Drupal
/
drupal
mirror of https://git.drupalcode.org/project/drupal.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Issue #2272081 by Wim Leers: BlockAccessController::checkAccess() should run the block plugin's access check last.

8.0.x
webchick 2014-05-21 20:54:37 -07:00
parent 9eae2471fa
commit e071723f85
1 changed files with 8 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
core/modules/block/lib/Drupal/block/BlockAccessController.php
View File

@ -64,13 +64,6 @@ class BlockAccessController extends EntityAccessController implements EntityCont
return FALSE; return FALSE;
} }
// If the plugin denies access, then deny access.
if (!$entity->getPlugin()->access($account)) {
return FALSE;
}
// Otherwise, check for other access restrictions.
// User role access handling. // User role access handling.
// If a block has no roles associated, it is displayed for every role. // If a block has no roles associated, it is displayed for every role.
// For blocks with roles associated, if none of the user's roles matches // For blocks with roles associated, if none of the user's roles matches
@ -121,6 +114,14 @@ class BlockAccessController extends EntityAccessController implements EntityCont
return FALSE; return FALSE;
} }
} }
// If the plugin denies access, then deny access. Apply plugin access checks
// last, because it's almost certainly cheaper to first apply Block's own
// visibility checks.
if (!$entity->getPlugin()->access($account)) {
return FALSE;
}
return TRUE; return TRUE;
} }