From d9f2ba2c84998c49a957781447752a52d16e83a3 Mon Sep 17 00:00:00 2001 From: webchick Date: Tue, 31 Dec 2013 16:06:09 -0800 Subject: [PATCH] Issue #2109035 by tim.plunkett, damiankloip, dawehner, chx: Make access checkers (much) easier to find. --- core/core.services.yml | 12 ++--- .../Drupal/Core/Access/AccessException.php | 5 ++- core/lib/Drupal/Core/Access/AccessManager.php | 35 ++++++++------- .../Drupal/Core/Access/CsrfAccessCheck.php | 11 +---- .../Drupal/Core/Access/CustomAccessCheck.php | 10 +---- .../Drupal/Core/Access/DefaultAccessCheck.php | 10 +---- .../Access/StaticAccessCheckInterface.php | 34 -------------- .../Compiler/RegisterAccessChecksPass.php | 8 +++- .../Drupal/Core/Entity/EntityAccessCheck.php | 12 +---- .../Core/Entity/EntityCreateAccessCheck.php | 11 +---- .../Drupal/Core/Theme/ThemeAccessCheck.php | 11 +---- .../aggregator/aggregator.services.yml | 8 ++++ .../Access/CategoriesAccessCheck.php | 45 +++++++++++++++++++ core/modules/book/book.services.yml | 2 +- .../Access/BookNodeIsRemovableAccessCheck.php | 11 +---- .../config_translation.services.yml | 4 +- .../Access/ConfigTranslationFormAccess.php | 7 --- .../ConfigTranslationOverviewAccess.php | 11 +---- core/modules/contact/contact.services.yml | 2 +- .../contact/Access/ContactPageAccess.php | 11 +---- .../content_translation.services.yml | 4 +- .../ContentTranslationManageAccessCheck.php | 11 +---- .../ContentTranslationOverviewAccess.php | 11 +---- core/modules/edit/edit.services.yml | 4 +- .../edit/Access/EditEntityAccessCheck.php | 12 +---- .../Access/EditEntityFieldAccessCheck.php | 12 +---- .../Access/EditEntityAccessCheckTest.php | 7 --- .../Access/EditEntityFieldAccessCheckTest.php | 7 --- core/modules/field_ui/field_ui.services.yml | 4 +- .../field_ui/Access/FormModeAccessCheck.php | 11 +---- .../field_ui/Access/ViewModeAccessCheck.php | 11 +---- core/modules/filter/filter.services.yml | 2 +- .../filter/Access/FormatDisableCheck.php | 11 +---- .../Drupal/node/Access/NodeAddAccessCheck.php | 21 +++++++-- .../node/Access/NodeRevisionAccessCheck.php | 11 +---- core/modules/node/node.services.yml | 4 +- .../search/Access/SearchAccessCheck.php | 11 +---- .../search/Access/SearchPluginAccessCheck.php | 7 --- core/modules/search/search.services.yml | 4 +- .../shortcut/Access/LinkAccessCheck.php | 32 +++++++++++++ .../Access/ShortcutSetEditAccessCheck.php | 11 +---- .../Access/ShortcutSetSwitchAccessCheck.php | 11 +---- core/modules/shortcut/shortcut.services.yml | 9 +++- .../Drupal/system/Access/CronAccessCheck.php | 11 +---- core/modules/system/system.services.yml | 2 +- .../Access/DefinedTestAccessCheck.php | 11 +---- .../router_test/Access/TestAccessCheck.php | 11 +---- .../router_test/RouterTestServiceProvider.php | 2 +- .../Access/ViewOwnTrackerAccessCheck.php | 11 +---- core/modules/tracker/tracker.services.yml | 2 +- .../Access/UpdateManagerAccessCheck.php | 15 ++----- core/modules/update/update.services.yml | 2 +- .../Drupal/user/Access/LoginStatusCheck.php | 11 +---- .../user/Access/PermissionAccessCheck.php | 11 +---- .../user/Access/RegisterAccessCheck.php | 11 +---- .../Drupal/user/Access/RoleAccessCheck.php | 11 +---- core/modules/user/user.services.yml | 8 ++-- .../Tests/Core/Access/AccessManagerTest.php | 19 +------- .../Tests/Core/Access/CsrfAccessCheckTest.php | 7 --- .../Core/Access/CustomAccessCheckTest.php | 8 ---- .../Core/Access/DefaultAccessCheckTest.php | 8 ---- .../Core/Entity/EntityAccessCheckTest.php | 8 ---- .../Entity/EntityCreateAccessCheckTest.php | 9 ---- 63 files changed, 231 insertions(+), 435 deletions(-) delete mode 100644 core/lib/Drupal/Core/Access/StaticAccessCheckInterface.php create mode 100644 core/modules/aggregator/lib/Drupal/aggregator/Access/CategoriesAccessCheck.php create mode 100644 core/modules/shortcut/lib/Drupal/shortcut/Access/LinkAccessCheck.php diff --git a/core/core.services.yml b/core/core.services.yml index b48f1a81767..5f249388432 100644 --- a/core/core.services.yml +++ b/core/core.services.yml @@ -447,29 +447,29 @@ services: access_check.default: class: Drupal\Core\Access\DefaultAccessCheck tags: - - { name: access_check } + - { name: access_check, applies_to: _access } access_check.entity: class: Drupal\Core\Entity\EntityAccessCheck tags: - - { name: access_check } + - { name: access_check, applies_to: _entity_access } access_check.entity_create: class: Drupal\Core\Entity\EntityCreateAccessCheck arguments: ['@entity.manager'] tags: - - { name: access_check } + - { name: access_check, applies_to: _entity_create_access } access_check.theme: class: Drupal\Core\Theme\ThemeAccessCheck tags: - - { name: access_check } + - { name: access_check, applies_to: _access_theme } access_check.custom: class: Drupal\Core\Access\CustomAccessCheck arguments: ['@controller_resolver'] tags: - - { name: access_check } + - { name: access_check, applies_to: _custom_access } access_check.csrf: class: Drupal\Core\Access\CsrfAccessCheck tags: - - { name: access_check } + - { name: access_check, applies_to: _csrf_token } arguments: ['@csrf_token'] maintenance_mode_subscriber: class: Drupal\Core\EventSubscriber\MaintenanceModeSubscriber diff --git a/core/lib/Drupal/Core/Access/AccessException.php b/core/lib/Drupal/Core/Access/AccessException.php index a44738e5ec2..4f210920a42 100644 --- a/core/lib/Drupal/Core/Access/AccessException.php +++ b/core/lib/Drupal/Core/Access/AccessException.php @@ -8,7 +8,10 @@ namespace Drupal\Core\Access; /** - * An exception thrown for invalid access callback return values. + * An exception thrown for access errors. + * + * Examples could be invalid access callback return values, or invalid access + * objects being used. */ class AccessException extends \RuntimeException { } diff --git a/core/lib/Drupal/Core/Access/AccessManager.php b/core/lib/Drupal/Core/Access/AccessManager.php index f33d47f3451..89e9268f3da 100644 --- a/core/lib/Drupal/Core/Access/AccessManager.php +++ b/core/lib/Drupal/Core/Access/AccessManager.php @@ -8,6 +8,7 @@ namespace Drupal\Core\Access; use Drupal\Core\ParamConverter\ParamConverterManager; +use Drupal\Core\Routing\Access\AccessInterface as RoutingAccessInterface; use Drupal\Core\Routing\RequestHelper; use Drupal\Core\Routing\RouteProviderInterface; use Drupal\Core\Session\AccountInterface; @@ -16,7 +17,6 @@ use Symfony\Component\Routing\RouteCollection; use Symfony\Component\Routing\Route; use Symfony\Component\DependencyInjection\ContainerAware; use Symfony\Component\HttpFoundation\Request; -use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException; use Symfony\Component\HttpKernel\Exception\NotFoundHttpException; use Symfony\Component\Routing\Exception\RouteNotFoundException; use Symfony\Cmf\Component\Routing\RouteObjectInterface; @@ -118,9 +118,15 @@ class AccessManager extends ContainerAware { * * @param string $service_id * The ID of the service in the Container that provides a check. + * @param array $applies_checks + * (optional) An array of route requirement keys the checker service applies + * to. */ - public function addCheckService($service_id) { + public function addCheckService($service_id, array $applies_checks = array()) { $this->checkIds[] = $service_id; + foreach ($applies_checks as $applies_check) { + $this->staticRequirementMap[$applies_check][] = $service_id; + } } /** @@ -130,7 +136,7 @@ class AccessManager extends ContainerAware { * A collection of routes to apply checks to. */ public function setChecks(RouteCollection $routes) { - $this->loadAccessRequirementMap(); + $this->loadDynamicRequirementMap(); foreach ($routes as $route) { if ($checks = $this->applies($route)) { $route->setOption('_access_checks', $checks); @@ -329,19 +335,24 @@ class AccessManager extends ContainerAware { throw new \InvalidArgumentException(sprintf('No check has been registered for %s', $service_id)); } - $this->checks[$service_id] = $this->container->get($service_id); + $check = $this->container->get($service_id); + + if (!($check instanceof RoutingAccessInterface)) { + throw new AccessException('All access checks must implement AccessInterface.'); + } + + $this->checks[$service_id] = $check; } /** * Compiles a mapping of requirement keys to access checker service IDs. */ - public function loadAccessRequirementMap() { - if (isset($this->staticRequirementMap, $this->dynamicRequirementMap)) { + public function loadDynamicRequirementMap() { + if (isset($this->dynamicRequirementMap)) { return; } // Set them here, so we can use the isset() check above. - $this->staticRequirementMap = array(); $this->dynamicRequirementMap = array(); foreach ($this->checkIds as $service_id) { @@ -349,14 +360,8 @@ class AccessManager extends ContainerAware { $this->loadCheck($service_id); } - // Empty arrays will not register anything. - if (is_subclass_of($this->checks[$service_id], 'Drupal\Core\Access\StaticAccessCheckInterface')) { - foreach ((array) $this->checks[$service_id]->appliesTo() as $key) { - $this->staticRequirementMap[$key][] = $service_id; - } - } - // Add the service ID to a the regular that will be iterated over. - else { + // Add the service ID to an array that will be iterated over. + if ($this->checks[$service_id] instanceof AccessCheckInterface) { $this->dynamicRequirementMap[] = $service_id; } } diff --git a/core/lib/Drupal/Core/Access/CsrfAccessCheck.php b/core/lib/Drupal/Core/Access/CsrfAccessCheck.php index 98be68cc317..9744d6c196d 100644 --- a/core/lib/Drupal/Core/Access/CsrfAccessCheck.php +++ b/core/lib/Drupal/Core/Access/CsrfAccessCheck.php @@ -7,8 +7,8 @@ namespace Drupal\Core\Access; -use Drupal\Core\Access\CsrfTokenGenerator; use Drupal\Core\Session\AccountInterface; +use Drupal\Core\Routing\Access\AccessInterface as RoutingAccessInterface; use Symfony\Component\Routing\Route; use Symfony\Component\HttpFoundation\Request; @@ -19,7 +19,7 @@ use Symfony\Component\HttpFoundation\Request; * a token generated by \Drupal::csrfToken()->get() using the same value as the * "_csrf_token" parameter in the route. */ -class CsrfAccessCheck implements StaticAccessCheckInterface { +class CsrfAccessCheck implements RoutingAccessInterface { /** * The CSRF token generator. @@ -38,13 +38,6 @@ class CsrfAccessCheck implements StaticAccessCheckInterface { $this->csrfToken = $csrf_token; } - /** - * {@inheritdoc} - */ - public function appliesTo() { - return array('_csrf_token'); - } - /** * {@inheritdoc} */ diff --git a/core/lib/Drupal/Core/Access/CustomAccessCheck.php b/core/lib/Drupal/Core/Access/CustomAccessCheck.php index 20f0ead0299..c116e669ace 100644 --- a/core/lib/Drupal/Core/Access/CustomAccessCheck.php +++ b/core/lib/Drupal/Core/Access/CustomAccessCheck.php @@ -8,6 +8,7 @@ namespace Drupal\Core\Access; use Drupal\Core\Controller\ControllerResolverInterface; +use Drupal\Core\Routing\Access\AccessInterface as RoutingAccessInterface; use Drupal\Core\Session\AccountInterface; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\Routing\Route; @@ -22,7 +23,7 @@ use Symfony\Component\Routing\Route; * cannot reuse any stored property of your actual controller instance used * to generate the output. */ -class CustomAccessCheck implements StaticAccessCheckInterface { +class CustomAccessCheck implements RoutingAccessInterface { /** * The controller resolver. @@ -41,13 +42,6 @@ class CustomAccessCheck implements StaticAccessCheckInterface { $this->controllerResolver = $controller_resolver; } - /** - * {@inheritdoc} - */ - public function appliesTo() { - return array('_custom_access'); - } - /** * {@inheritdoc} */ diff --git a/core/lib/Drupal/Core/Access/DefaultAccessCheck.php b/core/lib/Drupal/Core/Access/DefaultAccessCheck.php index 123fc5de783..dc260672576 100644 --- a/core/lib/Drupal/Core/Access/DefaultAccessCheck.php +++ b/core/lib/Drupal/Core/Access/DefaultAccessCheck.php @@ -8,20 +8,14 @@ namespace Drupal\Core\Access; use Drupal\Core\Session\AccountInterface; +use Drupal\Core\Routing\Access\AccessInterface as RoutingAccessInterface; use Symfony\Component\Routing\Route; use Symfony\Component\HttpFoundation\Request; /** * Allows access to routes to be controlled by an '_access' boolean parameter. */ -class DefaultAccessCheck implements StaticAccessCheckInterface { - - /** - * {@inheritdoc} - */ - public function appliesTo() { - return array('_access'); - } +class DefaultAccessCheck implements RoutingAccessInterface { /** * {@inheritdoc} diff --git a/core/lib/Drupal/Core/Access/StaticAccessCheckInterface.php b/core/lib/Drupal/Core/Access/StaticAccessCheckInterface.php deleted file mode 100644 index c01b7197973..00000000000 --- a/core/lib/Drupal/Core/Access/StaticAccessCheckInterface.php +++ /dev/null @@ -1,34 +0,0 @@ -getDefinition('access_manager'); foreach ($container->findTaggedServiceIds('access_check') as $id => $attributes) { - $access_manager->addMethodCall('addCheckService', array($id)); + $applies = array(); + foreach ($attributes as $attribute) { + if (isset($attribute['applies_to'])) { + $applies[] = $attribute['applies_to']; + } + } + $access_manager->addMethodCall('addCheckService', array($id, $applies)); } } } diff --git a/core/lib/Drupal/Core/Entity/EntityAccessCheck.php b/core/lib/Drupal/Core/Entity/EntityAccessCheck.php index 06ad0b7daad..1e3b0aea82c 100644 --- a/core/lib/Drupal/Core/Entity/EntityAccessCheck.php +++ b/core/lib/Drupal/Core/Entity/EntityAccessCheck.php @@ -7,23 +7,15 @@ namespace Drupal\Core\Entity; -use Drupal\Core\Entity\EntityInterface; +use Drupal\Core\Routing\Access\AccessInterface; use Drupal\Core\Session\AccountInterface; use Symfony\Component\Routing\Route; use Symfony\Component\HttpFoundation\Request; -use Drupal\Core\Access\StaticAccessCheckInterface; /** * Provides a generic access checker for entities. */ -class EntityAccessCheck implements StaticAccessCheckInterface { - - /** - * {@inheritdoc} - */ - public function appliesTo() { - return array('_entity_access'); - } +class EntityAccessCheck implements AccessInterface { /** * Implements \Drupal\Core\Access\AccessCheckInterface::access(). diff --git a/core/lib/Drupal/Core/Entity/EntityCreateAccessCheck.php b/core/lib/Drupal/Core/Entity/EntityCreateAccessCheck.php index e3268bf4c59..1cf7d8715b5 100644 --- a/core/lib/Drupal/Core/Entity/EntityCreateAccessCheck.php +++ b/core/lib/Drupal/Core/Entity/EntityCreateAccessCheck.php @@ -7,7 +7,7 @@ namespace Drupal\Core\Entity; -use Drupal\Core\Access\StaticAccessCheckInterface; +use Drupal\Core\Routing\Access\AccessInterface; use Drupal\Core\Session\AccountInterface; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\Routing\Route; @@ -15,7 +15,7 @@ use Symfony\Component\Routing\Route; /** * Defines an access checker for entity creation. */ -class EntityCreateAccessCheck implements StaticAccessCheckInterface { +class EntityCreateAccessCheck implements AccessInterface { /** * The entity manager. @@ -41,13 +41,6 @@ class EntityCreateAccessCheck implements StaticAccessCheckInterface { $this->entityManager = $entity_manager; } - /** - * {@inheritdoc} - */ - public function appliesTo() { - return array($this->requirementsKey); - } - /** * {@inheritdoc} */ diff --git a/core/lib/Drupal/Core/Theme/ThemeAccessCheck.php b/core/lib/Drupal/Core/Theme/ThemeAccessCheck.php index 7da53eff6a7..75afddcb9df 100644 --- a/core/lib/Drupal/Core/Theme/ThemeAccessCheck.php +++ b/core/lib/Drupal/Core/Theme/ThemeAccessCheck.php @@ -7,7 +7,7 @@ namespace Drupal\Core\Theme; -use Drupal\Core\Access\StaticAccessCheckInterface; +use Drupal\Core\Routing\Access\AccessInterface; use Drupal\Core\Session\AccountInterface; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\Routing\Route; @@ -15,14 +15,7 @@ use Symfony\Component\Routing\Route; /** * Access check for a theme. */ -class ThemeAccessCheck implements StaticAccessCheckInterface { - - /** - * {@inheritdoc} - */ - public function appliesTo() { - return array('_access_theme'); - } +class ThemeAccessCheck implements AccessInterface { /** * {@inheritdoc} diff --git a/core/modules/aggregator/aggregator.services.yml b/core/modules/aggregator/aggregator.services.yml index e486b54d269..c00b2ac5dd4 100644 --- a/core/modules/aggregator/aggregator.services.yml +++ b/core/modules/aggregator/aggregator.services.yml @@ -8,3 +8,11 @@ services: plugin.manager.aggregator.processor: class: Drupal\aggregator\Plugin\AggregatorPluginManager arguments: [processor, '@container.namespaces', '@cache.cache', '@language_manager'] + access_check.aggregator.categories: + class: Drupal\aggregator\Access\CategoriesAccessCheck + arguments: ['@database'] + tags: + - { name: access_check, applies_to: _access_aggregator_categories } + aggregator.category.storage: + class: Drupal\aggregator\CategoryStorageController + arguments: ['@database'] diff --git a/core/modules/aggregator/lib/Drupal/aggregator/Access/CategoriesAccessCheck.php b/core/modules/aggregator/lib/Drupal/aggregator/Access/CategoriesAccessCheck.php new file mode 100644 index 00000000000..791edddc84c --- /dev/null +++ b/core/modules/aggregator/lib/Drupal/aggregator/Access/CategoriesAccessCheck.php @@ -0,0 +1,45 @@ +database = $database; + } + + /** + * {@inheritdoc} + */ + public function access(Route $route, Request $request, AccountInterface $account) { + return $account->hasPermission('access news feeds') && (bool) $this->database->queryRange('SELECT 1 FROM {aggregator_category}', 0, 1)->fetchField() ? static::ALLOW : static::DENY; + } + +} diff --git a/core/modules/book/book.services.yml b/core/modules/book/book.services.yml index fa7c66c487c..daa995a814f 100644 --- a/core/modules/book/book.services.yml +++ b/core/modules/book/book.services.yml @@ -15,4 +15,4 @@ services: class: Drupal\book\Access\BookNodeIsRemovableAccessCheck arguments: ['@book.manager'] tags: - - { name: access_check } + - { name: access_check, applies_to: _access_book_removable } diff --git a/core/modules/book/lib/Drupal/book/Access/BookNodeIsRemovableAccessCheck.php b/core/modules/book/lib/Drupal/book/Access/BookNodeIsRemovableAccessCheck.php index c80ae272a5a..7b122199577 100644 --- a/core/modules/book/lib/Drupal/book/Access/BookNodeIsRemovableAccessCheck.php +++ b/core/modules/book/lib/Drupal/book/Access/BookNodeIsRemovableAccessCheck.php @@ -8,7 +8,7 @@ namespace Drupal\book\Access; use Drupal\book\BookManager; -use Drupal\Core\Access\StaticAccessCheckInterface; +use Drupal\Core\Routing\Access\AccessInterface; use Drupal\Core\Session\AccountInterface; use Symfony\Component\Routing\Route; use Symfony\Component\HttpFoundation\Request; @@ -16,7 +16,7 @@ use Symfony\Component\HttpFoundation\Request; /** * Determines whether the requested node can be removed from its book. */ -class BookNodeIsRemovableAccessCheck implements StaticAccessCheckInterface { +class BookNodeIsRemovableAccessCheck implements AccessInterface { /** * Book Manager Service. @@ -35,13 +35,6 @@ class BookNodeIsRemovableAccessCheck implements StaticAccessCheckInterface { $this->bookManager = $book_manager; } - /** - * {@inheritdoc} - */ - public function appliesTo() { - return array('_access_book_removable'); - } - /** * {@inheritdoc} */ diff --git a/core/modules/config_translation/config_translation.services.yml b/core/modules/config_translation/config_translation.services.yml index f30e569abbd..19d5c62677d 100644 --- a/core/modules/config_translation/config_translation.services.yml +++ b/core/modules/config_translation/config_translation.services.yml @@ -9,13 +9,13 @@ services: class: Drupal\config_translation\Access\ConfigTranslationOverviewAccess arguments: ['@plugin.manager.config_translation.mapper'] tags: - - { name: access_check } + - { name: access_check, applies_to: _config_translation_overview_access } config_translation.access.form: class: Drupal\config_translation\Access\ConfigTranslationFormAccess arguments: ['@plugin.manager.config_translation.mapper'] tags: - - { name: access_check } + - { name: access_check, applies_to: _config_translation_form_access } plugin.manager.config_translation.mapper: class: Drupal\config_translation\ConfigMapperManager diff --git a/core/modules/config_translation/lib/Drupal/config_translation/Access/ConfigTranslationFormAccess.php b/core/modules/config_translation/lib/Drupal/config_translation/Access/ConfigTranslationFormAccess.php index 5e98d411336..10c5f25ed91 100644 --- a/core/modules/config_translation/lib/Drupal/config_translation/Access/ConfigTranslationFormAccess.php +++ b/core/modules/config_translation/lib/Drupal/config_translation/Access/ConfigTranslationFormAccess.php @@ -16,13 +16,6 @@ use Symfony\Component\Routing\Route; */ class ConfigTranslationFormAccess extends ConfigTranslationOverviewAccess { - /** - * {@inheritdoc} - */ - public function appliesTo() { - return array('_config_translation_form_access'); - } - /** * {@inheritdoc} */ diff --git a/core/modules/config_translation/lib/Drupal/config_translation/Access/ConfigTranslationOverviewAccess.php b/core/modules/config_translation/lib/Drupal/config_translation/Access/ConfigTranslationOverviewAccess.php index 73c6ab0a130..183441640dc 100644 --- a/core/modules/config_translation/lib/Drupal/config_translation/Access/ConfigTranslationOverviewAccess.php +++ b/core/modules/config_translation/lib/Drupal/config_translation/Access/ConfigTranslationOverviewAccess.php @@ -8,7 +8,7 @@ namespace Drupal\config_translation\Access; use Drupal\config_translation\ConfigMapperManagerInterface; -use Drupal\Core\Access\StaticAccessCheckInterface; +use Drupal\Core\Routing\Access\AccessInterface; use Drupal\Core\Session\AccountInterface; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\Routing\Route; @@ -16,7 +16,7 @@ use Symfony\Component\Routing\Route; /** * Checks access for displaying the configuration translation overview. */ -class ConfigTranslationOverviewAccess implements StaticAccessCheckInterface { +class ConfigTranslationOverviewAccess implements AccessInterface { /** * The mapper plugin discovery service. @@ -42,13 +42,6 @@ class ConfigTranslationOverviewAccess implements StaticAccessCheckInterface { $this->configMapperManager = $config_mapper_manager; } - /** - * {@inheritdoc} - */ - public function appliesTo() { - return array('_config_translation_overview_access'); - } - /** * {@inheritdoc} */ diff --git a/core/modules/contact/contact.services.yml b/core/modules/contact/contact.services.yml index cccd1fd542b..acb286684c7 100644 --- a/core/modules/contact/contact.services.yml +++ b/core/modules/contact/contact.services.yml @@ -2,5 +2,5 @@ services: access_check.contact_personal: class: Drupal\contact\Access\ContactPageAccess tags: - - { name: access_check } + - { name: access_check, applies_to: _access_contact_personal_tab } arguments: ['@config.factory', '@user.data'] diff --git a/core/modules/contact/lib/Drupal/contact/Access/ContactPageAccess.php b/core/modules/contact/lib/Drupal/contact/Access/ContactPageAccess.php index 182cc1a4d04..c8d0ed93ebb 100644 --- a/core/modules/contact/lib/Drupal/contact/Access/ContactPageAccess.php +++ b/core/modules/contact/lib/Drupal/contact/Access/ContactPageAccess.php @@ -7,8 +7,8 @@ namespace Drupal\contact\Access; -use Drupal\Core\Access\StaticAccessCheckInterface; use Drupal\Core\Config\ConfigFactory; +use Drupal\Core\Routing\Access\AccessInterface; use Drupal\Core\Session\AccountInterface; use Drupal\user\UserDataInterface; use Symfony\Component\Routing\Route; @@ -17,7 +17,7 @@ use Symfony\Component\HttpFoundation\Request; /** * Access check for contact_personal_page route. */ -class ContactPageAccess implements StaticAccessCheckInterface { +class ContactPageAccess implements AccessInterface { /** * The contact settings config object. @@ -46,13 +46,6 @@ class ContactPageAccess implements StaticAccessCheckInterface { $this->userData = $user_data; } - /** - * {@inheritdoc} - */ - public function appliesTo() { - return array('_access_contact_personal_tab'); - } - /** * {@inheritdoc} */ diff --git a/core/modules/content_translation/content_translation.services.yml b/core/modules/content_translation/content_translation.services.yml index 6b3dcbdc9f3..da2acb274c4 100644 --- a/core/modules/content_translation/content_translation.services.yml +++ b/core/modules/content_translation/content_translation.services.yml @@ -13,13 +13,13 @@ services: class: Drupal\content_translation\Access\ContentTranslationOverviewAccess arguments: ['@entity.manager'] tags: - - { name: access_check } + - { name: access_check, applies_to: _access_content_translation_overview } content_translation.manage_access: class: Drupal\content_translation\Access\ContentTranslationManageAccessCheck arguments: ['@entity.manager'] tags: - - { name: access_check } + - { name: access_check, applies_to: _access_content_translation_manage } content_translation.manager: class: Drupal\content_translation\ContentTranslationManager diff --git a/core/modules/content_translation/lib/Drupal/content_translation/Access/ContentTranslationManageAccessCheck.php b/core/modules/content_translation/lib/Drupal/content_translation/Access/ContentTranslationManageAccessCheck.php index 16cc31a4bd3..6c8a617be54 100644 --- a/core/modules/content_translation/lib/Drupal/content_translation/Access/ContentTranslationManageAccessCheck.php +++ b/core/modules/content_translation/lib/Drupal/content_translation/Access/ContentTranslationManageAccessCheck.php @@ -7,9 +7,9 @@ namespace Drupal\content_translation\Access; -use Drupal\Core\Access\StaticAccessCheckInterface; use Drupal\Core\Entity\EntityManagerInterface; use Drupal\Core\Language\Language; +use Drupal\Core\Routing\Access\AccessInterface; use Drupal\Core\Session\AccountInterface; use Symfony\Component\Routing\Route; use Symfony\Component\HttpFoundation\Request; @@ -17,7 +17,7 @@ use Symfony\Component\HttpFoundation\Request; /** * Access check for entity translation CRUD operation. */ -class ContentTranslationManageAccessCheck implements StaticAccessCheckInterface { +class ContentTranslationManageAccessCheck implements AccessInterface { /** * The entity type manager. @@ -36,13 +36,6 @@ class ContentTranslationManageAccessCheck implements StaticAccessCheckInterface $this->entityManager = $manager; } - /** - * {@inheritdoc} - */ - public function appliesTo() { - return array('_access_content_translation_manage'); - } - /** * {@inheritdoc} */ diff --git a/core/modules/content_translation/lib/Drupal/content_translation/Access/ContentTranslationOverviewAccess.php b/core/modules/content_translation/lib/Drupal/content_translation/Access/ContentTranslationOverviewAccess.php index 5086e797a59..53a6b4d5728 100644 --- a/core/modules/content_translation/lib/Drupal/content_translation/Access/ContentTranslationOverviewAccess.php +++ b/core/modules/content_translation/lib/Drupal/content_translation/Access/ContentTranslationOverviewAccess.php @@ -7,8 +7,8 @@ namespace Drupal\content_translation\Access; -use Drupal\Core\Access\StaticAccessCheckInterface; use Drupal\Core\Entity\EntityManagerInterface; +use Drupal\Core\Routing\Access\AccessInterface; use Drupal\Core\Session\AccountInterface; use Symfony\Component\Routing\Route; use Symfony\Component\HttpFoundation\Request; @@ -16,7 +16,7 @@ use Symfony\Component\HttpFoundation\Request; /** * Access check for entity translation overview. */ -class ContentTranslationOverviewAccess implements StaticAccessCheckInterface { +class ContentTranslationOverviewAccess implements AccessInterface { /** * The entity type manager. @@ -35,13 +35,6 @@ class ContentTranslationOverviewAccess implements StaticAccessCheckInterface { $this->entityManager = $manager; } - /** - * {@inheritdoc} - */ - public function appliesTo() { - return array('_access_content_translation_overview'); - } - /** * {@inheritdoc} */ diff --git a/core/modules/edit/edit.services.yml b/core/modules/edit/edit.services.yml index 73f7f259959..be9946c6755 100644 --- a/core/modules/edit/edit.services.yml +++ b/core/modules/edit/edit.services.yml @@ -6,12 +6,12 @@ services: class: Drupal\edit\Access\EditEntityFieldAccessCheck arguments: ['@entity.manager'] tags: - - { name: access_check } + - { name: access_check, applies_to: _access_edit_entity_field } access_check.edit.entity: class: Drupal\edit\Access\EditEntityAccessCheck arguments: ['@entity.manager'] tags: - - { name: access_check } + - { name: access_check, applies_to: _access_edit_entity } edit.editor.selector: class: Drupal\edit\EditorSelector arguments: ['@plugin.manager.edit.editor', '@plugin.manager.field.formatter'] diff --git a/core/modules/edit/lib/Drupal/edit/Access/EditEntityAccessCheck.php b/core/modules/edit/lib/Drupal/edit/Access/EditEntityAccessCheck.php index 07faf6e3ab5..827c06f9d9c 100644 --- a/core/modules/edit/lib/Drupal/edit/Access/EditEntityAccessCheck.php +++ b/core/modules/edit/lib/Drupal/edit/Access/EditEntityAccessCheck.php @@ -7,8 +7,8 @@ namespace Drupal\edit\Access; -use Drupal\Core\Access\StaticAccessCheckInterface; use Drupal\Core\Entity\EntityManagerInterface; +use Drupal\Core\Routing\Access\AccessInterface; use Drupal\Core\Session\AccountInterface; use Symfony\Component\Routing\Route; use Symfony\Component\HttpFoundation\Request; @@ -18,7 +18,7 @@ use Drupal\Core\Entity\EntityInterface; /** * Access check for editing entities. */ -class EditEntityAccessCheck implements StaticAccessCheckInterface { +class EditEntityAccessCheck implements AccessInterface { /** * The entity manager. @@ -37,14 +37,6 @@ class EditEntityAccessCheck implements StaticAccessCheckInterface { $this->entityManager = $entity_manager; } - /** - * {@inheritdoc} - */ - public function appliesTo() { - // @see edit.routing.yml - return array('_access_edit_entity'); - } - /** * {@inheritdoc} */ diff --git a/core/modules/edit/lib/Drupal/edit/Access/EditEntityFieldAccessCheck.php b/core/modules/edit/lib/Drupal/edit/Access/EditEntityFieldAccessCheck.php index 2dbfc45c733..9de7347bd22 100644 --- a/core/modules/edit/lib/Drupal/edit/Access/EditEntityFieldAccessCheck.php +++ b/core/modules/edit/lib/Drupal/edit/Access/EditEntityFieldAccessCheck.php @@ -7,9 +7,8 @@ namespace Drupal\edit\Access; -use Drupal\Core\Access\StaticAccessCheckInterface; -use Drupal\edit\Access\EditEntityFieldAccessCheckInterface; use Drupal\Core\Entity\EntityManagerInterface; +use Drupal\Core\Routing\Access\AccessInterface; use Drupal\Core\Session\AccountInterface; use Symfony\Component\Routing\Route; use Symfony\Component\HttpFoundation\Request; @@ -19,7 +18,7 @@ use Drupal\Core\Entity\EntityInterface; /** * Access check for editing entity fields. */ -class EditEntityFieldAccessCheck implements StaticAccessCheckInterface, EditEntityFieldAccessCheckInterface { +class EditEntityFieldAccessCheck implements AccessInterface, EditEntityFieldAccessCheckInterface { /** * The entity manager. @@ -38,13 +37,6 @@ class EditEntityFieldAccessCheck implements StaticAccessCheckInterface, EditEnti $this->entityManager = $entity_manager; } - /** - * {@inheritdoc} - */ - public function appliesTo() { - return array('_access_edit_entity_field'); - } - /** * {@inheritdoc} */ diff --git a/core/modules/edit/tests/Drupal/edit/Tests/Access/EditEntityAccessCheckTest.php b/core/modules/edit/tests/Drupal/edit/Tests/Access/EditEntityAccessCheckTest.php index c42ae9ace7c..0d5ca57f40b 100644 --- a/core/modules/edit/tests/Drupal/edit/Tests/Access/EditEntityAccessCheckTest.php +++ b/core/modules/edit/tests/Drupal/edit/Tests/Access/EditEntityAccessCheckTest.php @@ -65,13 +65,6 @@ class EditEntityAccessCheckTest extends UnitTestCase { $this->editAccessCheck = new EditEntityAccessCheck($this->entityManager); } - /** - * Tests the appliesTo method for the access checker. - */ - public function testAppliesTo() { - $this->assertEquals($this->editAccessCheck->appliesTo(), array('_access_edit_entity'), 'Access checker returned the expected appliesTo() array.'); - } - /** * Provides test data for testAccess(). * diff --git a/core/modules/edit/tests/Drupal/edit/Tests/Access/EditEntityFieldAccessCheckTest.php b/core/modules/edit/tests/Drupal/edit/Tests/Access/EditEntityFieldAccessCheckTest.php index ba2e038f2af..b9c847dcb76 100644 --- a/core/modules/edit/tests/Drupal/edit/Tests/Access/EditEntityFieldAccessCheckTest.php +++ b/core/modules/edit/tests/Drupal/edit/Tests/Access/EditEntityFieldAccessCheckTest.php @@ -67,13 +67,6 @@ class EditEntityFieldAccessCheckTest extends UnitTestCase { $this->editAccessCheck = new EditEntityFieldAccessCheck($this->entityManager); } - /** - * Tests the appliesTo method for the access checker. - */ - public function testAppliesTo() { - $this->assertEquals($this->editAccessCheck->appliesTo(), array('_access_edit_entity_field'), 'Access checker returned the expected appliesTo() array.'); - } - /** * Provides test data for testAccess(). * diff --git a/core/modules/field_ui/field_ui.services.yml b/core/modules/field_ui/field_ui.services.yml index 65111cc1c38..4f5ef7a2c7f 100644 --- a/core/modules/field_ui/field_ui.services.yml +++ b/core/modules/field_ui/field_ui.services.yml @@ -8,9 +8,9 @@ services: class: Drupal\field_ui\Access\ViewModeAccessCheck arguments: ['@entity.manager'] tags: - - { name: access_check } + - { name: access_check, applies_to: _field_ui_view_mode_access } access_check.field_ui.form_mode: class: Drupal\field_ui\Access\FormModeAccessCheck arguments: ['@entity.manager'] tags: - - { name: access_check } + - { name: access_check, applies_to: _field_ui_form_mode_access } diff --git a/core/modules/field_ui/lib/Drupal/field_ui/Access/FormModeAccessCheck.php b/core/modules/field_ui/lib/Drupal/field_ui/Access/FormModeAccessCheck.php index 10552da7d39..fefd1a141ef 100644 --- a/core/modules/field_ui/lib/Drupal/field_ui/Access/FormModeAccessCheck.php +++ b/core/modules/field_ui/lib/Drupal/field_ui/Access/FormModeAccessCheck.php @@ -7,8 +7,8 @@ namespace Drupal\field_ui\Access; -use Drupal\Core\Access\StaticAccessCheckInterface; use Drupal\Core\Entity\EntityManagerInterface; +use Drupal\Core\Routing\Access\AccessInterface; use Drupal\Core\Session\AccountInterface; use Symfony\Component\Routing\Route; use Symfony\Component\HttpFoundation\Request; @@ -16,7 +16,7 @@ use Symfony\Component\HttpFoundation\Request; /** * Allows access to routes to be controlled by an '_access' boolean parameter. */ -class FormModeAccessCheck implements StaticAccessCheckInterface { +class FormModeAccessCheck implements AccessInterface { /** * The entity manager. @@ -35,13 +35,6 @@ class FormModeAccessCheck implements StaticAccessCheckInterface { $this->entityManager = $entity_manager; } - /** - * {@inheritdoc} - */ - public function appliesTo() { - return array('_field_ui_form_mode_access'); - } - /** * {@inheritdoc} */ diff --git a/core/modules/field_ui/lib/Drupal/field_ui/Access/ViewModeAccessCheck.php b/core/modules/field_ui/lib/Drupal/field_ui/Access/ViewModeAccessCheck.php index e5fb8d541b4..0ae6870babe 100644 --- a/core/modules/field_ui/lib/Drupal/field_ui/Access/ViewModeAccessCheck.php +++ b/core/modules/field_ui/lib/Drupal/field_ui/Access/ViewModeAccessCheck.php @@ -7,8 +7,8 @@ namespace Drupal\field_ui\Access; -use Drupal\Core\Access\StaticAccessCheckInterface; use Drupal\Core\Entity\EntityManagerInterface; +use Drupal\Core\Routing\Access\AccessInterface; use Drupal\Core\Session\AccountInterface; use Symfony\Component\Routing\Route; use Symfony\Component\HttpFoundation\Request; @@ -16,7 +16,7 @@ use Symfony\Component\HttpFoundation\Request; /** * Allows access to routes to be controlled by an '_access' boolean parameter. */ -class ViewModeAccessCheck implements StaticAccessCheckInterface { +class ViewModeAccessCheck implements AccessInterface { /** * The entity manager. @@ -35,13 +35,6 @@ class ViewModeAccessCheck implements StaticAccessCheckInterface { $this->entityManager = $entity_manager; } - /** - * {@inheritdoc} - */ - public function appliesTo() { - return array('_field_ui_view_mode_access'); - } - /** * {@inheritdoc} */ diff --git a/core/modules/filter/filter.services.yml b/core/modules/filter/filter.services.yml index 91bc91f79d2..c355c0c036e 100644 --- a/core/modules/filter/filter.services.yml +++ b/core/modules/filter/filter.services.yml @@ -9,7 +9,7 @@ services: access_check.filter_disable: class: Drupal\filter\Access\FormatDisableCheck tags: - - { name: access_check } + - { name: access_check, applies_to: _filter_disable_format_access } plugin.manager.filter: class: Drupal\filter\FilterPluginManager parent: default_plugin_manager diff --git a/core/modules/filter/lib/Drupal/filter/Access/FormatDisableCheck.php b/core/modules/filter/lib/Drupal/filter/Access/FormatDisableCheck.php index d78c103f9fd..c039fba1eef 100644 --- a/core/modules/filter/lib/Drupal/filter/Access/FormatDisableCheck.php +++ b/core/modules/filter/lib/Drupal/filter/Access/FormatDisableCheck.php @@ -7,7 +7,7 @@ namespace Drupal\filter\Access; -use Drupal\Core\Access\StaticAccessCheckInterface; +use Drupal\Core\Routing\Access\AccessInterface; use Drupal\Core\Session\AccountInterface; use Symfony\Component\Routing\Route; use Symfony\Component\HttpFoundation\Request; @@ -15,14 +15,7 @@ use Symfony\Component\HttpFoundation\Request; /** * Checks access for disabling text formats. */ -class FormatDisableCheck implements StaticAccessCheckInterface { - - /** - * {@inheritdoc} - */ - public function appliesTo() { - return array('_filter_disable_format_access'); - } +class FormatDisableCheck implements AccessInterface { /** * {@inheritdoc} diff --git a/core/modules/node/lib/Drupal/node/Access/NodeAddAccessCheck.php b/core/modules/node/lib/Drupal/node/Access/NodeAddAccessCheck.php index f67232d68f3..8d72223a01a 100644 --- a/core/modules/node/lib/Drupal/node/Access/NodeAddAccessCheck.php +++ b/core/modules/node/lib/Drupal/node/Access/NodeAddAccessCheck.php @@ -7,7 +7,8 @@ namespace Drupal\node\Access; -use Drupal\Core\Entity\EntityCreateAccessCheck; +use Drupal\Core\Entity\EntityManagerInterface; +use Drupal\Core\Routing\Access\AccessInterface; use Drupal\Core\Session\AccountInterface; use Symfony\Component\Routing\Route; use Symfony\Component\HttpFoundation\Request; @@ -15,12 +16,24 @@ use Symfony\Component\HttpFoundation\Request; /** * Determines access to for node add pages. */ -class NodeAddAccessCheck extends EntityCreateAccessCheck { +class NodeAddAccessCheck implements AccessInterface { /** - * {@inheritdoc} + * The entity manager. + * + * @var \Drupal\Core\Entity\EntityManagerInterface */ - protected $requirementsKey = '_node_add_access'; + protected $entityManager; + + /** + * Constructs a EntityCreateAccessCheck object. + * + * @param \Drupal\Core\Entity\EntityManagerInterface $entity_manager + * The entity manager. + */ + public function __construct(EntityManagerInterface $entity_manager) { + $this->entityManager = $entity_manager; + } /** * {@inheritdoc} diff --git a/core/modules/node/lib/Drupal/node/Access/NodeRevisionAccessCheck.php b/core/modules/node/lib/Drupal/node/Access/NodeRevisionAccessCheck.php index 2d3281bf9bc..353a8fb92d5 100644 --- a/core/modules/node/lib/Drupal/node/Access/NodeRevisionAccessCheck.php +++ b/core/modules/node/lib/Drupal/node/Access/NodeRevisionAccessCheck.php @@ -7,9 +7,9 @@ namespace Drupal\node\Access; -use Drupal\Core\Access\AccessCheckInterface; use Drupal\Core\Database\Connection; use Drupal\Core\Entity\EntityManagerInterface; +use Drupal\Core\Routing\Access\AccessInterface; use Drupal\Core\Session\AccountInterface; use Drupal\node\NodeInterface; use Symfony\Component\HttpFoundation\Request; @@ -18,7 +18,7 @@ use Symfony\Component\Routing\Route; /** * Provides an access checker for node revisions. */ -class NodeRevisionAccessCheck implements AccessCheckInterface { +class NodeRevisionAccessCheck implements AccessInterface { /** * The node storage. @@ -62,13 +62,6 @@ class NodeRevisionAccessCheck implements AccessCheckInterface { $this->connection = $connection; } - /** - * {@inheritdoc} - */ - public function applies(Route $route) { - return array_key_exists('_access_node_revision', $route->getRequirements()); - } - /** * {@inheritdoc} */ diff --git a/core/modules/node/node.services.yml b/core/modules/node/node.services.yml index 47809f48d77..73296859d92 100644 --- a/core/modules/node/node.services.yml +++ b/core/modules/node/node.services.yml @@ -6,9 +6,9 @@ services: class: Drupal\node\Access\NodeRevisionAccessCheck arguments: ['@entity.manager', '@database'] tags: - - { name: access_check } + - { name: access_check, applies_to: _access_node_revision } access_check.node.add: class: Drupal\node\Access\NodeAddAccessCheck arguments: ['@entity.manager'] tags: - - { name: access_check } + - { name: access_check, applies_to: _node_add_access } diff --git a/core/modules/search/lib/Drupal/search/Access/SearchAccessCheck.php b/core/modules/search/lib/Drupal/search/Access/SearchAccessCheck.php index b36d88e2e77..2ad2400699a 100644 --- a/core/modules/search/lib/Drupal/search/Access/SearchAccessCheck.php +++ b/core/modules/search/lib/Drupal/search/Access/SearchAccessCheck.php @@ -7,7 +7,7 @@ namespace Drupal\search\Access; -use Drupal\Core\Access\StaticAccessCheckInterface; +use Drupal\Core\Routing\Access\AccessInterface; use Drupal\Core\Session\AccountInterface; use Drupal\search\SearchPluginManager; use Symfony\Component\HttpFoundation\Request; @@ -16,7 +16,7 @@ use Symfony\Component\Routing\Route; /** * Checks access for viewing search. */ -class SearchAccessCheck implements StaticAccessCheckInterface { +class SearchAccessCheck implements AccessInterface { /** * The search plugin manager. @@ -35,13 +35,6 @@ class SearchAccessCheck implements StaticAccessCheckInterface { $this->searchManager = $search_plugin_manager; } - /** - * {@inheritdoc} - */ - public function appliesTo() { - return array('_search_access'); - } - /** * {@inheritdoc} */ diff --git a/core/modules/search/lib/Drupal/search/Access/SearchPluginAccessCheck.php b/core/modules/search/lib/Drupal/search/Access/SearchPluginAccessCheck.php index 9ecda1d0123..86e81663918 100644 --- a/core/modules/search/lib/Drupal/search/Access/SearchPluginAccessCheck.php +++ b/core/modules/search/lib/Drupal/search/Access/SearchPluginAccessCheck.php @@ -16,13 +16,6 @@ use Symfony\Component\Routing\Route; */ class SearchPluginAccessCheck extends SearchAccessCheck { - /** - * {@inheritdoc} - */ - public function appliesTo() { - return array('_search_plugin_view_access'); - } - /** * {@inheritdoc} */ diff --git a/core/modules/search/search.services.yml b/core/modules/search/search.services.yml index 31dc5c5699f..543bd09c4c5 100644 --- a/core/modules/search/search.services.yml +++ b/core/modules/search/search.services.yml @@ -7,10 +7,10 @@ services: class: Drupal\search\Access\SearchAccessCheck arguments: ['@plugin.manager.search'] tags: - - { name: access_check } + - { name: access_check, applies_to: _search_access } access_check.search_plugin: class: Drupal\search\Access\SearchPluginAccessCheck arguments: ['@plugin.manager.search'] tags: - - { name: access_check } + - { name: access_check, applies_to: _search_plugin_view_access } diff --git a/core/modules/shortcut/lib/Drupal/shortcut/Access/LinkAccessCheck.php b/core/modules/shortcut/lib/Drupal/shortcut/Access/LinkAccessCheck.php new file mode 100644 index 00000000000..b85fb9f7a64 --- /dev/null +++ b/core/modules/shortcut/lib/Drupal/shortcut/Access/LinkAccessCheck.php @@ -0,0 +1,32 @@ +attributes->get('menu_link'); + $set_name = str_replace('shortcut-', '', $menu_link['menu_name']); + if ($shortcut_set = shortcut_set_load($set_name)) { + return shortcut_set_edit_access($shortcut_set) ? static::ALLOW : static::DENY; + } + return static::DENY; + } + +} diff --git a/core/modules/shortcut/lib/Drupal/shortcut/Access/ShortcutSetEditAccessCheck.php b/core/modules/shortcut/lib/Drupal/shortcut/Access/ShortcutSetEditAccessCheck.php index 283825a6a3e..21bbda8fba9 100644 --- a/core/modules/shortcut/lib/Drupal/shortcut/Access/ShortcutSetEditAccessCheck.php +++ b/core/modules/shortcut/lib/Drupal/shortcut/Access/ShortcutSetEditAccessCheck.php @@ -7,7 +7,7 @@ namespace Drupal\shortcut\Access; -use Drupal\Core\Access\StaticAccessCheckInterface; +use Drupal\Core\Routing\Access\AccessInterface; use Drupal\Core\Session\AccountInterface; use Symfony\Component\Routing\Route; use Symfony\Component\HttpFoundation\Request; @@ -15,14 +15,7 @@ use Symfony\Component\HttpFoundation\Request; /** * Provides an access check for shortcut link delete routes. */ -class ShortcutSetEditAccessCheck implements StaticAccessCheckInterface { - - /** - * {@inheritdoc} - */ - public function appliesTo() { - return array('_access_shortcut_set_edit'); - } +class ShortcutSetEditAccessCheck implements AccessInterface { /** * {@inheritdoc} diff --git a/core/modules/shortcut/lib/Drupal/shortcut/Access/ShortcutSetSwitchAccessCheck.php b/core/modules/shortcut/lib/Drupal/shortcut/Access/ShortcutSetSwitchAccessCheck.php index d39f6308b30..6d844edfd0d 100644 --- a/core/modules/shortcut/lib/Drupal/shortcut/Access/ShortcutSetSwitchAccessCheck.php +++ b/core/modules/shortcut/lib/Drupal/shortcut/Access/ShortcutSetSwitchAccessCheck.php @@ -7,7 +7,7 @@ namespace Drupal\shortcut\Access; -use Drupal\Core\Access\StaticAccessCheckInterface; +use Drupal\Core\Routing\Access\AccessInterface; use Drupal\Core\Session\AccountInterface; use Symfony\Component\Routing\Route; use Symfony\Component\HttpFoundation\Request; @@ -15,14 +15,7 @@ use Symfony\Component\HttpFoundation\Request; /** * Provides an access check for shortcut link delete routes. */ -class ShortcutSetSwitchAccessCheck implements StaticAccessCheckInterface { - - /** - * {@inheritdoc} - */ - public function appliesTo() { - return array('_access_shortcut_set_switch'); - } +class ShortcutSetSwitchAccessCheck implements AccessInterface { /** * {@inheritdoc} diff --git a/core/modules/shortcut/shortcut.services.yml b/core/modules/shortcut/shortcut.services.yml index 3a04d99b075..a6605940e76 100644 --- a/core/modules/shortcut/shortcut.services.yml +++ b/core/modules/shortcut/shortcut.services.yml @@ -1,10 +1,15 @@ services: + access_check.shortcut.link: + class: Drupal\shortcut\Access\LinkAccessCheck + tags: + - { name: access_check, applies_to: _access_shortcut_link } + access_check.shortcut.shortcut_set_edit: class: Drupal\shortcut\Access\ShortcutSetEditAccessCheck tags: - - { name: access_check } + - { name: access_check, applies_to: _access_shortcut_set_edit } access_check.shortcut.shortcut_set_switch: class: Drupal\shortcut\Access\ShortcutSetSwitchAccessCheck tags: - - { name: access_check } + - { name: access_check, applies_to: _access_shortcut_set_switch } diff --git a/core/modules/system/lib/Drupal/system/Access/CronAccessCheck.php b/core/modules/system/lib/Drupal/system/Access/CronAccessCheck.php index 7b19f54f998..ef094fd7fb3 100644 --- a/core/modules/system/lib/Drupal/system/Access/CronAccessCheck.php +++ b/core/modules/system/lib/Drupal/system/Access/CronAccessCheck.php @@ -7,7 +7,7 @@ namespace Drupal\system\Access; -use Drupal\Core\Access\StaticAccessCheckInterface; +use Drupal\Core\Routing\Access\AccessInterface; use Drupal\Core\Session\AccountInterface; use Symfony\Component\Routing\Route; use Symfony\Component\HttpFoundation\Request; @@ -15,14 +15,7 @@ use Symfony\Component\HttpFoundation\Request; /** * Access check for cron routes. */ -class CronAccessCheck implements StaticAccessCheckInterface { - - /** - * {@inheritdoc} - */ - public function appliesTo() { - return array('_access_system_cron'); - } +class CronAccessCheck implements AccessInterface { /** * Implements AccessCheckInterface::access(). diff --git a/core/modules/system/system.services.yml b/core/modules/system/system.services.yml index 3dcbb847e7b..54e5b114931 100644 --- a/core/modules/system/system.services.yml +++ b/core/modules/system/system.services.yml @@ -2,7 +2,7 @@ services: access_check.cron: class: Drupal\system\Access\CronAccessCheck tags: - - { name: access_check } + - { name: access_check, applies_to: _access_system_cron } system.manager: class: Drupal\system\SystemManager arguments: ['@module_handler', '@database', '@entity.manager'] diff --git a/core/modules/system/tests/modules/router_test_directory/lib/Drupal/router_test/Access/DefinedTestAccessCheck.php b/core/modules/system/tests/modules/router_test_directory/lib/Drupal/router_test/Access/DefinedTestAccessCheck.php index 7abafd41c64..7aa50dc022a 100644 --- a/core/modules/system/tests/modules/router_test_directory/lib/Drupal/router_test/Access/DefinedTestAccessCheck.php +++ b/core/modules/system/tests/modules/router_test_directory/lib/Drupal/router_test/Access/DefinedTestAccessCheck.php @@ -7,7 +7,7 @@ namespace Drupal\router_test\Access; -use Drupal\Core\Access\AccessCheckInterface; +use Drupal\Core\Routing\Access\AccessInterface; use Drupal\Core\Session\AccountInterface; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\Routing\Route; @@ -15,14 +15,7 @@ use Symfony\Component\Routing\Route; /** * Defines an access checker similar to DefaultAccessCheck */ -class DefinedTestAccessCheck implements AccessCheckInterface { - - /** - * {@inheritdoc} - */ - public function applies(Route $route) { - return array_key_exists('_test_access', $route->getRequirements()); - } +class DefinedTestAccessCheck implements AccessInterface { /** * {@inheritdoc} diff --git a/core/modules/system/tests/modules/router_test_directory/lib/Drupal/router_test/Access/TestAccessCheck.php b/core/modules/system/tests/modules/router_test_directory/lib/Drupal/router_test/Access/TestAccessCheck.php index 2f3664ae27b..eda75608d59 100644 --- a/core/modules/system/tests/modules/router_test_directory/lib/Drupal/router_test/Access/TestAccessCheck.php +++ b/core/modules/system/tests/modules/router_test_directory/lib/Drupal/router_test/Access/TestAccessCheck.php @@ -7,7 +7,7 @@ namespace Drupal\router_test\Access; -use Drupal\Core\Access\AccessCheckInterface; +use Drupal\Core\Routing\Access\AccessInterface; use Drupal\Core\Session\AccountInterface; use Symfony\Component\Routing\Route; use Symfony\Component\HttpFoundation\Request; @@ -15,14 +15,7 @@ use Symfony\Component\HttpFoundation\Request; /** * Access check for test routes. */ -class TestAccessCheck implements AccessCheckInterface { - - /** - * Implements AccessCheckInterface::applies(). - */ - public function applies(Route $route) { - return array_key_exists('_access_router_test', $route->getRequirements()); - } +class TestAccessCheck implements AccessInterface { /** * Implements AccessCheckInterface::access(). diff --git a/core/modules/system/tests/modules/router_test_directory/lib/Drupal/router_test/RouterTestServiceProvider.php b/core/modules/system/tests/modules/router_test_directory/lib/Drupal/router_test/RouterTestServiceProvider.php index 9c1dbc3a772..641a0557b66 100644 --- a/core/modules/system/tests/modules/router_test_directory/lib/Drupal/router_test/RouterTestServiceProvider.php +++ b/core/modules/system/tests/modules/router_test_directory/lib/Drupal/router_test/RouterTestServiceProvider.php @@ -21,6 +21,6 @@ class RouterTestServiceProvider implements ServiceProviderInterface { public function register(ContainerBuilder $container) { $container->register('router_test.subscriber', 'Drupal\router_test\RouteTestSubscriber')->addTag('event_subscriber'); $container->register('access_check.router_test', 'Drupal\router_test\Access\TestAccessCheck') - ->addTag('access_check'); + ->addTag('access_check', array('applies_to' => '_access_router_test')); } } diff --git a/core/modules/tracker/lib/Drupal/tracker/Access/ViewOwnTrackerAccessCheck.php b/core/modules/tracker/lib/Drupal/tracker/Access/ViewOwnTrackerAccessCheck.php index 11f42c19337..a4c594e7d34 100644 --- a/core/modules/tracker/lib/Drupal/tracker/Access/ViewOwnTrackerAccessCheck.php +++ b/core/modules/tracker/lib/Drupal/tracker/Access/ViewOwnTrackerAccessCheck.php @@ -7,7 +7,7 @@ namespace Drupal\tracker\Access; -use Drupal\Core\Access\StaticAccessCheckInterface; +use Drupal\Core\Routing\Access\AccessInterface; use Drupal\Core\Session\AccountInterface; use Symfony\Component\Routing\Route; use Symfony\Component\HttpFoundation\Request; @@ -15,14 +15,7 @@ use Symfony\Component\HttpFoundation\Request; /** * Access check for user tracker routes. */ -class ViewOwnTrackerAccessCheck implements StaticAccessCheckInterface { - - /** - * {@inheritdoc} - */ - public function appliesTo() { - return array('_access_tracker_own_information'); - } +class ViewOwnTrackerAccessCheck implements AccessInterface { /** * {@inheritdoc} diff --git a/core/modules/tracker/tracker.services.yml b/core/modules/tracker/tracker.services.yml index e657c1f5797..11e29e7e872 100644 --- a/core/modules/tracker/tracker.services.yml +++ b/core/modules/tracker/tracker.services.yml @@ -2,4 +2,4 @@ services: access_check.tracker.view_own: class: Drupal\tracker\Access\ViewOwnTrackerAccessCheck tags: - - { name: access_check } + - { name: access_check, applies_to: _access_tracker_own_information } diff --git a/core/modules/update/lib/Drupal/update/Access/UpdateManagerAccessCheck.php b/core/modules/update/lib/Drupal/update/Access/UpdateManagerAccessCheck.php index 4c805cd1f54..89bbb1da02b 100644 --- a/core/modules/update/lib/Drupal/update/Access/UpdateManagerAccessCheck.php +++ b/core/modules/update/lib/Drupal/update/Access/UpdateManagerAccessCheck.php @@ -8,7 +8,7 @@ namespace Drupal\update\Access; use Drupal\Component\Utility\Settings; -use Drupal\Core\Access\StaticAccessCheckInterface; +use Drupal\Core\Routing\Access\AccessInterface; use Drupal\Core\Session\AccountInterface; use Symfony\Component\Routing\Route; use Symfony\Component\HttpFoundation\Request; @@ -16,7 +16,7 @@ use Symfony\Component\HttpFoundation\Request; /** * Determines whether allow authorized operations is set. */ -class UpdateManagerAccessCheck implements StaticAccessCheckInterface { +class UpdateManagerAccessCheck implements AccessInterface { /** * Settings Service. @@ -28,20 +28,13 @@ class UpdateManagerAccessCheck implements StaticAccessCheckInterface { /** * Constructs a UpdateManagerAccessCheck object. * - * @param \Drupal\update\updateManager $update_manager - * update Manager Service. + * @param \Drupal\Component\Utility\Settings $settings + * The read-only settings container. */ public function __construct(Settings $settings) { $this->settings = $settings; } - /** - * {@inheritdoc} - */ - public function appliesTo() { - return array('_access_update_manager'); - } - /** * {@inheritdoc} */ diff --git a/core/modules/update/update.services.yml b/core/modules/update/update.services.yml index 0ffafc25caf..7008182c4e8 100644 --- a/core/modules/update/update.services.yml +++ b/core/modules/update/update.services.yml @@ -3,4 +3,4 @@ services: class: Drupal\update\Access\UpdateManagerAccessCheck arguments: ['@settings'] tags: - - { name: access_check } + - { name: access_check, applies_to: _access_update_manager } diff --git a/core/modules/user/lib/Drupal/user/Access/LoginStatusCheck.php b/core/modules/user/lib/Drupal/user/Access/LoginStatusCheck.php index 547057b147d..af52c153610 100644 --- a/core/modules/user/lib/Drupal/user/Access/LoginStatusCheck.php +++ b/core/modules/user/lib/Drupal/user/Access/LoginStatusCheck.php @@ -7,7 +7,7 @@ namespace Drupal\user\Access; -use Drupal\Core\Access\StaticAccessCheckInterface; +use Drupal\Core\Routing\Access\AccessInterface; use Drupal\Core\Session\AccountInterface; use Symfony\Component\Routing\Route; use Symfony\Component\HttpFoundation\Request; @@ -15,14 +15,7 @@ use Symfony\Component\HttpFoundation\Request; /** * Determines access to routes based on login status of current user. */ -class LoginStatusCheck implements StaticAccessCheckInterface { - - /** - * {@inheritdoc} - */ - public function appliesTo() { - return array('_user_is_logged_in'); - } +class LoginStatusCheck implements AccessInterface { /** * {@inheritdoc} diff --git a/core/modules/user/lib/Drupal/user/Access/PermissionAccessCheck.php b/core/modules/user/lib/Drupal/user/Access/PermissionAccessCheck.php index b9d084e3cd1..a159b1c14a1 100644 --- a/core/modules/user/lib/Drupal/user/Access/PermissionAccessCheck.php +++ b/core/modules/user/lib/Drupal/user/Access/PermissionAccessCheck.php @@ -7,7 +7,7 @@ namespace Drupal\user\Access; -use Drupal\Core\Access\StaticAccessCheckInterface; +use Drupal\Core\Routing\Access\AccessInterface; use Drupal\Core\Session\AccountInterface; use Symfony\Component\Routing\Route; use Symfony\Component\HttpFoundation\Request; @@ -15,14 +15,7 @@ use Symfony\Component\HttpFoundation\Request; /** * Determines access to routes based on permissions defined via hook_permission(). */ -class PermissionAccessCheck implements StaticAccessCheckInterface { - - /** - * {@inheritdoc} - */ - public function appliesTo() { - return array('_permission'); - } +class PermissionAccessCheck implements AccessInterface { /** * Implements AccessCheckInterface::access(). diff --git a/core/modules/user/lib/Drupal/user/Access/RegisterAccessCheck.php b/core/modules/user/lib/Drupal/user/Access/RegisterAccessCheck.php index 6ba064eb53f..e234afbf59f 100644 --- a/core/modules/user/lib/Drupal/user/Access/RegisterAccessCheck.php +++ b/core/modules/user/lib/Drupal/user/Access/RegisterAccessCheck.php @@ -7,7 +7,7 @@ namespace Drupal\user\Access; -use Drupal\Core\Access\StaticAccessCheckInterface; +use Drupal\Core\Routing\Access\AccessInterface; use Drupal\Core\Session\AccountInterface; use Symfony\Component\Routing\Route; use Symfony\Component\HttpFoundation\Request; @@ -15,14 +15,7 @@ use Symfony\Component\HttpFoundation\Request; /** * Access check for user registration routes. */ -class RegisterAccessCheck implements StaticAccessCheckInterface { - - /** - * {@inheritdoc} - */ - public function appliesTo() { - return array('_access_user_register'); - } +class RegisterAccessCheck implements AccessInterface { /** * Implements AccessCheckInterface::access(). diff --git a/core/modules/user/lib/Drupal/user/Access/RoleAccessCheck.php b/core/modules/user/lib/Drupal/user/Access/RoleAccessCheck.php index 0253a420d4a..e3ace16fa33 100644 --- a/core/modules/user/lib/Drupal/user/Access/RoleAccessCheck.php +++ b/core/modules/user/lib/Drupal/user/Access/RoleAccessCheck.php @@ -7,7 +7,7 @@ namespace Drupal\user\Access; -use Drupal\Core\Access\StaticAccessCheckInterface; +use Drupal\Core\Routing\Access\AccessInterface; use Drupal\Core\Session\AccountInterface; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\Routing\Route; @@ -19,14 +19,7 @@ use Symfony\Component\Routing\Route; * single role, users with that role with have access. If you specify multiple * ones you can conjunct them with AND by using a "+" and with OR by using ",". */ -class RoleAccessCheck implements StaticAccessCheckInterface { - - /** - * {@inheritdoc} - */ - public function appliesTo() { - return array('_role'); - } +class RoleAccessCheck implements AccessInterface { /** * {@inheritdoc} diff --git a/core/modules/user/user.services.yml b/core/modules/user/user.services.yml index d255dfdba56..72629e05a10 100644 --- a/core/modules/user/user.services.yml +++ b/core/modules/user/user.services.yml @@ -2,19 +2,19 @@ services: access_check.permission: class: Drupal\user\Access\PermissionAccessCheck tags: - - { name: access_check } + - { name: access_check, applies_to: _permission } access_check.user.register: class: Drupal\user\Access\RegisterAccessCheck tags: - - { name: access_check } + - { name: access_check, applies_to: _access_user_register } access_check.user.role: class: Drupal\user\Access\RoleAccessCheck tags: - - { name: access_check } + - { name: access_check, applies_to: _role } access_check.user.login_status: class: Drupal\user\Access\LoginStatusCheck tags: - - { name: access_check } + - { name: access_check, applies_to: _user_is_logged_in } user.data: class: Drupal\user\UserData arguments: ['@database'] diff --git a/core/tests/Drupal/Tests/Core/Access/AccessManagerTest.php b/core/tests/Drupal/Tests/Core/Access/AccessManagerTest.php index 689cdf94464..4c2e0fee4c0 100644 --- a/core/tests/Drupal/Tests/Core/Access/AccessManagerTest.php +++ b/core/tests/Drupal/Tests/Core/Access/AccessManagerTest.php @@ -352,7 +352,7 @@ class AccessManagerTest extends UnitTestCase { $this->setupAccessChecker(); $access_check = new DefinedTestAccessCheck(); $this->container->register('test_access_defined', $access_check); - $this->accessManager->addCheckService('test_access_defined'); + $this->accessManager->addCheckService('test_access_defined', array('_test_access')); $request = new Request(); @@ -370,21 +370,6 @@ class AccessManagerTest extends UnitTestCase { $this->assertSame($this->accessManager->check($route, $request, $this->account), $expected_access); } - /** - * Tests the static access checker interface. - */ - public function testStaticAccessCheckInterface() { - $mock_static = $this->getMock('Drupal\Core\Access\StaticAccessCheckInterface'); - $mock_static->expects($this->once()) - ->method('appliesTo') - ->will($this->returnValue(array('_access'))); - - $this->container->set('test_static_access', $mock_static); - $this->accessManager->addCheckService('test_static_access'); - - $this->accessManager->setChecks($this->routeCollection); - } - /** * Tests the checkNamedRoute method. * @@ -593,7 +578,7 @@ class AccessManagerTest extends UnitTestCase { $this->accessManager->setContainer($this->container); $access_check = new DefaultAccessCheck(); $this->container->register('test_access_default', $access_check); - $this->accessManager->addCheckService('test_access_default'); + $this->accessManager->addCheckService('test_access_default', array('_access')); } } diff --git a/core/tests/Drupal/Tests/Core/Access/CsrfAccessCheckTest.php b/core/tests/Drupal/Tests/Core/Access/CsrfAccessCheckTest.php index 0d7a4069ac1..de621887fd5 100644 --- a/core/tests/Drupal/Tests/Core/Access/CsrfAccessCheckTest.php +++ b/core/tests/Drupal/Tests/Core/Access/CsrfAccessCheckTest.php @@ -62,13 +62,6 @@ class CsrfAccessCheckTest extends UnitTestCase { $this->accessCheck = new CsrfAccessCheck($this->csrfToken); } - /** - * Tests CsrfAccessCheck::appliesTo(). - */ - public function testAppliesTo() { - $this->assertEquals($this->accessCheck->appliesTo(), array('_csrf_token'), 'Access checker returned the expected appliesTo() array.'); - } - /** * Tests the access() method with a valid token. */ diff --git a/core/tests/Drupal/Tests/Core/Access/CustomAccessCheckTest.php b/core/tests/Drupal/Tests/Core/Access/CustomAccessCheckTest.php index 8144c237ec0..19a8bff1307 100644 --- a/core/tests/Drupal/Tests/Core/Access/CustomAccessCheckTest.php +++ b/core/tests/Drupal/Tests/Core/Access/CustomAccessCheckTest.php @@ -52,14 +52,6 @@ class CustomAccessCheckTest extends UnitTestCase { $this->accessChecker = new CustomAccessCheck($this->controllerResolver); } - - /** - * Tests the appliesTo method. - */ - public function testAppliesTo() { - $this->assertEquals($this->accessChecker->appliesTo(), array('_custom_access')); - } - /** * Test the access method. */ diff --git a/core/tests/Drupal/Tests/Core/Access/DefaultAccessCheckTest.php b/core/tests/Drupal/Tests/Core/Access/DefaultAccessCheckTest.php index a2fce189b86..d452aa10db8 100644 --- a/core/tests/Drupal/Tests/Core/Access/DefaultAccessCheckTest.php +++ b/core/tests/Drupal/Tests/Core/Access/DefaultAccessCheckTest.php @@ -52,14 +52,6 @@ class DefaultAccessCheckTest extends UnitTestCase { $this->accessChecker = new DefaultAccessCheck(); } - - /** - * Tests the appliesTo method. - */ - public function testAppliesTo() { - $this->assertEquals($this->accessChecker->appliesTo(), array('_access'), 'Access checker returned the expected appliesTo() array.'); - } - /** * Test the access method. */ diff --git a/core/tests/Drupal/Tests/Core/Entity/EntityAccessCheckTest.php b/core/tests/Drupal/Tests/Core/Entity/EntityAccessCheckTest.php index 3e6c3b9e7eb..bba441972f8 100644 --- a/core/tests/Drupal/Tests/Core/Entity/EntityAccessCheckTest.php +++ b/core/tests/Drupal/Tests/Core/Entity/EntityAccessCheckTest.php @@ -28,14 +28,6 @@ class EntityAccessCheckTest extends UnitTestCase { ); } - /** - * Tests the appliesTo method for the access checker. - */ - public function testAppliesTo() { - $entity_access = new EntityAccessCheck(); - $this->assertEquals($entity_access->appliesTo(), array('_entity_access'), 'Access checker returned the expected appliesTo() array.'); - } - /** * Tests the method for checking access to routes. */ diff --git a/core/tests/Drupal/Tests/Core/Entity/EntityCreateAccessCheckTest.php b/core/tests/Drupal/Tests/Core/Entity/EntityCreateAccessCheckTest.php index dcda69a6327..fdf5675423b 100644 --- a/core/tests/Drupal/Tests/Core/Entity/EntityCreateAccessCheckTest.php +++ b/core/tests/Drupal/Tests/Core/Entity/EntityCreateAccessCheckTest.php @@ -44,15 +44,6 @@ class EntityCreateAccessCheckTest extends UnitTestCase { parent::setUp(); } - /** - * Tests the appliesTo method for the access checker. - */ - public function testAppliesTo() { - $entity_manager = $this->getMock('Drupal\Core\Entity\EntityManagerInterface'); - - $entity_access = new EntityCreateAccessCheck($entity_manager); - $this->assertEquals($entity_access->appliesTo(), array('_entity_create_access'), 'Access checker returned the expected appliesTo() array.'); - } /** * Provides test data for testAccess. *