Commit e071723f authored by webchick's avatar webchick

Issue #2272081 by Wim Leers: BlockAccessController::checkAccess() should run...

Issue #2272081 by Wim Leers: BlockAccessController::checkAccess() should run the block plugin's access check last.
parent 9eae2471
......@@ -64,13 +64,6 @@ protected function checkAccess(EntityInterface $entity, $operation, $langcode, A
return FALSE;
}
// If the plugin denies access, then deny access.
if (!$entity->getPlugin()->access($account)) {
return FALSE;
}
// Otherwise, check for other access restrictions.
// User role access handling.
// If a block has no roles associated, it is displayed for every role.
// For blocks with roles associated, if none of the user's roles matches
......@@ -121,6 +114,14 @@ protected function checkAccess(EntityInterface $entity, $operation, $langcode, A
return FALSE;
}
}
// If the plugin denies access, then deny access. Apply plugin access checks
// last, because it's almost certainly cheaper to first apply Block's own
// visibility checks.
if (!$entity->getPlugin()->access($account)) {
return FALSE;
}
return TRUE;
}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment