Issue #2063405 by dawehner, Wim Leers, Crell: Update all access checkers to...

Issue #2063405 by dawehner, Wim Leers, Crell: Update all access checkers to use static::ALLOW/static::DENY/static::KILL.

core/lib/Drupal/Core/Entity/EntityAccessCheck.php

@@ -45,12 +45,12 @@ public function access(Route $route, Request $request) {
     if ($request->attributes->has($entity_type)) {
       $entity = $request->attributes->get($entity_type);
       if ($entity instanceof EntityInterface) {
-        return $entity->access($operation);
+        return $entity->access($operation) ? static::ALLOW : static::DENY;
       }
     }
     // No opinion, so other access checks should decide if access should be
     // allowed or not.
-    return NULL;
+    return static::DENY;
   }
 
 }

core/lib/Drupal/Core/Entity/EntityCreateAccessCheck.php

@@ -52,7 +52,7 @@ public function appliesTo() {
    */
   public function access(Route $route, Request $request) {
     list($entity_type, $bundle) = explode(':', $route->getRequirement($this->requirementsKey) . ':');
-    return $this->entityManager->getAccessController($entity_type)->createAccess($bundle);
+    return $this->entityManager->getAccessController($entity_type)->createAccess($bundle) ? static::ALLOW : static::DENY;
   }
 
 }

core/modules/aggregator/lib/Drupal/aggregator/Access/CategoriesAccessCheck.php

@@ -47,7 +47,7 @@ public function appliesTo() {
   public function access(Route $route, Request $request) {
     // @todo Replace user_access() with a correctly injected and session-using
     // alternative.
-    return user_access('access news feeds') && (bool) $this->database->queryRange('SELECT 1 FROM {aggregator_category}', 0, 1)->fetchField();
+    return user_access('access news feeds') && (bool) $this->database->queryRange('SELECT 1 FROM {aggregator_category}', 0, 1)->fetchField() ? static::ALLOW : static::DENY;
   }
 
 }

core/modules/block/lib/Drupal/block/Access/BlockThemeAccessCheck.php

@@ -28,7 +28,7 @@ public function appliesTo() {
    */
   public function access(Route $route, Request $request) {
     $theme = $request->attributes->get('theme');
-    return user_access('administer blocks') && drupal_theme_access($theme);
+    return (user_access('administer blocks') && drupal_theme_access($theme)) ? static::ALLOW : static::DENY;
   }
 
 }

core/modules/field_ui/lib/Drupal/field_ui/Access/FormModeAccessCheck.php

@@ -35,7 +35,7 @@ public function access(Route $route, Request $request) {
       $visibility = ($form_mode == 'default') || !empty($form_mode_settings[$form_mode]['status']);
       if ($visibility) {
         $permission = $route->getRequirement('_field_ui_form_mode_access');
-        return user_access($permission);
+        return user_access($permission) ? static::ALLOW : static::DENY;
       }
     }
   }

core/modules/field_ui/lib/Drupal/field_ui/Access/ViewModeAccessCheck.php

@@ -35,7 +35,7 @@ public function access(Route $route, Request $request) {
       $visibility = ($view_mode == 'default') || !empty($view_mode_settings[$view_mode]['status']);
       if ($visibility) {
         $permission = $route->getRequirement('_field_ui_view_mode_access');
-        return user_access($permission);
+        return user_access($permission) ? static::ALLOW : static::DENY;
       }
     }
   }

core/modules/filter/lib/Drupal/filter/Access/FilterAccessCheck.php

@@ -31,13 +31,13 @@ public function access(Route $route, Request $request) {
       // Handle special cases up front. All users have access to the fallback
       // format.
       if ($format->format == filter_fallback_format()) {
-        return TRUE;
+        return static::ALLOW;
       }
 
       // Check the permission if one exists; otherwise, we have a non-existent
       // format so we return FALSE.
       $permission = filter_permission_name($format);
-      return !empty($permission) && user_access($permission);
+      return !empty($permission) && user_access($permission) ? static::ALLOW : static::DENY;
     }
   }
 }

core/modules/filter/lib/Drupal/filter/Access/FormatDisableCheck.php

@@ -28,10 +28,10 @@ public function appliesTo() {
    */
   public function access(Route $route, Request $request) {
     if ($format = $request->attributes->get('filter_format')) {
-      return user_access('administer filters') && ($format->format != filter_fallback_format());
+      return (user_access('administer filters') && ($format->format != filter_fallback_format())) ? static::ALLOW : static::DENY;
     }
 
-    return FALSE;
+    return static::DENY;
   }
 
 }

core/modules/rest/lib/Drupal/rest/Access/CSRFAccessCheck.php

@@ -55,12 +55,10 @@ public function access(Route $route, Request $request) {
     ) {
       $csrf_token = $request->headers->get('X-CSRF-Token');
       if (!drupal_valid_token($csrf_token, 'rest')) {
-        return FALSE;
+        return static::KILL;
       }
     }
-    // As we do not perform any authorization here we always return NULL to
-    // indicate that other access checkers should decide if the request is
-    // legit.
-    return NULL;
+    // Let other access checkers decide if the request is legit.
+    return static::ALLOW;
   }
 }

core/modules/shortcut/lib/Drupal/shortcut/Access/LinkDeleteAccessCheck.php

@@ -30,7 +30,7 @@ public function access(Route $route, Request $request) {
     $menu_link = $request->attributes->get('menu_link');
     $set_name = str_replace('shortcut-', '', $menu_link['menu_name']);
     if ($shortcut_set = shortcut_set_load($set_name)) {
-      return shortcut_set_edit_access($shortcut_set);
+      return shortcut_set_edit_access($shortcut_set) ? static::ALLOW : static::DENY;
     }
   }
 

core/modules/system/lib/Drupal/system/Access/CronAccessCheck.php

@@ -30,12 +30,12 @@ public function access(Route $route, Request $request) {
     $key = $request->attributes->get('key');
     if ($key != \Drupal::state()->get('system.cron_key')) {
       watchdog('cron', 'Cron could not run because an invalid key was used.', array(), WATCHDOG_NOTICE);
-      return FALSE;
+      return static::KILL;
     }
     elseif (\Drupal::config('system.maintenance')->get('enabled')) {
       watchdog('cron', 'Cron could not run because the site is in maintenance mode.', array(), WATCHDOG_NOTICE);
-      return FALSE;
+      return static::KILL;
     }
-    return TRUE;
+    return static::ALLOW;
   }
 }

core/modules/system/tests/modules/router_test/lib/Drupal/router_test/Access/TestAccessCheck.php

@@ -29,6 +29,6 @@ public function applies(Route $route) {
   public function access(Route $route, Request $request) {
     // No opinion, so other access checks should decide if access should be
     // allowed or not.
-    return NULL;
+    return static::DENY;
   }
 }

core/modules/taxonomy/lib/Drupal/taxonomy/Access/TaxonomyTermCreateAccess.php

@@ -27,7 +27,7 @@ class TaxonomyTermCreateAccess extends EntityCreateAccessCheck {
   public function access(Route $route, Request $request) {
     $entity_type = $route->getRequirement($this->requirementsKey);
     if ($vocabulary = $request->attributes->get('taxonomy_vocabulary')) {
-      return $this->entityManager->getAccessController($entity_type)->createAccess($vocabulary->id());
+      return $this->entityManager->getAccessController($entity_type)->createAccess($vocabulary->id()) ? static::ALLOW : static::DENY;
     }
     return parent::access($route, $request);
   }

core/modules/toolbar/lib/Drupal/toolbar/Access/SubtreeAccess.php

@@ -28,12 +28,7 @@ public function appliesTo() {
    */
   public function access(Route $route, Request $request) {
     $hash = $request->get('hash');
-    if (user_access('access toolbar') && ($hash == _toolbar_get_subtree_hash())) {
-      return TRUE;
-    }
-    else {
-      return NULL;
-    }
+    return (user_access('access toolbar') && ($hash == _toolbar_get_subtree_hash())) ? static::ALLOW : static::DENY;
   }
 
 }

core/modules/user/lib/Drupal/user/Access/LoginStatusCheck.php

@@ -27,7 +27,7 @@ public function appliesTo() {
    * {@inheritdoc}
    */
   public function access(Route $route, Request $request) {
-    return (bool) $GLOBALS['user']->id();
+    return $GLOBALS['user']->isAuthenticated() ? static::ALLOW : static::DENY;
   }
 
 }

core/modules/user/lib/Drupal/user/Access/RegisterAccessCheck.php

@@ -27,6 +27,6 @@ public function appliesTo() {
    * Implements AccessCheckInterface::access().
    */
   public function access(Route $route, Request $request) {
-    return user_is_anonymous() && (\Drupal::config('user.settings')->get('register') != USER_REGISTER_ADMINISTRATORS_ONLY);
+    return (user_is_anonymous() && (\Drupal::config('user.settings')->get('register') != USER_REGISTER_ADMINISTRATORS_ONLY)) ? static::ALLOW : static::DENY;
   }
 }

core/modules/views/lib/Drupal/views/ViewsAccessCheck.php

@@ -31,7 +31,7 @@ public function appliesTo() {
   public function access(Route $route, Request $request) {
     $access = user_access('access all views');
 
-    return $access ?: NULL;
+    return $access ? static::ALLOW : static::DENY;
   }
 
 }