Issue #2063405 by dawehner, Wim Leers, Crell: Update all access checkers to...

Issue #2063405 by dawehner, Wim Leers, Crell: Update all access checkers to use static::ALLOW/static::DENY/static::KILL.

Issue #2063405 by dawehner, Wim Leers, Crell: Update all access checkers to...
Issue #2063405 by dawehner, Wim Leers, Crell: Update all access checkers to use static::ALLOW/static::DENY/static::KILL.
c5ef1c9c · alexpott · fc4150ba · c5ef1c9c · c5ef1c9c · c5ef1c9c
Commit c5ef1c9c authored Aug 29, 2013 by alexpott
--- a/core/lib/Drupal/Core/Entity/EntityAccessCheck.php
+++ b/core/lib/Drupal/Core/Entity/EntityAccessCheck.php
@@ -45,12 +45,12 @@ public function access(Route $route, Request $request) {
    if ($request->attributes->has($entity_type)) {
      $entity = $request->attributes->get($entity_type);
      if ($entity instanceof EntityInterface) {
-        return $entity->access($operation);
+        return $entity->access($operation) ? static::ALLOW : static::DENY;
      }
    }
    // No opinion, so other access checks should decide if access should be
    // allowed or not.
-    return NULL;
+    return static::DENY;
  }

 }
--- a/core/lib/Drupal/Core/Entity/EntityCreateAccessCheck.php
+++ b/core/lib/Drupal/Core/Entity/EntityCreateAccessCheck.php
@@ -52,7 +52,7 @@ public function appliesTo() {
   */
  public function access(Route $route, Request $request) {
    list($entity_type, $bundle) = explode(':', $route->getRequirement($this->requirementsKey) . ':');
-    return $this->entityManager->getAccessController($entity_type)->createAccess($bundle);
+    return $this->entityManager->getAccessController($entity_type)->createAccess($bundle) ? static::ALLOW : static::DENY;
  }

 }
--- a/core/modules/aggregator/lib/Drupal/aggregator/Access/CategoriesAccessCheck.php
+++ b/core/modules/aggregator/lib/Drupal/aggregator/Access/CategoriesAccessCheck.php
@@ -47,7 +47,7 @@ public function appliesTo() {
  public function access(Route $route, Request $request) {
    // @todo Replace user_access() with a correctly injected and session-using
    // alternative.
-    return user_access('access news feeds') && (bool) $this->database->queryRange('SELECT 1 FROM {aggregator_category}', 0, 1)->fetchField();
+    return user_access('access news feeds') && (bool) $this->database->queryRange('SELECT 1 FROM {aggregator_category}', 0, 1)->fetchField() ? static::ALLOW : static::DENY;
  }

 }
--- a/core/modules/block/lib/Drupal/block/Access/BlockThemeAccessCheck.php
+++ b/core/modules/block/lib/Drupal/block/Access/BlockThemeAccessCheck.php
@@ -28,7 +28,7 @@ public function appliesTo() {
   */
  public function access(Route $route, Request $request) {
    $theme = $request->attributes->get('theme');
-    return user_access('administer blocks') && drupal_theme_access($theme);
+    return (user_access('administer blocks') && drupal_theme_access($theme)) ? static::ALLOW : static::DENY;
  }

 }
--- a/core/modules/field_ui/lib/Drupal/field_ui/Access/FormModeAccessCheck.php
+++ b/core/modules/field_ui/lib/Drupal/field_ui/Access/FormModeAccessCheck.php
@@ -35,7 +35,7 @@ public function access(Route $route, Request $request) {
      $visibility = ($form_mode == 'default') || !empty($form_mode_settings[$form_mode]['status']);
      if ($visibility) {
        $permission = $route->getRequirement('_field_ui_form_mode_access');
-        return user_access($permission);
+        return user_access($permission) ? static::ALLOW : static::DENY;
      }
    }
  }

--- a/core/modules/field_ui/lib/Drupal/field_ui/Access/ViewModeAccessCheck.php
+++ b/core/modules/field_ui/lib/Drupal/field_ui/Access/ViewModeAccessCheck.php
@@ -35,7 +35,7 @@ public function access(Route $route, Request $request) {
      $visibility = ($view_mode == 'default') || !empty($view_mode_settings[$view_mode]['status']);
      if ($visibility) {
        $permission = $route->getRequirement('_field_ui_view_mode_access');
-        return user_access($permission);
+        return user_access($permission) ? static::ALLOW : static::DENY;
      }
    }
  }

--- a/core/modules/filter/lib/Drupal/filter/Access/FilterAccessCheck.php
+++ b/core/modules/filter/lib/Drupal/filter/Access/FilterAccessCheck.php
@@ -31,13 +31,13 @@ public function access(Route $route, Request $request) {
      // Handle special cases up front. All users have access to the fallback
      // format.
      if ($format->format == filter_fallback_format()) {
-        return TRUE;
+        return static::ALLOW;
      }

      // Check the permission if one exists; otherwise, we have a non-existent
      // format so we return FALSE.
      $permission = filter_permission_name($format);
-      return !empty($permission) && user_access($permission);
+      return !empty($permission) && user_access($permission) ? static::ALLOW : static::DENY;
    }
  }
 }
--- a/core/modules/filter/lib/Drupal/filter/Access/FormatDisableCheck.php
+++ b/core/modules/filter/lib/Drupal/filter/Access/FormatDisableCheck.php
@@ -28,10 +28,10 @@ public function appliesTo() {
   */
  public function access(Route $route, Request $request) {
    if ($format = $request->attributes->get('filter_format')) {
-      return user_access('administer filters') && ($format->format != filter_fallback_format());
+      return (user_access('administer filters') && ($format->format != filter_fallback_format())) ? static::ALLOW : static::DENY;
    }

-    return FALSE;
+    return static::DENY;
  }

 }
--- a/core/modules/rest/lib/Drupal/rest/Access/CSRFAccessCheck.php
+++ b/core/modules/rest/lib/Drupal/rest/Access/CSRFAccessCheck.php
@@ -55,12 +55,10 @@ public function access(Route $route, Request $request) {
    ) {
      $csrf_token = $request->headers->get('X-CSRF-Token');
      if (!drupal_valid_token($csrf_token, 'rest')) {
-        return FALSE;
+        return static::KILL;
      }
    }
-    // As we do not perform any authorization here we always return NULL to
-    // indicate that other access checkers should decide if the request is
-    // legit.
-    return NULL;
+    // Let other access checkers decide if the request is legit.
+    return static::ALLOW;
  }
 }
--- a/core/modules/shortcut/lib/Drupal/shortcut/Access/LinkDeleteAccessCheck.php
+++ b/core/modules/shortcut/lib/Drupal/shortcut/Access/LinkDeleteAccessCheck.php
@@ -30,7 +30,7 @@ public function access(Route $route, Request $request) {
    $menu_link = $request->attributes->get('menu_link');
    $set_name = str_replace('shortcut-', '', $menu_link['menu_name']);
    if ($shortcut_set = shortcut_set_load($set_name)) {
-      return shortcut_set_edit_access($shortcut_set);
+      return shortcut_set_edit_access($shortcut_set) ? static::ALLOW : static::DENY;
    }
  }


--- a/core/modules/system/lib/Drupal/system/Access/CronAccessCheck.php
+++ b/core/modules/system/lib/Drupal/system/Access/CronAccessCheck.php
@@ -30,12 +30,12 @@ public function access(Route $route, Request $request) {
    $key = $request->attributes->get('key');
    if ($key != \Drupal::state()->get('system.cron_key')) {
      watchdog('cron', 'Cron could not run because an invalid key was used.', array(), WATCHDOG_NOTICE);
-      return FALSE;
+      return static::KILL;
    }
    elseif (\Drupal::config('system.maintenance')->get('enabled')) {
      watchdog('cron', 'Cron could not run because the site is in maintenance mode.', array(), WATCHDOG_NOTICE);
-      return FALSE;
+      return static::KILL;
    }
-    return TRUE;
+    return static::ALLOW;
  }
 }
--- a/core/modules/system/tests/modules/router_test/lib/Drupal/router_test/Access/TestAccessCheck.php
+++ b/core/modules/system/tests/modules/router_test/lib/Drupal/router_test/Access/TestAccessCheck.php
@@ -29,6 +29,6 @@ public function applies(Route $route) {
  public function access(Route $route, Request $request) {
    // No opinion, so other access checks should decide if access should be
    // allowed or not.
-    return NULL;
+    return static::DENY;
  }
 }
--- a/core/modules/taxonomy/lib/Drupal/taxonomy/Access/TaxonomyTermCreateAccess.php
+++ b/core/modules/taxonomy/lib/Drupal/taxonomy/Access/TaxonomyTermCreateAccess.php
@@ -27,7 +27,7 @@ class TaxonomyTermCreateAccess extends EntityCreateAccessCheck {
  public function access(Route $route, Request $request) {
    $entity_type = $route->getRequirement($this->requirementsKey);
    if ($vocabulary = $request->attributes->get('taxonomy_vocabulary')) {
-      return $this->entityManager->getAccessController($entity_type)->createAccess($vocabulary->id());
+      return $this->entityManager->getAccessController($entity_type)->createAccess($vocabulary->id()) ? static::ALLOW : static::DENY;
    }
    return parent::access($route, $request);
  }

--- a/core/modules/toolbar/lib/Drupal/toolbar/Access/SubtreeAccess.php
+++ b/core/modules/toolbar/lib/Drupal/toolbar/Access/SubtreeAccess.php
@@ -28,12 +28,7 @@ public function appliesTo() {
   */
  public function access(Route $route, Request $request) {
    $hash = $request->get('hash');
-    if (user_access('access toolbar') && ($hash == _toolbar_get_subtree_hash())) {
-      return TRUE;
-    }
-    else {
-      return NULL;
-    }
+    return (user_access('access toolbar') && ($hash == _toolbar_get_subtree_hash())) ? static::ALLOW : static::DENY;
  }

 }
--- a/core/modules/user/lib/Drupal/user/Access/LoginStatusCheck.php
+++ b/core/modules/user/lib/Drupal/user/Access/LoginStatusCheck.php
@@ -27,7 +27,7 @@ public function appliesTo() {
   * {@inheritdoc}
   */
  public function access(Route $route, Request $request) {
-    return (bool) $GLOBALS['user']->id();
+    return $GLOBALS['user']->isAuthenticated() ? static::ALLOW : static::DENY;
  }

 }
--- a/core/modules/user/lib/Drupal/user/Access/RegisterAccessCheck.php
+++ b/core/modules/user/lib/Drupal/user/Access/RegisterAccessCheck.php
@@ -27,6 +27,6 @@ public function appliesTo() {
   * Implements AccessCheckInterface::access().
   */
  public function access(Route $route, Request $request) {
-    return user_is_anonymous() && (\Drupal::config('user.settings')->get('register') != USER_REGISTER_ADMINISTRATORS_ONLY);
+    return (user_is_anonymous() && (\Drupal::config('user.settings')->get('register') != USER_REGISTER_ADMINISTRATORS_ONLY)) ? static::ALLOW : static::DENY;
  }
 }
--- a/core/modules/views/lib/Drupal/views/ViewsAccessCheck.php
+++ b/core/modules/views/lib/Drupal/views/ViewsAccessCheck.php
@@ -31,7 +31,7 @@ public function appliesTo() {
  public function access(Route $route, Request $request) {
    $access = user_access('access all views');

-    return $access ?: NULL;
+    return $access ? static::ALLOW : static::DENY;
  }

 }