager->addCheckService('test_access');
|
||||
$this->accessManager->setChecks($this->routeCollection);
|
||||
|
||||
$this->assertFalse($this->accessManager->checkNamedRoute('test_route_1', array('value' => 'example')));
|
||||
$this->assertFalse($this->accessManager->checkNamedRoute('test_route_1', array('value' => 'example'), $this->account));
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -457,7 +465,7 @@ class AccessManagerTest extends UnitTestCase {
|
|||
|
||||
$this->setupAccessChecker();
|
||||
|
||||
$this->assertFalse($this->accessManager->checkNamedRoute('test_route_1'), 'A non existing route lead to access.');
|
||||
$this->assertFalse($this->accessManager->checkNamedRoute('test_route_1', array(), $this->account), 'A non existing route lead to access.');
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -488,7 +496,7 @@ class AccessManagerTest extends UnitTestCase {
|
|||
* Adds a default access check service to the container and the access manager.
|
||||
*/
|
||||
protected function setupAccessChecker() {
|
||||
$this->accessManager = new AccessManager($this->routeProvider, $this->urlGenerator, $this->paramConverter);
|
||||
$this->accessManager = new AccessManager($this->routeProvider, $this->urlGenerator, $this->paramConverter, $this->account);
|
||||
$this->accessManager->setContainer($this->container);
|
||||
$access_check = new DefaultAccessCheck();
|
||||
$this->container->register('test_access_default', $access_check);
|
||||
|
|
|
|||
|
|
@ -94,13 +94,14 @@ class CustomAccessCheckTest extends UnitTestCase {
|
|||
->will($this->returnValue(array('parameter' => 'TRUE')));
|
||||
|
||||
$route = new Route('/test-route', array(), array('_custom_access' => '\Drupal\Tests\Core\Access\TestController::accessDeny'));
|
||||
$this->assertNull($this->accessChecker->access($route, $request));
|
||||
$account = $this->getMock('Drupal\Core\Session\AccountInterface');
|
||||
$this->assertNull($this->accessChecker->access($route, $request, $account));
|
||||
|
||||
$route = new Route('/test-route', array(), array('_custom_access' => '\Drupal\Tests\Core\Access\TestController::accessAllow'));
|
||||
$this->assertTrue($this->accessChecker->access($route, $request));
|
||||
$this->assertTrue($this->accessChecker->access($route, $request, $account));
|
||||
|
||||
$route = new Route('/test-route', array('parameter' => 'TRUE'), array('_custom_access' => '\Drupal\Tests\Core\Access\TestController::accessParameter'));
|
||||
$this->assertTrue($this->accessChecker->access($route, $request));
|
||||
$this->assertTrue($this->accessChecker->access($route, $request, $account));
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -26,6 +26,13 @@ class DefaultAccessCheckTest extends UnitTestCase {
|
|||
*/
|
||||
protected $accessChecker;
|
||||
|
||||
/**
|
||||
* The mocked account.
|
||||
*
|
||||
* @var \Drupal\Core\Session\AccountInterface|\PHPUnit_Framework_MockObject_MockObject
|
||||
*/
|
||||
protected $account;
|
||||
|
||||
public static function getInfo() {
|
||||
return array(
|
||||
'name' => 'DefaultAccessCheck access checker',
|
||||
|
|
@ -40,6 +47,7 @@ class DefaultAccessCheckTest extends UnitTestCase {
|
|||
protected function setUp() {
|
||||
parent::setUp();
|
||||
|
||||
$this->account = $this->getMock('Drupal\Core\Session\AccountInterface');
|
||||
$this->accessChecker = new DefaultAccessCheck();
|
||||
}
|
||||
|
||||
|
|
@ -58,13 +66,13 @@ class DefaultAccessCheckTest extends UnitTestCase {
|
|||
$request = new Request(array());
|
||||
|
||||
$route = new Route('/test-route', array(), array('_access' => 'NULL'));
|
||||
$this->assertNull($this->accessChecker->access($route, $request));
|
||||
$this->assertNull($this->accessChecker->access($route, $request, $this->account));
|
||||
|
||||
$route = new Route('/test-route', array(), array('_access' => 'FALSE'));
|
||||
$this->assertFalse($this->accessChecker->access($route, $request));
|
||||
$this->assertFalse($this->accessChecker->access($route, $request, $this->account));
|
||||
|
||||
$route = new Route('/test-route', array(), array('_access' => 'TRUE'));
|
||||
$this->assertTrue($this->accessChecker->access($route, $request));
|
||||
$this->assertTrue($this->accessChecker->access($route, $request, $this->account));
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -50,7 +50,8 @@ class EntityAccessCheckTest extends UnitTestCase {
|
|||
->will($this->returnValue(TRUE));
|
||||
$access_check = new EntityAccessCheck();
|
||||
$request->attributes->set('node', $node);
|
||||
$access = $access_check->access($route, $request);
|
||||
$account = $this->getMock('Drupal\Core\Session\AccountInterface');
|
||||
$access = $access_check->access($route, $request, $account);
|
||||
$this->assertSame(AccessCheckInterface::ALLOW, $access);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -118,7 +118,8 @@ class EntityCreateAccessCheckTest extends UnitTestCase {
|
|||
}
|
||||
$request->attributes->set('_raw_variables', $raw_variables);
|
||||
|
||||
$this->assertEquals($expected, $applies_check->access($route, $request));
|
||||
$account = $this->getMock('Drupal\Core\Session\AccountInterface');
|
||||
$this->assertEquals($expected, $applies_check->access($route, $request, $account));
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -160,17 +160,15 @@ class RoleAccessCheckTest extends UnitTestCase {
|
|||
|
||||
foreach ($grant_accounts as $account) {
|
||||
$subrequest = Request::create($path, 'GET');
|
||||
$subrequest->attributes->set('_account', $account);
|
||||
$message = sprintf('Access granted for user with the roles %s on path: %s', implode(', ', $account->getRoles()), $path);
|
||||
$this->assertSame(AccessCheckInterface::ALLOW, $role_access_check->access($collection->get($path), $subrequest), $message);
|
||||
$this->assertSame(AccessCheckInterface::ALLOW, $role_access_check->access($collection->get($path), $subrequest, $account), $message);
|
||||
}
|
||||
|
||||
// Check all users which don't have access.
|
||||
foreach ($deny_accounts as $account) {
|
||||
$subrequest = Request::create($path, 'GET');
|
||||
$subrequest->attributes->set('_account', $account);
|
||||
$message = sprintf('Access denied for user %s with the roles %s on path: %s', $account->id(), implode(', ', $account->getRoles()), $path);
|
||||
$has_access = $role_access_check->access($collection->get($path), $subrequest);
|
||||
$has_access = $role_access_check->access($collection->get($path), $subrequest, $account);
|
||||
$this->assertSame(AccessCheckInterface::DENY, $has_access , $message);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue