Commit 176672a4 authored by catch's avatar catch

Issue #1947880 by chrisjlee, tim.plunkett, Xano, s_leu, Berdir, effulgentsia,...

Issue #1947880 by chrisjlee, tim.plunkett, Xano, s_leu, Berdir, effulgentsia, penyaskito, dawehner: Replace node_access() with $entity->access().
parent 0d61dd81
......@@ -135,7 +135,8 @@ function book_node_view_link(NodeInterface $node, $view_mode) {
if (isset($node->book['depth'])) {
if ($view_mode == 'full' && node_is_page($node)) {
$child_type = \Drupal::config('book.settings')->get('child_type');
if (($account->hasPermission('add content to books') || $account->hasPermission('administer book outlines')) && node_access('create', $child_type) && $node->isPublished() && $node->book['depth'] < MENU_MAX_DEPTH) {
$access_controller = Drupal::entityManager()->getAccessController('node');
if (($account->hasPermission('add content to books') || $account->hasPermission('administer book outlines')) && $access_controller->createAccess($child_type) && $node->isPublished() && $node->book['depth'] < MENU_MAX_DEPTH) {
$links['book_add_child'] = array(
'title' => t('Add child page'),
'href' => 'node/add/' . $child_type,
......@@ -197,7 +198,7 @@ function book_menu() {
* @see book_menu()
*/
function _book_outline_access(EntityInterface $node) {
return \Drupal::currentUser()->hasPermission('administer book outlines') && node_access('view', $node);
return \Drupal::currentUser()->hasPermission('administer book outlines') && $node->access('view');
}
/**
......
......@@ -81,7 +81,7 @@ public function build() {
$book['in_active_trail'] = FALSE;
// Check whether user can access the book link.
$book_node = node_load($book['nid']);
$book['access'] = node_access('view', $book_node);
$book['access'] = $book_node->access('view');
$pseudo_tree[0]['link'] = $book;
$book_menus[$book_id] = menu_tree_output($pseudo_tree);
}
......
......@@ -220,7 +220,7 @@ function hook_file_delete(Drupal\file\FileInterface $file) {
*/
function hook_file_download_access($field, Drupal\Core\Entity\EntityInterface $entity, Drupal\file\FileInterface $file) {
if ($entity->entityType() == 'node') {
return node_access('view', $entity);
return $entity->access('view');
}
}
......
......@@ -149,7 +149,7 @@ function forum_menu_local_tasks(&$data, $route_name) {
// Loop through all bundles for forum taxonomy vocabulary field.
$field = Field::fieldInfo()->getField('node', 'taxonomy_forums');
foreach ($field->getBundles() as $type) {
if (node_access('create', $type)) {
if (\Drupal::entityManager()->getAccessController('node')->createAccess($type)) {
$links[$type] = array(
'#theme' => 'menu_local_action',
'#link' => array(
......
......@@ -33,7 +33,7 @@ public function acquireGrants(NodeInterface $node);
*
* If a realm is provided, it will only delete grants from that realm, but it
* will always delete a grant from the 'all' realm. Modules that utilize
* node_access() can use this function when doing mass updates due to widespread
* node access can use this function when doing mass updates due to widespread
* permission changes.
*
* Note: Don't call this function directly from a contributed module. Call
......
......@@ -305,7 +305,7 @@ protected function actions(array $form, array &$form_state) {
}
$element['preview'] = array(
'#access' => $preview_mode != DRUPAL_DISABLED && (node_access('create', $node) || node_access('update', $node)),
'#access' => $preview_mode != DRUPAL_DISABLED && ($node->access('create') || $node->access('update')),
'#value' => t('Preview'),
'#weight' => 20,
'#validate' => array(
......@@ -317,7 +317,7 @@ protected function actions(array $form, array &$form_state) {
),
);
$element['delete']['#access'] = node_access('delete', $node);
$element['delete']['#access'] = $node->access('delete');
$element['delete']['#weight'] = 100;
return $element;
......
......@@ -56,8 +56,8 @@ public function alterQuery($query, array $tables, $op, AccountInterface $account
*
* If a realm is provided, it will only delete grants from that realm, but
* it will always delete a grant from the 'all' realm. Modules that use
* node_access() can use this method when doing mass updates due to
* widespread permission changes.
* node access can use this method when doing mass updates due to widespread
* permission changes.
*
* Note: Don't call this method directly from a contributed module. Call
* node_access_write_grants() instead.
......
......@@ -93,7 +93,7 @@ public function validateArgument($argument) {
}
if (!empty($this->options['access'])) {
if (!node_access($this->options['access_op'], $node)) {
if (!$node->access($this->options['access_op'])) {
return FALSE;
}
}
......@@ -125,7 +125,7 @@ public function validateArgument($argument) {
}
if (!empty($this->options['access'])) {
if (!node_access($this->options['access_op'], $node)) {
if (!$node->access($this->options['access_op'])) {
return FALSE;
}
}
......
......@@ -67,7 +67,7 @@ public function render(ResultRow $values) {
* Returns a string for the link text.
*/
protected function renderLink($node, ResultRow $values) {
if (node_access('view', $node)) {
if ($node->access('view')) {
$this->options['alter']['make_link'] = TRUE;
$this->options['alter']['path'] = 'node/' . $node->id();
$text = !empty($this->options['text']) ? $this->options['text'] : t('view');
......
......@@ -33,7 +33,7 @@ class LinkDelete extends Link {
*/
protected function renderLink($node, ResultRow $values) {
// Ensure user has access to delete this node.
if (!node_access('delete', $node)) {
if (!$node->access('delete')) {
return;
}
......
......@@ -33,7 +33,7 @@ class LinkEdit extends Link {
*/
protected function renderLink($node, ResultRow $values) {
// Ensure user has access to edit this node.
if (!node_access('update', $node)) {
if (!$node->access('update')) {
return;
}
......
......@@ -83,7 +83,7 @@ function get_revision_entity($values, $op) {
// Unpublished nodes ignore access control.
$node->setPublished(TRUE);
// Ensure user has access to perform the operation on this node.
if (!node_access($op, $node)) {
if (!$node->access($op)) {
return array($node, NULL);
}
return array($node, $vid);
......
......@@ -167,7 +167,7 @@ public function setUp() {
}
/**
* Tests node_access() and node access queries with multiple node languages.
* Tests node access and node access queries with multiple node languages.
*/
function testNodeAccessLanguageAwareCombination() {
......
......@@ -123,7 +123,7 @@ public function setUp() {
}
/**
* Tests node_access() and node access queries with multiple node languages.
* Tests node access and node access queries with multiple node languages.
*/
function testNodeAccessLanguageAware() {
// The node_access_test_language module only grants view access.
......
......@@ -10,7 +10,7 @@
use Drupal\Core\Language\Language;
/**
* Verifies node_access() functionality for multiple languages.
* Verifies node access functionality for multiple languages.
*/
class NodeAccessLanguageTest extends NodeTestBase {
......@@ -54,7 +54,7 @@ function setUp() {
}
/**
* Tests node_access() with multiple node languages and no private nodes.
* Tests node access with multiple node languages and no private nodes.
*/
function testNodeAccess() {
$web_user = $this->drupalCreateUser(array('access content'));
......@@ -96,7 +96,7 @@ function testNodeAccess() {
$this->assertNodeAccess($expected_node_access_no_access, $node_public_no_language, $web_user, 'ca');
$this->assertNodeAccess($expected_node_access_no_access, $node_public_no_language, $web_user, 'hr');
// Reset the node access cache and turn on our test node_access() code.
// Reset the node access cache and turn on our test node access code.
drupal_static_reset('node_access');
variable_set('node_access_test_secret_catalan', 1);
......@@ -111,7 +111,7 @@ function testNodeAccess() {
}
/**
* Tests node_access() with multiple node languages and private nodes.
* Tests node access with multiple node languages and private nodes.
*/
function testNodeAccessPrivate() {
$web_user = $this->drupalCreateUser(array('access content'));
......@@ -154,7 +154,7 @@ function testNodeAccessPrivate() {
$this->assertNodeAccess($expected_node_access_no_access, $node_private_no_language, $web_user, 'ca');
$this->assertNodeAccess($expected_node_access_no_access, $node_private_no_language, $web_user, 'hr');
// Reset the node access cache and turn on our test node_access() code.
// Reset the node access cache and turn on our test node access code.
entity_access_controller('node')->resetCache();
\Drupal::state()->set('node_access_test_secret_catalan', 1);
......
......@@ -36,13 +36,13 @@ function testNodeAccess() {
// Ensures user without 'access content' permission can do nothing.
$web_user1 = $this->drupalCreateUser(array('create page content', 'edit any page content', 'delete any page content'));
$node1 = $this->drupalCreateNode(array('type' => 'page'));
$this->assertNodeAccess(array('create' => FALSE), 'page', $web_user1);
$this->assertNodeCreateAccess($node1->bundle(), FALSE, $web_user1);
$this->assertNodeAccess(array('view' => FALSE, 'update' => FALSE, 'delete' => FALSE), $node1, $web_user1);
// Ensures user with 'bypass node access' permission can do everything.
$web_user2 = $this->drupalCreateUser(array('bypass node access'));
$node2 = $this->drupalCreateNode(array('type' => 'page'));
$this->assertNodeAccess(array('create' => TRUE), 'page', $web_user2);
$this->assertNodeCreateAccess($node2->bundle(), TRUE, $web_user2);
$this->assertNodeAccess(array('view' => TRUE, 'update' => TRUE, 'delete' => TRUE), $node2, $web_user2);
// User cannot 'view own unpublished content'.
......@@ -51,7 +51,7 @@ function testNodeAccess() {
$this->assertNodeAccess(array('view' => FALSE), $node3, $web_user3);
// User cannot create content without permission.
$this->assertNodeAccess(array('create' => FALSE), 'page', $web_user3);
$this->assertNodeCreateAccess($node3->bundle(), FALSE, $web_user3);
// User can 'view own unpublished content', but another user cannot.
$web_user4 = $this->drupalCreateUser(array('access content', 'view own unpublished content'));
......
......@@ -22,6 +22,13 @@ abstract class NodeTestBase extends WebTestBase {
*/
public static $modules = array('node', 'datetime');
/**
* The node access controller.
*
* @var \Drupal\Core\Entity\EntityAccessControllerInterface
*/
protected $accessController;
function setUp() {
parent::setUp();
......@@ -30,10 +37,11 @@ function setUp() {
$this->drupalCreateContentType(array('type' => 'page', 'name' => 'Basic page'));
$this->drupalCreateContentType(array('type' => 'article', 'name' => 'Article'));
}
$this->accessController = \Drupal::entityManager()->getAccessController('node');
}
/**
* Asserts that node_access() correctly grants or denies access.
* Asserts that node access correctly grants or denies access.
*
* @param array $ops
* An associative array of the expected node access grants for the node
......@@ -50,16 +58,54 @@ function setUp() {
*/
function assertNodeAccess(array $ops, $node, AccountInterface $account, $langcode = NULL) {
foreach ($ops as $op => $result) {
$msg = format_string(
'node_access() returns @result with operation %op, language code %langcode.',
array(
'@result' => $result ? 'true' : 'false',
'%op' => $op,
'%langcode' => !empty($langcode) ? $langcode : 'empty'
)
);
$this->assertEqual($result, node_access($op, $node, $account, $langcode), $msg);
if (empty($langcode)) {
$langcode = $node->prepareLangcode();
}
$this->assertEqual($result, $this->accessController->access($node, $op, $langcode, $account), $this->nodeAccessAssertMessage($op, $result, $langcode));
}
}
/**
* Asserts that node create access correctly grants or denies access.
*
* @param string $bundle
* The node bundle to check access to.
* @param bool $result
* Whether access should be granted or not.
* @param \Drupal\Core\Session\AccountInterface $account
* The user account for which to check access.
* @param string|null $langcode
* (optional) The language code indicating which translation of the node
* to check. If NULL, the untranslated (fallback) access is checked.
*/
function assertNodeCreateAccess($bundle, $result, AccountInterface $account, $langcode = NULL) {
$this->assertEqual($result, $this->accessController->createAccess($bundle, $account, array(
'langcode' => $langcode,
)), $this->nodeAccessAssertMessage('create', $result, $langcode));
}
/**
* Constructs an assert message for checking node access.
*
* @param string $operation
* The operation to check access for.
* @param bool $result
* Whether access should be granted or not.
* @param string|null $langcode
* (optional) The language code indicating which translation of the node
* to check. If NULL, the untranslated (fallback) access is checked.
*
* @return string
*/
function nodeAccessAssertMessage($operation, $result, $langcode = NULL) {
return format_string(
'Node access returns @result with operation %op, language code %langcode.',
array(
'@result' => $result ? 'true' : 'false',
'%op' => $operation,
'%langcode' => !empty($langcode) ? $langcode : 'empty'
)
);
}
}
......@@ -1119,13 +1119,13 @@ function theme_node_recent_block($variables) {
'data' => drupal_render($node_recent_content),
'class' => 'title-author',
);
if (node_access('update', $node)) {
if ($node->access('update')) {
$row[] = array(
'data' => l(t('edit'), 'node/' . $node->id() . '/edit', $l_options),
'class' => 'edit',
);
}
if (node_access('delete', $node)) {
if ($node->access('delete')) {
$row[] = array(
'data' => l(t('delete'), 'node/' . $node->id() . '/delete', $l_options),
'class' => 'delete',
......@@ -1445,9 +1445,10 @@ function node_form_system_themes_admin_form_submit($form, &$form_state) {
* @{
* The node access system determines who can do what to which nodes.
*
* In determining access rights for a node, node_access() first checks whether
* the user has the "bypass node access" permission. Such users have
* unrestricted access to all nodes. user 1 will always pass this check.
* In determining access rights for a node, \Drupal\node\NodeAccessController
* first checks whether the user has the "bypass node access" permission. Such
* users have unrestricted access to all nodes. user 1 will always pass this
* check.
*
* Next, all implementations of hook_node_access() will be called. Each
* implementation may explicitly allow, explicitly deny, or ignore the access
......@@ -1483,55 +1484,6 @@ function node_form_system_themes_admin_form_submit($form, &$form_state) {
* node_access_example.module.
*/
/**
* Access callback: Checks a user's permission for performing a node operation.
*
* @param $op
* The operation to be performed on the node. Possible values are:
* - "view"
* - "update"
* - "delete"
* - "create"
* @param \Drupal\Core\Entity\EntityInterface|string|stdClass $node
* The node entity on which the operation is to be performed, or the node type
* object, or node type string (e.g., 'forum') for the 'create' operation.
* @param $account
* (optional) A user object representing the user for whom the operation is to
* be performed. Determines access for a user other than the current user.
* Defaults to NULL.
* @param $langcode
* (optional) Language code for the variant of the node. Different language
* variants might have different permissions associated. If NULL, the
* original langcode of the node is used. Defaults to NULL.
*
* @return
* TRUE if the operation may be performed, FALSE otherwise.
*
* @see node_menu()
*/
function node_access($op, $node, $account = NULL, $langcode = NULL) {
$access_controller = \Drupal::entityManager()->getAccessController('node');
if ($op == 'create') {
if (!$node instanceof EntityInterface) {
$bundle = $node;
}
elseif ($node instanceof NodeTypeInterface) {
$bundle = $node->id();
}
else {
$bundle = $node->bundle();
}
return $access_controller->createAccess($bundle, $account, array('langcode' => $langcode));
}
// If no language code was provided, default to the node's langcode.
if (empty($langcode)) {
$langcode = $node->prepareLangcode();
}
return $access_controller->access($node, $op, $langcode, $account);
}
/**
* Implements hook_node_access().
*/
......@@ -1992,7 +1944,7 @@ function node_modules_uninstalled($modules) {
*/
function node_file_download_access($field, EntityInterface $entity, File $file) {
if ($entity->entityType() == 'node') {
return node_access('view', $entity);
return $entity->access('view');
}
}
......
......@@ -30,8 +30,9 @@
function node_add_page() {
$content = array();
// Only use node types the user has access to.
$access_controller = Drupal::entityManager()->getAccessController('node');
foreach (node_type_get_types() as $type) {
if (node_access('create', $type->type)) {
if ($access_controller->createAccess($type->type)) {
$content[$type->type] = $type;
}
}
......@@ -111,7 +112,7 @@ function node_add($node_type) {
* @see node_form_build_preview()
*/
function node_preview(NodeInterface $node, array &$form_state) {
if (node_access('create', $node) || node_access('update', $node)) {
if ($node->access('create') || $node->access('update')) {
$node->changed = REQUEST_TIME;
......@@ -192,11 +193,11 @@ function node_revision_overview($node) {
$type = $node->getType();
$revert_permission = FALSE;
if ((user_access("revert $type revisions") || user_access('revert all revisions') || user_access('administer nodes')) && node_access('update', $node)) {
if ((user_access("revert $type revisions") || user_access('revert all revisions') || user_access('administer nodes')) && $node->access('update')) {
$revert_permission = TRUE;
}
$delete_permission = FALSE;
if ((user_access("delete $type revisions") || user_access('delete all revisions') || user_access('administer nodes')) && node_access('delete', $node)) {
if ((user_access("delete $type revisions") || user_access('delete all revisions') || user_access('administer nodes')) && $node->access('delete')) {
$delete_permission = TRUE;
}
foreach ($revisions as $revision) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment