Issue #2147291 by tim.plunkett, martin107, tkuldeep17, agentrickard:...

Issue #2147291 by tim.plunkett, martin107, tkuldeep17, agentrickard: Node_access_grants should always be passed an account.

core/modules/node/lib/Drupal/node/Plugin/views/filter/Access.php

@@ -28,10 +28,11 @@ public function canExpose() {
    * See _node_access_where_sql() for a non-views query based implementation.
    */
   public function query() {
-    if (!$this->view->getUser()->hasPermission('administer nodes')) {
+    $account = $this->view->getUser();
+    if (!$account->hasPermission('administer nodes')) {
       $table = $this->ensureMyTable();
       $grants = db_or();
-      foreach (node_access_grants('view') as $realm => $gids) {
+      foreach (node_access_grants('view', $account) as $realm => $gids) {
         foreach ($gids as $gid) {
           $grants->condition(db_and()
             ->condition($table . '.gid', $gid)

core/modules/node/lib/Drupal/node/Tests/NodeAccessRecordsTest.php

@@ -77,7 +77,7 @@ function testNodeAccessRecords() {
     // Create a user that is allowed to access content.
     $web_user = $this->drupalCreateUser(array('access content'));
     foreach ($operations as $op) {
-      $grants = node_test_node_grants($op, $web_user);
+      $grants = node_test_node_grants($web_user, $op);
       $altered_grants = $grants;
       \Drupal::moduleHandler()->alter('node_grants', $altered_grants, $web_user, $op);
       $this->assertNotEqual($grants, $altered_grants, format_string('Altered the %op grant for a user.', array('%op' => $op)));

core/modules/node/node.api.php

@@ -161,12 +161,12 @@
  * sure to restore your {node_access} record after node_access_rebuild() is
  * called.
  *
- * @param $account
- *   The user object whose grants are requested.
- * @param $op
+ * @param \Drupal\Core\Session\AccountInterface $account
+ *   The acccount object whose grants are requested.
+ * @param string $op
  *   The node operation to be performed, such as 'view', 'update', or 'delete'.
  *
- * @return
+ * @return array
  *   An array whose keys are "realms" of grants, and whose values are arrays of
  *   the grant IDs within this realm that this user is being granted.
  *
@@ -176,7 +176,7 @@
  * @see node_access_rebuild()
  * @ingroup node_access
  */
-function hook_node_grants($account, $op) {
+function hook_node_grants(\Drupal\Core\Session\AccountInterface $account, $op) {
   if (user_access('access private content', $account)) {
     $grants['example'] = array(1);
   }
@@ -349,11 +349,11 @@ function hook_node_access_records_alter(&$grants, Drupal\node\NodeInterface $nod
  * permissions assigned to a user role, or specific attributes of a user
  * account.
  *
- * @param $grants
+ * @param array $grants
  *   The $grants array returned by hook_node_grants().
- * @param $account
- *   The user account requesting access to content.
- * @param $op
+ * @param \Drupal\Core\Session\AccountInterface $account
+ *   The account requesting access to content.
+ * @param string $op
  *   The operation being performed, 'view', 'update' or 'delete'.
  *
  * @see hook_node_grants()
@@ -361,7 +361,7 @@ function hook_node_access_records_alter(&$grants, Drupal\node\NodeInterface $nod
  * @see hook_node_access_records_alter()
  * @ingroup node_access
  */
-function hook_node_grants_alter(&$grants, $account, $op) {
+function hook_node_grants_alter(&$grants, \Drupal\Core\Session\AccountInterface $account, $op) {
   // Our sample module never allows certain roles to edit or delete
   // content. Since some other node access modules might allow this
   // permission, we expressly remove it by returning an empty $grants

core/modules/node/node.module

@@ -1406,22 +1406,16 @@ function node_permissions_get_configured_types() {
  * grants array by reference. This hook allows for complex business logic to be
  * applied when integrating multiple node access modules.
  *
- * @param $op
+ * @param string $op
  *   The operation that the user is trying to perform.
- * @param $account
- *   (optional) The user object for the user performing the operation. If
- *   omitted, the current user is used.  Defaults to NULL.
+ * @param \Drupal\Core\Session\AccountInterface $account
+ *   The account object for the user performing the operation.
  *
- * @return
+ * @return array
  *   An associative array in which the keys are realms, and the values are
  *   arrays of grants for those realms.
  */
-function node_access_grants($op, $account = NULL) {
-
-  if (!isset($account)) {
-    $account = \Drupal::currentUser();
-  }
-
+function node_access_grants($op, AccountInterface $account) {
   // Fetch node access grants from other modules.
   $grants = \Drupal::moduleHandler()->invokeAll('node_grants', array($account, $op));
   // Allow modules to alter the assigned grants.

core/modules/node/tests/modules/node_test/node_test.module

@@ -9,6 +9,7 @@
  */
 
 use Drupal\Core\Entity\Display\EntityViewDisplayInterface;
+use Drupal\Core\Session\AccountInterface;
 use Drupal\node\NodeInterface;
 
 /**
@@ -41,7 +42,7 @@ function node_test_node_view(NodeInterface $node, EntityViewDisplayInterface $di
 /**
  * Implements hook_node_grants().
  */
-function node_test_node_grants($account, $op) {
+function node_test_node_grants(AccountInterface $account, $op) {
   // Give everyone full grants so we don't break other node tests.
   // Our node access tests asserts three realms of access.
   // See testGrantAlter().
@@ -104,7 +105,7 @@ function node_test_node_access_records_alter(&$grants, NodeInterface $node) {
 /**
  * Implements hook_node_grants_alter().
  */
-function node_test_node_grants_alter(&$grants, $account, $op) {
+function node_test_node_grants_alter(&$grants, AccountInterface $account, $op) {
   // Return an empty array of grants to prove that we can alter by reference.
   $grants = array();
 }