Issue #540008 by kristiaanvandeneynde, Spokje, daffie, clayfreeman, alexpott,... (9baa4397) · Commits · project / drupal

core/assets/scaffold/files/default.services.yml

+4 −0

Original line number	Diff line number	Diff line
		parameters:
		# Toggles the super user access policy. If your website has at least one user
		# with the Administrator role, it is advised to set this to false. This allows
		# you to make user 1 a regular user, strengthening the security of your site.
		security.enable_super_user: true
		session.storage.options:
		# Default ini options for sessions.
		#

+1 −0

Original line number	Diff line number	Diff line
		@@ -8,6 +8,7 @@ parameters:
		# function properly before that runs.
		cache_default_bin_backends: []
		memory_cache_default_bin_backends: []
		security.enable_super_user: true
		session.storage.options:
		gc_probability: 1
		gc_divisor: 100

+3 −0

Original line number	Diff line number	Diff line
		@@ -18,6 +18,7 @@
		use Drupal\Core\DependencyInjection\Compiler\RegisterStreamWrappersPass;
		use Drupal\Core\DependencyInjection\Compiler\StackedKernelPass;
		use Drupal\Core\DependencyInjection\Compiler\StackedSessionHandlerPass;
		use Drupal\Core\DependencyInjection\Compiler\SuperUserAccessPolicyPass;
		use Drupal\Core\DependencyInjection\Compiler\TaggedHandlersPass;
		use Drupal\Core\DependencyInjection\Compiler\TwigExtensionPass;
		use Drupal\Core\DependencyInjection\ContainerBuilder;
		@@ -66,6 +67,8 @@ public function register(ContainerBuilder $container) {

		$container->addCompilerPass(new DevelopmentSettingsPass());

		$container->addCompilerPass(new SuperUserAccessPolicyPass());

		$container->addCompilerPass(new ProxyServicesPass());

		$container->addCompilerPass(new BackendCompilerPass());

0 → 100644

+23 −0

Original line number	Diff line number	Diff line
		<?php

		namespace Drupal\Core\DependencyInjection\Compiler;

		use Symfony\Component\DependencyInjection\Compiler\CompilerPassInterface;
		use Symfony\Component\DependencyInjection\ContainerBuilder;

		/**
		* Removes the super user access policy when toggled off.
		*/
		class SuperUserAccessPolicyPass implements CompilerPassInterface {

		/**
		* {@inheritdoc}
		*/
		public function process(ContainerBuilder $container): void {
		if ($container->getParameter('security.enable_super_user') === FALSE) {
		$container->removeDefinition('access_policy.super_user');
		$container->removeAlias('Drupal\Core\Session\SuperUserAccessPolicy');
		}
		}

		}

+18 −0

Original line number	Diff line number	Diff line
		@@ -60,6 +60,15 @@ trait FunctionalTestSetupTrait {
		*/
		protected $apcuEnsureUniquePrefix = FALSE;

		/**
		* Set to TRUE to make user 1 a super user.
		*
		* @see \Drupal\Core\Session\SuperUserAccessPolicy
		*
		* @var bool
		*/
		protected bool $usesSuperUserAccessPolicy;

		/**
		* Prepares site settings and services before installation.
		*/
		@@ -138,6 +147,15 @@ protected function prepareSettings() {
		// from running during tests.
		$services = $yaml->parse($content);
		$services['parameters']['session.storage.options']['gc_probability'] = 0;
		// Disable the super user access policy so that we are sure our tests check
		// for the right permissions.
		if (!isset($this->usesSuperUserAccessPolicy)) {
		$test_file_name = (new \ReflectionClass($this))->getFileName();
		// @todo Decide in https://www.drupal.org/project/drupal/issues/3437926
		// how to remove this fallback behavior.
		$this->usesSuperUserAccessPolicy = !str_starts_with($test_file_name, $this->root . DIRECTORY_SEPARATOR . 'core');
		}
		$services['parameters']['security.enable_super_user'] = $this->usesSuperUserAccessPolicy;
		if ($this->strictConfigSchema) {
		// Add a listener to validate configuration schema on save.
		$test_file_name = (new \ReflectionClass($this))->getFileName();