From 9d5aefb739809c20da3947a1609ddb364f12c72d Mon Sep 17 00:00:00 2001
From: Nathaniel Catchpole <catch@35733.no-reply.drupal.org>
Date: Wed, 30 Oct 2013 17:31:44 +0000
Subject: [PATCH] Issue #2048223 by dawehner, ParisLiakos, herom, fubhy,
damiankloip, vijaycs85, joelpittet, tim.plunkett: Add $account argument to
AccessCheckInterface::access() method and use the current_user() service.
---
core/core.services.yml | 16 ++++-
core/includes/form.inc | 2 +-
core/includes/menu.inc | 2 +-
core/lib/Drupal/Core/Access/AccessManager.php | 32 +++++-----
.../Drupal/Core/Access/CustomAccessCheck.php | 3 +-
.../Drupal/Core/Access/DefaultAccessCheck.php | 3 +-
.../DependencyInjection/YamlFileLoader.php | 4 ++
.../Drupal/Core/Entity/EntityAccessCheck.php | 5 +-
.../Core/Entity/EntityCreateAccessCheck.php | 5 +-
.../EventSubscriber/AccessRouteSubscriber.php | 61 +++++++++++++++++++
.../Core/EventSubscriber/AccessSubscriber.php | 42 +++++++++----
.../Drupal/Core/Menu/LocalActionManager.php | 13 +++-
.../lib/Drupal/Core/Menu/LocalTaskManager.php | 15 ++++-
.../Core/Routing/Access/AccessInterface.php | 5 +-
.../Enhancer/AuthenticationEnhancer.php | 6 +-
.../Drupal/Core/Theme/ThemeAccessCheck.php | 3 +-
.../Access/CategoriesAccessCheck.php | 7 +--
core/modules/book/book.services.yml | 2 +-
.../Access/BookNodeIsRemovableAccessCheck.php | 3 +-
.../lib/Drupal/book/BookBreadcrumbBuilder.php | 15 ++++-
core/modules/contact/contact.module | 2 +-
.../contact/Access/ContactPageAccess.php | 11 ++--
.../ContentTranslationManageAccessCheck.php | 3 +-
.../ContentTranslationOverviewAccess.php | 8 +--
.../edit/Access/EditEntityAccessCheck.php | 9 +--
.../Access/EditEntityFieldAccessCheck.php | 3 +-
.../Access/EditEntityAccessCheckTest.php | 9 ++-
.../Access/EditEntityFieldAccessCheckTest.php | 21 ++++---
.../field_ui/Access/FormModeAccessCheck.php | 5 +-
.../field_ui/Access/ViewModeAccessCheck.php | 5 +-
.../filter/Access/FormatDisableCheck.php | 3 +-
.../Drupal/node/Access/NodeAddAccessCheck.php | 7 ++-
.../node/Access/NodeRevisionAccessCheck.php | 17 ++----
core/modules/node/node.module | 7 ++-
.../Access/DismissMessageAccessCheck.php | 4 +-
.../Drupal/rest/Access/CSRFAccessCheck.php | 5 +-
.../search/Access/SearchAccessCheck.php | 3 +-
.../search/Access/SearchPluginAccessCheck.php | 4 +-
.../shortcut/Access/LinkAccessCheck.php | 3 +-
.../Access/ShortcutSetEditAccessCheck.php | 3 +-
.../Access/ShortcutSetSwitchAccessCheck.php | 13 ++--
.../Drupal/system/Access/CronAccessCheck.php | 3 +-
.../Drupal/system/Form/ModulesListForm.php | 2 +-
.../system/PathBasedBreadcrumbBuilder.php | 2 +-
.../Access/DefinedTestAccessCheck.php | 3 +-
.../router_test/Access/TestAccessCheck.php | 3 +-
.../Access/ViewOwnTrackerAccessCheck.php | 6 +-
.../Access/UpdateManagerAccessCheck.php | 3 +-
.../Drupal/user/Access/LoginStatusCheck.php | 5 +-
.../user/Access/PermissionAccessCheck.php | 9 ++-
.../user/Access/RegisterAccessCheck.php | 5 +-
.../Drupal/user/Access/RoleAccessCheck.php | 5 +-
.../Tests/Views/HandlerFilterUserNameTest.php | 7 +--
.../lib/Drupal/views/Tests/ViewTestBase.php | 3 +
.../lib/Drupal/views/ViewsAccessCheck.php | 5 +-
.../Tests/Core/Access/AccessManagerTest.php | 46 ++++++++------
.../Core/Access/CustomAccessCheckTest.php | 7 ++-
.../Core/Access/DefaultAccessCheckTest.php | 14 ++++-
.../Core/Entity/EntityAccessCheckTest.php | 3 +-
.../Entity/EntityCreateAccessCheckTest.php | 3 +-
.../Tests/Core/Route/RoleAccessCheckTest.php | 6 +-
61 files changed, 353 insertions(+), 176 deletions(-)
create mode 100644 core/lib/Drupal/Core/EventSubscriber/AccessRouteSubscriber.php
diff --git a/core/core.services.yml b/core/core.services.yml
index 882cf9f248fe..12f3a3c8a071 100644
--- a/core/core.services.yml
+++ b/core/core.services.yml
@@ -192,10 +192,11 @@ services:
arguments: ['@container.namespaces']
plugin.manager.menu.local_action:
class: Drupal\Core\Menu\LocalActionManager
- arguments: ['@controller_resolver', '@request', '@router.route_provider', '@module_handler', '@cache.cache', '@language_manager', '@access_manager']
+ arguments: ['@controller_resolver', '@request', '@router.route_provider', '@module_handler', '@cache.cache', '@language_manager', '@access_manager', '@current_user']
plugin.manager.menu.local_task:
class: Drupal\Core\Menu\LocalTaskManager
- arguments: ['@controller_resolver', '@request', '@router.route_provider', '@module_handler', '@cache.cache', '@language_manager', '@access_manager']
+ arguments: ['@controller_resolver', '@request', '@router.route_provider', '@module_handler', '@cache.cache', '@language_manager', '@access_manager', '@current_user']
+ scope: request
request:
class: Symfony\Component\HttpFoundation\Request
# @TODO the synthetic setting must be uncommented whenever drupal_session_initialize()
@@ -348,6 +349,8 @@ services:
arguments: ['@settings']
route_enhancer.authentication:
class: Drupal\Core\Routing\Enhancer\AuthenticationEnhancer
+ calls:
+ - [setContainer, ['@service_container']]
tags:
- { name: route_enhancer, priority: 1000 }
arguments: ['@authentication']
@@ -410,6 +413,14 @@ services:
- [setRequest, ['@?request']]
access_subscriber:
class: Drupal\Core\EventSubscriber\AccessSubscriber
+ arguments: ['@access_manager', '@current_user']
+ calls:
+ - [setCurrentUser, ['@?current_user']]
+ tags:
+ - { name: event_subscriber }
+ scope: request
+ access_route_subscriber:
+ class: Drupal\Core\EventSubscriber\AccessRouteSubscriber
tags:
- { name: event_subscriber }
arguments: ['@access_manager']
@@ -631,6 +642,7 @@ services:
factory_method: authenticate
factory_service: authentication
arguments: ['@request']
+ synchronized: true
asset.css.collection_renderer:
class: Drupal\Core\Asset\CssCollectionRenderer
arguments: [ '@state' ]
diff --git a/core/includes/form.inc b/core/includes/form.inc
index 1d6b0bea5cf6..2e8e9e14e4b7 100644
--- a/core/includes/form.inc
+++ b/core/includes/form.inc
@@ -2176,7 +2176,7 @@ function form_process_autocomplete($element, &$form_state) {
$parameters = isset($element['#autocomplete_route_parameters']) ? $element['#autocomplete_route_parameters'] : array();
$path = \Drupal::urlGenerator()->generate($element['#autocomplete_route_name'], $parameters);
- $access = \Drupal::service('access_manager')->checkNamedRoute($element['#autocomplete_route_name'], $parameters);
+ $access = \Drupal::service('access_manager')->checkNamedRoute($element['#autocomplete_route_name'], $parameters, \Drupal::currentUser());
}
if ($access) {
$element['#attributes']['class'][] = 'form-autocomplete';
diff --git a/core/includes/menu.inc b/core/includes/menu.inc
index 47e1103158b4..78d63679c928 100644
--- a/core/includes/menu.inc
+++ b/core/includes/menu.inc
@@ -1018,7 +1018,7 @@ function menu_item_route_access(Route $route, $href, &$map) {
}
}
- return \Drupal::service('access_manager')->check($route, $request);
+ return \Drupal::service('access_manager')->check($route, $request, \Drupal::currentUser());
}
/**
diff --git a/core/lib/Drupal/Core/Access/AccessManager.php b/core/lib/Drupal/Core/Access/AccessManager.php
index 5959fd00ae6d..62ab2d6c9542 100644
--- a/core/lib/Drupal/Core/Access/AccessManager.php
+++ b/core/lib/Drupal/Core/Access/AccessManager.php
@@ -10,6 +10,7 @@
use Drupal\Core\ParamConverter\ParamConverterManager;
use Drupal\Core\Routing\RequestHelper;
use Drupal\Core\Routing\RouteProviderInterface;
+use Drupal\Core\Session\AccountInterface;
use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
use Symfony\Component\Routing\RouteCollection;
use Symfony\Component\Routing\Route;
@@ -180,6 +181,8 @@ protected function applies(Route $route) {
* The route to check access to.
* @param array $parameters
* Optional array of values to substitute into the route path patern.
+ * @param \Drupal\Core\Session\AccountInterface $account
+ * The current user.
* @param \Symfony\Component\HttpFoundation\Request $route_request
* Optional incoming request object. If not provided, one will be built
* using the route information and the current request from the container.
@@ -187,18 +190,17 @@ protected function applies(Route $route) {
* @return bool
* Returns TRUE if the user has access to the route, otherwise FALSE.
*/
- public function checkNamedRoute($route_name, array $parameters = array(), Request $route_request = NULL) {
+ public function checkNamedRoute($route_name, array $parameters = array(), AccountInterface $account, Request $route_request = NULL) {
try {
$route = $this->routeProvider->getRouteByName($route_name, $parameters);
if (empty($route_request)) {
// Create a request and copy the account from the current request.
$route_request = RequestHelper::duplicate($this->request, $this->urlGenerator->generate($route_name, $parameters));
$defaults = $parameters;
- $defaults['_account'] = $this->request->attributes->get('_account');
$defaults[RouteObjectInterface::ROUTE_OBJECT] = $route;
$route_request->attributes->add($this->paramConverterManager->enhance($defaults, $route_request));
}
- return $this->check($route, $route_request);
+ return $this->check($route, $route_request, $account);
}
catch (RouteNotFoundException $e) {
return FALSE;
@@ -217,23 +219,21 @@ public function checkNamedRoute($route_name, array $parameters = array(), Reques
* The route to check access to.
* @param \Symfony\Component\HttpFoundation\Request $request
* The incoming request object.
+ * @param \Drupal\Core\Session\AccountInterface $account
+ * The current account.
*
* @return bool
* Returns TRUE if the user has access to the route, otherwise FALSE.
- *
- * @throws \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException
- * If any access check denies access or none explicitly approve.
*/
- public function check(Route $route, Request $request) {
+ public function check(Route $route, Request $request, AccountInterface $account) {
$checks = $route->getOption('_access_checks') ?: array();
-
$conjunction = $route->getOption('_access_mode') ?: 'ALL';
if ($conjunction == 'ALL') {
- return $this->checkAll($checks, $route, $request);
+ return $this->checkAll($checks, $route, $request, $account);
}
else {
- return $this->checkAny($checks, $route, $request);
+ return $this->checkAny($checks, $route, $request, $account);
}
}
@@ -246,11 +246,13 @@ public function check(Route $route, Request $request) {
* The route to check access to.
* @param \Symfony\Component\HttpFoundation\Request $request
* The incoming request object.
+ * @param \Drupal\Core\Session\AccountInterface $account
+ * The current user.
*
* @return bool
* Returns TRUE if the user has access to the route, else FALSE.
*/
- protected function checkAll(array $checks, Route $route, Request $request) {
+ protected function checkAll(array $checks, Route $route, Request $request, AccountInterface $account) {
$access = FALSE;
foreach ($checks as $service_id) {
@@ -258,7 +260,7 @@ protected function checkAll(array $checks, Route $route, Request $request) {
$this->loadCheck($service_id);
}
- $service_access = $this->checks[$service_id]->access($route, $request);
+ $service_access = $this->checks[$service_id]->access($route, $request, $account);
if ($service_access === AccessInterface::ALLOW) {
$access = TRUE;
}
@@ -281,11 +283,13 @@ protected function checkAll(array $checks, Route $route, Request $request) {
* The route to check access to.
* @param \Symfony\Component\HttpFoundation\Request $request
* The incoming request object.
+ * @param \Drupal\Core\Session\AccountInterface $account
+ * The current user.
*
* @return bool
* Returns TRUE if the user has access to the route, else FALSE.
*/
- protected function checkAny(array $checks, $route, $request) {
+ protected function checkAny(array $checks, $route, $request, AccountInterface $account) {
// No checks == deny by default.
$access = FALSE;
@@ -294,7 +298,7 @@ protected function checkAny(array $checks, $route, $request) {
$this->loadCheck($service_id);
}
- $service_access = $this->checks[$service_id]->access($route, $request);
+ $service_access = $this->checks[$service_id]->access($route, $request, $account);
if ($service_access === AccessInterface::ALLOW) {
$access = TRUE;
}
diff --git a/core/lib/Drupal/Core/Access/CustomAccessCheck.php b/core/lib/Drupal/Core/Access/CustomAccessCheck.php
index 159d9d52618f..20f0ead0299c 100644
--- a/core/lib/Drupal/Core/Access/CustomAccessCheck.php
+++ b/core/lib/Drupal/Core/Access/CustomAccessCheck.php
@@ -8,6 +8,7 @@
namespace Drupal\Core\Access;
use Drupal\Core\Controller\ControllerResolverInterface;
+use Drupal\Core\Session\AccountInterface;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Routing\Route;
@@ -50,7 +51,7 @@ public function appliesTo() {
/**
* {@inheritdoc}
*/
- public function access(Route $route, Request $request) {
+ public function access(Route $route, Request $request, AccountInterface $account) {
$access_controller = $route->getRequirement('_custom_access');
$controller = $this->controllerResolver->getControllerFromDefinition($access_controller);
diff --git a/core/lib/Drupal/Core/Access/DefaultAccessCheck.php b/core/lib/Drupal/Core/Access/DefaultAccessCheck.php
index 46f8a639c6b2..123fc5de783e 100644
--- a/core/lib/Drupal/Core/Access/DefaultAccessCheck.php
+++ b/core/lib/Drupal/Core/Access/DefaultAccessCheck.php
@@ -7,6 +7,7 @@
namespace Drupal\Core\Access;
+use Drupal\Core\Session\AccountInterface;
use Symfony\Component\Routing\Route;
use Symfony\Component\HttpFoundation\Request;
@@ -25,7 +26,7 @@ public function appliesTo() {
/**
* {@inheritdoc}
*/
- public function access(Route $route, Request $request) {
+ public function access(Route $route, Request $request, AccountInterface $account) {
if ($route->getRequirement('_access') === 'TRUE') {
return static::ALLOW;
}
diff --git a/core/lib/Drupal/Core/DependencyInjection/YamlFileLoader.php b/core/lib/Drupal/Core/DependencyInjection/YamlFileLoader.php
index f5df4ecae939..cd7a17d24acb 100644
--- a/core/lib/Drupal/Core/DependencyInjection/YamlFileLoader.php
+++ b/core/lib/Drupal/Core/DependencyInjection/YamlFileLoader.php
@@ -107,6 +107,10 @@ protected function parseDefinition($id, $service, $filename) {
$definition->setSynthetic($service['synthetic']);
}
+ if (isset($service['synchronized'])) {
+ $definition->setSynchronized($service['synchronized']);
+ }
+
if (isset($service['public'])) {
$definition->setPublic($service['public']);
}
diff --git a/core/lib/Drupal/Core/Entity/EntityAccessCheck.php b/core/lib/Drupal/Core/Entity/EntityAccessCheck.php
index 281fb09be454..06ad0b7daadb 100644
--- a/core/lib/Drupal/Core/Entity/EntityAccessCheck.php
+++ b/core/lib/Drupal/Core/Entity/EntityAccessCheck.php
@@ -8,6 +8,7 @@
namespace Drupal\Core\Entity;
use Drupal\Core\Entity\EntityInterface;
+use Drupal\Core\Session\AccountInterface;
use Symfony\Component\Routing\Route;
use Symfony\Component\HttpFoundation\Request;
use Drupal\Core\Access\StaticAccessCheckInterface;
@@ -37,7 +38,7 @@ public function appliesTo() {
* @endcode
* Available operations are 'view', 'update', 'create', and 'delete'.
*/
- public function access(Route $route, Request $request) {
+ public function access(Route $route, Request $request, AccountInterface $account) {
// Split the entity type and the operation.
$requirement = $route->getRequirement('_entity_access');
list($entity_type, $operation) = explode('.', $requirement);
@@ -45,7 +46,7 @@ public function access(Route $route, Request $request) {
if ($request->attributes->has($entity_type)) {
$entity = $request->attributes->get($entity_type);
if ($entity instanceof EntityInterface) {
- return $entity->access($operation) ? static::ALLOW : static::DENY;
+ return $entity->access($operation, $account) ? static::ALLOW : static::DENY;
}
}
// No opinion, so other access checks should decide if access should be
diff --git a/core/lib/Drupal/Core/Entity/EntityCreateAccessCheck.php b/core/lib/Drupal/Core/Entity/EntityCreateAccessCheck.php
index 5314e7a6bdd2..5208149812ad 100644
--- a/core/lib/Drupal/Core/Entity/EntityCreateAccessCheck.php
+++ b/core/lib/Drupal/Core/Entity/EntityCreateAccessCheck.php
@@ -8,6 +8,7 @@
namespace Drupal\Core\Entity;
use Drupal\Core\Access\StaticAccessCheckInterface;
+use Drupal\Core\Session\AccountInterface;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Routing\Route;
@@ -50,7 +51,7 @@ public function appliesTo() {
/**
* {@inheritdoc}
*/
- public function access(Route $route, Request $request) {
+ public function access(Route $route, Request $request, AccountInterface $account) {
list($entity_type, $bundle) = explode(':', $route->getRequirement($this->requirementsKey) . ':');
// The bundle argument can contain request argument placeholders like
@@ -65,7 +66,7 @@ public function access(Route $route, Request $request) {
return static::DENY;
}
}
- return $this->entityManager->getAccessController($entity_type)->createAccess($bundle) ? static::ALLOW : static::DENY;
+ return $this->entityManager->getAccessController($entity_type)->createAccess($bundle, $account) ? static::ALLOW : static::DENY;
}
}
diff --git a/core/lib/Drupal/Core/EventSubscriber/AccessRouteSubscriber.php b/core/lib/Drupal/Core/EventSubscriber/AccessRouteSubscriber.php
new file mode 100644
index 000000000000..1ce500e18b20
--- /dev/null
+++ b/core/lib/Drupal/Core/EventSubscriber/AccessRouteSubscriber.php
@@ -0,0 +1,61 @@
+<?php
+
+/**
+ * @file
+ * Contains \Drupal\Core\EventSubscriber\AccessRouteSubscriber.
+ */
+
+namespace Drupal\Core\EventSubscriber;
+
+use Drupal\Core\Access\AccessManager;
+use Drupal\Core\Routing\RouteBuildEvent;
+use Drupal\Core\Routing\RoutingEvents;
+use Symfony\Component\EventDispatcher\EventSubscriberInterface;
+
+/**
+ * Provides a subscriber to set access checkers on route building.
+ */
+class AccessRouteSubscriber implements EventSubscriberInterface {
+
+ /**
+ * The access manager.
+ *
+ * @var \Drupal\Core\Access\AccessManager
+ */
+ protected $accessManager;
+
+ /**
+ * Constructs a new AccessSubscriber.
+ *
+ * @param \Drupal\Core\Access\AccessManager $access_manager
+ * The access check manager that will be responsible for applying
+ * AccessCheckers against routes.
+ */
+ public function __construct(AccessManager $access_manager) {
+ $this->accessManager = $access_manager;
+ }
+
+ /**
+ * Apply access checks to routes.
+ *
+ * @param \Drupal\Core\Routing\RouteBuildEvent $event
+ * The event to process.
+ */
+ public function onRoutingRouteAlterSetAccessCheck(RouteBuildEvent $event) {
+ $this->accessManager->setChecks($event->getRouteCollection());
+ }
+
+ /**
+ * Registers the methods in this class that should be listeners.
+ *
+ * @return array
+ * An array of event listener definitions.
+ */
+ static function getSubscribedEvents() {
+ // Setting very low priority to ensure access checks are run after alters.
+ $events[RoutingEvents::ALTER][] = array('onRoutingRouteAlterSetAccessCheck', -50);
+
+ return $events;
+ }
+
+}
diff --git a/core/lib/Drupal/Core/EventSubscriber/AccessSubscriber.php b/core/lib/Drupal/Core/EventSubscriber/AccessSubscriber.php
index 33e7274ea651..09261a6c5098 100644
--- a/core/lib/Drupal/Core/EventSubscriber/AccessSubscriber.php
+++ b/core/lib/Drupal/Core/EventSubscriber/AccessSubscriber.php
@@ -7,29 +7,45 @@
namespace Drupal\Core\EventSubscriber;
+use Drupal\Core\Access\AccessManager;
+use Drupal\Core\Session\AccountInterface;
use Symfony\Cmf\Component\Routing\RouteObjectInterface;
use Symfony\Component\HttpKernel\KernelEvents;
use Symfony\Component\HttpKernel\Event\GetResponseEvent;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
-use Drupal\Core\Routing\RoutingEvents;
-use Drupal\Core\Access\AccessManager;
-use Drupal\Core\Routing\RouteBuildEvent;
/**
* Access subscriber for controller requests.
*/
class AccessSubscriber implements EventSubscriberInterface {
+ /**
+ * The current user.
+ *
+ * @var \Drupal\Core\Session\AccountInterface
+ */
+ protected $currentUser;
+
+ /**
+ * The access manager.
+ *
+ * @var \Drupal\Core\Access\AccessManager
+ */
+ protected $accessManager;
+
/**
* Constructs a new AccessSubscriber.
*
* @param \Drupal\Core\Access\AccessManager $access_manager
* The access check manager that will be responsible for applying
* AccessCheckers against routes.
+ * @param \Drupal\Core\Session\AccountInterface $current_user
+ * The current user.
*/
- public function __construct(AccessManager $access_manager) {
+ public function __construct(AccessManager $access_manager, AccountInterface $current_user) {
$this->accessManager = $access_manager;
+ $this->currentUser = $current_user;
}
/**
@@ -37,6 +53,9 @@ public function __construct(AccessManager $access_manager) {
*
* @param \Symfony\Component\HttpKernel\Event\GetResponseEvent $event
* The Event to process.
+ *
+ * @throws \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException
+ * Thrown when the access got denied.
*/
public function onKernelRequestAccessCheck(GetResponseEvent $event) {
$request = $event->getRequest();
@@ -46,20 +65,20 @@ public function onKernelRequestAccessCheck(GetResponseEvent $event) {
return;
}
- $access = $this->accessManager->check($request->attributes->get(RouteObjectInterface::ROUTE_OBJECT), $request);
+ $access = $this->accessManager->check($request->attributes->get(RouteObjectInterface::ROUTE_OBJECT), $request, $this->currentUser);
if (!$access) {
throw new AccessDeniedHttpException();
}
}
/**
- * Apply access checks to routes.
+ * Sets the current user.
*
- * @param \Drupal\Core\Routing\RouteBuildEvent $event
- * The event to process.
+ * @param \Drupal\Core\Session\AccountInterface|null $current_user
+ * The current user service.
*/
- public function onRoutingRouteAlterSetAccessCheck(RouteBuildEvent $event) {
- $this->accessManager->setChecks($event->getRouteCollection());
+ public function setCurrentUser(AccountInterface $current_user = NULL) {
+ $this->currentUser = $current_user;
}
/**
@@ -70,9 +89,8 @@ public function onRoutingRouteAlterSetAccessCheck(RouteBuildEvent $event) {
*/
static function getSubscribedEvents() {
$events[KernelEvents::REQUEST][] = array('onKernelRequestAccessCheck', 30);
- // Setting very low priority to ensure access checks are run after alters.
- $events[RoutingEvents::ALTER][] = array('onRoutingRouteAlterSetAccessCheck', -50);
return $events;
}
+
}
diff --git a/core/lib/Drupal/Core/Menu/LocalActionManager.php b/core/lib/Drupal/Core/Menu/LocalActionManager.php
index a6c78b062f7f..32ae80e57bb2 100644
--- a/core/lib/Drupal/Core/Menu/LocalActionManager.php
+++ b/core/lib/Drupal/Core/Menu/LocalActionManager.php
@@ -20,6 +20,7 @@
use Drupal\Core\Routing\RouteProviderInterface;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpKernel\Controller\ControllerResolverInterface;
+use Drupal\Core\Session\AccountInterface;
/**
* Manages discovery and instantiation of menu local action plugins.
@@ -83,6 +84,13 @@ class LocalActionManager extends DefaultPluginManager {
*/
protected $accessManager;
+ /**
+ * The current user.
+ *
+ * @var \Drupal\Core\Session\AccountInterface
+ */
+ protected $account;
+
/**
* The plugin instances.
*
@@ -109,7 +117,7 @@ class LocalActionManager extends DefaultPluginManager {
* @param \Drupal\Core\Access\AccessManager $access_manager
* The access manager.
*/
- public function __construct(ControllerResolverInterface $controller_resolver, Request $request, RouteProviderInterface $route_provider, ModuleHandlerInterface $module_handler, CacheBackendInterface $cache_backend, LanguageManager $language_manager, AccessManager $access_manager) {
+ public function __construct(ControllerResolverInterface $controller_resolver, Request $request, RouteProviderInterface $route_provider, ModuleHandlerInterface $module_handler, CacheBackendInterface $cache_backend, LanguageManager $language_manager, AccessManager $access_manager, AccountInterface $account) {
// Skip calling the parent constructor, since that assumes annotation-based
// discovery.
$this->discovery = new YamlDiscovery('local_actions', $module_handler->getModuleDirectories());
@@ -117,6 +125,7 @@ public function __construct(ControllerResolverInterface $controller_resolver, Re
$this->factory = new ContainerFactory($this);
$this->routeProvider = $route_provider;
$this->accessManager = $access_manager;
+ $this->account = $account;
$this->controllerResolver = $controller_resolver;
$this->request = $request;
$this->alterInfo($module_handler, 'menu_local_actions');
@@ -181,7 +190,7 @@ public function getActionsForRoute($route_appears) {
'route_parameters' => $route_parameters,
'localized_options' => $plugin->getOptions($this->request),
),
- '#access' => $this->accessManager->checkNamedRoute($route_name, $route_parameters),
+ '#access' => $this->accessManager->checkNamedRoute($route_name, $route_parameters, $this->account),
'#weight' => $plugin->getWeight(),
);
}
diff --git a/core/lib/Drupal/Core/Menu/LocalTaskManager.php b/core/lib/Drupal/Core/Menu/LocalTaskManager.php
index 0d17aa3da4ff..0acf4bc83aa9 100644
--- a/core/lib/Drupal/Core/Menu/LocalTaskManager.php
+++ b/core/lib/Drupal/Core/Menu/LocalTaskManager.php
@@ -18,6 +18,7 @@
use Drupal\Core\Plugin\Discovery\YamlDiscovery;
use Drupal\Core\Plugin\Factory\ContainerFactory;
use Drupal\Core\Routing\RouteProviderInterface;
+use Drupal\Core\Session\AccountInterface;
use Symfony\Component\HttpFoundation\Request;
/**
@@ -88,6 +89,13 @@ class LocalTaskManager extends DefaultPluginManager {
*/
protected $accessManager;
+ /**
+ * The current user.
+ *
+ * @var \Drupal\Core\Session\AccountInterface
+ */
+ protected $account;
+
/**
* Constructs a \Drupal\Core\Menu\LocalTaskManager object.
*
@@ -105,8 +113,10 @@ class LocalTaskManager extends DefaultPluginManager {
* The language manager.
* @param \Drupal\Core\Access\AccessManager $access_manager
* The access manager.
+ * @param \Drupal\Core\Session\AccountInterface $account
+ * The current user.
*/
- public function __construct(ControllerResolverInterface $controller_resolver, Request $request, RouteProviderInterface $route_provider, ModuleHandlerInterface $module_handler, CacheBackendInterface $cache, LanguageManager $language_manager, AccessManager $access_manager) {
+ public function __construct(ControllerResolverInterface $controller_resolver, Request $request, RouteProviderInterface $route_provider, ModuleHandlerInterface $module_handler, CacheBackendInterface $cache, LanguageManager $language_manager, AccessManager $access_manager, AccountInterface $account) {
$this->discovery = new YamlDiscovery('local_tasks', $module_handler->getModuleDirectories());
$this->discovery = new ContainerDerivativeDiscoveryDecorator($this->discovery);
$this->factory = new ContainerFactory($this);
@@ -114,6 +124,7 @@ public function __construct(ControllerResolverInterface $controller_resolver, Re
$this->request = $request;
$this->routeProvider = $route_provider;
$this->accessManager = $access_manager;
+ $this->account = $account;
$this->alterInfo($module_handler, 'local_tasks');
$this->setCacheBackend($cache, $language_manager, 'local_task_plugins', array('local_task' => 1));
}
@@ -265,7 +276,7 @@ public function getTasksBuild($current_route_name) {
$route_parameters = $child->getRouteParameters($this->request);
// Find out whether the user has access to the task.
- $access = $this->accessManager->checkNamedRoute($route_name, $route_parameters);
+ $access = $this->accessManager->checkNamedRoute($route_name, $route_parameters, $this->account);
if ($access) {
$active = $this->isRouteActive($current_route_name, $route_name, $route_parameters);
diff --git a/core/lib/Drupal/Core/Routing/Access/AccessInterface.php b/core/lib/Drupal/Core/Routing/Access/AccessInterface.php
index 3d93eea73195..2d80c6df7cf2 100644
--- a/core/lib/Drupal/Core/Routing/Access/AccessInterface.php
+++ b/core/lib/Drupal/Core/Routing/Access/AccessInterface.php
@@ -8,6 +8,7 @@
namespace Drupal\Core\Routing\Access;
use Drupal\Core\Access\AccessInterface as GenericAccessInterface;
+use Drupal\Core\Session\AccountInterface;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Routing\Route;
@@ -23,10 +24,12 @@ interface AccessInterface extends GenericAccessInterface {
* The route to check against.
* @param \Symfony\Component\HttpFoundation\Request $request
* The request object.
+ * @param \Drupal\Core\Session\AccountInterface $account
+ * The currently logged in account.
*
* @return bool|null
* self::ALLOW, self::DENY, or self::KILL.
*/
- public function access(Route $route, Request $request);
+ public function access(Route $route, Request $request, AccountInterface $account);
}
diff --git a/core/lib/Drupal/Core/Routing/Enhancer/AuthenticationEnhancer.php b/core/lib/Drupal/Core/Routing/Enhancer/AuthenticationEnhancer.php
index a68d83b95bd7..701241265096 100644
--- a/core/lib/Drupal/Core/Routing/Enhancer/AuthenticationEnhancer.php
+++ b/core/lib/Drupal/Core/Routing/Enhancer/AuthenticationEnhancer.php
@@ -9,6 +9,7 @@
use Drupal\Core\Authentication\AuthenticationManagerInterface;
use Symfony\Cmf\Component\Routing\Enhancer\RouteEnhancerInterface;
+use Symfony\Component\DependencyInjection\ContainerAware;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Cmf\Component\Routing\RouteObjectInterface;
@@ -20,7 +21,7 @@
* all authentication mechanisms. Instead, we check if the used provider is
* valid for the matched route and if not, force the user to anonymous.
*/
-class AuthenticationEnhancer implements RouteEnhancerInterface {
+class AuthenticationEnhancer extends ContainerAware implements RouteEnhancerInterface {
/**
* The authentication manager.
@@ -52,6 +53,9 @@ public function enhance(array $defaults, Request $request) {
// force the user back to anonymous.
if (!in_array($auth_provider_triggered, $auth_providers)) {
$anonymous_user = drupal_anonymous_user();
+
+ $this->container->set('current_user', $anonymous_user, 'request');
+ // @todo Remove this in https://drupal.org/node/2073531
$request->attributes->set('_account', $anonymous_user);
// The global $user object is included for backward compatibility only
diff --git a/core/lib/Drupal/Core/Theme/ThemeAccessCheck.php b/core/lib/Drupal/Core/Theme/ThemeAccessCheck.php
index 90e4a79634d9..7da53eff6a7b 100644
--- a/core/lib/Drupal/Core/Theme/ThemeAccessCheck.php
+++ b/core/lib/Drupal/Core/Theme/ThemeAccessCheck.php
@@ -8,6 +8,7 @@
namespace Drupal\Core\Theme;
use Drupal\Core\Access\StaticAccessCheckInterface;
+use Drupal\Core\Session\AccountInterface;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Routing\Route;
@@ -26,7 +27,7 @@ public function appliesTo() {
/**
* {@inheritdoc}
*/
- public function access(Route $route, Request $request) {
+ public function access(Route $route, Request $request, AccountInterface $account) {
return $this->checkAccess($request->attributes->get('theme')) ? static::ALLOW : static::DENY;
}
diff --git a/core/modules/aggregator/lib/Drupal/aggregator/Access/CategoriesAccessCheck.php b/core/modules/aggregator/lib/Drupal/aggregator/Access/CategoriesAccessCheck.php
index 32a0aa1b2a49..6a6a9a5fe2e7 100644
--- a/core/modules/aggregator/lib/Drupal/aggregator/Access/CategoriesAccessCheck.php
+++ b/core/modules/aggregator/lib/Drupal/aggregator/Access/CategoriesAccessCheck.php
@@ -9,6 +9,7 @@
use Drupal\Core\Access\StaticAccessCheckInterface;
use Drupal\Core\Database\Connection;
+use Drupal\Core\Session\AccountInterface;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Routing\Route;
@@ -44,10 +45,8 @@ public function appliesTo() {
/**
* {@inheritdoc}
*/
- public function access(Route $route, Request $request) {
- // @todo Replace user_access() with a correctly injected and session-using
- // alternative.
- return user_access('access news feeds') && (bool) $this->database->queryRange('SELECT 1 FROM {aggregator_category}', 0, 1)->fetchField() ? static::ALLOW : static::DENY;
+ public function access(Route $route, Request $request, AccountInterface $account) {
+ return $account->hasPermission('access news feeds') && (bool) $this->database->queryRange('SELECT 1 FROM {aggregator_category}', 0, 1)->fetchField() ? static::ALLOW : static::DENY;
}
}
diff --git a/core/modules/book/book.services.yml b/core/modules/book/book.services.yml
index c290e67d0f78..fa7c66c487c8 100644
--- a/core/modules/book/book.services.yml
+++ b/core/modules/book/book.services.yml
@@ -1,7 +1,7 @@
services:
book.breadcrumb:
class: Drupal\book\BookBreadcrumbBuilder
- arguments: ['@entity.manager', '@access_manager']
+ arguments: ['@entity.manager', '@access_manager', '@current_user']
tags:
- { name: breadcrumb_builder, priority: 701 }
book.manager:
diff --git a/core/modules/book/lib/Drupal/book/Access/BookNodeIsRemovableAccessCheck.php b/core/modules/book/lib/Drupal/book/Access/BookNodeIsRemovableAccessCheck.php
index ccf343cc2cd1..c80ae272a5ad 100644
--- a/core/modules/book/lib/Drupal/book/Access/BookNodeIsRemovableAccessCheck.php
+++ b/core/modules/book/lib/Drupal/book/Access/BookNodeIsRemovableAccessCheck.php
@@ -9,6 +9,7 @@
use Drupal\book\BookManager;
use Drupal\Core\Access\StaticAccessCheckInterface;
+use Drupal\Core\Session\AccountInterface;
use Symfony\Component\Routing\Route;
use Symfony\Component\HttpFoundation\Request;
@@ -44,7 +45,7 @@ public function appliesTo() {
/**
* {@inheritdoc}
*/
- public function access(Route $route, Request $request) {
+ public function access(Route $route, Request $request, AccountInterface $account) {
$node = $request->attributes->get('node');
if (!empty($node)) {
return $this->bookManager->checkNodeIsRemovable($node) ? static::ALLOW : static::DENY;
diff --git a/core/modules/book/lib/Drupal/book/BookBreadcrumbBuilder.php b/core/modules/book/lib/Drupal/book/BookBreadcrumbBuilder.php
index dd4f91976ab1..06522864540e 100644
--- a/core/modules/book/lib/Drupal/book/BookBreadcrumbBuilder.php
+++ b/core/modules/book/lib/Drupal/book/BookBreadcrumbBuilder.php
@@ -10,6 +10,7 @@
use Drupal\Core\Access\AccessManager;
use Drupal\Core\Breadcrumb\BreadcrumbBuilderBase;
use Drupal\Core\Entity\EntityManager;
+use Drupal\Core\Session\AccountInterface;
use Drupal\node\NodeInterface;
/**
@@ -31,6 +32,13 @@ class BookBreadcrumbBuilder extends BreadcrumbBuilderBase {
*/
protected $accessManager;
+ /**
+ * The current user account.
+ *
+ * @var \Drupal\Core\Session\AccountInterface
+ */
+ protected $account;
+
/**
* Constructs the BookBreadcrumbBuilder.
*
@@ -38,10 +46,13 @@ class BookBreadcrumbBuilder extends BreadcrumbBuilderBase {
* The entity manager service.
* @param \Drupal\Core\Access\AccessManager $access_manager
* The access manager.
+ * @param \Drupal\Core\Session\AccountInterface $account
+ * The current user account.
*/
- public function __construct(EntityManager $entity_manager, AccessManager $access_manager) {
+ public function __construct(EntityManager $entity_manager, AccessManager $access_manager, AccountInterface $account) {
$this->menuLinkStorage = $entity_manager->getStorageController('menu_link');
$this->accessManager = $access_manager;
+ $this->account = $account;
}
/**
@@ -63,7 +74,7 @@ public function build(array $attributes) {
$depth = 1;
while (!empty($book['p' . ($depth + 1)])) {
if (!empty($menu_links[$book['p' . $depth]]) && ($menu_link = $menu_links[$book['p' . $depth]])) {
- if ($this->accessManager->checkNamedRoute($menu_link->route_name, $menu_link->route_parameters)) {
+ if ($this->accessManager->checkNamedRoute($menu_link->route_name, $menu_link->route_parameters, $this->account)) {
$links[] = $this->l($menu_link->label(), $menu_link->route_name, $menu_link->route_parameters, $menu_link->options);
}
}
diff --git a/core/modules/contact/contact.module b/core/modules/contact/contact.module
index 4cdea7583a37..17900fa8fac0 100644
--- a/core/modules/contact/contact.module
+++ b/core/modules/contact/contact.module
@@ -109,7 +109,7 @@ function contact_menu() {
* @see contact_menu()
*/
function _contact_personal_tab_access(UserInterface $account) {
- return \Drupal::service('access_manager')->checkNamedRoute('contact.personal_page', array('user' => $account->id()));
+ return \Drupal::service('access_manager')->checkNamedRoute('contact.personal_page', array('user' => $account->id()), \Drupal::currentUser());
}
/**
diff --git a/core/modules/contact/lib/Drupal/contact/Access/ContactPageAccess.php b/core/modules/contact/lib/Drupal/contact/Access/ContactPageAccess.php
index 0bfee5c33a10..182cc1a4d04c 100644
--- a/core/modules/contact/lib/Drupal/contact/Access/ContactPageAccess.php
+++ b/core/modules/contact/lib/Drupal/contact/Access/ContactPageAccess.php
@@ -9,6 +9,7 @@
use Drupal\Core\Access\StaticAccessCheckInterface;
use Drupal\Core\Config\ConfigFactory;
+use Drupal\Core\Session\AccountInterface;
use Drupal\user\UserDataInterface;
use Symfony\Component\Routing\Route;
use Symfony\Component\HttpFoundation\Request;
@@ -55,10 +56,8 @@ public function appliesTo() {
/**
* {@inheritdoc}
*/
- public function access(Route $route, Request $request) {
+ public function access(Route $route, Request $request, AccountInterface $account) {
$contact_account = $request->attributes->get('user');
- // @todo revisit after https://drupal.org/node/2048223
- $user = \Drupal::currentUser();
// Anonymous users cannot have contact forms.
if ($contact_account->isAnonymous()) {
@@ -66,12 +65,12 @@ public function access(Route $route, Request $request) {
}
// Users may not contact themselves.
- if ($user->id() == $contact_account->id()) {
+ if ($account->id() == $contact_account->id()) {
return static::DENY;
}
// User administrators should always have access to personal contact forms.
- if ($user->hasPermission('administer users')) {
+ if ($account->hasPermission('administer users')) {
return static::ALLOW;
}
@@ -92,7 +91,7 @@ public function access(Route $route, Request $request) {
return static::DENY;
}
- return $user->hasPermission('access user contact forms') ? static::ALLOW : static::DENY;
+ return $account->hasPermission('access user contact forms') ? static::ALLOW : static::DENY;
}
}
diff --git a/core/modules/content_translation/lib/Drupal/content_translation/Access/ContentTranslationManageAccessCheck.php b/core/modules/content_translation/lib/Drupal/content_translation/Access/ContentTranslationManageAccessCheck.php
index 330e21db0dda..98dbfaad5866 100644
--- a/core/modules/content_translation/lib/Drupal/content_translation/Access/ContentTranslationManageAccessCheck.php
+++ b/core/modules/content_translation/lib/Drupal/content_translation/Access/ContentTranslationManageAccessCheck.php
@@ -10,6 +10,7 @@
use Drupal\Core\Entity\EntityManager;
use Drupal\Core\Access\StaticAccessCheckInterface;
use Drupal\Core\Language\Language;
+use Drupal\Core\Session\AccountInterface;
use Symfony\Component\Routing\Route;
use Symfony\Component\HttpFoundation\Request;
@@ -45,7 +46,7 @@ public function appliesTo() {
/**
* {@inheritdoc}
*/
- public function access(Route $route, Request $request) {
+ public function access(Route $route, Request $request, AccountInterface $account) {
$entity_type = $request->attributes->get('_entity_type');
if ($entity = $request->attributes->get($entity_type)) {
$route_requirements = $route->getRequirements();
diff --git a/core/modules/content_translation/lib/Drupal/content_translation/Access/ContentTranslationOverviewAccess.php b/core/modules/content_translation/lib/Drupal/content_translation/Access/ContentTranslationOverviewAccess.php
index 60a42148ba5f..f6fe2484e42a 100644
--- a/core/modules/content_translation/lib/Drupal/content_translation/Access/ContentTranslationOverviewAccess.php
+++ b/core/modules/content_translation/lib/Drupal/content_translation/Access/ContentTranslationOverviewAccess.php
@@ -7,8 +7,9 @@
namespace Drupal\content_translation\Access;
-use Drupal\Core\Entity\EntityManager;
use Drupal\Core\Access\StaticAccessCheckInterface;
+use Drupal\Core\Entity\EntityManager;
+use Drupal\Core\Session\AccountInterface;
use Symfony\Component\Routing\Route;
use Symfony\Component\HttpFoundation\Request;
@@ -44,15 +45,12 @@ public function appliesTo() {
/**
* {@inheritdoc}
*/
- public function access(Route $route, Request $request) {
+ public function access(Route $route, Request $request, AccountInterface $account) {
$entity_type = $request->attributes->get('_entity_type');
if ($entity = $request->attributes->get($entity_type)) {
// Get entity base info.
$bundle = $entity->bundle();
- // Get account details from request.
- $account = \Drupal::currentUser();
-
// Get entity access callback.
$definitions = $this->entityManager->getDefinitions();
$access_callback = $definitions[$entity_type]['translation']['content_translation']['access_callback'];
diff --git a/core/modules/edit/lib/Drupal/edit/Access/EditEntityAccessCheck.php b/core/modules/edit/lib/Drupal/edit/Access/EditEntityAccessCheck.php
index 95c7ba27b3db..bf7cfdccb5e1 100644
--- a/core/modules/edit/lib/Drupal/edit/Access/EditEntityAccessCheck.php
+++ b/core/modules/edit/lib/Drupal/edit/Access/EditEntityAccessCheck.php
@@ -8,6 +8,7 @@
namespace Drupal\edit\Access;
use Drupal\Core\Access\StaticAccessCheckInterface;
+use Drupal\Core\Session\AccountInterface;
use Symfony\Component\Routing\Route;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
@@ -47,20 +48,20 @@ public function appliesTo() {
/**
* {@inheritdoc}
*/
- public function access(Route $route, Request $request) {
+ public function access(Route $route, Request $request, AccountInterface $account) {
// @todo Request argument validation and object loading should happen
// elsewhere in the request processing pipeline:
// http://drupal.org/node/1798214.
$this->validateAndUpcastRequestAttributes($request);
- return $this->accessEditEntity($request->attributes->get('entity')) ? static::ALLOW : static::DENY;
+ return $this->accessEditEntity($request->attributes->get('entity'), $account) ? static::ALLOW : static::DENY;
}
/**
* {@inheritdoc}
*/
- protected function accessEditEntity(EntityInterface $entity) {
- return $entity->access('update');
+ protected function accessEditEntity(EntityInterface $entity, $account) {
+ return $entity->access('update', $account);
}
/**
diff --git a/core/modules/edit/lib/Drupal/edit/Access/EditEntityFieldAccessCheck.php b/core/modules/edit/lib/Drupal/edit/Access/EditEntityFieldAccessCheck.php
index ddecebfb44bf..d0d502f69f66 100644
--- a/core/modules/edit/lib/Drupal/edit/Access/EditEntityFieldAccessCheck.php
+++ b/core/modules/edit/lib/Drupal/edit/Access/EditEntityFieldAccessCheck.php
@@ -9,6 +9,7 @@
use Drupal\Core\Access\StaticAccessCheckInterface;
use Drupal\edit\Access\EditEntityFieldAccessCheckInterface;
+use Drupal\Core\Session\AccountInterface;
use Symfony\Component\Routing\Route;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
@@ -58,7 +59,7 @@ public function appliesTo() {
/**
* {@inheritdoc}
*/
- public function access(Route $route, Request $request) {
+ public function access(Route $route, Request $request, AccountInterface $account) {
// @todo Request argument validation and object loading should happen
// elsewhere in the request processing pipeline:
// http://drupal.org/node/1798214.
diff --git a/core/modules/edit/tests/Drupal/edit/Tests/Access/EditEntityAccessCheckTest.php b/core/modules/edit/tests/Drupal/edit/Tests/Access/EditEntityAccessCheckTest.php
index ccf1dd5a8f28..284f400f2cd3 100644
--- a/core/modules/edit/tests/Drupal/edit/Tests/Access/EditEntityAccessCheckTest.php
+++ b/core/modules/edit/tests/Drupal/edit/Tests/Access/EditEntityAccessCheckTest.php
@@ -119,7 +119,8 @@ public function testAccess(EntityInterface $entity, $expected_result) {
$request->attributes->set('entity', $entity);
$request->attributes->set('entity_type', 'test_entity');
- $access = $this->editAccessCheck->access($route, $request);
+ $account = $this->getMock('Drupal\Core\Session\AccountInterface');
+ $access = $this->editAccessCheck->access($route, $request, $account);
$this->assertSame($expected_result, $access);
}
@@ -138,7 +139,8 @@ public function testAccessWithUndefinedEntityType() {
->with('non_valid')
->will($this->returnValue(NULL));
- $this->editAccessCheck->access($route, $request);
+ $account = $this->getMock('Drupal\Core\Session\AccountInterface');
+ $this->editAccessCheck->access($route, $request, $account);
}
/**
@@ -162,7 +164,8 @@ public function testAccessWithNotExistingEntity() {
->with(1)
->will($this->returnValue(NULL));
- $this->editAccessCheck->access($route, $request);
+ $account = $this->getMock('Drupal\Core\Session\AccountInterface');
+ $this->editAccessCheck->access($route, $request, $account);
}
}
diff --git a/core/modules/edit/tests/Drupal/edit/Tests/Access/EditEntityFieldAccessCheckTest.php b/core/modules/edit/tests/Drupal/edit/Tests/Access/EditEntityFieldAccessCheckTest.php
index ac438579c928..148e4bf3f499 100644
--- a/core/modules/edit/tests/Drupal/edit/Tests/Access/EditEntityFieldAccessCheckTest.php
+++ b/core/modules/edit/tests/Drupal/edit/Tests/Access/EditEntityFieldAccessCheckTest.php
@@ -164,7 +164,8 @@ public function testAccess(EntityInterface $entity, FieldInterface $field = NULL
)
)));
- $access = $this->editAccessCheck->access($route, $request);
+ $account = $this->getMock('Drupal\Core\Session\AccountInterface');
+ $access = $this->editAccessCheck->access($route, $request, $account);
$this->assertSame($expected_result, $access);
}
@@ -183,7 +184,8 @@ public function testAccessWithUndefinedEntityType() {
->with('non_valid')
->will($this->returnValue(NULL));
- $this->editAccessCheck->access($route, $request);
+ $account = $this->getMock('Drupal\Core\Session\AccountInterface');
+ $this->editAccessCheck->access($route, $request, $account);
}
/**
@@ -207,7 +209,8 @@ public function testAccessWithNotExistingEntity() {
->with(1)
->will($this->returnValue(NULL));
- $this->editAccessCheck->access($route, $request);
+ $account = $this->getMock('Drupal\Core\Session\AccountInterface');
+ $this->editAccessCheck->access($route, $request, $account);
}
/**
@@ -226,7 +229,8 @@ public function testAccessWithNotPassedFieldName() {
$request->attributes->set('entity', $entity);
- $this->editAccessCheck->access($route, $request);
+ $account = $this->getMock('Drupal\Core\Session\AccountInterface');
+ $this->editAccessCheck->access($route, $request, $account);
}
/**
@@ -257,7 +261,8 @@ public function testAccessWithNonExistingField() {
->with('entity_test', 'test_bundle', 'not_valid')
->will($this->returnValue(NULL));
- $this->editAccessCheck->access($route, $request);
+ $account = $this->getMock('Drupal\Core\Session\AccountInterface');
+ $this->editAccessCheck->access($route, $request, $account);
}
/**
@@ -285,7 +290,8 @@ public function testAccessWithNotPassedLanguage() {
->method('getInstance')
->will($this->returnValue($field));
- $this->editAccessCheck->access($route, $request);
+ $account = $this->getMock('Drupal\Core\Session\AccountInterface');
+ $this->editAccessCheck->access($route, $request, $account);
}
/**
@@ -314,7 +320,8 @@ public function testAccessWithInvalidLanguage() {
->method('getInstance')
->will($this->returnValue($field));
- $this->editAccessCheck->access($route, $request);
+ $account = $this->getMock('Drupal\Core\Session\AccountInterface');
+ $this->editAccessCheck->access($route, $request, $account);
}
}
diff --git a/core/modules/field_ui/lib/Drupal/field_ui/Access/FormModeAccessCheck.php b/core/modules/field_ui/lib/Drupal/field_ui/Access/FormModeAccessCheck.php
index 5a9a2bee7583..92e3790ba0f6 100644
--- a/core/modules/field_ui/lib/Drupal/field_ui/Access/FormModeAccessCheck.php
+++ b/core/modules/field_ui/lib/Drupal/field_ui/Access/FormModeAccessCheck.php
@@ -8,6 +8,7 @@
namespace Drupal\field_ui\Access;
use Drupal\Core\Access\StaticAccessCheckInterface;
+use Drupal\Core\Session\AccountInterface;
use Symfony\Component\Routing\Route;
use Symfony\Component\HttpFoundation\Request;
@@ -26,7 +27,7 @@ public function appliesTo() {
/**
* {@inheritdoc}
*/
- public function access(Route $route, Request $request) {
+ public function access(Route $route, Request $request, AccountInterface $account) {
if ($entity_type = $request->attributes->get('entity_type')) {
$bundle = $request->attributes->get('bundle');
$form_mode = $request->attributes->get('mode');
@@ -43,7 +44,7 @@ public function access(Route $route, Request $request) {
if ($visibility) {
$permission = $route->getRequirement('_field_ui_form_mode_access');
- return user_access($permission) ? static::ALLOW : static::DENY;
+ return $account->hasPermission($permission) ? static::ALLOW : static::DENY;
}
}
}
diff --git a/core/modules/field_ui/lib/Drupal/field_ui/Access/ViewModeAccessCheck.php b/core/modules/field_ui/lib/Drupal/field_ui/Access/ViewModeAccessCheck.php
index f841d60734ff..2fe350b23684 100644
--- a/core/modules/field_ui/lib/Drupal/field_ui/Access/ViewModeAccessCheck.php
+++ b/core/modules/field_ui/lib/Drupal/field_ui/Access/ViewModeAccessCheck.php
@@ -8,6 +8,7 @@
namespace Drupal\field_ui\Access;
use Drupal\Core\Access\StaticAccessCheckInterface;
+use Drupal\Core\Session\AccountInterface;
use Symfony\Component\Routing\Route;
use Symfony\Component\HttpFoundation\Request;
@@ -26,7 +27,7 @@ public function appliesTo() {
/**
* {@inheritdoc}
*/
- public function access(Route $route, Request $request) {
+ public function access(Route $route, Request $request, AccountInterface $account) {
if ($entity_type = $request->attributes->get('entity_type')) {
$bundle = $request->attributes->get('bundle');
$view_mode = $request->attributes->get('mode');
@@ -43,7 +44,7 @@ public function access(Route $route, Request $request) {
if ($visibility) {
$permission = $route->getRequirement('_field_ui_view_mode_access');
- return user_access($permission) ? static::ALLOW : static::DENY;
+ return $account->hasPermission($permission) ? static::ALLOW : static::DENY;
}
}
}
diff --git a/core/modules/filter/lib/Drupal/filter/Access/FormatDisableCheck.php b/core/modules/filter/lib/Drupal/filter/Access/FormatDisableCheck.php
index 368aa9798c52..d78c103f9fd2 100644
--- a/core/modules/filter/lib/Drupal/filter/Access/FormatDisableCheck.php
+++ b/core/modules/filter/lib/Drupal/filter/Access/FormatDisableCheck.php
@@ -8,6 +8,7 @@
namespace Drupal\filter\Access;
use Drupal\Core\Access\StaticAccessCheckInterface;
+use Drupal\Core\Session\AccountInterface;
use Symfony\Component\Routing\Route;
use Symfony\Component\HttpFoundation\Request;
@@ -26,7 +27,7 @@ public function appliesTo() {
/**
* {@inheritdoc}
*/
- public function access(Route $route, Request $request) {
+ public function access(Route $route, Request $request, AccountInterface $account) {
$format = $request->attributes->get('filter_format');
return ($format && !$format->isFallbackFormat()) ? static::ALLOW : static::DENY;
}
diff --git a/core/modules/node/lib/Drupal/node/Access/NodeAddAccessCheck.php b/core/modules/node/lib/Drupal/node/Access/NodeAddAccessCheck.php
index 6608ff84dfdf..f67232d68f3c 100644
--- a/core/modules/node/lib/Drupal/node/Access/NodeAddAccessCheck.php
+++ b/core/modules/node/lib/Drupal/node/Access/NodeAddAccessCheck.php
@@ -8,6 +8,7 @@
namespace Drupal\node\Access;
use Drupal\Core\Entity\EntityCreateAccessCheck;
+use Drupal\Core\Session\AccountInterface;
use Symfony\Component\Routing\Route;
use Symfony\Component\HttpFoundation\Request;
@@ -24,14 +25,14 @@ class NodeAddAccessCheck extends EntityCreateAccessCheck {
/**
* {@inheritdoc}
*/
- public function access(Route $route, Request $request) {
+ public function access(Route $route, Request $request, AccountInterface $account) {
$access_controller = $this->entityManager->getAccessController('node');
// If a node type is set on the request, just check that.
if ($request->attributes->has('node_type')) {
- return $access_controller->createAccess($request->attributes->get('node_type')->type) ? static::ALLOW : static::DENY;
+ return $access_controller->createAccess($request->attributes->get('node_type')->type, $account) ? static::ALLOW : static::DENY;
}
foreach (node_permissions_get_configured_types() as $type) {
- if ($access_controller->createAccess($type->type)) {
+ if ($access_controller->createAccess($type->type, $account)) {
// Allow access if at least one type is permitted.
return static::ALLOW;
}
diff --git a/core/modules/node/lib/Drupal/node/Access/NodeRevisionAccessCheck.php b/core/modules/node/lib/Drupal/node/Access/NodeRevisionAccessCheck.php
index ddd41765e9b1..fb57c07c3c93 100644
--- a/core/modules/node/lib/Drupal/node/Access/NodeRevisionAccessCheck.php
+++ b/core/modules/node/lib/Drupal/node/Access/NodeRevisionAccessCheck.php
@@ -72,7 +72,7 @@ public function applies(Route $route) {
/**
* {@inheritdoc}
*/
- public function access(Route $route, Request $request) {
+ public function access(Route $route, Request $request, AccountInterface $account) {
// If the route has a {node_revision} placeholder, load the node for that
// revision. Otherwise, try to use a {node} placeholder.
if ($request->attributes->has('node_revision')) {
@@ -84,7 +84,7 @@ public function access(Route $route, Request $request) {
else {
return static::DENY;
}
- return $this->checkAccess($node, $route->getRequirement('_access_node_revision')) ? static::ALLOW : static::DENY;
+ return $this->checkAccess($node, $account, $route->getRequirement('_access_node_revision')) ? static::ALLOW : static::DENY;
}
/**
@@ -92,12 +92,11 @@ public function access(Route $route, Request $request) {
*
* @param \Drupal\node\NodeInterface $node
* The node to check.
+ * @param \Drupal\Core\Session\AccountInterface $account
+ * A user object representing the user for whom the operation is to be
+ * performed.
* @param string $op
* (optional) The specific operation being checked. Defaults to 'view.'
- * @param \Drupal\Core\Session\AccountInterface|null $account
- * (optional) A user object representing the user for whom the operation is
- * to be performed. Determines access for a user other than the current user.
- * Defaults to NULL.
* @param string|null $langcode
* (optional) Language code for the variant of the node. Different language
* variants might have different permissions associated. If NULL, the
@@ -106,7 +105,7 @@ public function access(Route $route, Request $request) {
* @return bool
* TRUE if the operation may be performed, FALSE otherwise.
*/
- public function checkAccess(NodeInterface $node, $op = 'view', AccountInterface $account = NULL, $langcode = NULL) {
+ public function checkAccess(NodeInterface $node, AccountInterface $account, $op = 'view', $langcode = NULL) {
$map = array(
'view' => 'view all revisions',
'update' => 'revert all revisions',
@@ -125,10 +124,6 @@ public function checkAccess(NodeInterface $node, $op = 'view', AccountInterface
return FALSE;
}
- if (!isset($account)) {
- $account = \Drupal::currentUser();
- }
-
// If no language code was provided, default to the node revision's langcode.
if (empty($langcode)) {
$langcode = $node->language()->id;
diff --git a/core/modules/node/node.module b/core/modules/node/node.module
index c34415defbc1..5c10fbb6435a 100644
--- a/core/modules/node/node.module
+++ b/core/modules/node/node.module
@@ -906,7 +906,10 @@ function theme_node_search_admin($variables) {
* @see node_menu()
*/
function _node_revision_access(EntityInterface $node, $op = 'view', $account = NULL, $langcode = NULL) {
- return \Drupal::service('access_check.node.revision')->checkAccess($node, $op, $account, $langcode);
+ if ($account === NULL) {
+ $account = \Drupal::currentUser();
+ }
+ return \Drupal::service('access_check.node.revision')->checkAccess($node, $account, $op, $langcode);
}
/**
@@ -921,7 +924,7 @@ function _node_revision_access(EntityInterface $node, $op = 'view', $account = N
* Use \Drupal::service('access_manager')->checkNamedRoute('node.add_page');
*/
function _node_add_access() {
- return \Drupal::service('access_manager')->checkNamedRoute('node.add_page');
+ return \Drupal::service('access_manager')->checkNamedRoute('node.add_page', array(), \Drupal::currentUser());
}
/**
diff --git a/core/modules/overlay/lib/Drupal/overlay/Access/DismissMessageAccessCheck.php b/core/modules/overlay/lib/Drupal/overlay/Access/DismissMessageAccessCheck.php
index 9e4271646c09..087d40f51d92 100644
--- a/core/modules/overlay/lib/Drupal/overlay/Access/DismissMessageAccessCheck.php
+++ b/core/modules/overlay/lib/Drupal/overlay/Access/DismissMessageAccessCheck.php
@@ -8,6 +8,7 @@
namespace Drupal\overlay\Access;
use Drupal\Core\Access\AccessCheckInterface;
+use Drupal\Core\Session\AccountInterface;
use Symfony\Component\Routing\Route;
use Symfony\Component\HttpFoundation\Request;
@@ -26,8 +27,7 @@ public function applies(Route $route) {
/**
* {@inheritdoc}
*/
- public function access(Route $route, Request $request) {
- $account = $request->attributes->get('_account');
+ public function access(Route $route, Request $request, AccountInterface $account) {
if (!$account->hasPermission('access overlay')) {
return static::DENY;
}
diff --git a/core/modules/rest/lib/Drupal/rest/Access/CSRFAccessCheck.php b/core/modules/rest/lib/Drupal/rest/Access/CSRFAccessCheck.php
index e96e6f7d9f54..c53bcea6debb 100644
--- a/core/modules/rest/lib/Drupal/rest/Access/CSRFAccessCheck.php
+++ b/core/modules/rest/lib/Drupal/rest/Access/CSRFAccessCheck.php
@@ -8,6 +8,7 @@
namespace Drupal\rest\Access;
use Drupal\Core\Access\AccessCheckInterface;
+use Drupal\Core\Session\AccountInterface;
use Symfony\Component\Routing\Route;
use Symfony\Component\HttpFoundation\Request;
@@ -42,7 +43,7 @@ public function applies(Route $route) {
/**
* Implements AccessCheckInterface::access().
*/
- public function access(Route $route, Request $request) {
+ public function access(Route $route, Request $request, AccountInterface $account) {
$method = $request->getMethod();
$cookie = $request->cookies->get(session_name(), FALSE);
// This check only applies if
@@ -50,7 +51,7 @@ public function access(Route $route, Request $request) {
// 2. the user was successfully authenticated and
// 3. the request comes with a session cookie.
if (!in_array($method, array('GET', 'HEAD', 'OPTIONS', 'TRACE'))
- && $GLOBALS['user']->isAuthenticated()
+ && $account->isAuthenticated()
&& $cookie
) {
$csrf_token = $request->headers->get('X-CSRF-Token');
diff --git a/core/modules/search/lib/Drupal/search/Access/SearchAccessCheck.php b/core/modules/search/lib/Drupal/search/Access/SearchAccessCheck.php
index fb9a74e5a1ec..b36d88e2e774 100644
--- a/core/modules/search/lib/Drupal/search/Access/SearchAccessCheck.php
+++ b/core/modules/search/lib/Drupal/search/Access/SearchAccessCheck.php
@@ -8,6 +8,7 @@
namespace Drupal\search\Access;
use Drupal\Core\Access\StaticAccessCheckInterface;
+use Drupal\Core\Session\AccountInterface;
use Drupal\search\SearchPluginManager;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Routing\Route;
@@ -44,7 +45,7 @@ public function appliesTo() {
/**
* {@inheritdoc}
*/
- public function access(Route $route, Request $request) {
+ public function access(Route $route, Request $request, AccountInterface $account) {
return $this->searchManager->getActiveDefinitions() ? static::ALLOW : static::DENY;
}
diff --git a/core/modules/search/lib/Drupal/search/Access/SearchPluginAccessCheck.php b/core/modules/search/lib/Drupal/search/Access/SearchPluginAccessCheck.php
index af4b1dfe7891..9ecda1d01238 100644
--- a/core/modules/search/lib/Drupal/search/Access/SearchPluginAccessCheck.php
+++ b/core/modules/search/lib/Drupal/search/Access/SearchPluginAccessCheck.php
@@ -7,6 +7,7 @@
namespace Drupal\search\Access;
+use Drupal\Core\Session\AccountInterface;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Routing\Route;
@@ -25,8 +26,7 @@ public function appliesTo() {
/**
* {@inheritdoc}
*/
- public function access(Route $route, Request $request) {
- $account = \Drupal::currentUser();
+ public function access(Route $route, Request $request, AccountInterface $account) {
$plugin_id = $route->getRequirement('_search_plugin_view_access');
return $this->searchManager->pluginAccess($plugin_id, $account) ? static::ALLOW : static::DENY;
}
diff --git a/core/modules/shortcut/lib/Drupal/shortcut/Access/LinkAccessCheck.php b/core/modules/shortcut/lib/Drupal/shortcut/Access/LinkAccessCheck.php
index 85e48b25b626..b92887726aec 100644
--- a/core/modules/shortcut/lib/Drupal/shortcut/Access/LinkAccessCheck.php
+++ b/core/modules/shortcut/lib/Drupal/shortcut/Access/LinkAccessCheck.php
@@ -8,6 +8,7 @@
namespace Drupal\shortcut\Access;
use Drupal\Core\Access\StaticAccessCheckInterface;
+use Drupal\Core\Session\AccountInterface;
use Symfony\Component\Routing\Route;
use Symfony\Component\HttpFoundation\Request;
@@ -26,7 +27,7 @@ public function appliesTo() {
/**
* {@inheritdoc}
*/
- public function access(Route $route, Request $request) {
+ public function access(Route $route, Request $request, AccountInterface $account) {
$menu_link = $request->attributes->get('menu_link');
$set_name = str_replace('shortcut-', '', $menu_link['menu_name']);
if ($shortcut_set = shortcut_set_load($set_name)) {
diff --git a/core/modules/shortcut/lib/Drupal/shortcut/Access/ShortcutSetEditAccessCheck.php b/core/modules/shortcut/lib/Drupal/shortcut/Access/ShortcutSetEditAccessCheck.php
index 7ca4b019fe50..283825a6a3e5 100644
--- a/core/modules/shortcut/lib/Drupal/shortcut/Access/ShortcutSetEditAccessCheck.php
+++ b/core/modules/shortcut/lib/Drupal/shortcut/Access/ShortcutSetEditAccessCheck.php
@@ -8,6 +8,7 @@
namespace Drupal\shortcut\Access;
use Drupal\Core\Access\StaticAccessCheckInterface;
+use Drupal\Core\Session\AccountInterface;
use Symfony\Component\Routing\Route;
use Symfony\Component\HttpFoundation\Request;
@@ -26,7 +27,7 @@ public function appliesTo() {
/**
* {@inheritdoc}
*/
- public function access(Route $route, Request $request) {
+ public function access(Route $route, Request $request, AccountInterface $account) {
$account = \Drupal::currentUser();
$shortcut_set = $request->attributes->get('shortcut_set');
// Sufficiently-privileged users can edit their currently displayed shortcut
diff --git a/core/modules/shortcut/lib/Drupal/shortcut/Access/ShortcutSetSwitchAccessCheck.php b/core/modules/shortcut/lib/Drupal/shortcut/Access/ShortcutSetSwitchAccessCheck.php
index aacecc4da9e1..d39f6308b30b 100644
--- a/core/modules/shortcut/lib/Drupal/shortcut/Access/ShortcutSetSwitchAccessCheck.php
+++ b/core/modules/shortcut/lib/Drupal/shortcut/Access/ShortcutSetSwitchAccessCheck.php
@@ -8,6 +8,7 @@
namespace Drupal\shortcut\Access;
use Drupal\Core\Access\StaticAccessCheckInterface;
+use Drupal\Core\Session\AccountInterface;
use Symfony\Component\Routing\Route;
use Symfony\Component\HttpFoundation\Request;
@@ -26,21 +27,19 @@ public function appliesTo() {
/**
* {@inheritdoc}
*/
- public function access(Route $route, Request $request) {
- $user = \Drupal::currentUser();
- $account = $request->attributes->get('account');
-
- if ($user->hasPermission('administer shortcuts')) {
+ public function access(Route $route, Request $request, AccountInterface $account) {
+ if ($account->hasPermission('administer shortcuts')) {
// Administrators can switch anyone's shortcut set.
return static::ALLOW;
}
- if (!$user->hasPermission('switch shortcut sets')) {
+ if (!$account->hasPermission('switch shortcut sets')) {
// The user has no permission to switch anyone's shortcut set.
return static::DENY;
}
- if (!isset($account) || $user->id() == $account->id()) {
+ $user = $request->attributes->get('account');
+ if (!isset($user) || $user->id() == $account->id()) {
// Users with the 'switch shortcut sets' permission can switch their own
// shortcuts sets.
return static::ALLOW;
diff --git a/core/modules/system/lib/Drupal/system/Access/CronAccessCheck.php b/core/modules/system/lib/Drupal/system/Access/CronAccessCheck.php
index ccff86343bcd..7b19f54f9989 100644
--- a/core/modules/system/lib/Drupal/system/Access/CronAccessCheck.php
+++ b/core/modules/system/lib/Drupal/system/Access/CronAccessCheck.php
@@ -8,6 +8,7 @@
namespace Drupal\system\Access;
use Drupal\Core\Access\StaticAccessCheckInterface;
+use Drupal\Core\Session\AccountInterface;
use Symfony\Component\Routing\Route;
use Symfony\Component\HttpFoundation\Request;
@@ -26,7 +27,7 @@ public function appliesTo() {
/**
* Implements AccessCheckInterface::access().
*/
- public function access(Route $route, Request $request) {
+ public function access(Route $route, Request $request, AccountInterface $account) {
$key = $request->attributes->get('key');
if ($key != \Drupal::state()->get('system.cron_key')) {
watchdog('cron', 'Cron could not run because an invalid key was used.', array(), WATCHDOG_NOTICE);
diff --git a/core/modules/system/lib/Drupal/system/Form/ModulesListForm.php b/core/modules/system/lib/Drupal/system/Form/ModulesListForm.php
index c319b974d7b2..5566b28c08d3 100644
--- a/core/modules/system/lib/Drupal/system/Form/ModulesListForm.php
+++ b/core/modules/system/lib/Drupal/system/Form/ModulesListForm.php
@@ -198,7 +198,7 @@ protected function buildRow(array $modules, $module, $distribution) {
// Generate link for module's configuration page, if it has one.
$row['links']['configure'] = array();
if ($module->status && isset($module->info['configure'])) {
- if ($this->accessManager->checkNamedRoute($module->info['configure'])) {
+ if ($this->accessManager->checkNamedRoute($module->info['configure'], array(), \Drupal::currentUser())) {
$item = menu_get_item(trim($this->url($module->info['configure']), '/'));
$row['links']['configure'] = array(
'#type' => 'link',
diff --git a/core/modules/system/lib/Drupal/system/PathBasedBreadcrumbBuilder.php b/core/modules/system/lib/Drupal/system/PathBasedBreadcrumbBuilder.php
index 7e6f20f357c4..b2a47d0d94ad 100644
--- a/core/modules/system/lib/Drupal/system/PathBasedBreadcrumbBuilder.php
+++ b/core/modules/system/lib/Drupal/system/PathBasedBreadcrumbBuilder.php
@@ -131,7 +131,7 @@ public function build(array $attributes) {
// Note that the parameters don't really matter here since we're
// passing in the request which already has the upcast attributes.
$parameters = array();
- $access = $this->accessManager->checkNamedRoute($route_name, $parameters, $route_request);
+ $access = $this->accessManager->checkNamedRoute($route_name, $parameters, \Drupal::currentUser(), $route_request);
if ($access) {
$title = $this->titleResolver->getTitle($route_request, $route_request->attributes->get(RouteObjectInterface::ROUTE_OBJECT));
}
diff --git a/core/modules/system/tests/modules/router_test_directory/lib/Drupal/router_test/Access/DefinedTestAccessCheck.php b/core/modules/system/tests/modules/router_test_directory/lib/Drupal/router_test/Access/DefinedTestAccessCheck.php
index f2cc4d999b5f..7abafd41c640 100644
--- a/core/modules/system/tests/modules/router_test_directory/lib/Drupal/router_test/Access/DefinedTestAccessCheck.php
+++ b/core/modules/system/tests/modules/router_test_directory/lib/Drupal/router_test/Access/DefinedTestAccessCheck.php
@@ -8,6 +8,7 @@
namespace Drupal\router_test\Access;
use Drupal\Core\Access\AccessCheckInterface;
+use Drupal\Core\Session\AccountInterface;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Routing\Route;
@@ -26,7 +27,7 @@ public function applies(Route $route) {
/**
* {@inheritdoc}
*/
- public function access(Route $route, Request $request) {
+ public function access(Route $route, Request $request, AccountInterface $account) {
if ($route->getRequirement('_test_access') === 'TRUE') {
return static::ALLOW;
}
diff --git a/core/modules/system/tests/modules/router_test_directory/lib/Drupal/router_test/Access/TestAccessCheck.php b/core/modules/system/tests/modules/router_test_directory/lib/Drupal/router_test/Access/TestAccessCheck.php
index 422bd26fde7f..2f3664ae27b7 100644
--- a/core/modules/system/tests/modules/router_test_directory/lib/Drupal/router_test/Access/TestAccessCheck.php
+++ b/core/modules/system/tests/modules/router_test_directory/lib/Drupal/router_test/Access/TestAccessCheck.php
@@ -8,6 +8,7 @@
namespace Drupal\router_test\Access;
use Drupal\Core\Access\AccessCheckInterface;
+use Drupal\Core\Session\AccountInterface;
use Symfony\Component\Routing\Route;
use Symfony\Component\HttpFoundation\Request;
@@ -26,7 +27,7 @@ public function applies(Route $route) {
/**
* Implements AccessCheckInterface::access().
*/
- public function access(Route $route, Request $request) {
+ public function access(Route $route, Request $request, AccountInterface $account) {
// No opinion, so other access checks should decide if access should be
// allowed or not.
return static::DENY;
diff --git a/core/modules/tracker/lib/Drupal/tracker/Access/ViewOwnTrackerAccessCheck.php b/core/modules/tracker/lib/Drupal/tracker/Access/ViewOwnTrackerAccessCheck.php
index f0ec5084152b..18498f944e25 100644
--- a/core/modules/tracker/lib/Drupal/tracker/Access/ViewOwnTrackerAccessCheck.php
+++ b/core/modules/tracker/lib/Drupal/tracker/Access/ViewOwnTrackerAccessCheck.php
@@ -8,6 +8,7 @@
namespace Drupal\tracker\Access;
use Drupal\Core\Access\StaticAccessCheckInterface;
+use Drupal\Core\Session\AccountInterface;
use Symfony\Component\Routing\Route;
use Symfony\Component\HttpFoundation\Request;
@@ -26,12 +27,9 @@ public function appliesTo() {
/**
* {@inheritdoc}
*/
- public function access(Route $route, Request $request) {
+ public function access(Route $route, Request $request, AccountInterface $account) {
// The user object from the User ID in the path.
$user = $request->attributes->get('user');
- // @todo - $account should be passed in.
- // The \Drupal\Core\Session\AccountInterface $account trying to access this.
- $account = \Drupal::currentUser();
return $user && $account->isAuthenticated() && ($user->id() == $account->id());
}
}
diff --git a/core/modules/update/lib/Drupal/update/Access/UpdateManagerAccessCheck.php b/core/modules/update/lib/Drupal/update/Access/UpdateManagerAccessCheck.php
index adc04c808dda..4c805cd1f546 100644
--- a/core/modules/update/lib/Drupal/update/Access/UpdateManagerAccessCheck.php
+++ b/core/modules/update/lib/Drupal/update/Access/UpdateManagerAccessCheck.php
@@ -9,6 +9,7 @@
use Drupal\Component\Utility\Settings;
use Drupal\Core\Access\StaticAccessCheckInterface;
+use Drupal\Core\Session\AccountInterface;
use Symfony\Component\Routing\Route;
use Symfony\Component\HttpFoundation\Request;
@@ -44,7 +45,7 @@ public function appliesTo() {
/**
* {@inheritdoc}
*/
- public function access(Route $route, Request $request) {
+ public function access(Route $route, Request $request, AccountInterface $account) {
return $this->settings->get('allow_authorize_operations', TRUE) ? static::ALLOW : static::DENY;
}
diff --git a/core/modules/user/lib/Drupal/user/Access/LoginStatusCheck.php b/core/modules/user/lib/Drupal/user/Access/LoginStatusCheck.php
index 9ea44fc7be54..547057b147dd 100644
--- a/core/modules/user/lib/Drupal/user/Access/LoginStatusCheck.php
+++ b/core/modules/user/lib/Drupal/user/Access/LoginStatusCheck.php
@@ -8,6 +8,7 @@
namespace Drupal\user\Access;
use Drupal\Core\Access\StaticAccessCheckInterface;
+use Drupal\Core\Session\AccountInterface;
use Symfony\Component\Routing\Route;
use Symfony\Component\HttpFoundation\Request;
@@ -26,8 +27,8 @@ public function appliesTo() {
/**
* {@inheritdoc}
*/
- public function access(Route $route, Request $request) {
- return $GLOBALS['user']->isAuthenticated() ? static::ALLOW : static::DENY;
+ public function access(Route $route, Request $request, AccountInterface $account) {
+ return $account->isAuthenticated() ? static::ALLOW : static::DENY;
}
}
diff --git a/core/modules/user/lib/Drupal/user/Access/PermissionAccessCheck.php b/core/modules/user/lib/Drupal/user/Access/PermissionAccessCheck.php
index f17565301dd9..b9d084e3cd19 100644
--- a/core/modules/user/lib/Drupal/user/Access/PermissionAccessCheck.php
+++ b/core/modules/user/lib/Drupal/user/Access/PermissionAccessCheck.php
@@ -8,6 +8,7 @@
namespace Drupal\user\Access;
use Drupal\Core\Access\StaticAccessCheckInterface;
+use Drupal\Core\Session\AccountInterface;
use Symfony\Component\Routing\Route;
use Symfony\Component\HttpFoundation\Request;
@@ -26,11 +27,9 @@ public function appliesTo() {
/**
* Implements AccessCheckInterface::access().
*/
- public function access(Route $route, Request $request) {
+ public function access(Route $route, Request $request, AccountInterface $account) {
$permission = $route->getRequirement('_permission');
- // @todo Replace user_access() with a correctly injected and session-using
- // alternative.
- // If user_access() fails, return NULL to give other checks a chance.
- return user_access($permission) ? static::ALLOW : static::DENY;
+ // If the access check fails, return NULL to give other checks a chance.
+ return $account->hasPermission($permission) ? static::ALLOW : static::DENY;
}
}
diff --git a/core/modules/user/lib/Drupal/user/Access/RegisterAccessCheck.php b/core/modules/user/lib/Drupal/user/Access/RegisterAccessCheck.php
index ff0b0dccda3a..6ba064eb53f3 100644
--- a/core/modules/user/lib/Drupal/user/Access/RegisterAccessCheck.php
+++ b/core/modules/user/lib/Drupal/user/Access/RegisterAccessCheck.php
@@ -8,6 +8,7 @@
namespace Drupal\user\Access;
use Drupal\Core\Access\StaticAccessCheckInterface;
+use Drupal\Core\Session\AccountInterface;
use Symfony\Component\Routing\Route;
use Symfony\Component\HttpFoundation\Request;
@@ -26,7 +27,7 @@ public function appliesTo() {
/**
* Implements AccessCheckInterface::access().
*/
- public function access(Route $route, Request $request) {
- return (user_is_anonymous() && (\Drupal::config('user.settings')->get('register') != USER_REGISTER_ADMINISTRATORS_ONLY)) ? static::ALLOW : static::DENY;
+ public function access(Route $route, Request $request, AccountInterface $account) {
+ return ($account->isAnonymous() && (\Drupal::config('user.settings')->get('register') != USER_REGISTER_ADMINISTRATORS_ONLY)) ? static::ALLOW : static::DENY;
}
}
diff --git a/core/modules/user/lib/Drupal/user/Access/RoleAccessCheck.php b/core/modules/user/lib/Drupal/user/Access/RoleAccessCheck.php
index 5485a9ba6107..0253a420d4af 100644
--- a/core/modules/user/lib/Drupal/user/Access/RoleAccessCheck.php
+++ b/core/modules/user/lib/Drupal/user/Access/RoleAccessCheck.php
@@ -8,6 +8,7 @@
namespace Drupal\user\Access;
use Drupal\Core\Access\StaticAccessCheckInterface;
+use Drupal\Core\Session\AccountInterface;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Routing\Route;
@@ -30,12 +31,10 @@ public function appliesTo() {
/**
* {@inheritdoc}
*/
- public function access(Route $route, Request $request) {
+ public function access(Route $route, Request $request, AccountInterface $account) {
// Requirements just allow strings, so this might be a comma separated list.
$rid_string = $route->getRequirement('_role');
- $account = $request->attributes->get('_account');
-
$explode_and = array_filter(array_map('trim', explode('+', $rid_string)));
if (count($explode_and) > 1) {
$diff = array_diff($explode_and, $account->getRoles());
diff --git a/core/modules/user/lib/Drupal/user/Tests/Views/HandlerFilterUserNameTest.php b/core/modules/user/lib/Drupal/user/Tests/Views/HandlerFilterUserNameTest.php
index 545208d5e797..1f44b70ef4f2 100644
--- a/core/modules/user/lib/Drupal/user/Tests/Views/HandlerFilterUserNameTest.php
+++ b/core/modules/user/lib/Drupal/user/Tests/Views/HandlerFilterUserNameTest.php
@@ -84,14 +84,11 @@ protected function setUp() {
public function testUserNameApi() {
$view = views_get_view('test_user_name');
- // Test all of the accounts with a single entry.
$view->initHandlers();
- foreach ($this->accounts as $account) {
- $view->filter['uid']->value = array($account->id());
- }
+ $view->filter['uid']->value = array($this->accounts[0]->id());
$this->executeView($view);
- $this->assertIdenticalResultset($view, array(array('uid' => $account->id())), $this->columnMap);
+ $this->assertIdenticalResultset($view, array(array('uid' => $this->accounts[0]->id())), $this->columnMap);
}
/**
diff --git a/core/modules/views/lib/Drupal/views/Tests/ViewTestBase.php b/core/modules/views/lib/Drupal/views/Tests/ViewTestBase.php
index 86706b504f37..71e05249f140 100644
--- a/core/modules/views/lib/Drupal/views/Tests/ViewTestBase.php
+++ b/core/modules/views/lib/Drupal/views/Tests/ViewTestBase.php
@@ -226,6 +226,9 @@ protected function helperButtonHasLabel($id, $expected_label, $message = 'Label
* (optional) An array of the view arguments to use for the view.
*/
protected function executeView($view, $args = array()) {
+ // A view does not really work outside of a request scope, due to many
+ // dependencies like the current user.
+ $this->container->enterScope('request');
$view->setDisplay();
$view->preExecute($args);
$view->execute();
diff --git a/core/modules/views/lib/Drupal/views/ViewsAccessCheck.php b/core/modules/views/lib/Drupal/views/ViewsAccessCheck.php
index cf5e24db0ebe..483f5821a1d1 100644
--- a/core/modules/views/lib/Drupal/views/ViewsAccessCheck.php
+++ b/core/modules/views/lib/Drupal/views/ViewsAccessCheck.php
@@ -8,6 +8,7 @@
namespace Drupal\views;
use Drupal\Core\Access\StaticAccessCheckInterface;
+use Drupal\Core\Session\AccountInterface;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Routing\Route;
@@ -28,8 +29,8 @@ public function appliesTo() {
/**
* Implements AccessCheckInterface::applies().
*/
- public function access(Route $route, Request $request) {
- $access = user_access('access all views');
+ public function access(Route $route, Request $request, AccountInterface $account) {
+ $access = $account->hasPermission('access all views');
return $access ? static::ALLOW : static::DENY;
}
diff --git a/core/tests/Drupal/Tests/Core/Access/AccessManagerTest.php b/core/tests/Drupal/Tests/Core/Access/AccessManagerTest.php
index a545cc80f1e2..c7ae50a9b57b 100644
--- a/core/tests/Drupal/Tests/Core/Access/AccessManagerTest.php
+++ b/core/tests/Drupal/Tests/Core/Access/AccessManagerTest.php
@@ -70,6 +70,13 @@ class AccessManagerTest extends UnitTestCase {
*/
protected $paramConverter;
+ /**
+ * The mocked account.
+ *
+ * @var \Drupal\Core\Session\AccountInterface|\PHPUnit_Framework_MockObject_MockObject
+ */
+ protected $account;
+
public static function getInfo() {
return array(
'name' => 'Access manager tests',
@@ -115,7 +122,9 @@ protected function setUp() {
$this->paramConverter = $this->getMock('\Drupal\Core\ParamConverter\ParamConverterManager');
- $this->accessManager = new AccessManager($this->routeProvider, $this->urlGenerator, $this->paramConverter);
+ $this->account = $this->getMock('Drupal\Core\Session\AccountInterface');
+
+ $this->accessManager = new AccessManager($this->routeProvider, $this->urlGenerator, $this->paramConverter, $this->account);
$this->accessManager->setContainer($this->container);
}
@@ -147,7 +156,7 @@ public function testCheck() {
// Check check without any access checker defined yet.
foreach ($this->routeCollection->all() as $route) {
- $this->assertFalse($this->accessManager->check($route, $request));
+ $this->assertFalse($this->accessManager->check($route, $request, $this->account));
}
$this->setupAccessChecker();
@@ -155,14 +164,14 @@ public function testCheck() {
// An access checker got setup, but the routes haven't been setup using
// setChecks.
foreach ($this->routeCollection->all() as $route) {
- $this->assertFalse($this->accessManager->check($route, $request));
+ $this->assertFalse($this->accessManager->check($route, $request, $this->account));
}
$this->accessManager->setChecks($this->routeCollection);
- $this->assertFalse($this->accessManager->check($this->routeCollection->get('test_route_1'), $request));
- $this->assertTrue($this->accessManager->check($this->routeCollection->get('test_route_2'), $request));
- $this->assertFalse($this->accessManager->check($this->routeCollection->get('test_route_3'), $request));
+ $this->assertFalse($this->accessManager->check($this->routeCollection->get('test_route_1'), $request, $this->account));
+ $this->assertTrue($this->accessManager->check($this->routeCollection->get('test_route_2'), $request, $this->account));
+ $this->assertFalse($this->accessManager->check($this->routeCollection->get('test_route_3'), $request, $this->account));
}
/**
@@ -329,7 +338,7 @@ public function testCheckConjunctions($conjunction, $name, $condition_one, $cond
$route_collection->add($name, $route);
$this->accessManager->setChecks($route_collection);
- $this->assertSame($this->accessManager->check($route, $request), $expected_access);
+ $this->assertSame($this->accessManager->check($route, $request, $this->account), $expected_access);
}
/**
@@ -358,18 +367,17 @@ public function testCheckNamedRoute() {
// Tests the access with routes without parameters.
$request = new Request();
- $this->assertTrue($this->accessManager->checkNamedRoute('test_route_2', array(), $request));
- $this->assertFalse($this->accessManager->checkNamedRoute('test_route_3', array(), $request));
+ $this->assertTrue($this->accessManager->checkNamedRoute('test_route_2', array(), $this->account, $request));
+ $this->assertFalse($this->accessManager->checkNamedRoute('test_route_3', array(), $this->account, $request));
// Tests the access with routes with parameters with given request.
$request = new Request();
$request->attributes->set('value', 'example');
$request->attributes->set('value2', 'example2');
- $this->assertTrue($this->accessManager->checkNamedRoute('test_route_4', array(), $request));
+ $this->assertTrue($this->accessManager->checkNamedRoute('test_route_4', array(), $this->account, $request));
// Tests the access with routes without given request.
- $account = $this->getMock('Drupal\Core\Session\AccountInterface');
- $this->accessManager->setRequest(new Request(array(), array(), array('_account' => $account)));
+ $this->accessManager->setRequest(new Request());
$this->paramConverter->expects($this->at(0))
->method('enhance')
@@ -380,8 +388,8 @@ public function testCheckNamedRoute() {
->will($this->returnValue(array()));
// Tests the access with routes with parameters without given request.
- $this->assertTrue($this->accessManager->checkNamedRoute('test_route_2', array()));
- $this->assertTrue($this->accessManager->checkNamedRoute('test_route_4', array('value' => 'example')));
+ $this->assertTrue($this->accessManager->checkNamedRoute('test_route_2', array(), $this->account));
+ $this->assertTrue($this->accessManager->checkNamedRoute('test_route_4', array('value' => 'example'), $this->account));
}
/**
@@ -423,9 +431,9 @@ public function testCheckNamedRouteWithUpcastedValues() {
->with('/test-route-1/example')
->will($this->returnValue($subrequest));
- $this->accessManager = new AccessManager($this->routeProvider, $this->urlGenerator, $this->paramConverter);
+ $this->accessManager = new AccessManager($this->routeProvider, $this->urlGenerator, $this->paramConverter, $this->account);
$this->accessManager->setContainer($this->container);
- $this->accessManager->setRequest(new Request(array(), array(), array('_account' => $account)));
+ $this->accessManager->setRequest(new Request());
$access_check = $this->getMock('Drupal\Core\Access\AccessCheckInterface');
$access_check->expects($this->any())
@@ -442,7 +450,7 @@ public function testCheckNamedRouteWithUpcastedValues() {
$this->accessManager->addCheckService('test_access');
$this->accessManager->setChecks($this->routeCollection);
- $this->assertFalse($this->accessManager->checkNamedRoute('test_route_1', array('value' => 'example')));
+ $this->assertFalse($this->accessManager->checkNamedRoute('test_route_1', array('value' => 'example'), $this->account));
}
/**
@@ -457,7 +465,7 @@ public function testCheckNamedRouteWithNonExistingRoute() {
$this->setupAccessChecker();
- $this->assertFalse($this->accessManager->checkNamedRoute('test_route_1'), 'A non existing route lead to access.');
+ $this->assertFalse($this->accessManager->checkNamedRoute('test_route_1', array(), $this->account), 'A non existing route lead to access.');
}
/**
@@ -488,7 +496,7 @@ protected static function convertAccessCheckInterfaceToString($constant) {
* Adds a default access check service to the container and the access manager.
*/
protected function setupAccessChecker() {
- $this->accessManager = new AccessManager($this->routeProvider, $this->urlGenerator, $this->paramConverter);
+ $this->accessManager = new AccessManager($this->routeProvider, $this->urlGenerator, $this->paramConverter, $this->account);
$this->accessManager->setContainer($this->container);
$access_check = new DefaultAccessCheck();
$this->container->register('test_access_default', $access_check);
diff --git a/core/tests/Drupal/Tests/Core/Access/CustomAccessCheckTest.php b/core/tests/Drupal/Tests/Core/Access/CustomAccessCheckTest.php
index 5eb130571f57..7a5676b8c64b 100644
--- a/core/tests/Drupal/Tests/Core/Access/CustomAccessCheckTest.php
+++ b/core/tests/Drupal/Tests/Core/Access/CustomAccessCheckTest.php
@@ -94,13 +94,14 @@ public function testAccess() {
->will($this->returnValue(array('parameter' => 'TRUE')));
$route = new Route('/test-route', array(), array('_custom_access' => '\Drupal\Tests\Core\Access\TestController::accessDeny'));
- $this->assertNull($this->accessChecker->access($route, $request));
+ $account = $this->getMock('Drupal\Core\Session\AccountInterface');
+ $this->assertNull($this->accessChecker->access($route, $request, $account));
$route = new Route('/test-route', array(), array('_custom_access' => '\Drupal\Tests\Core\Access\TestController::accessAllow'));
- $this->assertTrue($this->accessChecker->access($route, $request));
+ $this->assertTrue($this->accessChecker->access($route, $request, $account));
$route = new Route('/test-route', array('parameter' => 'TRUE'), array('_custom_access' => '\Drupal\Tests\Core\Access\TestController::accessParameter'));
- $this->assertTrue($this->accessChecker->access($route, $request));
+ $this->assertTrue($this->accessChecker->access($route, $request, $account));
}
}
diff --git a/core/tests/Drupal/Tests/Core/Access/DefaultAccessCheckTest.php b/core/tests/Drupal/Tests/Core/Access/DefaultAccessCheckTest.php
index ab02aeca35ca..89c845a51ea8 100644
--- a/core/tests/Drupal/Tests/Core/Access/DefaultAccessCheckTest.php
+++ b/core/tests/Drupal/Tests/Core/Access/DefaultAccessCheckTest.php
@@ -26,6 +26,13 @@ class DefaultAccessCheckTest extends UnitTestCase {
*/
protected $accessChecker;
+ /**
+ * The mocked account.
+ *
+ * @var \Drupal\Core\Session\AccountInterface|\PHPUnit_Framework_MockObject_MockObject
+ */
+ protected $account;
+
public static function getInfo() {
return array(
'name' => 'DefaultAccessCheck access checker',
@@ -40,6 +47,7 @@ public static function getInfo() {
protected function setUp() {
parent::setUp();
+ $this->account = $this->getMock('Drupal\Core\Session\AccountInterface');
$this->accessChecker = new DefaultAccessCheck();
}
@@ -58,13 +66,13 @@ public function testAccess() {
$request = new Request(array());
$route = new Route('/test-route', array(), array('_access' => 'NULL'));
- $this->assertNull($this->accessChecker->access($route, $request));
+ $this->assertNull($this->accessChecker->access($route, $request, $this->account));
$route = new Route('/test-route', array(), array('_access' => 'FALSE'));
- $this->assertFalse($this->accessChecker->access($route, $request));
+ $this->assertFalse($this->accessChecker->access($route, $request, $this->account));
$route = new Route('/test-route', array(), array('_access' => 'TRUE'));
- $this->assertTrue($this->accessChecker->access($route, $request));
+ $this->assertTrue($this->accessChecker->access($route, $request, $this->account));
}
}
diff --git a/core/tests/Drupal/Tests/Core/Entity/EntityAccessCheckTest.php b/core/tests/Drupal/Tests/Core/Entity/EntityAccessCheckTest.php
index 54ef6018547f..3e6c3b9e7eb6 100644
--- a/core/tests/Drupal/Tests/Core/Entity/EntityAccessCheckTest.php
+++ b/core/tests/Drupal/Tests/Core/Entity/EntityAccessCheckTest.php
@@ -50,7 +50,8 @@ public function testAccess() {
->will($this->returnValue(TRUE));
$access_check = new EntityAccessCheck();
$request->attributes->set('node', $node);
- $access = $access_check->access($route, $request);
+ $account = $this->getMock('Drupal\Core\Session\AccountInterface');
+ $access = $access_check->access($route, $request, $account);
$this->assertSame(AccessCheckInterface::ALLOW, $access);
}
diff --git a/core/tests/Drupal/Tests/Core/Entity/EntityCreateAccessCheckTest.php b/core/tests/Drupal/Tests/Core/Entity/EntityCreateAccessCheckTest.php
index ad091b80e864..aeb076170162 100644
--- a/core/tests/Drupal/Tests/Core/Entity/EntityCreateAccessCheckTest.php
+++ b/core/tests/Drupal/Tests/Core/Entity/EntityCreateAccessCheckTest.php
@@ -118,7 +118,8 @@ public function testAccess($entity_bundle, $requirement, $access, $expected) {
}
$request->attributes->set('_raw_variables', $raw_variables);
- $this->assertEquals($expected, $applies_check->access($route, $request));
+ $account = $this->getMock('Drupal\Core\Session\AccountInterface');
+ $this->assertEquals($expected, $applies_check->access($route, $request, $account));
}
}
diff --git a/core/tests/Drupal/Tests/Core/Route/RoleAccessCheckTest.php b/core/tests/Drupal/Tests/Core/Route/RoleAccessCheckTest.php
index a745cc453144..873ff0e01748 100644
--- a/core/tests/Drupal/Tests/Core/Route/RoleAccessCheckTest.php
+++ b/core/tests/Drupal/Tests/Core/Route/RoleAccessCheckTest.php
@@ -160,17 +160,15 @@ public function testRoleAccess($path, $grant_accounts, $deny_accounts) {
foreach ($grant_accounts as $account) {
$subrequest = Request::create($path, 'GET');
- $subrequest->attributes->set('_account', $account);
$message = sprintf('Access granted for user with the roles %s on path: %s', implode(', ', $account->getRoles()), $path);
- $this->assertSame(AccessCheckInterface::ALLOW, $role_access_check->access($collection->get($path), $subrequest), $message);
+ $this->assertSame(AccessCheckInterface::ALLOW, $role_access_check->access($collection->get($path), $subrequest, $account), $message);
}
// Check all users which don't have access.
foreach ($deny_accounts as $account) {
$subrequest = Request::create($path, 'GET');
- $subrequest->attributes->set('_account', $account);
$message = sprintf('Access denied for user %s with the roles %s on path: %s', $account->id(), implode(', ', $account->getRoles()), $path);
- $has_access = $role_access_check->access($collection->get($path), $subrequest);
+ $has_access = $role_access_check->access($collection->get($path), $subrequest, $account);
$this->assertSame(AccessCheckInterface::DENY, $has_access , $message);
}
}
--
GitLab