[meta] Replace user_access() calls with $account->hasPermission() wherever possible.

Let's postpone this till #2032553: The _account attribute on the Request is not available during web tests lands.

Good issue for Code Sprint CIS

#1: 2048171-1.patch queued for re-testing.

Add tag.

Note #2062805: Add a \Drupal::userAccess() to replace user_access instead of \Drupal::request()->attributes->get('_account')->hasPermission()

Postponed based on #2062805-11: Add a \Drupal::userAccess() to replace user_access instead of \Drupal::request()->attributes->get('_account')->hasPermission()

#2062805: Add a \Drupal::userAccess() to replace user_access instead of \Drupal::request()->attributes->get('_account')->hasPermission() has "closed" status because of #2062151: Create a current user service to ensure that current account is always available, so I think we can proceed with this one.

So I am currently spending about 50-60% of my core committing time just keeping up on these patches. :(

Since these seem to be all find/replace, with the exception of introducing a $user = Drupal::currentUser() if it's not already there, could we take the approach of one massive patch that just does them all in one go?

@webchick only 9 was commited, most of all other issues depends on #2048223: Add $account argument to AccessCheckInterface::access() method and use the current_user service or require to inject current_user service so each one could be big for example #2061971-5: Replace user_access() calls with $account->hasPermission() in block module

I'd like have sandbox but after sprint random people file patches so I have no connection to them, I'm just reviewing patches

add steps to description

Issue summary updated.
Sub-issues was grouped in two tables (that already done and that needs work).

Thanks for all your work on this so far! Looking over the RTBC queue, these patches are very tiny, way too small to merit one per module. It's a burden on core maintainer time. Let's combine them. If you really want to break them down into separate patches I'd suggest one for user.module, one for all modules except user.module, one for everything else. I'll mark the existing issues as duplicates of one of the outstanding ones.

core/authorize.php
core/includes/bootstrap.inc
core/includes/menu.inc
core/lib/Drupal/Core/Extension/UpdateModuleHandler.php
core/modules/comment/comment.module
core/modules/comment/lib/Drupal/comment/CommentAccessController.php
core/modules/comment/lib/Drupal/comment/Plugin/entity_reference/selection/CommentSelection.php
core/modules/comment/lib/Drupal/comment/Tests/CommentLinksTest.php
core/modules/contact/lib/Drupal/contact/MessageFormController.php
core/modules/content_translation/content_translation.admin.inc
core/modules/content_translation/content_translation.module
core/modules/content_translation/lib/Drupal/content_translation/ContentTranslationController.php
core/modules/field_ui/field_ui.module
core/modules/file/file.module
core/modules/filter/filter.module
core/modules/filter/lib/Drupal/filter/Tests/FilterFormatAccessTest.php
core/modules/node/lib/Drupal/node/NodeAccessController.php
core/modules/node/lib/Drupal/node/NodeFormController.php
core/modules/node/lib/Drupal/node/Plugin/entity_reference/selection/NodeSelection.php
core/modules/node/lib/Drupal/node/Tests/NodeRevisionPermissionsTest.php
core/modules/node/node.api.php
core/modules/node/node.module
core/modules/node/node.pages.inc
core/modules/node/node.views_execution.inc
core/modules/node/tests/modules/node_access_test/node_access_test.module
core/modules/system/entity.api.php
core/modules/system/lib/Drupal/system/DateFormatAccessController.php
core/modules/system/lib/Drupal/system/Form/ModulesListForm.php
core/modules/system/system.api.php
core/modules/system/system.module
core/modules/system/tests/modules/entity_test/lib/Drupal/entity_test/EntityTestAccessController.php
core/modules/system/tests/modules/form_test/form_test.module
core/modules/system/theme.api.php
core/modules/toolbar/toolbar.module
core/modules/tracker/tracker.module
core/modules/update/update.module
core/modules/user/lib/Drupal/user/AccountFormController.php
core/modules/user/lib/Drupal/user/EventSubscriber/MaintenanceModeSubscriber.php
core/modules/user/lib/Drupal/user/Plugin/entity_reference/selection/UserSelection.php
core/modules/user/lib/Drupal/user/RegisterFormController.php
core/modules/user/lib/Drupal/user/Tests/UserPermissionsTest.php
core/modules/user/lib/Drupal/user/UserAccessController.php
core/modules/user/user.api.php
core/modules/user/user.module
core/modules/views/views.api.php
core/modules/views/views.module
core/update.php

Rescoping to three child issues.

Needs to compile a commit message from all closed issues to give commit credit to all contributors

That's fine; just add it to the issue summary, the core committers can copy/paste it from there.

@Internetdevels please use sub issues for 3 patches.

The compiled commit message for modules except user in #2061977-10: Replace user_access() calls with $account->hasPermission() in all core modules except user

I've just marked 15 issues as duplicates of the two sub issues of this. They all had patches though, so if we find we've missed some cases there may already be patches ready. See https://drupal.org/project/issues/search/drupal?version[]=8.x&issue_tags...

All child issues are fixed, and there is an RTBC issue to remove the function: #2306429: Remove user_access()