Commit 354ff8f7 authored by webchick's avatar webchick

Issue #2062039 by InternetDevels, Xano, h3rj4n: Replace user_access() calls...

Issue #2062039 by InternetDevels, Xano, h3rj4n: Replace user_access() calls with ->hasPermission() in user module.
parent 6740e953
...@@ -55,13 +55,14 @@ public static function create(ContainerInterface $container) { ...@@ -55,13 +55,14 @@ public static function create(ContainerInterface $container) {
* {@inheritdoc} * {@inheritdoc}
*/ */
public function form(array $form, array &$form_state) { public function form(array $form, array &$form_state) {
/** @var \Drupal\user\UserInterface $account */
$account = $this->entity; $account = $this->entity;
$user = $this->currentUser(); $user = $this->currentUser();
$config = \Drupal::config('user.settings'); $config = \Drupal::config('user.settings');
$language_interface = language(Language::TYPE_INTERFACE); $language_interface = language(Language::TYPE_INTERFACE);
$register = $account->isAnonymous(); $register = $account->isAnonymous();
$admin = user_access('administer users'); $admin = $user->hasPermission('administer users');
// Account information. // Account information.
$form['account'] = array( $form['account'] = array(
...@@ -79,7 +80,7 @@ public function form(array $form, array &$form_state) { ...@@ -79,7 +80,7 @@ public function form(array $form, array &$form_state) {
'#attributes' => array('class' => array('username'), 'autocorrect' => 'off', 'autocomplete' => 'off', 'autocapitalize' => 'off', '#attributes' => array('class' => array('username'), 'autocorrect' => 'off', 'autocomplete' => 'off', 'autocapitalize' => 'off',
'spellcheck' => 'false'), 'spellcheck' => 'false'),
'#default_value' => (!$register ? $account->getUsername() : ''), '#default_value' => (!$register ? $account->getUsername() : ''),
'#access' => ($register || ($user->id() == $account->id() && user_access('change own username')) || $admin), '#access' => ($register || ($user->id() == $account->id() && $user->hasPermission('change own username')) || $admin),
'#weight' => -10, '#weight' => -10,
); );
...@@ -90,7 +91,7 @@ public function form(array $form, array &$form_state) { ...@@ -90,7 +91,7 @@ public function form(array $form, array &$form_state) {
'#type' => 'email', '#type' => 'email',
'#title' => $this->t('E-mail address'), '#title' => $this->t('E-mail address'),
'#description' => $this->t('A valid e-mail address. All e-mails from the system will be sent to this address. The e-mail address is not made public and will only be used if you wish to receive a new password or wish to receive certain news or notifications by e-mail.'), '#description' => $this->t('A valid e-mail address. All e-mails from the system will be sent to this address. The e-mail address is not made public and will only be used if you wish to receive a new password or wish to receive certain news or notifications by e-mail.'),
'#required' => !(!$account->getEmail() && user_access('administer users')), '#required' => !(!$account->getEmail() && $user->hasPermission('administer users')),
'#default_value' => (!$register ? $account->getEmail() : ''), '#default_value' => (!$register ? $account->getEmail() : ''),
'#attributes' => array('autocomplete' => 'off'), '#attributes' => array('autocomplete' => 'off'),
); );
...@@ -187,7 +188,7 @@ public function form(array $form, array &$form_state) { ...@@ -187,7 +188,7 @@ public function form(array $form, array &$form_state) {
'#title' => $this->t('Roles'), '#title' => $this->t('Roles'),
'#default_value' => (!$register ? $account->getRoles() : array()), '#default_value' => (!$register ? $account->getRoles() : array()),
'#options' => $roles, '#options' => $roles,
'#access' => $roles && user_access('administer permissions'), '#access' => $roles && $user->hasPermission('administer permissions'),
DRUPAL_AUTHENTICATED_RID => $checkbox_authenticated, DRUPAL_AUTHENTICATED_RID => $checkbox_authenticated,
); );
...@@ -228,7 +229,7 @@ public function form(array $form, array &$form_state) { ...@@ -228,7 +229,7 @@ public function form(array $form, array &$form_state) {
'#title' => $this->t('Language settings'), '#title' => $this->t('Language settings'),
// Display language selector when either creating a user on the admin // Display language selector when either creating a user on the admin
// interface or editing a user account. // interface or editing a user account.
'#access' => !$register || user_access('administer users'), '#access' => !$register || $user->hasPermission('administer users'),
); );
$form['language']['preferred_langcode'] = array( $form['language']['preferred_langcode'] = array(
......
...@@ -24,12 +24,13 @@ class MaintenanceModeSubscriber implements EventSubscriberInterface { ...@@ -24,12 +24,13 @@ class MaintenanceModeSubscriber implements EventSubscriberInterface {
* The event to process. * The event to process.
*/ */
public function onKernelRequestMaintenance(GetResponseEvent $event) { public function onKernelRequestMaintenance(GetResponseEvent $event) {
$user = \Drupal::currentUser();
$request = $event->getRequest(); $request = $event->getRequest();
$site_status = $request->attributes->get('_maintenance'); $site_status = $request->attributes->get('_maintenance');
$path = $request->attributes->get('_system_path'); $path = $request->attributes->get('_system_path');
if ($site_status == MENU_SITE_OFFLINE) { if ($site_status == MENU_SITE_OFFLINE) {
// If the site is offline, log out unprivileged users. // If the site is offline, log out unprivileged users.
if ($GLOBALS['user']->isAuthenticated() && !user_access('access site in maintenance mode')) { if ($user->isAuthenticated() && !$user->hasPermission('access site in maintenance mode')) {
user_logout(); user_logout();
// Redirect to homepage. // Redirect to homepage.
$event->setResponse(new RedirectResponse(url('<front>', array('absolute' => TRUE)))); $event->setResponse(new RedirectResponse(url('<front>', array('absolute' => TRUE))));
...@@ -56,7 +57,7 @@ public function onKernelRequestMaintenance(GetResponseEvent $event) { ...@@ -56,7 +57,7 @@ public function onKernelRequestMaintenance(GetResponseEvent $event) {
} }
} }
} }
if ($GLOBALS['user']->isAuthenticated()) { if ($user->isAuthenticated()) {
if ($path == 'user/login') { if ($path == 'user/login') {
// If user is logged in, redirect to 'user' instead of giving 403. // If user is logged in, redirect to 'user' instead of giving 403.
$event->setResponse(new RedirectResponse(url('user', array('absolute' => TRUE)))); $event->setResponse(new RedirectResponse(url('user', array('absolute' => TRUE))));
...@@ -64,7 +65,7 @@ public function onKernelRequestMaintenance(GetResponseEvent $event) { ...@@ -64,7 +65,7 @@ public function onKernelRequestMaintenance(GetResponseEvent $event) {
} }
if ($path == 'user/register') { if ($path == 'user/register') {
// Authenticated user should be redirected to user edit page. // Authenticated user should be redirected to user edit page.
$event->setResponse(new RedirectResponse(url('user/' . $GLOBALS['user']->id() . '/edit', array('absolute' => TRUE)))); $event->setResponse(new RedirectResponse(url('user/' . $user->id() . '/edit', array('absolute' => TRUE))));
return; return;
} }
} }
......
...@@ -88,9 +88,9 @@ public function buildEntityQuery($match = NULL, $match_operator = 'CONTAINS') { ...@@ -88,9 +88,9 @@ public function buildEntityQuery($match = NULL, $match_operator = 'CONTAINS') {
$query->condition('name', $match, $match_operator); $query->condition('name', $match, $match_operator);
} }
// Adding the 'user_access' tag is sadly insufficient for users: core // Adding the permission check is sadly insufficient for users: core
// requires us to also know about the concept of 'blocked' and 'active'. // requires us to also know about the concept of 'blocked' and 'active'.
if (!user_access('administer users')) { if (!\Drupal::currentUser()->hasPermission('administer users')) {
$query->condition('status', 1); $query->condition('status', 1);
} }
return $query; return $query;
...@@ -100,7 +100,7 @@ public function buildEntityQuery($match = NULL, $match_operator = 'CONTAINS') { ...@@ -100,7 +100,7 @@ public function buildEntityQuery($match = NULL, $match_operator = 'CONTAINS') {
* {@inheritdoc} * {@inheritdoc}
*/ */
public function entityQueryAlter(SelectInterface $query) { public function entityQueryAlter(SelectInterface $query) {
if (user_access('administer users')) { if (\Drupal::currentUser()->hasPermission('administer users')) {
// In addition, if the user is administrator, we need to make sure to // In addition, if the user is administrator, we need to make sure to
// match the anonymous user, that doesn't actually have a name in the // match the anonymous user, that doesn't actually have a name in the
// database. // database.
......
...@@ -18,11 +18,9 @@ class RegisterFormController extends AccountFormController { ...@@ -18,11 +18,9 @@ class RegisterFormController extends AccountFormController {
* Overrides Drupal\Core\Entity\EntityFormController::form(). * Overrides Drupal\Core\Entity\EntityFormController::form().
*/ */
public function form(array $form, array &$form_state) { public function form(array $form, array &$form_state) {
global $user; $user = $this->currentUser();
$account = $this->entity; $account = $this->entity;
$admin = $user->hasPermission('administer users');
$admin = user_access('administer users');
// Pass access information to the submit handler. Running an access check // Pass access information to the submit handler. Running an access check
// inside the submit function interferes with form processing and breaks // inside the submit function interferes with form processing and breaks
// hook_form_alter(). // hook_form_alter().
......
...@@ -34,7 +34,7 @@ function setUp() { ...@@ -34,7 +34,7 @@ function setUp() {
} }
/** /**
* Change user permissions and check user_access(). * Test changing user permissions through the permissions page.
*/ */
function testUserPermissionChanges() { function testUserPermissionChanges() {
$permissions_hash_generator = $this->container->get('user.permissions_hash'); $permissions_hash_generator = $this->container->get('user.permissions_hash');
...@@ -46,27 +46,27 @@ function testUserPermissionChanges() { ...@@ -46,27 +46,27 @@ function testUserPermissionChanges() {
$this->assertIdentical($previous_permissions_hash, $permissions_hash_generator->generate($this->loggedInUser)); $this->assertIdentical($previous_permissions_hash, $permissions_hash_generator->generate($this->loggedInUser));
// Add a permission. // Add a permission.
$this->assertFalse(user_access('administer nodes', $account), 'User does not have "administer nodes" permission.'); $this->assertFalse($account->hasPermission('administer nodes'), 'User does not have "administer nodes" permission.');
$edit = array(); $edit = array();
$edit[$rid . '[administer nodes]'] = TRUE; $edit[$rid . '[administer nodes]'] = TRUE;
$this->drupalPostForm('admin/people/permissions', $edit, t('Save permissions')); $this->drupalPostForm('admin/people/permissions', $edit, t('Save permissions'));
$this->assertText(t('The changes have been saved.'), 'Successful save message displayed.'); $this->assertText(t('The changes have been saved.'), 'Successful save message displayed.');
$storage_controller = $this->container->get('entity.manager')->getStorageController('user_role'); $storage_controller = $this->container->get('entity.manager')->getStorageController('user_role');
$storage_controller->resetCache(); $storage_controller->resetCache();
$this->assertTrue(user_access('administer nodes', $account), 'User now has "administer nodes" permission.'); $this->assertTrue($account->hasPermission('administer nodes'), 'User now has "administer nodes" permission.');
$current_permissions_hash = $permissions_hash_generator->generate($account); $current_permissions_hash = $permissions_hash_generator->generate($account);
$this->assertIdentical($current_permissions_hash, $permissions_hash_generator->generate($this->loggedInUser)); $this->assertIdentical($current_permissions_hash, $permissions_hash_generator->generate($this->loggedInUser));
$this->assertNotEqual($previous_permissions_hash, $current_permissions_hash, 'Permissions hash has changed.'); $this->assertNotEqual($previous_permissions_hash, $current_permissions_hash, 'Permissions hash has changed.');
$previous_permissions_hash = $current_permissions_hash; $previous_permissions_hash = $current_permissions_hash;
// Remove a permission. // Remove a permission.
$this->assertTrue(user_access('access user profiles', $account), 'User has "access user profiles" permission.'); $this->assertTrue($account->hasPermission('access user profiles'), 'User has "access user profiles" permission.');
$edit = array(); $edit = array();
$edit[$rid . '[access user profiles]'] = FALSE; $edit[$rid . '[access user profiles]'] = FALSE;
$this->drupalPostForm('admin/people/permissions', $edit, t('Save permissions')); $this->drupalPostForm('admin/people/permissions', $edit, t('Save permissions'));
$this->assertText(t('The changes have been saved.'), 'Successful save message displayed.'); $this->assertText(t('The changes have been saved.'), 'Successful save message displayed.');
$storage_controller->resetCache(); $storage_controller->resetCache();
$this->assertFalse(user_access('access user profiles', $account), 'User no longer has "access user profiles" permission.'); $this->assertFalse($account->hasPermission('access user profiles'), 'User no longer has "access user profiles" permission.');
$current_permissions_hash = $permissions_hash_generator->generate($account); $current_permissions_hash = $permissions_hash_generator->generate($account);
$this->assertIdentical($current_permissions_hash, $permissions_hash_generator->generate($this->loggedInUser)); $this->assertIdentical($current_permissions_hash, $permissions_hash_generator->generate($this->loggedInUser));
$this->assertNotEqual($previous_permissions_hash, $current_permissions_hash, 'Permissions hash has changed.'); $this->assertNotEqual($previous_permissions_hash, $current_permissions_hash, 'Permissions hash has changed.');
...@@ -91,7 +91,7 @@ function testAdministratorRole() { ...@@ -91,7 +91,7 @@ function testAdministratorRole() {
// Aggregator depends on file module, enable that as well. // Aggregator depends on file module, enable that as well.
$edit['modules[Field types][file][enable]'] = TRUE; $edit['modules[Field types][file][enable]'] = TRUE;
$this->drupalPostForm('admin/modules', $edit, t('Save configuration')); $this->drupalPostForm('admin/modules', $edit, t('Save configuration'));
$this->assertTrue(user_access('administer news feeds', $this->admin_user), 'The permission was automatically assigned to the administrator role'); $this->assertTrue($this->admin_user->hasPermission('administer news feeds'), 'The permission was automatically assigned to the administrator role');
} }
/** /**
...@@ -105,9 +105,9 @@ function testUserRoleChangePermissions() { ...@@ -105,9 +105,9 @@ function testUserRoleChangePermissions() {
$previous_permissions_hash = $permissions_hash_generator->generate($account); $previous_permissions_hash = $permissions_hash_generator->generate($account);
// Verify current permissions. // Verify current permissions.
$this->assertFalse(user_access('administer nodes', $account), 'User does not have "administer nodes" permission.'); $this->assertFalse($account->hasPermission('administer nodes'), 'User does not have "administer nodes" permission.');
$this->assertTrue(user_access('access user profiles', $account), 'User has "access user profiles" permission.'); $this->assertTrue($account->hasPermission('access user profiles'), 'User has "access user profiles" permission.');
$this->assertTrue(user_access('administer site configuration', $account), 'User has "administer site configuration" permission.'); $this->assertTrue($account->hasPermission('administer site configuration'), 'User has "administer site configuration" permission.');
// Change permissions. // Change permissions.
$permissions = array( $permissions = array(
...@@ -117,9 +117,9 @@ function testUserRoleChangePermissions() { ...@@ -117,9 +117,9 @@ function testUserRoleChangePermissions() {
user_role_change_permissions($rid, $permissions); user_role_change_permissions($rid, $permissions);
// Verify proper permission changes. // Verify proper permission changes.
$this->assertTrue(user_access('administer nodes', $account), 'User now has "administer nodes" permission.'); $this->assertTrue($account->hasPermission('administer nodes'), 'User now has "administer nodes" permission.');
$this->assertFalse(user_access('access user profiles', $account), 'User no longer has "access user profiles" permission.'); $this->assertFalse($account->hasPermission('access user profiles'), 'User no longer has "access user profiles" permission.');
$this->assertTrue(user_access('administer site configuration', $account), 'User still has "administer site configuration" permission.'); $this->assertTrue($account->hasPermission('administer site configuration'), 'User still has "administer site configuration" permission.');
// Verify the permissions hash has changed. // Verify the permissions hash has changed.
$current_permissions_hash = $permissions_hash_generator->generate($account); $current_permissions_hash = $permissions_hash_generator->generate($account);
......
...@@ -28,14 +28,14 @@ protected function checkAccess(EntityInterface $entity, $operation, $langcode, A ...@@ -28,14 +28,14 @@ protected function checkAccess(EntityInterface $entity, $operation, $langcode, A
case 'update': case 'update':
// Users can always edit their own account. Users with the 'administer // Users can always edit their own account. Users with the 'administer
// users' permission can edit any account except the anonymous account. // users' permission can edit any account except the anonymous account.
return (($account->id() == $entity->id()) || user_access('administer users', $account)) && $entity->id() > 0; return (($account->id() == $entity->id()) || $account->hasPermission('administer users')) && $entity->id() > 0;
break; break;
case 'delete': case 'delete':
// Users with 'cancel account' permission can cancel their own account, // Users with 'cancel account' permission can cancel their own account,
// users with 'administer users' permission can cancel any account // users with 'administer users' permission can cancel any account
// except the anonymous account. // except the anonymous account.
return ((($account->id() == $entity->id()) && user_access('cancel account', $account)) || user_access('administer users', $account)) && $entity->id() > 0; return ((($account->id() == $entity->id()) && $account->hasPermission('cancel account')) || $account->hasPermission('administer users')) && $entity->id() > 0;
break; break;
} }
} }
...@@ -49,10 +49,10 @@ protected function viewAccess(EntityInterface $entity, $langcode, AccountInterfa ...@@ -49,10 +49,10 @@ protected function viewAccess(EntityInterface $entity, $langcode, AccountInterfa
// Never allow access to view the anonymous user account. // Never allow access to view the anonymous user account.
if ($entity->id()) { if ($entity->id()) {
// Admins can view all, users can view own profiles at all times. // Admins can view all, users can view own profiles at all times.
if ($account->id() == $entity->id() || user_access('administer users', $account)) { if ($account->id() == $entity->id() || $account->hasPermission('administer users')) {
return TRUE; return TRUE;
} }
elseif (user_access('access user profiles', $account)) { elseif ($account->hasPermission('access user profiles')) {
// Only allow view access if the account is active. // Only allow view access if the account is active.
return $entity->status->value; return $entity->status->value;
} }
......
...@@ -167,8 +167,9 @@ function hook_user_cancel($edit, $account, $method) { ...@@ -167,8 +167,9 @@ function hook_user_cancel($edit, $account, $method) {
* @see user_cancel_confirm_form() * @see user_cancel_confirm_form()
*/ */
function hook_user_cancel_methods_alter(&$methods) { function hook_user_cancel_methods_alter(&$methods) {
$account = \Drupal::currentUser();
// Limit access to disable account and unpublish content method. // Limit access to disable account and unpublish content method.
$methods['user_cancel_block_unpublish']['access'] = user_access('administer site configuration'); $methods['user_cancel_block_unpublish']['access'] = $account->hasPermission('administer site configuration');
// Remove the content re-assigning method. // Remove the content re-assigning method.
unset($methods['user_cancel_reassign']); unset($methods['user_cancel_reassign']);
...@@ -178,7 +179,7 @@ function hook_user_cancel_methods_alter(&$methods) { ...@@ -178,7 +179,7 @@ function hook_user_cancel_methods_alter(&$methods) {
'title' => t('Delete the account and remove all content.'), 'title' => t('Delete the account and remove all content.'),
'description' => t('All your content will be replaced by empty strings.'), 'description' => t('All your content will be replaced by empty strings.'),
// access should be used for administrative methods only. // access should be used for administrative methods only.
'access' => user_access('access zero-out account cancellation method'), 'access' => $account->hasPermission('access zero-out account cancellation method'),
); );
} }
......
...@@ -575,7 +575,7 @@ function user_format_name(AccountInterface $account) { ...@@ -575,7 +575,7 @@ function user_format_name(AccountInterface $account) {
* @see user_user_logout() * @see user_user_logout()
*/ */
function user_template_preprocess_default_variables_alter(&$variables) { function user_template_preprocess_default_variables_alter(&$variables) {
global $user; $user = \Drupal::currentUser();
// If this function is called from the installer after Drupal has been // If this function is called from the installer after Drupal has been
// installed then $user will not be set. // installed then $user will not be set.
...@@ -587,7 +587,7 @@ function user_template_preprocess_default_variables_alter(&$variables) { ...@@ -587,7 +587,7 @@ function user_template_preprocess_default_variables_alter(&$variables) {
// Remove password and session IDs, $form_state, since themes should not need nor see them. // Remove password and session IDs, $form_state, since themes should not need nor see them.
unset($variables['user']->pass, $variables['user']->sid, $variables['user']->ssid); unset($variables['user']->pass, $variables['user']->sid, $variables['user']->ssid);
$variables['is_admin'] = user_access('access administration pages'); $variables['is_admin'] = $user->hasPermission('access administration pages');
$variables['logged_in'] = $user->isAuthenticated(); $variables['logged_in'] = $user->isAuthenticated();
} }
...@@ -619,7 +619,7 @@ function template_preprocess_username(&$variables) { ...@@ -619,7 +619,7 @@ function template_preprocess_username(&$variables) {
$name = drupal_substr($name, 0, 15) . '...'; $name = drupal_substr($name, 0, 15) . '...';
} }
$variables['name'] = check_plain($name); $variables['name'] = check_plain($name);
$variables['profile_access'] = user_access('access user profiles'); $variables['profile_access'] = \Drupal::currentUser()->hasPermission('access user profiles');
// Populate link path and attributes if appropriate. // Populate link path and attributes if appropriate.
if ($variables['uid'] && $variables['profile_access']) { if ($variables['uid'] && $variables['profile_access']) {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment