From 4f8b8a50879e81703b45cf40169a54c014029248 Mon Sep 17 00:00:00 2001
From: Alex Pott <alex.a.pott@googlemail.com>
Date: Thu, 27 Jun 2013 07:13:06 +0100
Subject: [PATCH] Issue #1995048 by twistor, tim.plunkett, damiankloip, Berdir:
EntityListController::getOperations() should respect access checks.
---
.../Entity/ConfigEntityListController.php | 11 ++++--
.../Core/Entity/EntityAccessController.php | 10 +++--
.../Core/Entity/EntityListController.php | 33 +++++++++-------
.../Drupal/action/ActionAccessController.php | 24 ++++++++++++
.../Drupal/action/ActionListController.php | 5 +--
.../CustomBlockTypeAccessController.php | 31 +++++++++++++++
.../CustomBlockTypeListController.php | 2 +-
.../Plugin/Core/Entity/CustomBlockType.php | 1 +
.../ConfigTestAccessController.php | 27 +++++++++++++
.../Plugin/Core/Entity/ConfigTest.php | 3 +-
.../Drupal/contact/CategoryListController.php | 7 ----
.../lib/Drupal/menu/MenuAccessController.php | 39 +++++++++++++++++++
.../lib/Drupal/menu/MenuListController.php | 17 ++++----
core/modules/menu/menu.module | 1 +
.../PictureMappingAccessController.php | 31 +++++++++++++++
.../picture/PictureMappingListController.php | 2 +-
.../Plugin/Core/Entity/PictureMapping.php | 1 +
.../shortcut/ShortcutAccessController.php | 2 +-
.../shortcut/ShortcutListController.php | 11 +++---
core/modules/shortcut/shortcut.routing.yml | 4 +-
.../system/Plugin/Core/Entity/Action.php | 3 +-
.../taxonomy/VocabularyListController.php | 6 ++-
.../Drupal/views/Plugin/Core/Entity/View.php | 3 +-
.../lib/Drupal/views/ViewAccessController.php | 27 +++++++++++++
.../Drupal/views_ui/ViewListController.php | 20 ++++------
25 files changed, 252 insertions(+), 69 deletions(-)
create mode 100644 core/modules/action/lib/Drupal/action/ActionAccessController.php
create mode 100644 core/modules/block/custom_block/lib/Drupal/custom_block/CustomBlockTypeAccessController.php
create mode 100644 core/modules/config/tests/config_test/lib/Drupal/config_test/ConfigTestAccessController.php
create mode 100644 core/modules/menu/lib/Drupal/menu/MenuAccessController.php
create mode 100644 core/modules/picture/lib/Drupal/picture/PictureMappingAccessController.php
create mode 100644 core/modules/views/lib/Drupal/views/ViewAccessController.php
diff --git a/core/lib/Drupal/Core/Config/Entity/ConfigEntityListController.php b/core/lib/Drupal/Core/Config/Entity/ConfigEntityListController.php
index f0d1c5c00306..41c3ba642e9a 100644
--- a/core/lib/Drupal/Core/Config/Entity/ConfigEntityListController.php
+++ b/core/lib/Drupal/Core/Config/Entity/ConfigEntityListController.php
@@ -25,15 +25,18 @@ public function load() {
}
/**
- * Overrides \Drupal\Core\Entity\EntityListController::getOperations();
+ * {@inheritdoc}
*/
public function getOperations(EntityInterface $entity) {
$operations = parent::getOperations($entity);
$uri = $entity->uri();
- // For configuration entities edit path is the MENU_DEFAULT_LOCAL_TASK and
- // therefore should be accessed by the short route.
- $operations['edit']['href'] = $uri['path'];
+ // Ensure the edit operation exists since it is access controlled.
+ if (isset($operations['edit'])) {
+ // For configuration entities edit path is the MENU_DEFAULT_LOCAL_TASK and
+ // therefore should be accessed by the short route.
+ $operations['edit']['href'] = $uri['path'];
+ }
if (isset($this->entityInfo['entity_keys']['status'])) {
if (!$entity->status()) {
diff --git a/core/lib/Drupal/Core/Entity/EntityAccessController.php b/core/lib/Drupal/Core/Entity/EntityAccessController.php
index 4c436ca0f8fb..2c9d6fdcd98a 100644
--- a/core/lib/Drupal/Core/Entity/EntityAccessController.php
+++ b/core/lib/Drupal/Core/Entity/EntityAccessController.php
@@ -67,11 +67,11 @@ public function access(EntityInterface $entity, $operation, $langcode = Language
* @param \Drupal\Core\Entity\EntityInterface $entity
* The entity for which to check 'create' access.
* @param string $operation
- * The entity operation. Usually one of 'view', 'edit', 'create' or
+ * The entity operation. Usually one of 'view', 'update', 'create' or
* 'delete'.
* @param string $langcode
* The language code for which to check access.
- * @param \Drupal\Core\Session\AccountInterface; $account
+ * @param \Drupal\Core\Session\AccountInterface $account
* The user for which to check access.
*
* @return bool|null
@@ -88,7 +88,7 @@ protected function checkAccess(EntityInterface $entity, $operation, $langcode, A
* @param \Drupal\Core\Entity\EntityInterface $entity
* The entity for which to check 'create' access.
* @param string $operation
- * The entity operation. Usually one of 'view', 'edit', 'create' or
+ * The entity operation. Usually one of 'view', 'update', 'create' or
* 'delete'.
* @param string $langcode
* The language code for which to check access.
@@ -113,10 +113,12 @@ protected function getCache(EntityInterface $entity, $operation, $langcode, Acco
/**
* Statically caches whether the given user has access.
*
+ * @param bool $access
+ * TRUE if the user has access, FALSE otherwise.
* @param \Drupal\Core\Entity\EntityInterface $entity
* The entity for which to check 'create' access.
* @param string $operation
- * The entity operation. Usually one of 'view', 'edit', 'create' or
+ * The entity operation. Usually one of 'view', 'update', 'create' or
* 'delete'.
* @param string $langcode
* The language code for which to check access.
diff --git a/core/lib/Drupal/Core/Entity/EntityListController.php b/core/lib/Drupal/Core/Entity/EntityListController.php
index 818ba2b8f197..1ebab9e003a5 100644
--- a/core/lib/Drupal/Core/Entity/EntityListController.php
+++ b/core/lib/Drupal/Core/Entity/EntityListController.php
@@ -91,22 +91,29 @@ public function load() {
}
/**
- * Implements \Drupal\Core\Entity\EntityListControllerInterface::getOperations().
+ * {@inheritdoc}
*/
public function getOperations(EntityInterface $entity) {
$uri = $entity->uri();
- $operations['edit'] = array(
- 'title' => t('Edit'),
- 'href' => $uri['path'] . '/edit',
- 'options' => $uri['options'],
- 'weight' => 10,
- );
- $operations['delete'] = array(
- 'title' => t('Delete'),
- 'href' => $uri['path'] . '/delete',
- 'options' => $uri['options'],
- 'weight' => 100,
- );
+
+ $operations = array();
+ if ($entity->access('update')) {
+ $operations['edit'] = array(
+ 'title' => t('Edit'),
+ 'href' => $uri['path'] . '/edit',
+ 'options' => $uri['options'],
+ 'weight' => 10,
+ );
+ }
+ if ($entity->access('delete')) {
+ $operations['delete'] = array(
+ 'title' => t('Delete'),
+ 'href' => $uri['path'] . '/delete',
+ 'options' => $uri['options'],
+ 'weight' => 100,
+ );
+ }
+
return $operations;
}
diff --git a/core/modules/action/lib/Drupal/action/ActionAccessController.php b/core/modules/action/lib/Drupal/action/ActionAccessController.php
new file mode 100644
index 000000000000..90a8e5c0c4c7
--- /dev/null
+++ b/core/modules/action/lib/Drupal/action/ActionAccessController.php
@@ -0,0 +1,24 @@
+<?php
+
+/**
+ * @file
+ * Contains \Drupal\action\ActionAccessController.
+ */
+
+namespace Drupal\action;
+
+use Drupal\Core\Entity\EntityAccessController;
+use Drupal\Core\Entity\EntityInterface;
+use Drupal\Core\Language\Language;
+use Drupal\Core\Session\AccountInterface;
+
+class ActionAccessController extends EntityAccessController {
+
+ /**
+ * {@inheritdoc}
+ */
+ public function access(EntityInterface $entity, $operation, $langcode = Language::LANGUAGE_DEFAULT, AccountInterface $account = NULL) {
+ return user_access('administer actions', $account);
+ }
+
+}
diff --git a/core/modules/action/lib/Drupal/action/ActionListController.php b/core/modules/action/lib/Drupal/action/ActionListController.php
index 1ad8319b20ef..f3d58484f544 100644
--- a/core/modules/action/lib/Drupal/action/ActionListController.php
+++ b/core/modules/action/lib/Drupal/action/ActionListController.php
@@ -109,9 +109,8 @@ public function buildHeader() {
* {@inheritdoc}
*/
public function getOperations(EntityInterface $entity) {
- $operations = array();
- if ($entity->isConfigurable()) {
- $operations = parent::getOperations($entity);
+ $operations = $entity->isConfigurable() ? parent::getOperations($entity) : array();
+ if (isset($operations['edit'])) {
$operations['edit']['title'] = t('Configure');
}
return $operations;
diff --git a/core/modules/block/custom_block/lib/Drupal/custom_block/CustomBlockTypeAccessController.php b/core/modules/block/custom_block/lib/Drupal/custom_block/CustomBlockTypeAccessController.php
new file mode 100644
index 000000000000..3aa95cea2f07
--- /dev/null
+++ b/core/modules/block/custom_block/lib/Drupal/custom_block/CustomBlockTypeAccessController.php
@@ -0,0 +1,31 @@
+<?php
+
+/**
+ * @file
+ * Contains \Drupal\custom_block\CustomBlockTypeAccessController.
+ */
+
+namespace Drupal\custom_block;
+
+use Drupal\Core\Entity\EntityInterface;
+use Drupal\Core\Entity\EntityAccessController;
+use Drupal\Core\Session\AccountInterface;
+
+/**
+ * Defines the access controller for the custom block type entity type.
+ */
+class CustomBlockTypeAccessController extends EntityAccessController {
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function checkAccess(EntityInterface $entity, $operation, $langcode, AccountInterface $account) {
+ if ($operation === 'view') {
+ return TRUE;
+ }
+ elseif (in_array($operation, array('create', 'update', 'delete'))) {
+ return user_access('administer blocks', $account);
+ }
+ }
+
+}
diff --git a/core/modules/block/custom_block/lib/Drupal/custom_block/CustomBlockTypeListController.php b/core/modules/block/custom_block/lib/Drupal/custom_block/CustomBlockTypeListController.php
index 8ef270c5f804..eab2bcd31d42 100644
--- a/core/modules/block/custom_block/lib/Drupal/custom_block/CustomBlockTypeListController.php
+++ b/core/modules/block/custom_block/lib/Drupal/custom_block/CustomBlockTypeListController.php
@@ -16,7 +16,7 @@
class CustomBlockTypeListController extends ConfigEntityListController {
/**
- * Overrides \Drupal\Core\Entity\EntityListController::getOperations().
+ * {@inheritdoc}
*/
public function getOperations(EntityInterface $entity) {
$operations = parent::getOperations($entity);
diff --git a/core/modules/block/custom_block/lib/Drupal/custom_block/Plugin/Core/Entity/CustomBlockType.php b/core/modules/block/custom_block/lib/Drupal/custom_block/Plugin/Core/Entity/CustomBlockType.php
index 4d5f33b1ebe7..0ceabd531ff4 100644
--- a/core/modules/block/custom_block/lib/Drupal/custom_block/Plugin/Core/Entity/CustomBlockType.php
+++ b/core/modules/block/custom_block/lib/Drupal/custom_block/Plugin/Core/Entity/CustomBlockType.php
@@ -22,6 +22,7 @@
* module = "custom_block",
* controllers = {
* "storage" = "Drupal\Core\Config\Entity\ConfigStorageController",
+ * "access" = "Drupal\custom_block\CustomBlockTypeAccessController",
* "form" = {
* "default" = "Drupal\custom_block\CustomBlockTypeFormController",
* "delete" = "Drupal\custom_block\Form\CustomBlockTypeDeleteForm"
diff --git a/core/modules/config/tests/config_test/lib/Drupal/config_test/ConfigTestAccessController.php b/core/modules/config/tests/config_test/lib/Drupal/config_test/ConfigTestAccessController.php
new file mode 100644
index 000000000000..c973c5aba4b0
--- /dev/null
+++ b/core/modules/config/tests/config_test/lib/Drupal/config_test/ConfigTestAccessController.php
@@ -0,0 +1,27 @@
+<?php
+
+/**
+ * @file
+ * Contains \Drupal\config_test\ConfigTestAccessController.
+ */
+
+namespace Drupal\config_test;
+
+use Drupal\Core\Session\AccountInterface;
+use Drupal\Core\Entity\EntityAccessController;
+use Drupal\Core\Entity\EntityInterface;
+use Drupal\Core\Language\Language;
+
+/**
+ * Defines the access controller for the config_test entity type.
+ */
+class ConfigTestAccessController extends EntityAccessController {
+
+ /**
+ * {@inheritdoc}
+ */
+ public function access(EntityInterface $entity, $operation, $langcode = Language::LANGUAGE_DEFAULT, AccountInterface $account = NULL) {
+ return TRUE;
+ }
+
+}
diff --git a/core/modules/config/tests/config_test/lib/Drupal/config_test/Plugin/Core/Entity/ConfigTest.php b/core/modules/config/tests/config_test/lib/Drupal/config_test/Plugin/Core/Entity/ConfigTest.php
index 12a033bdf52e..dc76288c29b9 100644
--- a/core/modules/config/tests/config_test/lib/Drupal/config_test/Plugin/Core/Entity/ConfigTest.php
+++ b/core/modules/config/tests/config_test/lib/Drupal/config_test/Plugin/Core/Entity/ConfigTest.php
@@ -25,7 +25,8 @@
* "form" = {
* "default" = "Drupal\config_test\ConfigTestFormController",
* "delete" = "Drupal\config_test\Form\ConfigTestDeleteForm"
- * }
+ * },
+ * "access" = "Drupal\config_test\ConfigTestAccessController"
* },
* uri_callback = "config_test_uri",
* config_prefix = "config_test.dynamic",
diff --git a/core/modules/contact/lib/Drupal/contact/CategoryListController.php b/core/modules/contact/lib/Drupal/contact/CategoryListController.php
index 25f18f23a260..db3f829c723c 100644
--- a/core/modules/contact/lib/Drupal/contact/CategoryListController.php
+++ b/core/modules/contact/lib/Drupal/contact/CategoryListController.php
@@ -34,13 +34,6 @@ public function getOperations(EntityInterface $entity) {
'weight' => 12,
);
}
-
- if (!$entity->access('delete')) {
- unset($operations['delete']);
- }
- if (!$entity->access('update')) {
- unset($operations['edit']);
- }
return $operations;
}
diff --git a/core/modules/menu/lib/Drupal/menu/MenuAccessController.php b/core/modules/menu/lib/Drupal/menu/MenuAccessController.php
new file mode 100644
index 000000000000..4cb2962ed6a9
--- /dev/null
+++ b/core/modules/menu/lib/Drupal/menu/MenuAccessController.php
@@ -0,0 +1,39 @@
+<?php
+
+/**
+ * @file
+ * Contains \Drupal\menu\MenuAccessController.
+ */
+
+namespace Drupal\menu;
+
+use Drupal\Core\Entity\EntityInterface;
+use Drupal\Core\Entity\EntityAccessController;
+use Drupal\Core\Session\AccountInterface;
+
+/**
+ * Defines the access controller for the menu entity type.
+ */
+class MenuAccessController extends EntityAccessController {
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function checkAccess(EntityInterface $entity, $operation, $langcode, AccountInterface $account) {
+ if ($operation === 'view') {
+ return TRUE;
+ }
+ elseif ($operation == 'delete') {
+ // System menus could not be deleted.
+ $system_menus = menu_list_system_menus();
+ if (isset($system_menus[$entity->id()])) {
+ return FALSE;
+ }
+ }
+
+ if (in_array($operation, array('create', 'update', 'delete'))) {
+ return user_access('administer menu', $account);
+ }
+ }
+
+}
diff --git a/core/modules/menu/lib/Drupal/menu/MenuListController.php b/core/modules/menu/lib/Drupal/menu/MenuListController.php
index dfa60193f43f..139c40ba3e25 100644
--- a/core/modules/menu/lib/Drupal/menu/MenuListController.php
+++ b/core/modules/menu/lib/Drupal/menu/MenuListController.php
@@ -41,27 +41,24 @@ public function buildRow(EntityInterface $entity) {
}
/**
- * Overrides \Drupal\Core\Entity\EntityListController::getOperations();
+ * {@inheritdoc}
*/
public function getOperations(EntityInterface $entity) {
$operations = parent::getOperations($entity);
$uri = $entity->uri();
- $operations['edit']['title'] = t('Edit menu');
+ if (isset($operations['edit'])) {
+ $operations['edit']['title'] = t('Edit menu');
+ }
+ if (isset($operations['delete'])) {
+ $operations['delete']['title'] = t('Delete menu');
+ }
$operations['add'] = array(
'title' => t('Add link'),
'href' => $uri['path'] . '/add',
'options' => $uri['options'],
'weight' => 20,
);
- // System menus could not be deleted.
- $system_menus = menu_list_system_menus();
- if (isset($system_menus[$entity->id()])) {
- unset($operations['delete']);
- }
- else {
- $operations['delete']['title'] = t('Delete menu');
- }
return $operations;
}
diff --git a/core/modules/menu/menu.module b/core/modules/menu/menu.module
index f506445a005f..18b0ee511716 100644
--- a/core/modules/menu/menu.module
+++ b/core/modules/menu/menu.module
@@ -146,6 +146,7 @@ function menu_menu() {
*/
function menu_entity_info(&$entity_info) {
$entity_info['menu']['controllers']['list'] = 'Drupal\menu\MenuListController';
+ $entity_info['menu']['controllers']['access'] = 'Drupal\menu\MenuAccessController';
$entity_info['menu']['uri_callback'] = 'menu_uri';
$entity_info['menu']['controllers']['form'] = array(
'default' => 'Drupal\menu\MenuFormController',
diff --git a/core/modules/picture/lib/Drupal/picture/PictureMappingAccessController.php b/core/modules/picture/lib/Drupal/picture/PictureMappingAccessController.php
new file mode 100644
index 000000000000..5ee0adeb3a22
--- /dev/null
+++ b/core/modules/picture/lib/Drupal/picture/PictureMappingAccessController.php
@@ -0,0 +1,31 @@
+<?php
+
+/**
+ * @file
+ * Contains \Drupal\picture\PictureMappingAccessController.
+ */
+
+namespace Drupal\picture;
+
+use Drupal\Core\Entity\EntityInterface;
+use Drupal\Core\Entity\EntityAccessController;
+use Drupal\Core\Session\AccountInterface;
+
+/**
+ * Defines the access controller for the picture mapping entity type.
+ */
+class PictureMappingAccessController extends EntityAccessController {
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function checkAccess(EntityInterface $entity, $operation, $langcode, AccountInterface $account) {
+ if ($operation === 'view') {
+ return TRUE;
+ }
+ elseif (in_array($operation, array('create', 'update', 'delete'))) {
+ return user_access('administer pictures', $account);
+ }
+ }
+
+}
diff --git a/core/modules/picture/lib/Drupal/picture/PictureMappingListController.php b/core/modules/picture/lib/Drupal/picture/PictureMappingListController.php
index 343dbd3ddf3c..0b634620e5d3 100644
--- a/core/modules/picture/lib/Drupal/picture/PictureMappingListController.php
+++ b/core/modules/picture/lib/Drupal/picture/PictureMappingListController.php
@@ -32,7 +32,7 @@ public function hookMenu() {
}
/**
- * Overrides Drupal\config\ConfigEntityListController::getOperations();
+ * {@inheritdoc}
*/
public function getOperations(EntityInterface $entity) {
$operations = parent::getOperations($entity);
diff --git a/core/modules/picture/lib/Drupal/picture/Plugin/Core/Entity/PictureMapping.php b/core/modules/picture/lib/Drupal/picture/Plugin/Core/Entity/PictureMapping.php
index 169292f05fd1..e10f86f8f695 100644
--- a/core/modules/picture/lib/Drupal/picture/Plugin/Core/Entity/PictureMapping.php
+++ b/core/modules/picture/lib/Drupal/picture/Plugin/Core/Entity/PictureMapping.php
@@ -21,6 +21,7 @@
* module = "picture",
* controllers = {
* "storage" = "Drupal\Core\Config\Entity\ConfigStorageController",
+ * "access" = "Drupal\picture\PictureMappingAccessController",
* "list" = "Drupal\picture\PictureMappingListController",
* "form" = {
* "edit" = "Drupal\picture\PictureMappingFormController",
diff --git a/core/modules/shortcut/lib/Drupal/shortcut/ShortcutAccessController.php b/core/modules/shortcut/lib/Drupal/shortcut/ShortcutAccessController.php
index d5a143d4722c..da0e616cc741 100644
--- a/core/modules/shortcut/lib/Drupal/shortcut/ShortcutAccessController.php
+++ b/core/modules/shortcut/lib/Drupal/shortcut/ShortcutAccessController.php
@@ -21,7 +21,7 @@ class ShortcutAccessController extends EntityAccessController {
*/
protected function checkAccess(EntityInterface $entity, $operation, $langcode, AccountInterface $account) {
switch ($operation) {
- case 'edit':
+ case 'update':
if (user_access('administer shortcuts', $account)) {
return TRUE;
}
diff --git a/core/modules/shortcut/lib/Drupal/shortcut/ShortcutListController.php b/core/modules/shortcut/lib/Drupal/shortcut/ShortcutListController.php
index a40005ca9772..02e8e87f9171 100644
--- a/core/modules/shortcut/lib/Drupal/shortcut/ShortcutListController.php
+++ b/core/modules/shortcut/lib/Drupal/shortcut/ShortcutListController.php
@@ -24,22 +24,21 @@ public function buildHeader() {
}
/**
- * Overrides \Drupal\Core\Entity\EntityListController::getOperations().
+ * {@inheritdoc}
*/
public function getOperations(EntityInterface $entity) {
$operations = parent::getOperations($entity);
$uri = $entity->uri();
- $operations['edit']['title'] = t('Edit menu');
- $operations['edit']['href'] = $uri['path'] . '/edit';
+ if (isset($operations['edit'])) {
+ $operations['edit']['title'] = t('Edit menu');
+ $operations['edit']['href'] = $uri['path'] . '/edit';
+ }
$operations['list'] = array(
'title' => t('List links'),
'href' => $uri['path'],
);
- if (!$entity->access('delete')) {
- unset($operations['delete']);
- }
return $operations;
}
diff --git a/core/modules/shortcut/shortcut.routing.yml b/core/modules/shortcut/shortcut.routing.yml
index b217514399b3..df1dc1c7abf2 100644
--- a/core/modules/shortcut/shortcut.routing.yml
+++ b/core/modules/shortcut/shortcut.routing.yml
@@ -24,11 +24,11 @@ shortcut_set_edit:
defaults:
_entity_form: 'shortcut.edit'
requirements:
- _entity_access: 'shortcut.edit'
+ _entity_access: 'shortcut.update'
shortcut_link_add_inline:
pattern: '/admin/config/user-interface/shortcut/manage/{shortcut}/add-link-inline'
defaults:
_controller: 'Drupal\shortcut\Controller\ShortcutController::addShortcutLinkInline'
requirements:
- _entity_access: 'shortcut.edit'
+ _entity_access: 'shortcut.update'
diff --git a/core/modules/system/lib/Drupal/system/Plugin/Core/Entity/Action.php b/core/modules/system/lib/Drupal/system/Plugin/Core/Entity/Action.php
index dfdf37973c32..fe8f537ef781 100644
--- a/core/modules/system/lib/Drupal/system/Plugin/Core/Entity/Action.php
+++ b/core/modules/system/lib/Drupal/system/Plugin/Core/Entity/Action.php
@@ -23,7 +23,8 @@
* label = @Translation("Action"),
* module = "system",
* controllers = {
- * "storage" = "Drupal\Core\Config\Entity\ConfigStorageController"
+ * "storage" = "Drupal\Core\Config\Entity\ConfigStorageController",
+ * "access" = "Drupal\action\ActionAccessController"
* },
* config_prefix = "action.action",
* entity_keys = {
diff --git a/core/modules/taxonomy/lib/Drupal/taxonomy/VocabularyListController.php b/core/modules/taxonomy/lib/Drupal/taxonomy/VocabularyListController.php
index 11ed4a13ffab..edd0b8db64c8 100644
--- a/core/modules/taxonomy/lib/Drupal/taxonomy/VocabularyListController.php
+++ b/core/modules/taxonomy/lib/Drupal/taxonomy/VocabularyListController.php
@@ -30,8 +30,10 @@ public function getOperations(EntityInterface $entity) {
$operations = parent::getOperations($entity);
$uri = $entity->uri();
- $operations['edit']['title'] = t('edit vocabulary');
- $operations['edit']['href'] = $uri['path'] . '/edit';
+ if (isset($operations['edit'])) {
+ $operations['edit']['title'] = t('edit vocabulary');
+ $operations['edit']['href'] = $uri['path'] . '/edit';
+ }
$operations['list'] = array(
'title' => t('list terms'),
diff --git a/core/modules/views/lib/Drupal/views/Plugin/Core/Entity/View.php b/core/modules/views/lib/Drupal/views/Plugin/Core/Entity/View.php
index 4b11a10c6f6c..392370321e03 100644
--- a/core/modules/views/lib/Drupal/views/Plugin/Core/Entity/View.php
+++ b/core/modules/views/lib/Drupal/views/Plugin/Core/Entity/View.php
@@ -24,7 +24,8 @@
* label = @Translation("View"),
* module = "views",
* controllers = {
- * "storage" = "Drupal\views\ViewStorageController"
+ * "storage" = "Drupal\views\ViewStorageController",
+ * "access" = "Drupal\views\ViewAccessController"
* },
* config_prefix = "views.view",
* entity_keys = {
diff --git a/core/modules/views/lib/Drupal/views/ViewAccessController.php b/core/modules/views/lib/Drupal/views/ViewAccessController.php
new file mode 100644
index 000000000000..7fee713e53e6
--- /dev/null
+++ b/core/modules/views/lib/Drupal/views/ViewAccessController.php
@@ -0,0 +1,27 @@
+<?php
+
+/**
+ * @file
+ * Contains \Drupal\views\ViewAccessController.
+ */
+
+namespace Drupal\views;
+
+use Drupal\Core\Entity\EntityAccessController;
+use Drupal\Core\Entity\EntityInterface;
+use Drupal\Core\Language\Language;
+use Drupal\Core\Session\AccountInterface;
+
+/**
+ * Defines the access controller for the view entity type.
+ */
+class ViewAccessController extends EntityAccessController {
+
+ /**
+ * {@inheritdoc}
+ */
+ public function access(EntityInterface $entity, $operation, $langcode = Language::LANGUAGE_DEFAULT, AccountInterface $account = NULL) {
+ return $operation == 'view' || user_access('administer views', $account);
+ }
+
+}
diff --git a/core/modules/views_ui/lib/Drupal/views_ui/ViewListController.php b/core/modules/views_ui/lib/Drupal/views_ui/ViewListController.php
index 429f9536a303..ad30ad179c49 100644
--- a/core/modules/views_ui/lib/Drupal/views_ui/ViewListController.php
+++ b/core/modules/views_ui/lib/Drupal/views_ui/ViewListController.php
@@ -133,13 +133,13 @@ public function buildHeader() {
}
/**
- * Implements \Drupal\Core\Entity\EntityListController::getOperations().
+ * {@inheritdoc}
*/
- public function getOperations(EntityInterface $view) {
- $definition = parent::getOperations($view);
- $uri = $view->uri();
+ public function getOperations(EntityInterface $entity) {
+ $operations = parent::getOperations($entity);
+ $uri = $entity->uri();
- $definition['clone'] = array(
+ $operations['clone'] = array(
'title' => t('Clone'),
'href' => $uri['path'] . '/clone',
'options' => $uri['options'],
@@ -148,12 +148,12 @@ public function getOperations(EntityInterface $view) {
// Add AJAX functionality to enable/disable operations.
foreach (array('enable', 'disable') as $op) {
- if (isset($definition[$op])) {
- $definition[$op]['ajax'] = TRUE;
+ if (isset($operations[$op])) {
+ $operations[$op]['ajax'] = TRUE;
}
}
- return $definition;
+ return $operations;
}
/**
@@ -169,10 +169,6 @@ public function buildOperations(EntityInterface $entity) {
}
}
- // Use the dropbutton #type.
- unset($build['#theme']);
- $build['#type'] = 'dropbutton';
-
return $build;
}
--
GitLab