Commit 25afa810 authored by webchick's avatar webchick

Issue #2061977 by InternetDevels, kim.pepper, ianthomas_uk, herom: Replace...

Issue #2061977 by InternetDevels, kim.pepper, ianthomas_uk, herom: Replace user_access() calls with ->hasPermission() in all core modules except user.
parent 990ec23b
......@@ -297,6 +297,7 @@ function comment_node_links_alter(array &$node_links, NodeInterface $node, array
}
$fields = \Drupal::service('comment.manager')->getFields('node');
$current_user = \Drupal::currentUser();
foreach ($fields as $field_name => $detail) {
// Skip fields that the node does not have.
if (!$node->hasField($field_name)) {
......@@ -322,7 +323,7 @@ function comment_node_links_alter(array &$node_links, NodeInterface $node, array
// Teaser view: display the number of comments that have been posted,
// or a link to add new comments if the user has permission, the node
// is open to new comments, and there currently are none.
if (user_access('access comments')) {
if ($current_user->hasPermission('access comments')) {
if (!empty($node->get($field_name)->comment_count)) {
$links['comment-comments'] = array(
'title' => format_plural($node->get($field_name)->comment_count, '1 comment', '@count comments'),
......@@ -348,7 +349,7 @@ function comment_node_links_alter(array &$node_links, NodeInterface $node, array
// Provide a link to new comment form.
if ($commenting_status == CommentItemInterface::OPEN) {
$comment_form_location = $field_definition->getSetting('form_location');
if (user_access('post comments')) {
if ($current_user->hasPermission('post comments')) {
$links['comment-add'] = array(
'title' => t('Add new comment'),
'language' => $node->language(),
......@@ -380,10 +381,10 @@ function comment_node_links_alter(array &$node_links, NodeInterface $node, array
// allowed to post comments and if this node is allowing new comments.
if ($commenting_status == CommentItemInterface::OPEN) {
$comment_form_location = $field_definition->getSetting('form_location');
if (user_access('post comments')) {
if ($current_user->hasPermission('post comments')) {
// Show the "post comment" link if the form is on another page, or
// if there are existing comments that the link will skip past.
if ($comment_form_location == COMMENT_FORM_SEPARATE_PAGE || (!empty($node->get($field_name)->comment_count) && user_access('access comments'))) {
if ($comment_form_location == COMMENT_FORM_SEPARATE_PAGE || (!empty($node->get($field_name)->comment_count) && $current_user->hasPermission('access comments'))) {
$links['comment-add'] = array(
'title' => t('Add new comment'),
'attributes' => array('title' => t('Share your thoughts and opinions related to this posting.')),
......@@ -546,7 +547,7 @@ function comment_get_thread(EntityInterface $entity, $field_name, $mode, $commen
->addMetaData('entity', $entity)
->addMetaData('field_name', $field_name);
if (!user_access('administer comments')) {
if (!\Drupal::currentUser()->hasPermission('administer comments')) {
$query->condition('c.status', CommentInterface::PUBLISHED);
$count_query->condition('c.status', CommentInterface::PUBLISHED);
}
......@@ -1250,7 +1251,8 @@ function comment_ranking() {
*/
function comment_file_download_access($field, EntityInterface $entity, FileInterface $file) {
if ($entity instanceof CommentInterface) {
if (user_access('access comments') && $entity->isPublished() || user_access('administer comments')) {
$current_user = \Drupal::currentUser();
if ($current_user->hasPermission('access comments') && $entity->isPublished() || $current_user->hasPermission('administer comments')) {
$commented_entity = $entity->getCommentedEntity();
// Check access to parent entity.
return $commented_entity->access('view');
......
......@@ -25,19 +25,19 @@ protected function checkAccess(EntityInterface $entity, $operation, $langcode, A
/** @var \Drupal\Core\Entity\EntityInterface|\Drupal\user\EntityOwnerInterface $entity */
switch ($operation) {
case 'view':
return user_access('access comments', $account);
return $account->hasPermission('access comments');
break;
case 'update':
return ($account->id() && $account->id() == $entity->getOwnerId() && $entity->status->value == CommentInterface::PUBLISHED && user_access('edit own comments', $account)) || user_access('administer comments', $account);
return ($account->id() && $account->id() == $entity->getOwnerId() && $entity->status->value == CommentInterface::PUBLISHED && $account->hasPermission('edit own comments')) || $account->hasPermission('administer comments');
break;
case 'delete':
return user_access('administer comments', $account);
return $account->hasPermission('administer comments');
break;
case 'approve':
return user_access('administer comments', $account);
return $account->hasPermission('administer comments');
break;
}
}
......@@ -46,7 +46,7 @@ protected function checkAccess(EntityInterface $entity, $operation, $langcode, A
* {@inheritdoc}
*/
protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) {
return user_access('post comments', $account);
return $account->hasPermission('post comments');
}
}
......@@ -33,7 +33,7 @@ public function buildEntityQuery($match = NULL, $match_operator = 'CONTAINS') {
// Adding the 'comment_access' tag is sadly insufficient for comments:
// core requires us to also know about the concept of 'published' and
// 'unpublished'.
if (!user_access('administer comments')) {
if (!\Drupal::currentUser()->hasPermission('administer comments')) {
$query->condition('status', CommentInterface::PUBLISHED);
}
return $query;
......@@ -61,7 +61,7 @@ public function entityQueryAlter(SelectInterface $query) {
// Passing the query to node_query_node_access_alter() is sadly
// insufficient for nodes.
// @see SelectionEntityTypeNode::entityQueryAlter()
if (!user_access('bypass node access') && !count(\Drupal::moduleHandler()->getImplementations('node_grants'))) {
if (!\Drupal::currentUser()->hasPermission('bypass node access') && !count(\Drupal::moduleHandler()->getImplementations('node_grants'))) {
$query->condition($node_alias . '.status', 1);
}
}
......
......@@ -258,7 +258,7 @@ function assertCommentLinks(array $info) {
// authenticated users are allowed to post comments.
// @see \Drupal\comment\CommentManagerInterface::forbiddenMessage()
if (!$this->loggedInUser) {
if (user_access('post comments', $this->web_user)) {
if ($this->web_user->hasPermission('post comments')) {
// The note depends on whether users are actually able to register.
if ($info['user_register'] != USER_REGISTER_ADMINISTRATORS_ONLY) {
$this->assertText('Log in or register to post comments');
......
......@@ -248,7 +248,7 @@ public function save(array $form, array &$form_state) {
// To avoid false error messages caused by flood control, redirect away from
// the contact form; either to the contacted user account or the front page.
if ($message->isPersonal() && user_access('access user profiles')) {
if ($message->isPersonal() && $user->hasPermission('access user profiles')) {
$form_state['redirect_route'] = $message->getPersonalRecipient()->urlInfo();
}
else {
......
......@@ -63,7 +63,7 @@ function content_translation_field_sync_widget(FieldDefinitionInterface $field)
function _content_translation_form_language_content_settings_form_alter(array &$form, array &$form_state) {
// Inject into the content language settings the translation settings if the
// user has the required permission.
if (!user_access('administer content translation')) {
if (!\Drupal::currentUser()->hasPermission('administer content translation')) {
return;
}
......@@ -139,7 +139,7 @@ function _content_translation_form_language_content_settings_form_alter(array &$
function _content_translation_preprocess_language_content_settings_table(&$variables) {
// Alter the 'build' variable injecting the translation settings if the user
// has the required permission.
if (!user_access('administer content translation')) {
if (!\Drupal::currentUser()->hasPermission('administer content translation')) {
return;
}
......
......@@ -249,8 +249,9 @@ function _content_translation_menu_strip_loaders($path) {
* The entity whose translation overview should be displayed.
*/
function content_translation_translate_access(EntityInterface $entity) {
$account = \Drupal::currentUser();
return $entity instanceof ContentEntityInterface && empty($entity->getUntranslated()->language()->locked) && \Drupal::languageManager()->isMultilingual() && $entity->isTranslatable() &&
(user_access('create content translations') || user_access('update content translations') || user_access('delete content translations'));
($account->hasPermission('create content translations') || $account->hasPermission('update content translations') || $account->hasPermission('delete content translations'));
}
/**
......@@ -494,9 +495,12 @@ function content_translation_language_fallback_candidates_entity_view_alter(&$ca
$entity_type_id = $entity->getEntityTypeId();
$entity_type = $entity->getEntityType();
$permission = $entity_type->getPermissionGranularity() == 'bundle' ? $permission = "translate {$entity->bundle()} $entity_type_id" : "translate $entity_type_id";
foreach ($entity->getTranslationLanguages() as $langcode => $language) {
if (empty($entity->translation[$langcode]['status']) && !user_access('translate any entity') && !user_access($permission)) {
unset($candidates[$langcode]);
$current_user = \Drupal::currentuser();
if (!$current_user->hasPermission('translate any entity') && !$current_user->hasPermission($permission)) {
foreach ($entity->getTranslationLanguages() as $langcode => $language) {
if (empty($entity->translation[$langcode]['status'])) {
unset($candidates[$langcode]);
}
}
}
}
......@@ -742,7 +746,7 @@ function content_translation_enable_widget($entity_type, $bundle, array &$form,
* Processed language configuration element.
*/
function content_translation_language_configuration_element_process(array $element, array &$form_state, array &$form) {
if (empty($element['#content_translation_skip_alter']) && user_access('administer content translation')) {
if (empty($element['#content_translation_skip_alter']) && \Drupal::currentUser()->hasPermission('administer content translation')) {
$form_state['content_translation']['key'] = $element['#name'];
$context = $form_state['language'][$element['#name']];
......
......@@ -65,10 +65,11 @@ public function getTranslationAccess(EntityInterface $entity, $op) {
$translate_permission = TRUE;
// If no permission granularity is defined this entity type does not need an
// explicit translate permission.
if (!user_access('translate any entity') && $permission_granularity = $entity_type->getPermissionGranularity()) {
$translate_permission = user_access($permission_granularity == 'bundle' ? "translate {$entity->bundle()} {$entity->getEntityTypeId()}" : "translate {$entity->getEntityTypeId()}");
$current_user = \Drupal::currentUser();
if (!$current_user->hasPermission('translate any entity') && $permission_granularity = $entity_type->getPermissionGranularity()) {
$translate_permission = $current_user->hasPermission($permission_granularity == 'bundle' ? "translate {$entity->bundle()} {$entity->getEntityTypeId()}" : "translate {$entity->getEntityTypeId()}");
}
return $translate_permission && user_access("$op content translations");
return $translate_permission && $current_user->hasPermission("$op content translations");
}
/**
......
......@@ -169,19 +169,20 @@ function field_ui_entity_operation(EntityInterface $entity) {
// Add manage fields and display links if this entity type is the bundle
// of another.
if ($bundle_of = $info->getBundleOf()) {
if (user_access('administer '. $bundle_of . ' fields')) {
$account = \Drupal::currentUser();
if ($account->hasPermission('administer '. $bundle_of . ' fields')) {
$operations['manage-fields'] = array(
'title' => t('Manage fields'),
'weight' => 15,
) + $entity->urlInfo('field_ui-fields')->toArray();
}
if (user_access('administer '. $bundle_of . ' form display')) {
if ($account->hasPermission('administer '. $bundle_of . ' form display')) {
$operations['manage-form-display'] = array(
'title' => t('Manage form display'),
'weight' => 20,
) + $entity->urlInfo('field_ui-form-display')->toArray();
}
if (user_access('administer '. $bundle_of . ' display')) {
if ($account->hasPermission('administer '. $bundle_of . ' display')) {
$operations['manage-display'] = array(
'title' => t('Manage display'),
'weight' => 25,
......
......@@ -622,7 +622,7 @@ function filter_process_format($element) {
$format_exists = isset($all_formats[$element['#format']]);
$format_allowed = !isset($element['#allowed_formats']) || in_array($element['#format'], $element['#allowed_formats']);
$user_has_access = isset($formats[$element['#format']]);
$user_is_admin = user_access('administer filters');
$user_is_admin = \Drupal::currentUser()->hasPermission('administer filters');
// If the stored format does not exist or if it is not among the allowed
// formats for this textarea, administrators have to assign a new format.
......
......@@ -132,8 +132,8 @@ function testFormatPermissions() {
// Make sure that a regular user only has permission to use the format
// they were granted access to.
$this->assertTrue(user_access($this->allowed_format->getPermissionName(), $this->web_user), 'A regular user has permission to use the allowed text format.');
$this->assertFalse(user_access($this->disallowed_format->getPermissionName(), $this->web_user), 'A regular user does not have permission to use the disallowed text format.');
$this->assertTrue($this->web_user->hasPermission($this->allowed_format->getPermissionName()), 'A regular user has permission to use the allowed text format.');
$this->assertFalse($this->web_user->hasPermission($this->disallowed_format->getPermissionName()), 'A regular user does not have permission to use the disallowed text format.');
// Make sure that the allowed format appears on the node form and that
// the disallowed format does not.
......
......@@ -79,7 +79,7 @@
* @ingroup node_access
*/
function hook_node_grants(\Drupal\Core\Session\AccountInterface $account, $op) {
if (user_access('access private content', $account)) {
if ($account->hasPermission('access private content')) {
$grants['example'] = array(1);
}
$grants['example_owner'] = array($account->id());
......@@ -311,7 +311,7 @@ function hook_node_grants_alter(&$grants, \Drupal\Core\Session\AccountInterface
* - "delete"
* - "update"
* - "view"
* @param object $account
* @param \Drupal\Core\Session\AccountInterface $account
* The user object to perform the access check operation on.
* @param object $langcode
* The language code to perform the access check operation on.
......@@ -323,23 +323,23 @@ function hook_node_grants_alter(&$grants, \Drupal\Core\Session\AccountInterface
*
* @ingroup node_access
*/
function hook_node_access(\Drupal\node\NodeInterface $node, $op, $account, $langcode) {
function hook_node_access(\Drupal\node\NodeInterface $node, $op, \Drupal\Core\Session\AccountInterface $account, $langcode) {
$type = is_string($node) ? $node : $node->getType();
$configured_types = node_permissions_get_configured_types();
if (isset($configured_types[$type])) {
if ($op == 'create' && user_access('create ' . $type . ' content', $account)) {
if ($op == 'create' && $account->hasPermission('create ' . $type . ' content')) {
return NODE_ACCESS_ALLOW;
}
if ($op == 'update') {
if (user_access('edit any ' . $type . ' content', $account) || (user_access('edit own ' . $type . ' content', $account) && ($account->id() == $node->getOwnerId()))) {
if ($account->hasPermission('edit any ' . $type . ' content', $account) || ($account->hasPermission('edit own ' . $type . ' content') && ($account->id() == $node->getOwnerId()))) {
return NODE_ACCESS_ALLOW;
}
}
if ($op == 'delete') {
if (user_access('delete any ' . $type . ' content', $account) || (user_access('delete own ' . $type . ' content', $account) && ($account->id() == $node->getOwnerId()))) {
if ($account->hasPermission('delete any ' . $type . ' content', $account) || ($account->hasPermission('delete own ' . $type . ' content') && ($account->id() == $node->getOwnerId()))) {
return NODE_ACCESS_ALLOW;
}
}
......
......@@ -93,7 +93,7 @@ function node_help($route_name, RouteMatchInterface $route_match) {
// for rebuild. We don't need to issue the message on the confirm form, or
// while the rebuild is being processed.
if ($route_name != 'node.configure_rebuild_confirm' && $route_name != 'system.batch_page.normal' && $route_name != 'help.page.node' && $route_name != 'help.main'
&& user_access('access administration pages') && node_access_needs_rebuild()) {
&& \Drupal::currentUser()->hasPermission('access administration pages') && node_access_needs_rebuild()) {
if ($route_name == 'system.status') {
$message = t('The content access permissions need to be rebuilt.');
}
......@@ -1159,18 +1159,18 @@ function node_node_access(NodeInterface $node, $op, $account) {
$configured_types = node_permissions_get_configured_types();
if (isset($configured_types[$type])) {
if ($op == 'create' && user_access('create ' . $type . ' content', $account)) {
if ($op == 'create' && $account->hasPermission('create ' . $type . ' content', $account)) {
return NODE_ACCESS_ALLOW;
}
if ($op == 'update') {
if (user_access('edit any ' . $type . ' content', $account) || (user_access('edit own ' . $type . ' content', $account) && ($account->id() == $node->getOwnerId()))) {
if ($account->hasPermission('edit any ' . $type . ' content', $account) || ($account->hasPermission('edit own ' . $type . ' content', $account) && ($account->id() == $node->getOwnerId()))) {
return NODE_ACCESS_ALLOW;
}
}
if ($op == 'delete') {
if (user_access('delete any ' . $type . ' content', $account) || (user_access('delete own ' . $type . ' content', $account) && ($account->id() == $node->getOwnerId()))) {
if ($account->hasPermission('delete any ' . $type . ' content', $account) || ($account->hasPermission('delete own ' . $type . ' content', $account) && ($account->id() == $node->getOwnerId()))) {
return NODE_ACCESS_ALLOW;
}
}
......@@ -1349,7 +1349,7 @@ function node_query_node_access_alter(AlterableInterface $query) {
// If $account can bypass node access, or there are no node access modules,
// or the operation is 'view' and the $account has a global view grant
// (such as a view grant for node ID 0), we don't need to alter the query.
if (user_access('bypass node access', $account)) {
if ($account->hasPermission('bypass node access')) {
return;
}
if (!count(\Drupal::moduleHandler()->getImplementations('node_grants'))) {
......
......@@ -11,10 +11,11 @@
* Implements hook_views_query_substitutions().
*/
function node_views_query_substitutions(ViewExecutable $view) {
$account = \Drupal::currentUser();
return array(
'***ADMINISTER_NODES***' => intval(user_access('administer nodes')),
'***VIEW_OWN_UNPUBLISHED_NODES***' => intval(user_access('view own unpublished content')),
'***BYPASS_NODE_ACCESS***' => intval(user_access('bypass node access')),
'***ADMINISTER_NODES***' => intval($account->hasPermission('administer nodes')),
'***VIEW_OWN_UNPUBLISHED_NODES***' => intval($account->hasPermission('view own unpublished content')),
'***BYPASS_NODE_ACCESS***' => intval($account->hasPermission('bypass node access')),
);
}
......
......@@ -59,10 +59,12 @@ public static function createInstance(ContainerInterface $container, EntityTypeI
* {@inheritdoc}
*/
public function access(EntityInterface $entity, $operation, $langcode = LanguageInterface::LANGCODE_DEFAULT, AccountInterface $account = NULL) {
if (user_access('bypass node access', $account)) {
$account = $this->prepareUser($account);
if ($account->hasPermission('bypass node access')) {
return TRUE;
}
if (!user_access('access content', $account)) {
if (!$account->hasPermission('access content')) {
return FALSE;
}
return parent::access($entity, $operation, $langcode, $account);
......@@ -74,10 +76,10 @@ public function access(EntityInterface $entity, $operation, $langcode = Language
public function createAccess($entity_bundle = NULL, AccountInterface $account = NULL, array $context = array()) {
$account = $this->prepareUser($account);
if (user_access('bypass node access', $account)) {
if ($account->hasPermission('bypass node access')) {
return TRUE;
}
if (!user_access('access content', $account)) {
if (!$account->hasPermission('access content')) {
return FALSE;
}
......@@ -96,7 +98,7 @@ protected function checkAccess(EntityInterface $node, $operation, $langcode, Acc
$uid = $translation->getOwnerId();
// Check if authors can view their own unpublished nodes.
if ($operation === 'view' && !$status && user_access('view own unpublished content', $account)) {
if ($operation === 'view' && !$status && $account->hasPermission('view own unpublished content')) {
if ($account->id() != 0 && $account->id() == $uid) {
return TRUE;
......@@ -122,7 +124,7 @@ protected function checkAccess(EntityInterface $node, $operation, $langcode, Acc
protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) {
$configured_types = node_permissions_get_configured_types();
if (isset($configured_types[$entity_bundle])) {
return user_access('create ' . $entity_bundle . ' content', $account);
return $account->hasPermission('create ' . $entity_bundle . ' content');
}
}
......
......@@ -53,6 +53,7 @@ public function form(array $form, array &$form_state) {
$form['#title'] = $this->t('<em>Edit @type</em> @title', array('@type' => node_get_type_label($node), '@title' => $node->label()));
}
$current_user = \Drupal::currentUser();
$user_config = \Drupal::config('user.settings');
// Some special stuff when previewing a node.
if (isset($form_state['node_preview'])) {
......@@ -112,7 +113,7 @@ public function form(array $form, array &$form_state) {
'#type' => 'checkbox',
'#title' => t('Create new revision'),
'#default_value' => !empty($this->settings['options']['revision']),
'#access' => $node->isNewRevision() || user_access('administer nodes'),
'#access' => $node->isNewRevision() || $current_user->hasPermission('administer nodes'),
'#group' => 'revision_information',
);
......@@ -128,7 +129,7 @@ public function form(array $form, array &$form_state) {
),
),
'#group' => 'revision_information',
'#access' => $node->isNewRevision() || user_access('administer nodes'),
'#access' => $node->isNewRevision() || $current_user->hasPermission('administer nodes'),
);
// Node author information for administrators.
......@@ -161,7 +162,7 @@ public function form(array $form, array &$form_state) {
'#weight' => -1,
'#description' => t('Leave blank for %anonymous.', array('%anonymous' => $user_config->get('anonymous'))),
'#group' => 'author',
'#access' => user_access('administer nodes'),
'#access' => $current_user->hasPermission('administer nodes'),
);
$form['created'] = array(
'#type' => 'textfield',
......@@ -170,7 +171,7 @@ public function form(array $form, array &$form_state) {
'#description' => t('Format: %time. The date format is YYYY-MM-DD and %timezone is the time zone offset from UTC. Leave blank to use the time of form submission.', array('%time' => !empty($node->date) ? date_format(date_create($node->date), 'Y-m-d H:i:s O') : format_date($node->getCreatedTime(), 'custom', 'Y-m-d H:i:s O'), '%timezone' => !empty($node->date) ? date_format(date_create($node->date), 'O') : format_date($node->getCreatedTime(), 'custom', 'O'))),
'#default_value' => !empty($node->date) ? $node->date : '',
'#group' => 'author',
'#access' => user_access('administer nodes'),
'#access' => $current_user->hasPermission('administer nodes'),
);
// Node options for administrators.
......@@ -193,7 +194,7 @@ public function form(array $form, array &$form_state) {
'#title' => t('Promoted to front page'),
'#default_value' => $node->isPromoted(),
'#group' => 'options',
'#access' => user_access('administer nodes'),
'#access' => $current_user->hasPermission('administer nodes'),
);
$form['sticky'] = array(
......@@ -201,7 +202,7 @@ public function form(array $form, array &$form_state) {
'#title' => t('Sticky at top of lists'),
'#default_value' => $node->isSticky(),
'#group' => 'options',
'#access' => user_access('administer nodes'),
'#access' => $current_user->hasPermission('administer nodes'),
);
return parent::form($form, $form_state, $node);
......@@ -223,7 +224,7 @@ protected function actions(array $form, array &$form_state) {
// modules to integrate with "the Save operation" of this form. Modules
// need a way to plug themselves into 1) the ::submit() step, and
// 2) the ::save() step, both decoupled from the pressed form button.
if ($element['submit']['#access'] && user_access('administer nodes')) {
if ($element['submit']['#access'] && \Drupal::currentUser()->hasPermission('administer nodes')) {
// isNew | prev status » default & publish label & unpublish label
// 1 | 1 » publish & Save and publish & Save as unpublished
// 1 | 0 » unpublish & Save and publish & Save as unpublished
......
......@@ -32,7 +32,7 @@ public function buildEntityQuery($match = NULL, $match_operator = 'CONTAINS') {
// 'unpublished'. We need to do that as long as there are no access control
// modules in use on the site. As long as one access control module is there,
// it is supposed to handle this check.
if (!user_access('bypass node access') && !count(\Drupal::moduleHandler()->getImplementations('node_grants'))) {
if (!\Drupal::currentUser()->hasPermission('bypass node access') && !count(\Drupal::moduleHandler()->getImplementations('node_grants'))) {
$query->condition('status', NODE_PUBLISHED);
}
return $query;
......
......@@ -94,7 +94,7 @@ function testNodeRevisionAccessAnyType() {
foreach ($permutations as $case) {
// Skip this test if there are no revisions for the node.
if (!($revision->isDefaultRevision() && (db_query('SELECT COUNT(vid) FROM {node_field_revision} WHERE nid = :nid', array(':nid' => $revision->id()))->fetchField() == 1 || $case['op'] == 'update' || $case['op'] == 'delete'))) {
if (!empty($case['account']->is_admin) || user_access($this->map[$case['op']], $case['account'])) {
if (!empty($case['account']->is_admin) || $case['account']->hasPermission($this->map[$case['op']])) {
$this->assertTrue($node_revision_access->checkAccess($revision, $case['account'], $case['op']), "{$this->map[$case['op']]} granted.");
}
else {
......@@ -141,7 +141,7 @@ function testNodeRevisionAccessPerType() {
foreach ($permutations as $case) {
// Skip this test if there are no revisions for the node.
if (!($revision->isDefaultRevision() && (db_query('SELECT COUNT(vid) FROM {node_field_revision} WHERE nid = :nid', array(':nid' => $revision->id()))->fetchField() == 1 || $case['op'] == 'update' || $case['op'] == 'delete'))) {
if (!empty($case['account']->is_admin) || user_access($this->type_map[$case['op']], $case['account'])) {
if (!empty($case['account']->is_admin) || $case['account']->hasPermission($this->type_map[$case['op']], $case['account'])) {
$this->assertTrue($node_revision_access->checkAccess($revision, $case['account'], $case['op']), "{$this->type_map[$case['op']]} granted.");
}
else {
......
......@@ -49,7 +49,7 @@
function node_access_test_node_grants($account, $op) {
$grants = array();
$grants['node_access_test_author'] = array($account->id());
if ($op == 'view' && user_access('node test view', $account)) {
if ($op == 'view' && $account->hasPermission('node test view', $account)) {
$grants['node_access_test'] = array(8888, 8889);
}
......
......@@ -1521,7 +1521,7 @@ function hook_entity_operation_alter(array &$operations, \Drupal\Core\Entity\Ent
*/
function hook_entity_field_access($operation, \Drupal\Core\Field\FieldDefinitionInterface $field_definition, \Drupal\Core\Session\AccountInterface $account, \Drupal\Core\Field\FieldItemListInterface $items = NULL) {
if ($field_definition->getName() == 'field_of_interest' && $operation == 'edit') {
return user_access('update field of interest', $account);
return $account->hasPermission('update field of interest');
}
}
......
......@@ -235,7 +235,7 @@ protected function buildRow(array $modules, Extension $module, $distribution) {
// Generate link for module's permission, if the user has access to it.
$row['links']['permissions'] = array();
if ($module->status && user_access('administer permissions') && in_array($module->getName(), $this->moduleHandler->getImplementations('permission'))) {
if ($module->status && \Drupal::currentUser()->hasPermission('administer permissions') && in_array($module->getName(), $this->moduleHandler->getImplementations('permission'))) {
$row['links']['permissions'] = array(
'#type' => 'link',
'#title' => $this->t('Permissions'),
......
......@@ -946,7 +946,7 @@ function hook_system_info_alter(array &$info, \Drupal\Core\Extension\Extension $
* can be selected on the user permissions page and used to grant or restrict
* access to actions the module performs.
*
* Permissions are checked using user_access().
* Permissions are checked using \Drupal::currentUser()->hasPermission().
*
* For a detailed usage example, see page_example.module.
*
......@@ -1232,7 +1232,7 @@ function hook_theme_registry_alter(&$theme_registry) {
* @see _template_preprocess_default_variables()
*/
function hook_template_preprocess_default_variables_alter(&$variables) {
$variables['is_admin'] = user_access('access administration pages');
$variables['is_admin'] = \Drupal::currentUser()->hasPermission('access administration pages');
}
/**
......@@ -1834,7 +1834,7 @@ function hook_query_TAG_alter(Drupal\Core\Database\Query\AlterableInterface $que
$op = 'view';
}
// Skip the extra joins and conditions for node admins.
if (!user_access('bypass node access')) {
if (!\Drupal::currentUser()->hasPermission('bypass node access')) {
// The node_access table has the access grants for any given node.
$access_alias = $query->join('node_access', 'na', '%alias.nid = n.nid');
$or = db_or();
......
......@@ -754,7 +754,7 @@ function system_stream_wrappers() {
* Menu item access callback - only enabled themes can be accessed.
*/
function _system_themes_access($theme) {
return user_access('administer themes') && drupal_theme_access($theme);
return \Drupal::currentUser()->hasPermission('administer themes') && drupal_theme_access($theme);
}
/**
......
......@@ -23,12 +23,12 @@ class EntityTestAccessController extends EntityAccessController {
protected function checkAccess(EntityInterface $entity, $operation, $langcode, AccountInterface $account) {
if ($operation === 'view') {
if ($langcode != LanguageInterface::LANGCODE_DEFAULT) {
return user_access('view test entity translations', $account);
return $account->hasPermission('view test entity translations');
}
return user_access('view test entity', $account);
return $account->hasPermission('view test entity');
}
elseif (in_array($operation, array('update', 'delete'))) {
return user_access('administer entity_test content', $account);
return $account->hasPermission('administer entity_test content');
}
}
......@@ -36,7 +36,7 @@ protected function checkAccess(EntityInterface $entity, $operation, $langcode, A
* {@inheritdoc}
*/
protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) {
return user_access('administer entity_test content', $account);
return $account->hasPermission('administer entity_test content');
}
}
......@@ -199,7 +199,7 @@ function hook_preprocess(&$variables, $hook) {
// Add contextual links to the variables, if the user has permission.
if (!user_access('access contextual links')) {
if (!\Drupal::currentUser()->hasPermission('access contextual links')) {
return;
}
......
......@@ -151,7 +151,7 @@ function _toolbar_initialize_page_cache() {
function toolbar_page_build(&$page) {
$page['page_top']['toolbar'] = array(
'#type' => 'toolbar',
'#access' => user_access('access toolbar'),
'#access' => \Drupal::currentUser()->hasPermission('access toolbar'),
);
}
......
......@@ -164,7 +164,7 @@ function update_page_build() {
* @see update_menu()
*/
function update_manager_access() {
return Settings::get('allow_authorize_operations', TRUE) && user_access('administer software updates');
return Settings::get('allow_authorize_operations', TRUE) && \Drupal::currentUser()->hasPermission('administer software updates');
}
/**
......
......@@ -480,7 +480,9 @@ function hook_views_form_substitutions() {
function hook_views_pre_view(ViewExecutable $view, $display_id, array &$args) {
// Modify contextual filters for my_special_view if user has 'my special permission'.
if ($view->name == 'my_special_view' && user_access('my special permission')) {
$account = \Drupal::currentUser();
if ($view->name == 'my_special_view' && $account->hasPermission('my special permission') && $display_id == 'public_display') {
$args[0] = 'custom value';
}
}
......@@ -547,7 +549,9 @@ function hook_views_pre_execute(ViewExecutable $view) {
// view administrators that the query might be heavy.
// (This action could be performed later in the execution process, but not
// earlier.)
if (count($view->query->tables) > 2 && user_access('administer views')) {
$account = \Drupal::currentUser();
if (count($view->query->tables) > 2 && $account->hasPermission('administer views')) {
drupal_set_message(t('The view %view may be heavy to execute.', array('%view' => $view->name)), 'warning');
}
}
......
......@@ -338,7 +338,7 @@ function views_page_alter(&$page) {
*/
function views_preprocess_page(&$variables) {
// Early-return to prevent adding unnecessary JavaScript.
if (!user_access('access contextual links')) {
if (!\Drupal::currentUser()->hasPermission('access contextual links')) {
return;
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment