Issue #2095125 by Xano: Use access constants in every access control context.

core/lib/Drupal/Core/Access/AccessInterface.php

@@ -11,23 +11,21 @@
 use Symfony\Component\Routing\Route;
 
 /**
- * An access check service determines access rules for particular routes.
+ * Provides access check results.
  */
 interface AccessInterface {
 
   /**
    * Grant access.
    *
-   * A checker should return this value to indicate that it grants access to a
-   * route.
+   * A checker should return this value to indicate that it grants access.
    */
   const ALLOW = TRUE;
 
   /**
    * Deny access.
    *
-   * A checker should return this value to indicate it does not grant access to
-   * a route.
+   * A checker should return this value to indicate it does not grant access.
    */
   const DENY = NULL;
 
@@ -35,24 +33,9 @@ interface AccessInterface {
    * Block access.
    *
    * A checker should return this value to indicate that it wants to completely
-   * block access to this route, regardless of any other access checkers. Most
-   * checkers should prefer DENY.
+   * block access, regardless of any other access checkers. Most checkers
+   * should prefer DENY.
    */
   const KILL = FALSE;
 
-  /**
-   * Checks for access to a route.
-   *
-   * @param \Symfony\Component\Routing\Route $route
-   *   The route to check against.
-   * @param \Symfony\Component\HttpFoundation\Request $request
-   *   The request object.
-   *
-   * @return mixed
-   *   TRUE if access is allowed.
-   *   FALSE if not.
-   *   NULL if no opinion.
-   */
-  public function access(Route $route, Request $request);
-
 }

core/lib/Drupal/Core/TypedData/AccessibleInterface.php → core/lib/Drupal/Core/Access/AccessibleInterface.php

@@ -2,38 +2,30 @@
 
 /**
  * @file
- * Contains \Drupal\Core\TypedData\AccessibleInterface.
+ * Contains \Drupal\Core\Access\AccessibleInterface.
  */
 
-namespace Drupal\Core\TypedData;
+namespace Drupal\Core\Access;
 
 use Drupal\Core\Session\AccountInterface;
 
 /**
  * Interface for checking access.
  */
-interface AccessibleInterface {
+interface AccessibleInterface extends AccessInterface {
 
   /**
    * Checks data value access.
    *
    * @param string $operation
-   *   (optional) The operation to be performed. Supported values are:
-   *   - view
-   *   - create
-   *   - update
-   *   - delete
-   *   Defaults to 'view'.
+   *   The operation to be performed.
    * @param \Drupal\Core\Session\AccountInterface $account
    *   (optional) The user for which to check access, or NULL to check access
    *   for the current user. Defaults to NULL.
    *
-   * @return bool
-   *   TRUE if the given user has access for the given operation, FALSE
-   *   otherwise.
-   *
-   * @todo Don't depend on module level code.
+   * @return bool|null
+   *   self::ALLOW, self::DENY, or self::KILL.
    */
-  public function access($operation = 'view', AccountInterface $account = NULL);
+  public function access($operation, AccountInterface $account = NULL);
 
 }

core/lib/Drupal/Core/Entity/EntityInterface.php

@@ -7,7 +7,7 @@
 
 namespace Drupal\Core\Entity;
 
-use Drupal\Core\TypedData\AccessibleInterface;
+use Drupal\Core\Access\AccessibleInterface;
 
 /**
  * Defines a common interface for all entity objects.

core/lib/Drupal/Core/Entity/Field/FieldItemListInterface.php

@@ -8,7 +8,7 @@
 namespace Drupal\Core\Entity\Field;
 
 use Drupal\Core\Session\AccountInterface;
-use Drupal\Core\TypedData\AccessibleInterface;
+use Drupal\Core\Access\AccessibleInterface;
 use Drupal\Core\TypedData\ListInterface;
 
 /**

core/lib/Drupal/Core/Routing/Access/AccessInterface.php

+<?php
+
+/**
+ * @file
+ * Contains \Drupal\Core\Routing\Access\AccessInterface.
+ */
+
+namespace Drupal\Core\Routing\Access;
+
+use Drupal\Core\Access\AccessInterface as GenericAccessInterface;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\Routing\Route;
+
+/**
+ * An access check service determines access rules for particular routes.
+ */
+interface AccessInterface extends GenericAccessInterface {
+
+  /**
+   * Checks for access to a route.
+   *
+   * @param \Symfony\Component\Routing\Route $route
+   *   The route to check against.
+   * @param \Symfony\Component\HttpFoundation\Request $request
+   *   The request object.
+   *
+   * @return bool|null
+   *   self::ALLOW, self::DENY, or self::KILL.
+   */
+  public function access(Route $route, Request $request);
+
+}

core/lib/Drupal/Core/TypedData/Annotation/DataType.php

@@ -20,7 +20,7 @@
  * or more data properties. Typed data objects for complex data types have to
  * implement the \Drupal\Core\TypedData\ComplexDataInterface. Further interface
  * that may be implemented are:
- *  - \Drupal\Core\TypedData\AccessibleInterface
+ *  - \Drupal\Core\Access\AccessibleInterface
  *  - \Drupal\Core\TypedData\TranslatableInterface
  *
  * Furthermore, lists of data items are represented by objects implementing the

core/modules/node/lib/Drupal/node/Plugin/Search/NodeSearch.php

@@ -18,7 +18,7 @@
 use Drupal\Core\Language\Language;
 use Drupal\Core\Plugin\PluginFormInterface;
 use Drupal\Core\Session\AccountInterface;
-use Drupal\Core\TypedData\AccessibleInterface;
+use Drupal\Core\Access\AccessibleInterface;
 use Drupal\Core\Database\Query\Condition;
 use Drupal\search\Annotation\SearchPlugin;
 use Drupal\search\Plugin\SearchPluginBase;

core/modules/search/lib/Drupal/search/SearchPluginManager.php

@@ -114,7 +114,7 @@ public function pluginAccess($plugin_id, AccountInterface $account) {
       return FALSE;
     }
     // Plugins that implement AccessibleInterface can deny access.
-    if (is_subclass_of($definition['class'], '\Drupal\Core\TypedData\AccessibleInterface')) {
+    if (is_subclass_of($definition['class'], '\Drupal\Core\Access\AccessibleInterface')) {
       return $this->createInstance($plugin_id)->access('view', $account);
     }
     return TRUE;

core/modules/system/entity.api.php

@@ -710,7 +710,7 @@ function hook_entity_operation_alter(array &$operations, \Drupal\Core\Entity\Ent
  *
  * @param string $operation
  *   The operation to be performed. See
- *   \Drupal\Core\TypedData\AccessibleInterface::access() for possible values.
+ *   \Drupal\Core\Access\AccessibleInterface::access() for possible values.
  * @param \Drupal\Core\Entity\Field\FieldDefinitionInterface $field_definition
  *   The field definition.
  * @param \Drupal\Core\Session\AccountInterface $account

core/modules/system/lib/Drupal/system/Tests/Entity/EntityAccessTest.php

@@ -9,7 +9,7 @@
 
 use Drupal\Core\Language\Language;
 use Drupal\Core\Session\AccountInterface;
-use Drupal\Core\TypedData\AccessibleInterface;
+use Drupal\Core\Access\AccessibleInterface;
 use Drupal\Core\Entity\EntityAccessController;
 
 /**

core/modules/user/lib/Drupal/user/Plugin/Search/UserSearch.php

@@ -12,7 +12,7 @@
 use Drupal\Core\Entity\EntityManager;
 use Drupal\Core\Extension\ModuleHandlerInterface;
 use Drupal\Core\Session\AccountInterface;
-use Drupal\Core\TypedData\AccessibleInterface;
+use Drupal\Core\Access\AccessibleInterface;
 use Drupal\search\Annotation\SearchPlugin;
 use Drupal\search\Plugin\SearchPluginBase;
 use Symfony\Component\DependencyInjection\ContainerInterface;

core/modules/views_ui/lib/Drupal/views_ui/ViewUI.php

@@ -892,7 +892,7 @@ public function language() {
   }
 
   /**
-   * Implements \Drupal\Core\TypedData\AccessibleInterface::access().
+   * {@inheritdoc}
    */
   public function access($operation = 'view', AccountInterface $account = NULL) {
     return $this->storage->access($operation, $account);

core/tests/Drupal/Tests/Core/Access/AccessManagerTest.php

@@ -8,7 +8,7 @@
 namespace Drupal\Tests\Core\Access;
 
 use Drupal\Core\Access\AccessCheckInterface;
-use Drupal\Core\Access\AccessInterface;
+use Drupal\Core\Routing\Access\AccessInterface;
 use Drupal\Core\Access\AccessManager;
 use Drupal\Core\Access\DefaultAccessCheck;
 use Drupal\system\Tests\Routing\MockRouteProvider;