diff --git a/core/modules/user/lib/Drupal/user/AccountFormController.php b/core/modules/user/lib/Drupal/user/AccountFormController.php index c1c3735b2a9914f0dc35882c0067641049a8c814..c40c695f930a5b6a743449079ace05ce900cb864 100644 --- a/core/modules/user/lib/Drupal/user/AccountFormController.php +++ b/core/modules/user/lib/Drupal/user/AccountFormController.php @@ -55,13 +55,14 @@ public static function create(ContainerInterface $container) { * {@inheritdoc} */ public function form(array $form, array &$form_state) { + /** @var \Drupal\user\UserInterface $account */ $account = $this->entity; $user = $this->currentUser(); $config = \Drupal::config('user.settings'); $language_interface = language(Language::TYPE_INTERFACE); $register = $account->isAnonymous(); - $admin = user_access('administer users'); + $admin = $user->hasPermission('administer users'); // Account information. $form['account'] = array( @@ -79,7 +80,7 @@ public function form(array $form, array &$form_state) { '#attributes' => array('class' => array('username'), 'autocorrect' => 'off', 'autocomplete' => 'off', 'autocapitalize' => 'off', 'spellcheck' => 'false'), '#default_value' => (!$register ? $account->getUsername() : ''), - '#access' => ($register || ($user->id() == $account->id() && user_access('change own username')) || $admin), + '#access' => ($register || ($user->id() == $account->id() && $user->hasPermission('change own username')) || $admin), '#weight' => -10, ); @@ -90,7 +91,7 @@ public function form(array $form, array &$form_state) { '#type' => 'email', '#title' => $this->t('E-mail address'), '#description' => $this->t('A valid e-mail address. All e-mails from the system will be sent to this address. The e-mail address is not made public and will only be used if you wish to receive a new password or wish to receive certain news or notifications by e-mail.'), - '#required' => !(!$account->getEmail() && user_access('administer users')), + '#required' => !(!$account->getEmail() && $user->hasPermission('administer users')), '#default_value' => (!$register ? $account->getEmail() : ''), '#attributes' => array('autocomplete' => 'off'), ); @@ -187,7 +188,7 @@ public function form(array $form, array &$form_state) { '#title' => $this->t('Roles'), '#default_value' => (!$register ? $account->getRoles() : array()), '#options' => $roles, - '#access' => $roles && user_access('administer permissions'), + '#access' => $roles && $user->hasPermission('administer permissions'), DRUPAL_AUTHENTICATED_RID => $checkbox_authenticated, ); @@ -228,7 +229,7 @@ public function form(array $form, array &$form_state) { '#title' => $this->t('Language settings'), // Display language selector when either creating a user on the admin // interface or editing a user account. - '#access' => !$register || user_access('administer users'), + '#access' => !$register || $user->hasPermission('administer users'), ); $form['language']['preferred_langcode'] = array( diff --git a/core/modules/user/lib/Drupal/user/EventSubscriber/MaintenanceModeSubscriber.php b/core/modules/user/lib/Drupal/user/EventSubscriber/MaintenanceModeSubscriber.php index 3c230867113c48dc9e3ee08f1aa858ee25c621dd..0a42c917be0fdc36d37c0ca7cdb6175c253d9bea 100644 --- a/core/modules/user/lib/Drupal/user/EventSubscriber/MaintenanceModeSubscriber.php +++ b/core/modules/user/lib/Drupal/user/EventSubscriber/MaintenanceModeSubscriber.php @@ -24,12 +24,13 @@ class MaintenanceModeSubscriber implements EventSubscriberInterface { * The event to process. */ public function onKernelRequestMaintenance(GetResponseEvent $event) { + $user = \Drupal::currentUser(); $request = $event->getRequest(); $site_status = $request->attributes->get('_maintenance'); $path = $request->attributes->get('_system_path'); if ($site_status == MENU_SITE_OFFLINE) { // If the site is offline, log out unprivileged users. - if ($GLOBALS['user']->isAuthenticated() && !user_access('access site in maintenance mode')) { + if ($user->isAuthenticated() && !$user->hasPermission('access site in maintenance mode')) { user_logout(); // Redirect to homepage. $event->setResponse(new RedirectResponse(url('', array('absolute' => TRUE)))); @@ -56,7 +57,7 @@ public function onKernelRequestMaintenance(GetResponseEvent $event) { } } } - if ($GLOBALS['user']->isAuthenticated()) { + if ($user->isAuthenticated()) { if ($path == 'user/login') { // If user is logged in, redirect to 'user' instead of giving 403. $event->setResponse(new RedirectResponse(url('user', array('absolute' => TRUE)))); @@ -64,7 +65,7 @@ public function onKernelRequestMaintenance(GetResponseEvent $event) { } if ($path == 'user/register') { // Authenticated user should be redirected to user edit page. - $event->setResponse(new RedirectResponse(url('user/' . $GLOBALS['user']->id() . '/edit', array('absolute' => TRUE)))); + $event->setResponse(new RedirectResponse(url('user/' . $user->id() . '/edit', array('absolute' => TRUE)))); return; } } diff --git a/core/modules/user/lib/Drupal/user/Plugin/entity_reference/selection/UserSelection.php b/core/modules/user/lib/Drupal/user/Plugin/entity_reference/selection/UserSelection.php index f14bc4e72fc6324a662532629cbc385822c71329..dc7475f3fdc536d92c872c4e5ece378663d5970d 100644 --- a/core/modules/user/lib/Drupal/user/Plugin/entity_reference/selection/UserSelection.php +++ b/core/modules/user/lib/Drupal/user/Plugin/entity_reference/selection/UserSelection.php @@ -88,9 +88,9 @@ public function buildEntityQuery($match = NULL, $match_operator = 'CONTAINS') { $query->condition('name', $match, $match_operator); } - // Adding the 'user_access' tag is sadly insufficient for users: core + // Adding the permission check is sadly insufficient for users: core // requires us to also know about the concept of 'blocked' and 'active'. - if (!user_access('administer users')) { + if (!\Drupal::currentUser()->hasPermission('administer users')) { $query->condition('status', 1); } return $query; @@ -100,7 +100,7 @@ public function buildEntityQuery($match = NULL, $match_operator = 'CONTAINS') { * {@inheritdoc} */ public function entityQueryAlter(SelectInterface $query) { - if (user_access('administer users')) { + if (\Drupal::currentUser()->hasPermission('administer users')) { // In addition, if the user is administrator, we need to make sure to // match the anonymous user, that doesn't actually have a name in the // database. diff --git a/core/modules/user/lib/Drupal/user/RegisterFormController.php b/core/modules/user/lib/Drupal/user/RegisterFormController.php index 38612a27b6b513e69268c3f000f5884ff7b93ce3..9062eb456ee33232fd8ed196e99118760133f686 100644 --- a/core/modules/user/lib/Drupal/user/RegisterFormController.php +++ b/core/modules/user/lib/Drupal/user/RegisterFormController.php @@ -18,11 +18,9 @@ class RegisterFormController extends AccountFormController { * Overrides Drupal\Core\Entity\EntityFormController::form(). */ public function form(array $form, array &$form_state) { - global $user; + $user = $this->currentUser(); $account = $this->entity; - - $admin = user_access('administer users'); - + $admin = $user->hasPermission('administer users'); // Pass access information to the submit handler. Running an access check // inside the submit function interferes with form processing and breaks // hook_form_alter(). diff --git a/core/modules/user/lib/Drupal/user/Tests/UserPermissionsTest.php b/core/modules/user/lib/Drupal/user/Tests/UserPermissionsTest.php index 06d499446100e97226651d9f50fefcd983625dc7..fac4a544819613ce9827c15033f44c1e0ff6d48d 100644 --- a/core/modules/user/lib/Drupal/user/Tests/UserPermissionsTest.php +++ b/core/modules/user/lib/Drupal/user/Tests/UserPermissionsTest.php @@ -34,7 +34,7 @@ function setUp() { } /** - * Change user permissions and check user_access(). + * Test changing user permissions through the permissions page. */ function testUserPermissionChanges() { $permissions_hash_generator = $this->container->get('user.permissions_hash'); @@ -46,27 +46,27 @@ function testUserPermissionChanges() { $this->assertIdentical($previous_permissions_hash, $permissions_hash_generator->generate($this->loggedInUser)); // Add a permission. - $this->assertFalse(user_access('administer nodes', $account), 'User does not have "administer nodes" permission.'); + $this->assertFalse($account->hasPermission('administer nodes'), 'User does not have "administer nodes" permission.'); $edit = array(); $edit[$rid . '[administer nodes]'] = TRUE; $this->drupalPostForm('admin/people/permissions', $edit, t('Save permissions')); $this->assertText(t('The changes have been saved.'), 'Successful save message displayed.'); $storage_controller = $this->container->get('entity.manager')->getStorageController('user_role'); $storage_controller->resetCache(); - $this->assertTrue(user_access('administer nodes', $account), 'User now has "administer nodes" permission.'); + $this->assertTrue($account->hasPermission('administer nodes'), 'User now has "administer nodes" permission.'); $current_permissions_hash = $permissions_hash_generator->generate($account); $this->assertIdentical($current_permissions_hash, $permissions_hash_generator->generate($this->loggedInUser)); $this->assertNotEqual($previous_permissions_hash, $current_permissions_hash, 'Permissions hash has changed.'); $previous_permissions_hash = $current_permissions_hash; // Remove a permission. - $this->assertTrue(user_access('access user profiles', $account), 'User has "access user profiles" permission.'); + $this->assertTrue($account->hasPermission('access user profiles'), 'User has "access user profiles" permission.'); $edit = array(); $edit[$rid . '[access user profiles]'] = FALSE; $this->drupalPostForm('admin/people/permissions', $edit, t('Save permissions')); $this->assertText(t('The changes have been saved.'), 'Successful save message displayed.'); $storage_controller->resetCache(); - $this->assertFalse(user_access('access user profiles', $account), 'User no longer has "access user profiles" permission.'); + $this->assertFalse($account->hasPermission('access user profiles'), 'User no longer has "access user profiles" permission.'); $current_permissions_hash = $permissions_hash_generator->generate($account); $this->assertIdentical($current_permissions_hash, $permissions_hash_generator->generate($this->loggedInUser)); $this->assertNotEqual($previous_permissions_hash, $current_permissions_hash, 'Permissions hash has changed.'); @@ -91,7 +91,7 @@ function testAdministratorRole() { // Aggregator depends on file module, enable that as well. $edit['modules[Field types][file][enable]'] = TRUE; $this->drupalPostForm('admin/modules', $edit, t('Save configuration')); - $this->assertTrue(user_access('administer news feeds', $this->admin_user), 'The permission was automatically assigned to the administrator role'); + $this->assertTrue($this->admin_user->hasPermission('administer news feeds'), 'The permission was automatically assigned to the administrator role'); } /** @@ -105,9 +105,9 @@ function testUserRoleChangePermissions() { $previous_permissions_hash = $permissions_hash_generator->generate($account); // Verify current permissions. - $this->assertFalse(user_access('administer nodes', $account), 'User does not have "administer nodes" permission.'); - $this->assertTrue(user_access('access user profiles', $account), 'User has "access user profiles" permission.'); - $this->assertTrue(user_access('administer site configuration', $account), 'User has "administer site configuration" permission.'); + $this->assertFalse($account->hasPermission('administer nodes'), 'User does not have "administer nodes" permission.'); + $this->assertTrue($account->hasPermission('access user profiles'), 'User has "access user profiles" permission.'); + $this->assertTrue($account->hasPermission('administer site configuration'), 'User has "administer site configuration" permission.'); // Change permissions. $permissions = array( @@ -117,9 +117,9 @@ function testUserRoleChangePermissions() { user_role_change_permissions($rid, $permissions); // Verify proper permission changes. - $this->assertTrue(user_access('administer nodes', $account), 'User now has "administer nodes" permission.'); - $this->assertFalse(user_access('access user profiles', $account), 'User no longer has "access user profiles" permission.'); - $this->assertTrue(user_access('administer site configuration', $account), 'User still has "administer site configuration" permission.'); + $this->assertTrue($account->hasPermission('administer nodes'), 'User now has "administer nodes" permission.'); + $this->assertFalse($account->hasPermission('access user profiles'), 'User no longer has "access user profiles" permission.'); + $this->assertTrue($account->hasPermission('administer site configuration'), 'User still has "administer site configuration" permission.'); // Verify the permissions hash has changed. $current_permissions_hash = $permissions_hash_generator->generate($account); diff --git a/core/modules/user/lib/Drupal/user/UserAccessController.php b/core/modules/user/lib/Drupal/user/UserAccessController.php index 618dfe3ca2a11d79502ac8a3367fe8a55be1f137..9aed19e946e22d2ac4e1a5072c627fd563a17219 100644 --- a/core/modules/user/lib/Drupal/user/UserAccessController.php +++ b/core/modules/user/lib/Drupal/user/UserAccessController.php @@ -28,14 +28,14 @@ protected function checkAccess(EntityInterface $entity, $operation, $langcode, A case 'update': // Users can always edit their own account. Users with the 'administer // users' permission can edit any account except the anonymous account. - return (($account->id() == $entity->id()) || user_access('administer users', $account)) && $entity->id() > 0; + return (($account->id() == $entity->id()) || $account->hasPermission('administer users')) && $entity->id() > 0; break; case 'delete': // Users with 'cancel account' permission can cancel their own account, // users with 'administer users' permission can cancel any account // except the anonymous account. - return ((($account->id() == $entity->id()) && user_access('cancel account', $account)) || user_access('administer users', $account)) && $entity->id() > 0; + return ((($account->id() == $entity->id()) && $account->hasPermission('cancel account')) || $account->hasPermission('administer users')) && $entity->id() > 0; break; } } @@ -49,10 +49,10 @@ protected function viewAccess(EntityInterface $entity, $langcode, AccountInterfa // Never allow access to view the anonymous user account. if ($entity->id()) { // Admins can view all, users can view own profiles at all times. - if ($account->id() == $entity->id() || user_access('administer users', $account)) { + if ($account->id() == $entity->id() || $account->hasPermission('administer users')) { return TRUE; } - elseif (user_access('access user profiles', $account)) { + elseif ($account->hasPermission('access user profiles')) { // Only allow view access if the account is active. return $entity->status->value; } diff --git a/core/modules/user/user.api.php b/core/modules/user/user.api.php index 2d2fbd9a47466e2e8ef2c4c8ad4a717dfec546f8..cc18e9272655d7d945056e2a2bb62556443122ee 100644 --- a/core/modules/user/user.api.php +++ b/core/modules/user/user.api.php @@ -167,8 +167,9 @@ function hook_user_cancel($edit, $account, $method) { * @see user_cancel_confirm_form() */ function hook_user_cancel_methods_alter(&$methods) { + $account = \Drupal::currentUser(); // Limit access to disable account and unpublish content method. - $methods['user_cancel_block_unpublish']['access'] = user_access('administer site configuration'); + $methods['user_cancel_block_unpublish']['access'] = $account->hasPermission('administer site configuration'); // Remove the content re-assigning method. unset($methods['user_cancel_reassign']); @@ -178,7 +179,7 @@ function hook_user_cancel_methods_alter(&$methods) { 'title' => t('Delete the account and remove all content.'), 'description' => t('All your content will be replaced by empty strings.'), // access should be used for administrative methods only. - 'access' => user_access('access zero-out account cancellation method'), + 'access' => $account->hasPermission('access zero-out account cancellation method'), ); } diff --git a/core/modules/user/user.module b/core/modules/user/user.module index 88862d510a2e133dd593b7d6294780ee97b13908..8cb2810b34b14263642385f22e1eef2cd3f3b9d0 100644 --- a/core/modules/user/user.module +++ b/core/modules/user/user.module @@ -575,7 +575,7 @@ function user_format_name(AccountInterface $account) { * @see user_user_logout() */ function user_template_preprocess_default_variables_alter(&$variables) { - global $user; + $user = \Drupal::currentUser(); // If this function is called from the installer after Drupal has been // installed then $user will not be set. @@ -587,7 +587,7 @@ function user_template_preprocess_default_variables_alter(&$variables) { // Remove password and session IDs, $form_state, since themes should not need nor see them. unset($variables['user']->pass, $variables['user']->sid, $variables['user']->ssid); - $variables['is_admin'] = user_access('access administration pages'); + $variables['is_admin'] = $user->hasPermission('access administration pages'); $variables['logged_in'] = $user->isAuthenticated(); } @@ -619,7 +619,7 @@ function template_preprocess_username(&$variables) { $name = drupal_substr($name, 0, 15) . '...'; } $variables['name'] = check_plain($name); - $variables['profile_access'] = user_access('access user profiles'); + $variables['profile_access'] = \Drupal::currentUser()->hasPermission('access user profiles'); // Populate link path and attributes if appropriate. if ($variables['uid'] && $variables['profile_access']) {