Commit 5085cb35 authored by alexpott's avatar alexpott

Issue #2095125 by Xano: Use access constants in every access control context.

parent 5ba91c71
......@@ -11,23 +11,21 @@
use Symfony\Component\Routing\Route;
/**
* An access check service determines access rules for particular routes.
* Provides access check results.
*/
interface AccessInterface {
/**
* Grant access.
*
* A checker should return this value to indicate that it grants access to a
* route.
* A checker should return this value to indicate that it grants access.
*/
const ALLOW = TRUE;
/**
* Deny access.
*
* A checker should return this value to indicate it does not grant access to
* a route.
* A checker should return this value to indicate it does not grant access.
*/
const DENY = NULL;
......@@ -35,24 +33,9 @@ interface AccessInterface {
* Block access.
*
* A checker should return this value to indicate that it wants to completely
* block access to this route, regardless of any other access checkers. Most
* checkers should prefer DENY.
* block access, regardless of any other access checkers. Most checkers
* should prefer DENY.
*/
const KILL = FALSE;
/**
* Checks for access to a route.
*
* @param \Symfony\Component\Routing\Route $route
* The route to check against.
* @param \Symfony\Component\HttpFoundation\Request $request
* The request object.
*
* @return mixed
* TRUE if access is allowed.
* FALSE if not.
* NULL if no opinion.
*/
public function access(Route $route, Request $request);
}
......@@ -2,38 +2,30 @@
/**
* @file
* Contains \Drupal\Core\TypedData\AccessibleInterface.
* Contains \Drupal\Core\Access\AccessibleInterface.
*/
namespace Drupal\Core\TypedData;
namespace Drupal\Core\Access;
use Drupal\Core\Session\AccountInterface;
/**
* Interface for checking access.
*/
interface AccessibleInterface {
interface AccessibleInterface extends AccessInterface {
/**
* Checks data value access.
*
* @param string $operation
* (optional) The operation to be performed. Supported values are:
* - view
* - create
* - update
* - delete
* Defaults to 'view'.
* The operation to be performed.
* @param \Drupal\Core\Session\AccountInterface $account
* (optional) The user for which to check access, or NULL to check access
* for the current user. Defaults to NULL.
*
* @return bool
* TRUE if the given user has access for the given operation, FALSE
* otherwise.
*
* @todo Don't depend on module level code.
* @return bool|null
* self::ALLOW, self::DENY, or self::KILL.
*/
public function access($operation = 'view', AccountInterface $account = NULL);
public function access($operation, AccountInterface $account = NULL);
}
......@@ -7,7 +7,7 @@
namespace Drupal\Core\Entity;
use Drupal\Core\TypedData\AccessibleInterface;
use Drupal\Core\Access\AccessibleInterface;
/**
* Defines a common interface for all entity objects.
......
......@@ -8,7 +8,7 @@
namespace Drupal\Core\Entity\Field;
use Drupal\Core\Session\AccountInterface;
use Drupal\Core\TypedData\AccessibleInterface;
use Drupal\Core\Access\AccessibleInterface;
use Drupal\Core\TypedData\ListInterface;
/**
......
<?php
/**
* @file
* Contains \Drupal\Core\Routing\Access\AccessInterface.
*/
namespace Drupal\Core\Routing\Access;
use Drupal\Core\Access\AccessInterface as GenericAccessInterface;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Routing\Route;
/**
* An access check service determines access rules for particular routes.
*/
interface AccessInterface extends GenericAccessInterface {
/**
* Checks for access to a route.
*
* @param \Symfony\Component\Routing\Route $route
* The route to check against.
* @param \Symfony\Component\HttpFoundation\Request $request
* The request object.
*
* @return bool|null
* self::ALLOW, self::DENY, or self::KILL.
*/
public function access(Route $route, Request $request);
}
......@@ -20,7 +20,7 @@
* or more data properties. Typed data objects for complex data types have to
* implement the \Drupal\Core\TypedData\ComplexDataInterface. Further interface
* that may be implemented are:
* - \Drupal\Core\TypedData\AccessibleInterface
* - \Drupal\Core\Access\AccessibleInterface
* - \Drupal\Core\TypedData\TranslatableInterface
*
* Furthermore, lists of data items are represented by objects implementing the
......
......@@ -18,7 +18,7 @@
use Drupal\Core\Language\Language;
use Drupal\Core\Plugin\PluginFormInterface;
use Drupal\Core\Session\AccountInterface;
use Drupal\Core\TypedData\AccessibleInterface;
use Drupal\Core\Access\AccessibleInterface;
use Drupal\Core\Database\Query\Condition;
use Drupal\search\Annotation\SearchPlugin;
use Drupal\search\Plugin\SearchPluginBase;
......
......@@ -114,7 +114,7 @@ public function pluginAccess($plugin_id, AccountInterface $account) {
return FALSE;
}
// Plugins that implement AccessibleInterface can deny access.
if (is_subclass_of($definition['class'], '\Drupal\Core\TypedData\AccessibleInterface')) {
if (is_subclass_of($definition['class'], '\Drupal\Core\Access\AccessibleInterface')) {
return $this->createInstance($plugin_id)->access('view', $account);
}
return TRUE;
......
......@@ -710,7 +710,7 @@ function hook_entity_operation_alter(array &$operations, \Drupal\Core\Entity\Ent
*
* @param string $operation
* The operation to be performed. See
* \Drupal\Core\TypedData\AccessibleInterface::access() for possible values.
* \Drupal\Core\Access\AccessibleInterface::access() for possible values.
* @param \Drupal\Core\Entity\Field\FieldDefinitionInterface $field_definition
* The field definition.
* @param \Drupal\Core\Session\AccountInterface $account
......
......@@ -9,7 +9,7 @@
use Drupal\Core\Language\Language;
use Drupal\Core\Session\AccountInterface;
use Drupal\Core\TypedData\AccessibleInterface;
use Drupal\Core\Access\AccessibleInterface;
use Drupal\Core\Entity\EntityAccessController;
/**
......
......@@ -12,7 +12,7 @@
use Drupal\Core\Entity\EntityManager;
use Drupal\Core\Extension\ModuleHandlerInterface;
use Drupal\Core\Session\AccountInterface;
use Drupal\Core\TypedData\AccessibleInterface;
use Drupal\Core\Access\AccessibleInterface;
use Drupal\search\Annotation\SearchPlugin;
use Drupal\search\Plugin\SearchPluginBase;
use Symfony\Component\DependencyInjection\ContainerInterface;
......
......@@ -892,7 +892,7 @@ public function language() {
}
/**
* Implements \Drupal\Core\TypedData\AccessibleInterface::access().
* {@inheritdoc}
*/
public function access($operation = 'view', AccountInterface $account = NULL) {
return $this->storage->access($operation, $account);
......
......@@ -8,7 +8,7 @@
namespace Drupal\Tests\Core\Access;
use Drupal\Core\Access\AccessCheckInterface;
use Drupal\Core\Access\AccessInterface;
use Drupal\Core\Routing\Access\AccessInterface;
use Drupal\Core\Access\AccessManager;
use Drupal\Core\Access\DefaultAccessCheck;
use Drupal\system\Tests\Routing\MockRouteProvider;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment