Commit bb91b33d authored by Dries's avatar Dries

Issue #1862752 by larowlan, fago: Implement entity access API for users.

parent c2b203e6
......@@ -734,3 +734,18 @@ function entity_get_render_display(EntityInterface $entity, $view_mode) {
function entity_query($entity_type, $conjunction = 'AND') {
return drupal_container()->get('entity.query')->get($entity_type, $conjunction);
}
/**
* Generic access callback for entity pages.
*
* @param \Drupal\Core\Entity\EntityInterface $entity
* The entity for which access is being checked.
* @param string $operation
* (optional) The operation being performed on the entity. Defaults to 'view'.
*
* @return bool
* TRUE if the access is granted. FALSE if access is denied.
*/
function entity_page_access(EntityInterface $entity, $operation = 'view') {
return $entity->access($operation);
}
......@@ -27,8 +27,8 @@ function openid_menu() {
'title' => 'OpenID identities',
'page callback' => 'openid_user_identities',
'page arguments' => array(1),
'access callback' => 'user_edit_access',
'access arguments' => array(1),
'access callback' => 'entity_page_access',
'access arguments' => array(1, 'update'),
'type' => MENU_LOCAL_TASK,
'file' => 'openid.pages.inc',
);
......@@ -36,8 +36,8 @@ function openid_menu() {
'title' => 'Delete OpenID',
'page callback' => 'drupal_get_form',
'page arguments' => array('openid_user_delete_form', 1),
'access callback' => 'user_edit_access',
'access arguments' => array(1),
'access callback' => 'entity_page_access',
'access arguments' => array(1, 'update'),
'file' => 'openid.pages.inc',
);
return $items;
......
......@@ -185,7 +185,7 @@ function _tracker_myrecent_access($account) {
* @see tracker_menu()
*/
function _tracker_user_access($account) {
return user_view_access($account) && user_access('access content');
return $account->access('view') && user_access('access content');
}
/**
......
......@@ -19,6 +19,7 @@
* label = @Translation("User"),
* module = "user",
* controller_class = "Drupal\user\UserStorageController",
* access_controller_class = "Drupal\user\UserAccessController",
* form_controller_class = {
* "profile" = "Drupal\user\ProfileFormController",
* "register" = "Drupal\user\RegisterFormController"
......
......@@ -26,7 +26,7 @@ class LinkCancel extends Link {
* Overrides \Drupal\user\Plugin\views\field\Link::render_link().
*/
public function render_link(EntityInterface $entity, \stdClass $values) {
if ($entity && user_cancel_access($entity)) {
if ($entity && $entity->access('delete')) {
$this->options['alter']['make_link'] = TRUE;
$text = !empty($this->options['text']) ? $this->options['text'] : t('cancel');
......
......@@ -26,7 +26,7 @@ class LinkEdit extends Link {
* Overrides \Drupal\user\Plugin\views\field\Link::render_link().
*/
public function render_link(EntityInterface $entity, \stdClass $values) {
if ($entity && user_edit_access($entity)) {
if ($entity && $entity->access('edit')) {
$this->options['alter']['make_link'] = TRUE;
$text = !empty($this->options['text']) ? $this->options['text'] : t('edit');
......
<?php
/**
* @file
* Contains \Drupal\user\UserAccessController.
*/
namespace Drupal\user;
use Drupal\Core\Entity\EntityInterface;
use Drupal\Core\Entity\EntityAccessControllerInterface;
use Drupal\user\Plugin\Core\Entity\User;
/**
* Defines the access controller for the user entity type.
*/
class UserAccessController implements EntityAccessControllerInterface {
/**
* Implements EntityAccessControllerInterface::viewAccess().
*/
public function viewAccess(EntityInterface $entity, $langcode = LANGUAGE_DEFAULT, User $account = NULL) {
$uid = $entity->uid;
if (!$account) {
$account = $GLOBALS['user'];
}
// Never allow access to view the anonymous user account.
if ($uid) {
// Admins can view all, users can view own profiles at all times.
if ($account->uid == $uid || user_access('administer users', $account)) {
return TRUE;
}
elseif (user_access('access user profiles', $account)) {
// Only allow view access if the account is active.
return $entity->status;
}
}
return FALSE;
}
/**
* Implements EntityAccessControllerInterface::createAccess().
*/
public function createAccess(EntityInterface $entity, $langcode = LANGUAGE_DEFAULT, User $account = NULL) {
return user_access('administer users', $account);
}
/**
* Implements EntityAccessControllerInterface::updateAccess().
*/
public function updateAccess(EntityInterface $entity, $langcode = LANGUAGE_DEFAULT, User $account = NULL) {
if (!$account) {
$account = $GLOBALS['user'];
}
// Users can always edit their own account. Users with the 'administer
// users' permission can edit any account except the anonymous account.
return (($account->uid == $entity->uid) || user_access('administer users', $account)) && $entity->uid > 0;
}
/**
* Implements EntityAccessControllerInterface::deleteAccess().
*/
public function deleteAccess(EntityInterface $entity, $langcode = LANGUAGE_DEFAULT, User $account = NULL) {
if (!$account) {
$account = $GLOBALS['user'];
}
// Users with 'cancel account' permission can cancel their own account,
// users with 'administer users' permission can cancel any account except
// the anonymous account.
return ((($account->uid == $entity->uid) && user_access('cancel account', $account)) || user_access('administer users', $account)) && $entity->uid > 0;
}
}
......@@ -861,49 +861,6 @@ function user_register_access() {
return user_is_anonymous() && (config('user.settings')->get('register') != USER_REGISTER_ADMINISTRATORS_ONLY);
}
/**
* User view access callback.
*
* @param $account
* Can either be a full user object or a $uid.
*/
function user_view_access($account) {
$uid = is_object($account) ? $account->uid : (int) $account;
// Never allow access to view the anonymous user account.
if ($uid) {
// Admins can view all, users can view own profiles at all times.
if ($GLOBALS['user']->uid == $uid || user_access('administer users')) {
return TRUE;
}
elseif (user_access('access user profiles')) {
// At this point, load the complete account object.
if (!is_object($account)) {
$account = user_load($uid);
}
return (is_object($account) && $account->status);
}
}
return FALSE;
}
/**
* Access callback for user account editing.
*/
function user_edit_access($account) {
return (($GLOBALS['user']->uid == $account->uid) || user_access('administer users')) && $account->uid > 0;
}
/**
* Menu access callback; limit access to account cancellation pages.
*
* Limit access to users with the 'cancel account' permission or administrative
* users, and prevent the anonymous user from cancelling the account.
*/
function user_cancel_access($account) {
return ((($GLOBALS['user']->uid == $account->uid) && user_access('cancel account')) || user_access('administer users')) && $account->uid > 0;
}
/**
* Implements hook_menu().
*/
......@@ -1079,7 +1036,7 @@ function user_menu() {
'title arguments' => array(1),
'page callback' => 'user_view_page',
'page arguments' => array(1),
'access callback' => 'user_view_access',
'access callback' => 'entity_page_access',
'access arguments' => array(1),
);
......@@ -1093,8 +1050,8 @@ function user_menu() {
'title' => 'Cancel account',
'page callback' => 'drupal_get_form',
'page arguments' => array('user_cancel_confirm_form', 1),
'access callback' => 'user_cancel_access',
'access arguments' => array(1),
'access callback' => 'entity_page_access',
'access arguments' => array(1, 'delete'),
'file' => 'user.pages.inc',
);
......@@ -1102,8 +1059,8 @@ function user_menu() {
'title' => 'Confirm account cancellation',
'page callback' => 'user_cancel_confirm',
'page arguments' => array(1, 4, 5),
'access callback' => 'user_cancel_access',
'access arguments' => array(1),
'access callback' => 'entity_page_access',
'access arguments' => array(1, 'delete'),
'file' => 'user.pages.inc',
);
......@@ -1111,8 +1068,8 @@ function user_menu() {
'title' => 'Edit',
'page callback' => 'entity_get_form',
'page arguments' => array(1, 'profile'),
'access callback' => 'user_edit_access',
'access arguments' => array(1),
'access callback' => 'entity_page_access',
'access arguments' => array(1, 'update'),
'type' => MENU_LOCAL_TASK,
'file' => 'user.pages.inc',
);
......@@ -2715,7 +2672,7 @@ function user_rdf_mapping() {
*/
function user_file_download_access($field, EntityInterface $entity, File $file) {
if ($entity->entityType() == 'user') {
return user_view_access($entity);
return $entity->access('view');
}
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment