Issue #1818570 by Berdir, effulgentsia, das-peter, andypost: Convert users to...

Issue #1818570 by Berdir, effulgentsia, das-peter, andypost: Convert users to the new Entity Field API.

core/includes/bootstrap.inc

@@ -22,6 +22,7 @@
 use Drupal\Core\Lock\DatabaseLockBackend;
 use Drupal\Core\Lock\LockBackendInterface;
 use Drupal\user\Plugin\Core\Entity\User;
+use Drupal\Core\Entity\EntityBCDecorator;
 
 /**
  * @file
@@ -1760,18 +1761,15 @@ function drupal_set_title($title = NULL, $output = CHECK_PLAIN) {
 /**
  * Generates a default anonymous $user object.
  *
- * @return Drupal\user\Plugin\Core\Entity\User
+ * @return object
  *   The user object.
  */
 function drupal_anonymous_user() {
-  $values = array(
+  return (object) array(
     'uid' => 0,
     'hostname' => Drupal::request()->getClientIP(),
-    'roles' => array(
-      DRUPAL_ANONYMOUS_RID => DRUPAL_ANONYMOUS_RID,
-    ),
+    'roles' => array(DRUPAL_ANONYMOUS_RID),
   );
-  return new User($values, 'user');
 }
 
 /**

core/includes/common.inc

@@ -5188,7 +5188,7 @@ function drupal_render_cid_parts($granularity = NULL) {
     // resource drag for sites with many users, so when a module is being
     // equivocal, we favor the less expensive 'PER_ROLE' pattern.
     if ($granularity & DRUPAL_CACHE_PER_ROLE) {
-      $cid_parts[] = 'r.' . implode(',', array_keys($user->roles));
+      $cid_parts[] = 'r.' . implode(',', $user->roles);
     }
     elseif ($granularity & DRUPAL_CACHE_PER_USER) {
       $cid_parts[] = "u.$user->uid";

core/includes/entity.api.php

@@ -548,7 +548,7 @@ function hook_entity_field_info_alter(&$info, $entity_type) {
  *   \Drupal\Core\TypedData\AccessibleInterface::access() for possible values.
  * @param \Drupal\Core\Entity\Field\Type\Field $field
  *   The entity field object on which the operation is to be performed.
- * @param \Drupal\user\Plugin\Core\Entity\User $account
+ * @param \Drupal\user\UserInterface $account
  *   The user account to check.
  *
  * @return bool|NULL

core/includes/session.inc

@@ -108,9 +108,8 @@ function _drupal_session_read($sid) {
   // active user.
   if ($user && $user->uid > 0 && $user->status == 1) {
     // Add roles element to $user.
-    $user->roles = array();
-    $user->roles[DRUPAL_AUTHENTICATED_RID] = DRUPAL_AUTHENTICATED_RID;
-    $user->roles += db_query("SELECT ur.rid FROM {users_roles} ur WHERE ur.uid = :uid", array(':uid' => $user->uid))->fetchAllKeyed(0, 0);
+    $rids = db_query("SELECT ur.rid FROM {users_roles} ur WHERE ur.uid = :uid", array(':uid' => $user->uid))->fetchCol();
+    $user->roles = array_merge(array(DRUPAL_AUTHENTICATED_RID), $rids);
   }
   elseif ($user) {
     // The user is anonymous or blocked. Only preserve two fields from the

core/lib/Drupal/Core/Entity/DatabaseStorageController.php

@@ -191,6 +191,8 @@ public function resetCache(array $ids = NULL) {
     }
     else {
       $this->entityCache = array();
+      $this->entityFieldInfo = NULL;
+      $this->fieldDefinitions = array();
     }
   }
 

core/lib/Drupal/Core/Entity/Entity.php

@@ -10,6 +10,7 @@
 use Drupal\Component\Uuid\Uuid;
 use Drupal\Core\Language\Language;
 use Drupal\Core\TypedData\TypedDataInterface;
+use Drupal\user\UserInterface;
 use IteratorAggregate;
 
 /**
@@ -257,7 +258,7 @@ public function getIterator() {
   /**
    * Implements \Drupal\Core\TypedData\AccessibleInterface::access().
    */
-  public function access($operation = 'view', \Drupal\user\Plugin\Core\Entity\User $account = NULL) {
+  public function access($operation = 'view', UserInterface $account = NULL) {
     return \Drupal::entityManager()
       ->getAccessController($this->entityType)
       ->access($this, $operation, Language::LANGCODE_DEFAULT, $account);

core/lib/Drupal/Core/Entity/EntityAccessController.php

@@ -8,7 +8,7 @@
 namespace Drupal\Core\Entity;
 
 use Drupal\Core\Language\Language;
-use Drupal\user\Plugin\Core\Entity\User;
+use Drupal\user\UserInterface;
 
 /**
  * Defines a default implementation for entity access controllers.
@@ -25,7 +25,7 @@ class EntityAccessController implements EntityAccessControllerInterface {
   /**
    * {@inheritdoc}
    */
-  public function access(EntityInterface $entity, $operation, $langcode = Language::LANGCODE_DEFAULT, User $account = NULL) {
+  public function access(EntityInterface $entity, $operation, $langcode = Language::LANGUAGE_DEFAULT, UserInterface $account = NULL) {
 
     // @todo Remove this once we can rely on $account.
     if (!$account) {
@@ -73,14 +73,14 @@ public function access(EntityInterface $entity, $operation, $langcode = Language
    *   'delete'.
    * @param string $langcode
    *   The language code for which to check access.
-   * @param \Drupal\user\Plugin\Core\Entity\User $account
+   * @param \Drupal\user\UserInterface $account
    *   The user for which to check access.
    *
    * @return bool|null
    *   TRUE if access was granted, FALSE if access was denied and NULL if access
    *   could not be determined.
    */
-  protected function checkAccess(EntityInterface $entity, $operation, $langcode, User $account) {
+  protected function checkAccess(EntityInterface $entity, $operation, $langcode, UserInterface $account) {
     return NULL;
   }
 
@@ -94,7 +94,7 @@ protected function checkAccess(EntityInterface $entity, $operation, $langcode, U
    *   'delete'.
    * @param string $langcode
    *   The language code for which to check access.
-   * @param \Drupal\user\Plugin\Core\Entity\User $account
+   * @param \Drupal\user\UserInterface $account
    *   The user for which to check access.
    *
    * @return bool|null
@@ -102,7 +102,7 @@ protected function checkAccess(EntityInterface $entity, $operation, $langcode, U
    *   is no record for the given user, operation, langcode and entity in the
    *   cache.
    */
-  protected function getCache(EntityInterface $entity, $operation, $langcode, User $account) {
+  protected function getCache(EntityInterface $entity, $operation, $langcode, UserInterface $account) {
     $uid = $account ? $account->id() : 0;
     $uuid = $entity->uuid();
 
@@ -122,13 +122,13 @@ protected function getCache(EntityInterface $entity, $operation, $langcode, User
    *   'delete'.
    * @param string $langcode
    *   The language code for which to check access.
-   * @param \Drupal\user\Plugin\Core\Entity\User $account
+   * @param \Drupal\user\UserInterface $account
    *   The user for which to check access.
    *
    * @return bool
    *   TRUE if access was granted, FALSE otherwise.
    */
-  protected function setCache($access, EntityInterface $entity, $operation, $langcode, User $account) {
+  protected function setCache($access, EntityInterface $entity, $operation, $langcode, UserInterface $account) {
     $uid = $account ? $account->id() : 0;
     $uuid = $entity->uuid();
 

core/lib/Drupal/Core/Entity/EntityAccessControllerInterface.php

@@ -9,7 +9,7 @@
 
 use Drupal\Core\Language\Language;
 // @todo Don't depend on module level code.
-use Drupal\user\Plugin\Core\Entity\User;
+use Drupal\user\UserInterface;
 
 /**
  * Defines a common interface for entity access controller classes.
@@ -27,14 +27,14 @@ interface EntityAccessControllerInterface {
    * @param string $langcode
    *   (optional) The language code for which to check access. Defaults to
    *   Language::LANGCODE_DEFAULT.
-   * @param \Drupal\user\Plugin\Core\Entity\User $account
+   * @param \Drupal\user\UserInterface $account
    *   (optional) The user for which to check access, or NULL to check access
    *   for the current user. Defaults to NULL.
    *
    * @return bool
    *   TRUE if access was granted, FALSE otherwise.
    */
-  public function access(EntityInterface $entity, $operation, $langcode = Language::LANGCODE_DEFAULT, User $account = NULL);
+  public function access(EntityInterface $entity, $operation, $langcode = Language::LANGUAGE_DEFAULT, UserInterface $account = NULL);
 
   /**
    * Clears all cached access checks.

core/lib/Drupal/Core/Entity/EntityBCDecorator.php

@@ -11,6 +11,7 @@
 use IteratorAggregate;
 use Drupal\Core\Entity\EntityInterface;
 use Drupal\Core\TypedData\TypedDataInterface;
+use Drupal\user\UserInterface;
 
 /**
  * Provides backwards compatible (BC) access to entity fields.
@@ -213,7 +214,7 @@ function __clone() {
   /**
    * Forwards the call to the decorated entity.
    */
-  public function access($operation = 'view', \Drupal\user\Plugin\Core\Entity\User $account = NULL) {
+  public function access($operation = 'view', UserInterface $account = NULL) {
     return $this->decorated->access($operation, $account);
   }
 

core/lib/Drupal/Core/Entity/Field/Type/EntityTranslation.php

@@ -10,6 +10,7 @@
 use Drupal\Core\TypedData\AccessibleInterface;
 use Drupal\Core\TypedData\ComplexDataInterface;
 use Drupal\Core\TypedData\TypedData;
+use Drupal\user\UserInterface;
 use ArrayIterator;
 use Drupal\Core\TypedData\TypedDataInterface;
 use IteratorAggregate;
@@ -210,7 +211,7 @@ public function onChange($property_name) {
   /**
    * Implements \Drupal\Core\TypedData\AccessibleInterface::access().
    */
-  public function access($operation = 'view', \Drupal\user\Plugin\Core\Entity\User $account = NULL) {
+  public function access($operation = 'view', UserInterface $account = NULL) {
     // Determine the language code of this translation by cutting of the
     // leading "@" from the property name to get the langcode.
     // @todo Add a way to set and get the langcode so that's more obvious what

core/lib/Drupal/Core/Entity/Field/Type/Field.php

@@ -8,7 +8,7 @@
 namespace Drupal\Core\Entity\Field\Type;
 
 use Drupal\Core\Entity\Field\FieldInterface;
-use Drupal\user\Plugin\Core\Entity\User;
+use Drupal\user\UserInterface;
 use Drupal\Core\TypedData\TypedDataInterface;
 use Drupal\Core\TypedData\ItemList;
 
@@ -145,7 +145,7 @@ public function __unset($property_name) {
   /**
    * Implements \Drupal\Core\TypedData\AccessibleInterface::access().
    */
-  public function access($operation = 'view', User $account = NULL) {
+  public function access($operation = 'view', UserInterface $account = NULL) {
     global $user;
     if (!isset($account) && $user->uid) {
       $account = user_load($user->uid);
@@ -190,7 +190,7 @@ public function access($operation = 'view', User $account = NULL) {
    * @return bool
    *   TRUE if access to this field is allowed per default, FALSE otherwise.
    */
-  public function defaultAccess($operation = 'view', User $account = NULL) {
+  public function defaultAccess($operation = 'view', UserInterface $account = NULL) {
     // Grant access per default.
     return TRUE;
   }

core/lib/Drupal/Core/TypedData/AccessibleInterface.php

@@ -7,6 +7,8 @@
 
 namespace Drupal\Core\TypedData;
 
+use Drupal\user\UserInterface;
+
 /**
  * Interface for checking access.
  */
@@ -22,7 +24,7 @@ interface AccessibleInterface {
    *   - update
    *   - delete
    *   Defaults to 'view'.
-   * @param \Drupal\user\Plugin\Core\Entity\User $account
+   * @param \Drupal\user\UserInterface $account
    *   (optional) The user for which to check access, or NULL to check access
    *   for the current user. Defaults to NULL.
    *
@@ -32,6 +34,6 @@ interface AccessibleInterface {
    *
    * @todo Don't depend on module level code.
    */
-  public function access($operation = 'view', \Drupal\user\Plugin\Core\Entity\User $account = NULL);
+  public function access($operation = 'view', UserInterface $account = NULL);
 
 }

core/modules/block/custom_block/lib/Drupal/custom_block/CustomBlockAccessController.php

@@ -8,7 +8,7 @@
 namespace Drupal\custom_block;
 
 use Drupal\Core\Entity\EntityInterface;
-use Drupal\user\Plugin\Core\Entity\User;
+use Drupal\user\UserInterface;
 use Drupal\Core\Entity\EntityAccessController;
 
 /**
@@ -19,7 +19,7 @@ class CustomBlockAccessController extends EntityAccessController {
   /**
    * {@inheritdoc}
    */
-  protected function checkAccess(EntityInterface $entity, $operation, $langcode, User $account) {
+  protected function checkAccess(EntityInterface $entity, $operation, $langcode, UserInterface $account) {
     if ($operation === 'view') {
       return TRUE;
     }

core/modules/block/lib/Drupal/block/BlockAccessController.php

@@ -9,7 +9,7 @@
 
 use Drupal\Core\Entity\EntityAccessController;
 use Drupal\Core\Entity\EntityInterface;
-use Drupal\user\Plugin\Core\Entity\User;
+use Drupal\user\UserInterface;
 
 /**
  * Provides a Block access controller.
@@ -19,7 +19,7 @@ class BlockAccessController extends EntityAccessController {
   /**
    * {@inheritdoc}
    */
-  protected function checkAccess(EntityInterface $entity, $operation, $langcode, User $account) {
+  protected function checkAccess(EntityInterface $entity, $operation, $langcode, UserInterface $account) {
     // Currently, only view access is implemented.
     if ($operation != 'view') {
       return FALSE;
@@ -43,7 +43,7 @@ protected function checkAccess(EntityInterface $entity, $operation, $langcode, U
     // For blocks with roles associated, if none of the user's roles matches
     // the settings from this block, access is denied.
     $visibility = $entity->get('visibility');
-    if (!empty($visibility['role']['roles']) && !array_intersect(array_filter($visibility['role']['roles']), array_keys($user->roles))) {
+    if (!empty($visibility['role']['roles']) && !array_intersect(array_filter($visibility['role']['roles']), $user->roles)) {
       // No match.
       return FALSE;
     }

core/modules/comment/comment.module

@@ -1552,7 +1552,7 @@ function comment_prepare_author(Comment $comment) {
   if (!$account) {
     $account = entity_create('user', array('uid' => 0, 'name' => $comment->name->value, 'homepage' => $comment->homepage->value));
   }
-  return $account;
+  return $account->getBCEntity();
 }
 
 /**

core/modules/comment/comment.tokens.inc

@@ -218,7 +218,7 @@ function comment_tokens($type, $tokens, array $data = array(), array $options =
     }
 
     if (($author_tokens = $token_service->findwithPrefix($tokens, 'author')) && $account = $comment->uid->entity) {
-      $replacements += $token_service->generate('user', $author_tokens, array('user' => $account), $options);
+      $replacements += $token_service->generate('user', $author_tokens, array('user' => $account->getBCEntity()), $options);
     }
   }
   elseif ($type == 'node' & !empty($data['node'])) {

core/modules/comment/lib/Drupal/comment/CommentAccessController.php

@@ -9,7 +9,7 @@
 
 use Drupal\Core\Entity\EntityAccessController;
 use Drupal\Core\Entity\EntityInterface;
-use Drupal\user\Plugin\Core\Entity\User;
+use Drupal\user\UserInterface;
 
 /**
  * Access controller for the comment entity.
@@ -21,7 +21,7 @@ class CommentAccessController extends EntityAccessController {
   /**
    * {@inheritdoc}
    */
-  protected function checkAccess(EntityInterface $entity, $operation, $langcode, User $account) {
+  protected function checkAccess(EntityInterface $entity, $operation, $langcode, UserInterface $account) {
     switch ($operation) {
       case 'view':
         return user_access('access comments', $account);

core/modules/comment/lib/Drupal/comment/Tests/CommentLinksTest.php

@@ -52,7 +52,8 @@ function testCommentLinks() {
 
     // Remove additional user permissions from $this->web_user added by setUp(),
     // since this test is limited to anonymous and authenticated roles only.
-    entity_delete_multiple('user_role', array(key($this->web_user->roles)));
+    $roles = $this->web_user->roles;
+    entity_delete_multiple('user_role', array(reset($roles)));
 
     // Matrix of possible environmental conditions and configuration settings.
     // See setEnvironment() for details.

core/modules/contact/lib/Drupal/contact/CategoryAccessController.php

@@ -9,7 +9,7 @@
 
 use Drupal\Core\Entity\EntityAccessController;
 use Drupal\Core\Entity\EntityInterface;
-use Drupal\user\Plugin\Core\Entity\User;
+use Drupal\user\UserInterface;
 
 /**
  * Defines an access controller for the contact category entity.
@@ -21,7 +21,7 @@ class CategoryAccessController extends EntityAccessController {
   /**
    * {@inheritdoc}
    */
-  public function checkAccess(EntityInterface $entity, $operation, $langcode, User $account) {
+  public function checkAccess(EntityInterface $entity, $operation, $langcode, UserInterface $account) {
     if ($operation == 'delete' || $operation == 'update') {
       // Do not allow delete 'personal' category used for personal contact form.
       return user_access('administer contact forms', $account) && $entity->id() !== 'personal';

core/modules/contact/lib/Drupal/contact/MessageFormController.php

@@ -9,7 +9,7 @@
 
 use Drupal\Core\Entity\EntityFormController;
 use Drupal\Core\Language\Language;
-use Drupal\user\Plugin\Core\Entity\User;
+use Drupal\user\UserInterface;
 
 /**
  * Form controller for contact message forms.
@@ -167,7 +167,7 @@ public function save(array $form, array &$form_state) {
       $to = implode(', ', $category->recipients);
       $recipient_langcode = language_default()->langcode;
     }
-    elseif ($message->recipient instanceof User) {
+    elseif ($message->recipient instanceof UserInterface) {
       // Send to the user in the user's preferred language.
       $to = $message->recipient->mail;
       $recipient_langcode = user_preferred_langcode($message->recipient);
@@ -211,7 +211,7 @@ public function save(array $form, array &$form_state) {
 
     // To avoid false error messages caused by flood control, redirect away from
     // the contact form; either to the contacted user account or the front page.
-    if ($message->recipient instanceof User && user_access('access user profiles')) {
+    if ($message->recipient instanceof UserInterface && user_access('access user profiles')) {
       $uri = $message->recipient->uri();
       $form_state['redirect'] = array($uri['path'], $uri['options']);
     }

core/modules/file/file.field.inc

@@ -249,7 +249,7 @@ function file_field_update(EntityInterface $entity, $field, $instance, $langcode
   }
 
   // Compare the original field values with the ones that are being saved.
-  $original = $entity->original;
+  $original = $entity->original->getBCEntity();
   $original_fids = array();
   if (!empty($original->{$field['field_name']}[$langcode])) {
     foreach ($original->{$field['field_name']}[$langcode] as $original_item) {

core/modules/file/lib/Drupal/file/Tests/FileFieldWidgetTest.php

@@ -241,7 +241,7 @@ function testPrivateFileComment() {
     $user = $this->drupalCreateUser(array('access comments'));
 
     // Grant the admin user required comment permissions.
-    user_role_grant_permissions(key($this->admin_user->roles), array('administer comment fields'));
+    user_role_grant_permissions($this->admin_user->roles[1], array('administer comment fields'));
 
     // Revoke access comments permission from anon user, grant post to
     // authenticated.

core/modules/filter/lib/Drupal/filter/Tests/FilterFormatAccessTest.php

@@ -177,9 +177,7 @@ function testFormatPermissions() {
    */
   function testFormatRoles() {
     // Get the role ID assigned to the regular user.
-    $roles = $this->web_user->roles;
-    unset($roles[DRUPAL_AUTHENTICATED_RID]);
-    $rid = key($roles);
+    $rid = $this->web_user->roles[0];
 
     // Check that this role appears in the list of roles that have access to an
     // allowed text format, but does not appear in the list of roles that have

core/modules/locale/lib/Drupal/locale/LocaleLookup.php

@@ -46,7 +46,7 @@ public function __construct($langcode, $context, $stringStorage) {
     // Add the current user's role IDs to the cache key, this ensures that, for
     // example, strings for admin menu items and settings forms are not cached
     // for anonymous users.
-    $rids = implode(':', array_keys($GLOBALS['user']->roles));
+    $rids = implode(':', $GLOBALS['user']->roles);
     parent::__construct("locale:$langcode:$context:$rids", 'cache', array('locale' => TRUE));
   }
 

core/modules/locale/lib/Drupal/locale/Tests/LocaleUninstallTest.php

@@ -62,6 +62,12 @@ function testUninstallProcess() {
     $language_manager->init();
     // Check the UI language.
 
+    // @todo: If the global user is an EntityBCDecorator, getting the roles
+    // from it within LocaleLookup results in a loop that invokes LocaleLookup
+    // again.
+    global $user;
+    $user = drupal_anonymous_user();
+
     $this->assertEqual(language(Language::TYPE_INTERFACE)->langcode, $this->langcode, t('Current language: %lang', array('%lang' => language(Language::TYPE_INTERFACE)->langcode)));
 
     // Enable multilingual workflow option for articles.

core/modules/node/lib/Drupal/node/NodeAccessController.php

@@ -8,7 +8,7 @@
 namespace Drupal\node;
 
 use Drupal\Core\Language\Language;
-use Drupal\user\Plugin\Core\Entity\User;
+use Drupal\user\UserInterface;
 use Drupal\Core\Entity\EntityAccessController;
 use Drupal\Core\Entity\EntityInterface;
 use Drupal\Core\Entity\EntityNG;
@@ -21,7 +21,7 @@ class NodeAccessController extends EntityAccessController {
   /**
    * {@inheritdoc}
    */
-  public function access(EntityInterface $entity, $operation, $langcode = Language::LANGCODE_DEFAULT, User $account = NULL) {
+  public function access(EntityInterface $entity, $operation, $langcode = Language::LANGUAGE_DEFAULT, UserInterface $account = NULL) {
     if (user_access('bypass node access', $account)) {
       return TRUE;
     }
@@ -34,7 +34,7 @@ public function access(EntityInterface $entity, $operation, $langcode = Language
   /**
    * {@inheritdoc}
    */
-  protected function checkAccess(EntityInterface $node, $operation, $langcode, User $account) {
+  protected function checkAccess(EntityInterface $node, $operation, $langcode, UserInterface $account) {
     // Fetch information from the node object if possible.
     $status = isset($node->status) ? $node->status : NULL;
     $uid = isset($node->uid) ? $node->uid : NULL;
@@ -75,7 +75,7 @@ protected function checkAccess(EntityInterface $node, $operation, $langcode, Use
    *   'delete'.
    * @param string $langcode
    *   The language code for which to check access.
-   * @param \Drupal\user\Plugin\Core\Entity\User $account
+   * @param \Drupal\user\UserInterface $account
    *   The user for which to check access.
    *
    * @return bool|null
@@ -83,7 +83,7 @@ protected function checkAccess(EntityInterface $node, $operation, $langcode, Use
    *   module implements hook_node_grants(), the node does not (yet) have an id
    *   or none of the implementing modules explicitly granted or denied access.
    */
-  protected function accessGrants(EntityInterface $node, $operation, $langcode, User $account) {
+  protected function accessGrants(EntityInterface $node, $operation, $langcode, UserInterface $account) {
     // If no module implements the hook or the node does not have an id there is
     // no point in querying the database for access grants.
     if (!module_implements('node_grants') || !$node->id()) {
@@ -111,7 +111,7 @@ protected function accessGrants(EntityInterface $node, $operation, $langcode, Us
     $query->range(0, 1);
 
     $grants = db_or();
-    foreach (node_access_grants($operation, $account) as $realm => $gids) {
+    foreach (node_access_grants($operation, $account instanceof User ? $account->getBCEntity() : $account) as $realm => $gids) {
       foreach ($gids as $gid) {
         $grants->condition(db_and()
           ->condition('gid', $gid)

core/modules/node/lib/Drupal/node/Tests/NodeTestBase.php

@@ -41,7 +41,7 @@ function setUp() {
    *   operation should be granted.
    * @param \Drupal\node\Plugin\Core\Entity\Node $node
    *   The node object to check.
-   * @param \Drupal\user\Plugin\Core\Entity\User $account
+   * @param \Drupal\user\UserInterface $account
    *   The user account for which to check access.
    * @param string|null $langcode
    *   (optional) The language code indicating which translation of the node

core/modules/node/node.api.php

@@ -393,8 +393,8 @@ function hook_node_grants_alter(&$grants, $account, $op) {
 
   if ($op != 'view' && !empty($restricted)) {
     // Now check the roles for this account against the restrictions.
-    foreach ($restricted as $role_id) {
-      if (isset($account->roles[$role_id])) {
+    foreach ($account->roles as $rid) {
+      if (in_array($rid, $restricted)) {
         $grants = array();
       }
     }

core/modules/node/node.module

@@ -20,7 +20,7 @@
 use Drupal\Core\Template\Attribute;
 use Drupal\entity\Plugin\Core\Entity\EntityDisplay;
 use Drupal\file\Plugin\Core\Entity\File;
-use Drupal\user\Plugin\Core\Entity\User;
+use Drupal\user\UserInterface;
 
 /**
  * Denotes that the node is not published.
@@ -2490,7 +2490,7 @@ function node_access($op, $node, $account = NULL, $langcode = NULL) {
 
   // Make sure that if an account is passed, that it is a fully loaded user
   // object.
-  if ($account && !($account instanceof User)) {
+  if ($account && !($account instanceof UserInterface)) {
     $account = user_load($account->uid);
   }
 

core/modules/overlay/overlay.module

@@ -8,7 +8,7 @@
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
 use Drupal\block\Plugin\Core\Entity\Block;
-use Drupal\user\Plugin\Core\Entity\User;
+use Drupal\user\UserInterface;
 
 /**
  * Implements hook_help().
@@ -402,7 +402,7 @@ function theme_overlay_disable_message($variables) {
 /**
  * Implements hook_block_access().
  */
-function overlay_block_access(Block $block, $operation, User $account,