Commit e1081c61 authored by alexpott's avatar alexpott

Issue #2338475 by herom: Remove hook_permission().

parent 5e938c16
......@@ -550,11 +550,10 @@
* appropriately for their particular sites.
*
* @section sec_define Defining permissions
* Modules define permissions via a $module.permissions.yml file or by
* implementing hook_permission(). The return value defines machine names,
* human-readable names, and optionally descriptions for each permission type.
* The machine names are the canonical way to refer to permissions for access
* checking.
* Modules define permissions via a $module.permissions.yml file. The return
* value defines machine names, human-readable names, and optionally
* descriptions for each permission type. The machine names are the canonical
* way to refer to permissions for access checking.
*
* @section sec_access Access permission checking
* Depending on the situation, there are several methods for ensuring that
......
......@@ -942,55 +942,6 @@ function hook_system_info_alter(array &$info, \Drupal\Core\Extension\Extension $
}
}
/**
* Define user permissions.
*
* This hook can supply permissions that the module defines, so that they
* can be selected on the user permissions page and used to grant or restrict
* access to actions the module performs.
*
* Permissions are checked using \Drupal::currentUser()->hasPermission().
*
* For a detailed usage example, see page_example.module.
*
* @return
* An array whose keys are permission names and whose corresponding values
* are arrays containing the following key-value pairs:
* - title: The human-readable name of the permission, to be shown on the
* permission administration page. This should be wrapped in the t()
* function so it can be translated.
* - description: (optional) A description of what the permission does. This
* should be wrapped in the t() function so it can be translated.
* - restrict access: (optional) A boolean which can be set to TRUE to
* indicate that site administrators should restrict access to this
* permission to trusted users. This should be used for permissions that
* have inherent security risks across a variety of potential use cases
* (for example, the "administer filters" and "bypass node access"
* permissions provided by Drupal core). When set to TRUE, a standard
* warning message defined in user_admin_permissions() will be displayed
* with the permission on the permission administration page. Defaults
* to FALSE.
* - warning: (optional) A translated warning message to display for this
* permission on the permission administration page. This warning overrides
* the automatic warning generated by 'restrict access' being set to TRUE.
* This should rarely be used, since it is important for all permissions to
* have a clear, consistent security warning that is the same across the
* site. Use the 'description' key instead to provide any information that
* is specific to the permission you are defining.
*
* @ingroup user_api
* @deprecated in Drupal 8.x-dev, will be removed before Drupal 8.0.
* Use $module.permissions.yml files.
*/
function hook_permission() {
return array(
'administer my module' => array(
'title' => t('Administer my module'),
'description' => t('Perform administration tasks for my module.'),
),
);
}
/**
* Provide online user help.
*
......
......@@ -13,7 +13,8 @@
use Symfony\Component\Routing\Route;
/**
* Determines access to routes based on permissions defined via permissions.yml.
* Determines access to routes based on permissions defined via
* $module.permissions.yml files.
*/
class PermissionAccessCheck implements AccessInterface {
......
......@@ -14,18 +14,16 @@
use Drupal\Core\StringTranslation\TranslationInterface;
/**
* Provides the available permissions based on hook_permission and yml files.
* Provides the available permissions based on yml files.
*
* To define permissions you can use a $module.permissions.yml file:
*
* @code
* 'access all views':
* access all views:
* title: 'Bypass views access control'
* description: 'Bypass access control when accessing views.'
* 'restrict access': TRUE
* @encode
*
* @see hook_permission()
* restrict access: true
* @endcode
*/
class PermissionHandler implements PermissionHandlerInterface {
......@@ -89,8 +87,6 @@ protected function getYamlDiscovery() {
public function getPermissions() {
$all_permissions = $this->buildPermissionsYaml();
$all_permissions += $this->buildPermissionsModules();
return $this->sortPermissions($all_permissions);
}
......@@ -170,33 +166,6 @@ protected function buildPermissionsYaml() {
return $all_permissions + $all_callback_permissions;
}
/**
* Builds all permissions provided by .module files.
*
* @return array[]
* Each return permission is an array with the following keys:
* - title: The title of the permission.
* - description: The description of the permission, defaults to NULL.
* - provider: The provider of the permission.
*/
protected function buildPermissionsModules() {
$all_permissions = array();
foreach ($this->moduleHandler->getImplementations('permission') as $provider) {
$permissions = $this->moduleHandler->invoke($provider, 'permission');
foreach ($permissions as &$permission) {
if (!is_array($permission)) {
$permission = array(
'title' => $permission,
'description' => NULL,
);
}
$permission['provider'] = $provider;
}
$all_permissions += $permissions;
}
return $all_permissions;
}
/**
* Sorts the given permissions by provider name and title.
*
......
......@@ -76,63 +76,6 @@ protected function mockModuleExtension($module, $name) {
return $extension;
}
/**
* Tests permissions by hook_permission.
*
* @covers ::__construct
* @covers ::getPermissions
* @covers ::buildPermissions
* @covers ::buildPermissionsModules
* @covers ::sortPermissions
* @covers ::getModuleNames
*/
public function testBuildPermissionsModules() {
$modules = array('module_a', 'module_b', 'module_c');
$extensions = array(
'module_a' => $this->mockModuleExtension('module_a', 'Module a'),
'module_b' => $this->mockModuleExtension('module_b', 'Moduleb'),
'module_c' => $this->mockModuleExtension('module_c', 'Module c'),
);
$permissions = array(
'module_a' => array('access_module_a' => 'single_description'),
'module_b' => array('access module b' => array('title' => 'Access B', 'description' => 'bla bla')),
'module_c' => array('access_module_c' => array('title' => 'Access C', 'description' => 'bla bla', 'restrict access' => TRUE)),
);
$this->moduleHandler = $this->getMock('Drupal\Core\Extension\ModuleHandlerInterface');
$this->moduleHandler->expects($this->once())
->method('getModuleDirectories')
->willReturn([]);
$this->moduleHandler->expects($this->at(1))
->method('getImplementations')
->with('permission')
->willReturn($modules);
// Setup the module handler.
$i = 2;
foreach ($modules as $module_name) {
$this->moduleHandler->expects($this->at($i++))
->method('invoke')
->with($module_name)
->willReturn($permissions[$module_name]);
}
$this->moduleHandler->expects($this->any())
->method('getModuleList')
->willReturn(array_flip($modules));
$this->permissionHandler = new TestPermissionHandler($this->moduleHandler, $this->stringTranslation, $this->controllerResolver);
// Setup system_rebuild_module_data().
$this->permissionHandler->setSystemRebuildModuleData($extensions);
$actual_permissions = $this->permissionHandler->getPermissions();
$this->assertPermissions($actual_permissions);
// Ensure that the human name of the module is taken into account for the
// sorting.
$this->assertSame(array('access_module_a', 'access_module_c', 'access module b'), array_keys($actual_permissions));
}
/**
* Tests permissions provided by YML files.
*
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment