Commit 926a0677 authored by alexpott's avatar alexpott

Issue #2043781 by pwolanin: Fixed...

Issue #2043781 by pwolanin: Fixed Drupal::request()->attributes->get('account') may conflict with an account object loaded from the path.
parent 67b5d792
......@@ -110,7 +110,7 @@ public function authenticate(Request $request) {
// Save the authenticated account and the provider that supplied it
// for later access.
$request->attributes->set('account', $account);
$request->attributes->set('_account', $account);
$request->attributes->set('_authentication_provider', $this->triggeredProviderId);
// The global $user object is included for backward compatibility only and
......
......@@ -39,7 +39,7 @@ public function onKernelRequestAccessCheck(GetResponseEvent $event) {
$provider = $request_attributes->get('_authentication_provider');
if ($request_attributes->get('_legacy') && $provider && $provider != 'cookie') {
$GLOBALS['user'] = drupal_anonymous_user();
$request_attributes->set('account', $GLOBALS['user']);
$request_attributes->set('_account', $GLOBALS['user']);
throw new AccessDeniedHttpException();
}
......
......@@ -51,7 +51,7 @@ public function enhance(array $defaults, Request $request) {
// If the request was authenticated with a non-permitted provider,
// force the user back to anonymous.
if (!in_array($auth_provider_triggered, $auth_providers)) {
$request->attributes->set('account', drupal_anonymous_user());
$request->attributes->set('_account', drupal_anonymous_user());
}
}
return $defaults;
......
......@@ -27,7 +27,7 @@ public function applies(Route $route) {
* {@inheritdoc}
*/
public function access(Route $route, Request $request) {
$account = $request->attributes->get('account');
$account = $request->attributes->get('_account');
if (!user_access('access overlay', $account)) {
return static::DENY;
}
......
......@@ -28,7 +28,7 @@ class OverlayController {
*
*/
public function overlayMessage(Request $request) {
$account = $request->attributes->get('account');
$account = $request->attributes->get('_account');
// @todo Integrate CSRF link token directly into routing system: http://drupal.org/node/1798296.
$token = $request->attributes->get('token');
......
......@@ -122,7 +122,7 @@ public function getFormID() {
* {@inheritdoc}
*/
public function buildForm(array $form, array &$form_state, Request $request = NULL) {
$account = $request->attributes->get('account')->id();
$account = $request->attributes->get('_account')->id();
$this->modules = $this->keyValueExpirable->get($account);
// Redirect to the modules list page if the key value store is empty.
......@@ -163,7 +163,7 @@ public function buildForm(array $form, array &$form_state, Request $request = NU
*/
public function submitForm(array &$form, array &$form_state) {
// Remove the key value store entry.
$account = $this->request->attributes->get('account')->id();
$account = $this->request->attributes->get('_account')->id();
$this->keyValueExpirable->delete($account);
// Gets list of modules prior to install process.
......
......@@ -425,7 +425,7 @@ public function submitForm(array &$form, array &$form_state) {
// dependencies that are not enabled yet, redirect to the confirmation form.
if (!empty($modules['dependencies']) || !empty($modules['missing'])) {
// Write the list of changed module states into a key value store.
$account = $this->request->attributes->get('account')->id();
$account = $this->request->attributes->get('_account')->id();
$this->keyValueExpirable->setWithExpire($account, $modules, 60);
// Redirect to the confirmation form.
......
......@@ -127,7 +127,7 @@ public function buildForm(array $form, array &$form_state, Request $request = NU
$this->request = $request;
// Retrieve the list of modules from the key value store.
$account = $request->attributes->get('account')->id();
$account = $request->attributes->get('_account')->id();
$this->modules = $this->keyValueExpirable->get($account);
// Prevent this page from showing when the module list is empty.
......@@ -152,7 +152,7 @@ public function buildForm(array $form, array &$form_state, Request $request = NU
*/
public function submitForm(array &$form, array &$form_state) {
// Clear the key value store entry.
$account = $this->request->attributes->get('account')->id();
$account = $this->request->attributes->get('_account')->id();
$this->keyValueExpirable->delete($account);
// Uninstall the modules.
......
......@@ -165,7 +165,7 @@ public function submitForm(array &$form, array &$form_state) {
// Save all the values in an expirable key value store.
$modules = $form_state['values']['uninstall'];
$uninstall = array_keys(array_filter($modules));
$account = $this->request->attributes->get('account')->id();
$account = $this->request->attributes->get('_account')->id();
$this->keyValueExpirable->setWithExpire($account, $uninstall, 60);
// Redirect to the confirm form.
......
......@@ -26,7 +26,7 @@ public function test1() {
* The user name of the current logged in user.
*/
public function test11() {
$account = \Drupal::request()->attributes->get('account');
$account = \Drupal::request()->attributes->get('_account');
return $account->getUsername();
}
......
......@@ -34,7 +34,7 @@ public function access(Route $route, Request $request) {
// Requirements just allow strings, so this might be a comma separated list.
$rid_string = $route->getRequirement('_role');
$account = $request->attributes->get('account');
$account = $request->attributes->get('_account');
$explode_and = array_filter(array_map('trim', explode('+', $rid_string)));
if (count($explode_and) > 1) {
......
......@@ -454,7 +454,7 @@ function user_access($string, AccountInterface $account = NULL) {
if (!isset($account)) {
// In the installer request session is not set, so we have to fall back
// to the global $user. In all other cases the session key is preferred.
$account = Drupal::request()->attributes->get('account') ?: $user;
$account = Drupal::request()->attributes->get('_account') ?: $user;
}
return $account->hasPermission($string);
......
......@@ -160,7 +160,7 @@ public function testRoleAccess($path, $grant_accounts, $deny_accounts) {
foreach ($grant_accounts as $account) {
$subrequest = Request::create($path, 'GET');
$subrequest->attributes->set('account', $account);
$subrequest->attributes->set('_account', $account);
$message = sprintf('Access granted for user with the roles %s on path: %s', implode(', ', $account->getRoles()), $path);
$this->assertSame(AccessCheckInterface::ALLOW, $role_access_check->access($collection->get($path), $subrequest), $message);
}
......@@ -168,7 +168,7 @@ public function testRoleAccess($path, $grant_accounts, $deny_accounts) {
// Check all users which don't have access.
foreach ($deny_accounts as $account) {
$subrequest = Request::create($path, 'GET');
$subrequest->attributes->set('account', $account);
$subrequest->attributes->set('_account', $account);
$message = sprintf('Access denied for user %s with the roles %s on path: %s', $account->id(), implode(', ', $account->getRoles()), $path);
$has_access = $role_access_check->access($collection->get($path), $subrequest);
$this->assertSame(AccessCheckInterface::DENY, $has_access , $message);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment