diff --git a/core/modules/block/block.admin.inc b/core/modules/block/block.admin.inc index ffa0b0b..b9666f9 100644 --- a/core/modules/block/block.admin.inc +++ b/core/modules/block/block.admin.inc @@ -465,7 +465,7 @@ function block_admin_configure($form, &$form_state, $module, $delta) { ':module' => $block->module, ':delta' => $block->delta, ))->fetchCol(); - $role_options = array_map('check_plain', user_roles()); + $role_options = array_map('check_plain', user_role_names()); $form['visibility']['role'] = array( '#type' => 'details', '#title' => t('Roles'), diff --git a/core/modules/comment/comment.module b/core/modules/comment/comment.module index ab757a9..8b032c4 100644 --- a/core/modules/comment/comment.module +++ b/core/modules/comment/comment.module @@ -1284,9 +1284,12 @@ function comment_node_update_index(Node $node, $langcode) { if ($index_comments === NULL) { // Find and save roles that can 'access comments' or 'search content'. $perms = array('access comments' => array(), 'search content' => array()); - $result = db_query("SELECT rid, permission FROM {role_permission} WHERE permission IN ('access comments', 'search content')"); - foreach ($result as $record) { - $perms[$record->permission][$record->rid] = $record->rid; + foreach (user_roles() as $role) { + foreach ($perms as $permission => &$roles) { + if (config('user.permissions.' . $role->rid)->get($permission)) { + $roles[$role->rid] = $role->rid; + } + } } // Prevent indexing of comments if there are any roles that can search but diff --git a/core/modules/comment/lib/Drupal/comment/Tests/CommentLinksTest.php b/core/modules/comment/lib/Drupal/comment/Tests/CommentLinksTest.php index d049aa3..91cab48 100644 --- a/core/modules/comment/lib/Drupal/comment/Tests/CommentLinksTest.php +++ b/core/modules/comment/lib/Drupal/comment/Tests/CommentLinksTest.php @@ -39,7 +39,7 @@ function testCommentLinks() { // Remove additional user permissions from $this->web_user added by setUp(), // since this test is limited to anonymous and authenticated roles only. - user_role_delete(key($this->web_user->roles)); + entity_delete_multiple('user_role', array(key($this->web_user->roles))); // Matrix of possible environmental conditions and configuration settings. // See setEnvironment() for details. diff --git a/core/modules/filter/filter.admin.inc b/core/modules/filter/filter.admin.inc index c01fb93..0b75ba0 100644 --- a/core/modules/filter/filter.admin.inc +++ b/core/modules/filter/filter.admin.inc @@ -190,7 +190,7 @@ function filter_admin_format_form($form, &$form_state, $format) { $form['roles'] = array( '#type' => 'checkboxes', '#title' => t('Roles'), - '#options' => array_map('check_plain', user_roles()), + '#options' => array_map('check_plain', user_role_names()), '#disabled' => $is_fallback, ); if ($is_fallback) { diff --git a/core/modules/filter/filter.module b/core/modules/filter/filter.module index 1aff070..632edde 100644 --- a/core/modules/filter/filter.module +++ b/core/modules/filter/filter.module @@ -505,11 +505,11 @@ function filter_formats_reset() { function filter_get_roles_by_format($format) { // Handle the fallback format upfront (all roles have access to this format). if ($format->format == filter_fallback_format()) { - return user_roles(); + return user_role_names(); } // Do not list any roles if the permission does not exist. $permission = filter_permission_name($format); - return !empty($permission) ? user_roles(FALSE, $permission) : array(); + return !empty($permission) ? user_role_names(FALSE, $permission) : array(); } /** diff --git a/core/modules/filter/lib/Drupal/filter/Tests/FilterFormatAccessTest.php b/core/modules/filter/lib/Drupal/filter/Tests/FilterFormatAccessTest.php index 4636610..9c2fd68 100644 --- a/core/modules/filter/lib/Drupal/filter/Tests/FilterFormatAccessTest.php +++ b/core/modules/filter/lib/Drupal/filter/Tests/FilterFormatAccessTest.php @@ -147,7 +147,7 @@ function testFormatRoles() { $this->assertFalse(in_array($this->disallowed_format->format, array_keys(filter_get_formats_by_role($rid))), 'A text format which a role does not have access to does not appear in the list of formats available to that role.'); // Check that the fallback format is always allowed. - $this->assertEqual(filter_get_roles_by_format(filter_format_load(filter_fallback_format())), user_roles(), 'All roles have access to the fallback format.'); + $this->assertEqual(filter_get_roles_by_format(filter_format_load(filter_fallback_format())), user_role_names(), 'All roles have access to the fallback format.'); $this->assertTrue(in_array(filter_fallback_format(), array_keys(filter_get_formats_by_role($rid))), 'The fallback format appears in the list of allowed formats for any role.'); } diff --git a/core/modules/node/lib/Drupal/node/Tests/NodeAccessLanguageTest.php b/core/modules/node/lib/Drupal/node/Tests/NodeAccessLanguageTest.php index 6ff6ae0..0da6172 100644 --- a/core/modules/node/lib/Drupal/node/Tests/NodeAccessLanguageTest.php +++ b/core/modules/node/lib/Drupal/node/Tests/NodeAccessLanguageTest.php @@ -41,11 +41,8 @@ function assertNodeAccess($ops, $node, $account, $langcode = NULL) { function setUp() { parent::setUp(); - // Clear permissions for authenticated users. - db_delete('role_permission') - ->condition('rid', DRUPAL_AUTHENTICATED_RID) - ->execute(); + config('user.permissions.' . DRUPAL_AUTHENTICATED_RID)->delete(); } /** diff --git a/core/modules/node/lib/Drupal/node/Tests/NodeAccessTest.php b/core/modules/node/lib/Drupal/node/Tests/NodeAccessTest.php index 4f87348..befdec9 100644 --- a/core/modules/node/lib/Drupal/node/Tests/NodeAccessTest.php +++ b/core/modules/node/lib/Drupal/node/Tests/NodeAccessTest.php @@ -36,9 +36,7 @@ function assertNodeAccess($ops, $node, $account) { function setUp() { parent::setUp(); // Clear permissions for authenticated users. - db_delete('role_permission') - ->condition('rid', DRUPAL_AUTHENTICATED_RID) - ->execute(); + config('user.permissions.' . DRUPAL_AUTHENTICATED_RID)->delete(); } /** diff --git a/core/modules/node/node.views.inc b/core/modules/node/node.views.inc index a67b870..597878a 100644 --- a/core/modules/node/node.views.inc +++ b/core/modules/node/node.views.inc @@ -690,20 +690,17 @@ function node_views_analyze($view) { // check for no access control $access = $display->getOption('access'); if (empty($access['type']) || $access['type'] == 'none') { - $select = db_select('role', 'r'); - $select->innerJoin('role_permission', 'p', 'r.rid = p.rid'); - $result = $select->fields('r', array('rid')) - ->fields('p', array('permission')) - ->condition('r.rid', array('anonymous', 'authenticated'), 'IN') - ->condition('p.permission', 'access content') - ->execute(); - - foreach ($result as $role) { - $role->safe = TRUE; - $roles[$role->rid] = $role; + // Find out whether anonymous and authenticated role have the + // `access content` permission. + $roles = array(); + $roles['anonymous'] = array(); + $roles['authenticated'] = array(); + $roles_result = user_permission_roles('access content', array('anonymous' => TRUE, 'authenticated' => TRUE)); + foreach ($roles_result as $rid) { + $roles[$rid]['safe'] = TRUE; } - if (!($roles['anonymous']->safe && $roles['authenticated']->safe)) { - $ret[] = Analyzer::formatMessage(t('Some roles lack permission to access content, but display %display has no access control.', array('%display' => $display['display_title'])), 'warning'); + if (!empty($roles['anonymous']['safe']) && !empty($roles['authenticated']['safe'])) { + $ret[] = Analyzer::formatMessage(t('Some roles lack permission to access content, but display %display has no access control.', array('%display' => $display->display['display_title'])), 'warning'); } $filters = $display->getOption('filters'); foreach ($filters as $filter) { diff --git a/core/modules/simpletest/lib/Drupal/simpletest/WebTestBase.php b/core/modules/simpletest/lib/Drupal/simpletest/WebTestBase.php index 001e521..b169013 100644 --- a/core/modules/simpletest/lib/Drupal/simpletest/WebTestBase.php +++ b/core/modules/simpletest/lib/Drupal/simpletest/WebTestBase.php @@ -481,10 +481,11 @@ protected function drupalCreateRole(array $permissions, $rid = NULL, $name = NUL } // Create new role. - $role = new stdClass(); - $role->rid = $rid; - $role->name = $name; - $result = user_role_save($role); + $role = entity_create('user_role', array( + 'rid' => $rid, + 'name' => $name, + )); + $result = $role->save(); $this->assertIdentical($result, SAVED_NEW, t('Created role ID @rid with name @name.', array( '@name' => var_export($role->name, TRUE), @@ -496,8 +497,8 @@ protected function drupalCreateRole(array $permissions, $rid = NULL, $name = NUL if (!empty($permissions)) { user_role_grant_permissions($role->rid, $permissions); - $assigned_permissions = db_query('SELECT permission FROM {role_permission} WHERE rid = :rid', array(':rid' => $role->rid))->fetchCol(); - $missing_permissions = array_diff($permissions, $assigned_permissions); + $assigned_permissions = user_role_permissions(array($role->rid => TRUE)); + $missing_permissions = array_diff($permissions, array_keys($assigned_permissions[$role->rid])); if (!$missing_permissions) { $this->pass(t('Created permissions: @perms', array('@perms' => implode(', ', $permissions))), t('Role')); } diff --git a/core/modules/system/lib/Drupal/system/Tests/Module/UninstallTest.php b/core/modules/system/lib/Drupal/system/Tests/Module/UninstallTest.php index 3345d2f..3d9edd5 100644 --- a/core/modules/system/lib/Drupal/system/Tests/Module/UninstallTest.php +++ b/core/modules/system/lib/Drupal/system/Tests/Module/UninstallTest.php @@ -38,8 +38,7 @@ function testUserPermsUninstalled() { module_disable(array('module_test')); module_uninstall(array('module_test')); - // Are the perms defined by module_test removed from {role_permission}. - $count = db_query("SELECT COUNT(rid) FROM {role_permission} WHERE permission = :perm", array(':perm' => 'module_test perm'))->fetchField(); - $this->assertEqual(0, $count, 'Permissions were all removed.'); + // Are the perms defined by module_test removed. + $this->assertFalse(user_permission_roles('module_test perm', user_roles()), 'Permissions were all removed.'); } } diff --git a/core/modules/system/lib/Drupal/system/Tests/Upgrade/LanguageUpgradePathTest.php b/core/modules/system/lib/Drupal/system/Tests/Upgrade/LanguageUpgradePathTest.php index 73f563b..5c1983c 100644 --- a/core/modules/system/lib/Drupal/system/Tests/Upgrade/LanguageUpgradePathTest.php +++ b/core/modules/system/lib/Drupal/system/Tests/Upgrade/LanguageUpgradePathTest.php @@ -179,10 +179,8 @@ public function testLanguagePermissionsUpgrade() { $this->assertTrue($this->performUpgrade(), 'The upgrade was completed successfully.'); // Check that translate content role doesn't exist on database. - $old_permission_exists = db_query('SELECT * FROM {role_permission} WHERE permission LIKE ?', array('translate content'))->fetchObject(); - $this->assertFalse($old_permission_exists, 'No translate content role left on database.'); + $this->assertFalse(config('user.permissions.' . DRUPAL_AUTHENTICATED_RID)->get('translate content'), 'No translate content role left on database.'); // Check that translate content has been renamed to translate all content. - $new_permission_exists = db_query('SELECT * FROM {role_permission} WHERE permission LIKE ?', array('translate all content'))->fetchObject(); - $this->assertTrue($new_permission_exists, 'Rename role translate content to translate all content was completed successfully.'); + $this->assertTrue(config('user.permissions.' . DRUPAL_AUTHENTICATED_RID)->get('translate all content'), 'Rename role translate content to translate all content was completed successfully.'); } } diff --git a/core/modules/translation/translation.install b/core/modules/translation/translation.install index 61d014d..d85d9c9 100644 --- a/core/modules/translation/translation.install +++ b/core/modules/translation/translation.install @@ -10,10 +10,15 @@ * Rename the translate content permission. */ function translation_update_8000() { - db_update('role_permission') - ->fields(array('permission' => 'translate all content')) - ->condition('permission', 'translate content') - ->execute(); + foreach (config_get_storage_names_with_prefix('user.role.') as $name) { + $role = config($name)->get(); + $config = config('user.permissions.' . $role['rid']); + if ($module = $config->get('translate content')) { + $config->clear('translate content'); + $config->set('translate all content', $module); + $config->save(); + } + } } /** diff --git a/core/modules/user/config/user.role.anonymous.yml b/core/modules/user/config/user.role.anonymous.yml new file mode 100644 index 0000000..6b3f713 --- /dev/null +++ b/core/modules/user/config/user.role.anonymous.yml @@ -0,0 +1,3 @@ +rid: anonymous +name: Anonymous user +weight: 0 diff --git a/core/modules/user/config/user.role.authenticated.yml b/core/modules/user/config/user.role.authenticated.yml new file mode 100644 index 0000000..1375647 --- /dev/null +++ b/core/modules/user/config/user.role.authenticated.yml @@ -0,0 +1,3 @@ +rid: authenticated +name: Authenticated user +weight: 1 diff --git a/core/modules/user/lib/Drupal/user/AccountFormController.php b/core/modules/user/lib/Drupal/user/AccountFormController.php index 512f703..b3043de 100644 --- a/core/modules/user/lib/Drupal/user/AccountFormController.php +++ b/core/modules/user/lib/Drupal/user/AccountFormController.php @@ -126,7 +126,7 @@ public function form(array $form, array &$form_state, EntityInterface $account) '#access' => $admin, ); - $roles = array_map('check_plain', user_roles(TRUE)); + $roles = array_map('check_plain', user_role_names(TRUE)); // The disabled checkbox subelement for the 'authenticated user' role // must be generated separately and added to the checkboxes element, // because of a limitation in Form API not supporting a single disabled diff --git a/core/modules/user/lib/Drupal/user/Plugin/Core/Entity/Role.php b/core/modules/user/lib/Drupal/user/Plugin/Core/Entity/Role.php new file mode 100644 index 0000000..5714cfc --- /dev/null +++ b/core/modules/user/lib/Drupal/user/Plugin/Core/Entity/Role.php @@ -0,0 +1,67 @@ +rid; + } + +} diff --git a/core/modules/user/lib/Drupal/user/Plugin/views/access/Role.php b/core/modules/user/lib/Drupal/user/Plugin/views/access/Role.php index 2a07d79..146968a 100644 --- a/core/modules/user/lib/Drupal/user/Plugin/views/access/Role.php +++ b/core/modules/user/lib/Drupal/user/Plugin/views/access/Role.php @@ -46,7 +46,7 @@ public function summaryTitle() { return t('Multiple roles'); } else { - $rids = user_roles(); + $rids = user_role_names(); $rid = reset($this->options['role']); return check_plain($rids[$rid]); } diff --git a/core/modules/user/lib/Drupal/user/Plugin/views/argument/RolesRid.php b/core/modules/user/lib/Drupal/user/Plugin/views/argument/RolesRid.php index 634307e..1d18b0b 100644 --- a/core/modules/user/lib/Drupal/user/Plugin/views/argument/RolesRid.php +++ b/core/modules/user/lib/Drupal/user/Plugin/views/argument/RolesRid.php @@ -23,16 +23,7 @@ class RolesRid extends ManyToOne { function title_query() { - $titles = array(); - - $query = db_select('role', 'r'); - $query->addField('r', 'name'); - $query->condition('r.rid', $this->value); - $result = $query->execute(); - foreach ($result as $term) { - $titles[] = check_plain($term->name); - } - return $titles; + return array(entity_load('user_role', $this->value)->name); } } diff --git a/core/modules/user/lib/Drupal/user/Plugin/views/argument_validator/User.php b/core/modules/user/lib/Drupal/user/Plugin/views/argument_validator/User.php index a31b0af..36a6a5a 100644 --- a/core/modules/user/lib/Drupal/user/Plugin/views/argument_validator/User.php +++ b/core/modules/user/lib/Drupal/user/Plugin/views/argument_validator/User.php @@ -56,7 +56,7 @@ public function buildOptionsForm(&$form, &$form_state) { $form['roles'] = array( '#type' => 'checkboxes', '#title' => t('Restrict to the selected roles'), - '#options' => array_map('check_plain', user_roles(TRUE)), + '#options' => array_map('check_plain', user_role_names(TRUE)), '#default_value' => $this->options['roles'], '#description' => t('If no roles are selected, users from any role will be allowed.'), '#states' => array( diff --git a/core/modules/user/lib/Drupal/user/Plugin/views/field/Permissions.php b/core/modules/user/lib/Drupal/user/Plugin/views/field/Permissions.php index 98cb021..62e6b9c 100644 --- a/core/modules/user/lib/Drupal/user/Plugin/views/field/Permissions.php +++ b/core/modules/user/lib/Drupal/user/Plugin/views/field/Permissions.php @@ -46,28 +46,19 @@ function pre_render(&$values) { } if ($uids) { - // Get a list of all the modules implementing a hook_permission() and sort by - // display name. - $module_info = system_get_info('module'); - $modules = array(); - foreach (module_implements('permission') as $module) { - $modules[$module] = $module_info[$module]['name']; - } - asort($modules); - - $permissions = module_invoke_all('permission'); - - $query = db_select('role_permission', 'rp'); - $query->join('users_roles', 'u', 'u.rid = rp.rid'); - $query->fields('u', array('uid', 'rid')); - $query->addField('rp', 'permission'); - $query->condition('u.uid', $uids); - $query->condition('rp.module', array_keys($modules)); - $query->orderBy('rp.permission'); - $result = $query->execute(); - - foreach ($result as $perm) { - $this->items[$perm->uid][$perm->permission]['permission'] = $permissions[$perm->permission]['title']; + // Load all permissions to be able show the label. + $all_permissions = module_invoke_all('permission'); + + foreach ($values as $row) { + $account = $this->get_entity($row); + // Get a list of roles of all the users to load all permissions of each + // user. + $role_permissions = user_role_permissions($account->roles); + foreach ($role_permissions as $role => $permissions) { + foreach ($permissions as $permission => $value) { + $this->items[$account->uid][$permission]['permission'] = $all_permissions[$permission]['title']; + } + } } } } diff --git a/core/modules/user/lib/Drupal/user/Plugin/views/filter/Roles.php b/core/modules/user/lib/Drupal/user/Plugin/views/filter/Roles.php index 8ee3569..139856e 100644 --- a/core/modules/user/lib/Drupal/user/Plugin/views/filter/Roles.php +++ b/core/modules/user/lib/Drupal/user/Plugin/views/filter/Roles.php @@ -23,7 +23,7 @@ class Roles extends ManyToOne { function get_value_options() { - $this->value_options = user_roles(TRUE); + $this->value_options = user_role_names(TRUE); unset($this->value_options[DRUPAL_AUTHENTICATED_RID]); } diff --git a/core/modules/user/lib/Drupal/user/RoleStorageController.php b/core/modules/user/lib/Drupal/user/RoleStorageController.php new file mode 100644 index 0000000..45f0749 --- /dev/null +++ b/core/modules/user/lib/Drupal/user/RoleStorageController.php @@ -0,0 +1,77 @@ +name = trim($entity->name); + + if (!isset($entity->weight)) { + $roles = entity_load_multiple('entity_roles'); + // Set a role weight to make this new role last. + $max = array_reduce($roles, function($max, $entity) { + return $max > $entity['weight'] ? $max : $entity['weight']; + }); + $entity->weight = $max + 1; + } + + return parent::save($entity); + } + + /** + * Overrides Drupal\Core\Entity\ConfigStorageController::resetCache(). + */ + public function resetCache(array $ids = NULL) { + parent::resetCache($ids); + + // Clear the user access cache. + drupal_static_reset('user_access'); + drupal_static_reset('user_role_permissions'); + } + + /** + * Overrides Drupal\Core\Entity\ConfigStorageController::postDelete(). + */ + protected function postDelete($entities) { + $rids = array_keys($entities); + + foreach ($entities as $entity) { + config('user.permissions.' . $entity->rid)->delete(); + } + + // Update the users who have this role set: + db_delete('users_roles') + ->condition('rid', $rids) + ->execute(); + } + + /** + * Overrides Drupal\Core\Entity\ConfigStorageController::attachLoad(). + */ + protected function attachLoad(&$queried_entities, $revision_id = FALSE) { + // Sort the queried roles by their weight. + uasort($queried_entities, 'drupal_sort_weight'); + + parent::attachLoad($queried_entities, $revision_id); + } + +} diff --git a/core/modules/user/lib/Drupal/user/Tests/UserPermissionsTest.php b/core/modules/user/lib/Drupal/user/Tests/UserPermissionsTest.php index 2455b10..18b92c5 100644 --- a/core/modules/user/lib/Drupal/user/Tests/UserPermissionsTest.php +++ b/core/modules/user/lib/Drupal/user/Tests/UserPermissionsTest.php @@ -80,6 +80,8 @@ function testAdministratorRole() { // Aggregator depends on file module, enable that as well. $edit['modules[Core][file][enable]'] = TRUE; $this->drupalPost('admin/modules', $edit, t('Save configuration')); + drupal_static_reset('user_access'); + drupal_static_reset('user_role_permissions'); $this->assertTrue(user_access('administer news feeds', $this->admin_user), 'The permission was automatically assigned to the administrator role'); } diff --git a/core/modules/user/lib/Drupal/user/Tests/UserRoleAdminTest.php b/core/modules/user/lib/Drupal/user/Tests/UserRoleAdminTest.php index 50d4da7..cc143ff 100644 --- a/core/modules/user/lib/Drupal/user/Tests/UserRoleAdminTest.php +++ b/core/modules/user/lib/Drupal/user/Tests/UserRoleAdminTest.php @@ -40,7 +40,7 @@ function testRoleAdministration() { $edit = array('role[name]' => $role_name, 'role[rid]' => $role_name); $this->drupalPost('admin/people/roles', $edit, t('Add role')); $this->assertText(t('The role has been added.'), 'The role has been added.'); - $role = user_role_load($role_name); + $role = entity_load('user_role', $role_name); $this->assertTrue(is_object($role), 'The role was successfully retrieved from the database.'); // Try adding a duplicate role. @@ -53,7 +53,7 @@ function testRoleAdministration() { $edit = array('role[name]' => $role_name); $this->drupalPost("admin/people/roles/edit/{$role->rid}", $edit, t('Save role')); $this->assertText(t('The role has been renamed.'), 'The role has been renamed.'); - $new_role = user_role_load($old_name); + $new_role = entity_load('user_role', $old_name); $this->assertEqual($new_role->name, $role_name, 'The role name has been successfully changed.'); // Test deleting a role. @@ -61,7 +61,7 @@ function testRoleAdministration() { $this->drupalPost(NULL, NULL, t('Delete')); $this->assertText(t('The role has been deleted.'), 'The role has been deleted'); $this->assertNoLinkByHref("admin/people/roles/edit/{$role->rid}", 'Role edit link removed.'); - $this->assertFalse(user_role_load($role_name), 'A deleted role can no longer be loaded.'); + $this->assertFalse(entity_load('user_role', $role_name), 'A deleted role can no longer be loaded.'); // Make sure that the system-defined roles can be edited via the user // interface. @@ -80,8 +80,8 @@ function testRoleWeightChange() { $this->drupalLogin($this->admin_user); // Pick up a random role and get its weight. - $rid = array_rand(user_roles()); - $role = user_role_load($rid); + $rid = array_rand(user_role_names()); + $role = entity_load('user_role', $rid); $old_weight = $role->weight; // Change the role weight and submit the form. @@ -90,7 +90,7 @@ function testRoleWeightChange() { $this->assertText(t('The role settings have been updated.'), 'The role settings form submitted successfully.'); // Retrieve the saved role and compare its weight. - $role = user_role_load($rid); + $role = entity_load('user_role', $rid); $new_weight = $role->weight; $this->assertTrue(($old_weight + 1) == $new_weight, 'Role weight updated successfully.'); } diff --git a/core/modules/user/lib/Drupal/user/UserStorageController.php b/core/modules/user/lib/Drupal/user/UserStorageController.php index 2b532c9..119b005 100644 --- a/core/modules/user/lib/Drupal/user/UserStorageController.php +++ b/core/modules/user/lib/Drupal/user/UserStorageController.php @@ -34,9 +34,9 @@ function attachLoad(&$queried_users, $load_revision = FALSE) { } // Add any additional roles from the database. - $result = db_query('SELECT r.rid, r.name, ur.uid FROM {role} r INNER JOIN {users_roles} ur ON ur.rid = r.rid WHERE ur.uid IN (:uids)', array(':uids' => array_keys($queried_users))); + $result = db_query('SELECT ur.rid, ur.uid FROM {users_roles} ur WHERE ur.uid IN (:uids)', array(':uids' => array_keys($queried_users))); foreach ($result as $record) { - $queried_users[$record->uid]->roles[$record->rid] = $record->name; + $queried_users[$record->uid]->roles[$record->rid] = $record->rid; } // Call the default attachLoad() method. This will add fields and call diff --git a/core/modules/user/user.admin.inc b/core/modules/user/user.admin.inc index 06ac8d2..a8e7f55 100644 --- a/core/modules/user/user.admin.inc +++ b/core/modules/user/user.admin.inc @@ -193,7 +193,7 @@ function user_admin_account() { $destination = drupal_get_destination(); $status = array(t('blocked'), t('active')); - $roles = array_map('check_plain', user_roles(TRUE)); + $roles = array_map('check_plain', user_role_names(TRUE)); $accounts = array(); foreach ($result as $account) { $account = user_load($account->uid); @@ -301,7 +301,7 @@ function user_admin_settings($form, &$form_state) { // Do not allow users to set the anonymous or authenticated user roles as the // administrator role. - $roles = user_roles(); + $roles = user_role_names(); unset($roles[DRUPAL_ANONYMOUS_RID]); unset($roles[DRUPAL_AUTHENTICATED_RID]); $roles[0] = t('disabled'); @@ -644,7 +644,7 @@ function user_admin_settings_submit($form, &$form_state) { function user_admin_permissions($form, $form_state, $rid = NULL) { // Retrieve role names for columns. - $role_names = user_roles(); + $role_names = user_role_names(); if (isset($rid)) { $role_names = array($rid => $role_names[$rid]); } @@ -745,7 +745,7 @@ function user_admin_permissions_submit($form, &$form_state) { function theme_user_admin_permissions($variables) { $form = $variables['form']; - $roles = user_roles(); + $roles = user_role_names(); foreach (element_children($form['permission']) as $key) { $row = array(); // Module name @@ -814,12 +814,7 @@ function theme_user_permission_description($variables) { * @see theme_user_admin_roles() */ function user_admin_roles($form, $form_state) { - $roles = db_select('role', 'r') - ->addTag('translatable') - ->fields('r') - ->orderBy('weight') - ->orderBy('name') - ->execute(); + $roles = user_roles(); $form['roles'] = array( '#tree' => TRUE, @@ -887,7 +882,7 @@ function user_admin_roles_order_submit($form, &$form_state) { foreach ($form_state['values']['roles'] as $rid => $role_values) { $role = $form['roles'][$rid]['#role']; $role->weight = $role_values['weight']; - user_role_save($role); + $role->save(); } drupal_set_message(t('The role settings have been updated.')); } @@ -992,8 +987,8 @@ function user_admin_role($form, $form_state, $role) { * Form submit handler for the user_admin_role() form. */ function user_admin_role_submit($form, &$form_state) { - $role = (object) $form_state['values']['role']; - $status = user_role_save($role); + $role = entity_create('user_role', $form_state['values']['role']); + $status = $role->save(); if ($status === SAVED_UPDATED) { drupal_set_message(t('The role has been renamed.')); } @@ -1025,7 +1020,7 @@ function user_admin_role_delete_confirm($form, &$form_state, $role) { * Form submit handler for user_admin_role_delete_confirm(). */ function user_admin_role_delete_confirm_submit($form, &$form_state) { - user_role_delete($form_state['values']['rid']); + entity_delete_multiple('user_role', array($form_state['values']['rid'])); drupal_set_message(t('The role has been deleted.')); $form_state['redirect'] = 'admin/people/roles'; } diff --git a/core/modules/user/user.install b/core/modules/user/user.install index bb86002..a0e0e3a 100644 --- a/core/modules/user/user.install +++ b/core/modules/user/user.install @@ -191,75 +191,6 @@ function user_schema() { ), ); - $schema['role'] = array( - 'description' => 'Stores user roles.', - 'fields' => array( - 'rid' => array( - 'type' => 'varchar', - // The role ID is often used as part of a compound index; at least MySQL - // has a maximum index length of 1000 characters (333 on utf8), so we - // limit the maximum length. - 'length' => 64, - 'not null' => TRUE, - 'description' => 'Primary Key: Unique role ID.', - ), - 'name' => array( - 'type' => 'varchar', - 'length' => 255, - 'not null' => TRUE, - 'default' => '', - 'description' => 'Role label.', - 'translatable' => TRUE, - ), - 'weight' => array( - 'type' => 'int', - 'not null' => TRUE, - 'default' => 0, - 'description' => 'The weight of this role in listings and the user interface.', - ), - ), - 'primary key' => array('rid'), - 'indexes' => array( - 'name_weight' => array('name', 'weight'), - ), - ); - - $schema['role_permission'] = array( - 'description' => 'Stores the permissions assigned to user roles.', - 'fields' => array( - 'rid' => array( - 'type' => 'varchar', - 'length' => 64, - 'not null' => TRUE, - 'description' => 'Foreign Key: {role}.rid.', - ), - 'permission' => array( - 'type' => 'varchar', - 'length' => 128, - 'not null' => TRUE, - 'default' => '', - 'description' => 'A single permission granted to the role identified by rid.', - ), - 'module' => array( - 'type' => 'varchar', - 'length' => 255, - 'not null' => TRUE, - 'default' => '', - 'description' => "The module declaring the permission.", - ), - ), - 'primary key' => array('rid', 'permission'), - 'indexes' => array( - 'permission' => array('permission'), - ), - 'foreign keys' => array( - 'role' => array( - 'table' => 'role', - 'columns' => array('rid' => 'rid'), - ), - ), - ); - $schema['users_data'] = array( 'description' => 'Stores module data as key/value pairs per user.', 'fields' => array( @@ -369,13 +300,6 @@ function user_install() { 'status' => 1, )) ->execute(); - - // Insert built-in roles. - db_insert('role') - ->fields(array('rid', 'name', 'weight')) - ->values(array(DRUPAL_ANONYMOUS_RID, 'Anonymous user', 0)) - ->values(array(DRUPAL_AUTHENTICATED_RID, 'Authenticated user', 1)) - ->execute(); } /** @@ -964,6 +888,49 @@ function user_update_8016() { } /** + * Turn the {role} table into configuration entities. + */ +function user_update_8017() { + $roles = db_select('role', 'r') + ->fields('r') + ->execute() + ->fetchAll(); + + foreach ($roles as $role) { + config('user.role.' . $role->rid) + ->set('rid', $role->rid) + ->set('name', $role->name) + ->set('weight', $role->weight) + ->save(); + } + + db_drop_table('role'); +} + +/** + * Turn the {role_permission} table into configuration. + */ +function user_update_8018() { + foreach (config_get_storage_names_with_prefix('user.role.') as $rid) { + $role = config($rid)->get(); + + $assignments = db_select('role_permission', 'rp') + ->fields('rp') + ->condition('rid', $role['rid']) + ->execute() + ->fetchAll(); + + $config = config('user.permissions.' . $role['rid']); + foreach ($assignments as $assignment) { + $config->set($assignment->permission, $assignment->module); + } + $config->save(); + } + + db_drop_table('role_permission'); +} + +/** * @} End of "addtogroup updates-7.x-to-8.x". */ diff --git a/core/modules/user/user.module b/core/modules/user/user.module index 7dabb6d..0d29791 100644 --- a/core/modules/user/user.module +++ b/core/modules/user/user.module @@ -1,6 +1,7 @@ $name) { - if (isset($cache[$rid])) { - $role_permissions[$rid] = $cache[$rid]; - } - else { - // Add this rid to the list of those needing to be fetched. - $fetch[] = $rid; - // Prepare in case no permissions are returned. - $cache[$rid] = array(); - } - } - - if ($fetch) { - // Get from the database permissions that were not in the static variable. - // Only role IDs with at least one permission assigned will return rows. - $result = db_query("SELECT rid, permission FROM {role_permission} WHERE rid IN (:fetch)", array(':fetch' => $fetch)); - - foreach ($result as $row) { - $cache[$row->rid][$row->permission] = TRUE; - } - foreach ($fetch as $rid) { - // For every rid, we know we at least assigned an empty array. - $role_permissions[$rid] = $cache[$rid]; - } + foreach ($roles as $rid => $name) { + if (!isset($cache[$rid])) { + $cache[$rid] = config('user.permissions.' . $rid)->get() ?: array(); } } + return array_intersect_key($cache, $roles); +} - return $role_permissions; +/** + * Filters the given roles for a given permission. + */ +function user_permission_roles($permission, $roles = array()) { + $return = array_filter(user_role_permissions($roles), function ($permissions) use ($permission) { + return array_key_exists($permission, $permissions); + }); + return array_keys($return); } /** @@ -472,7 +459,6 @@ function user_access($string, $account = NULL) { $perm = &$drupal_static_fast['perm']; if (!isset($perm[$account->uid])) { $role_permissions = user_role_permissions($account->roles); - $perms = array(); foreach ($role_permissions as $one_role) { $perms += $one_role; @@ -2053,6 +2039,25 @@ function user_mail_tokens(&$replacements, $data, $options) { * An associative array with the role id as the key and the role name as * value. */ +function user_role_names($membersonly = FALSE, $permission = NULL) { + return array_map(function($item) { + return $item->name; + }, user_roles($membersonly, $permission)); +} + +/** + * Retrieve an array of roles matching specified conditions. + * + * @param $membersonly + * Set this to TRUE to exclude the 'anonymous' role. + * @param $permission + * A string containing a permission. If set, only roles containing that + * permission are returned. + * + * @return + * An associative array with the role id as the key and the role object as + * value. + */ function user_roles($membersonly = FALSE, $permission = NULL) { $user_roles = &drupal_static(__FUNCTION__); @@ -2065,23 +2070,21 @@ function user_roles($membersonly = FALSE, $permission = NULL) { } } - $query = db_select('role', 'r'); - $query->addTag('translatable'); - $query->fields('r', array('rid', 'name')); - $query->orderBy('weight'); - $query->orderBy('name'); - if (!empty($permission)) { - $query->innerJoin('role_permission', 'p', 'r.rid = p.rid'); - $query->condition('p.permission', $permission); - } + $roles = entity_load_multiple('user_role'); if ($membersonly) { - $query->condition('r.rid', DRUPAL_ANONYMOUS_RID, '!='); + unset($roles[DRUPAL_ANONYMOUS_RID]); + } + + if (!empty($permission)) { + foreach ($roles as $rid => $role) { + if (!config('user.permissions.' . $role->rid)->get($permission)) { + unset($roles[$rid]); + } + } } - $roles = $query->execute()->fetchAllKeyed(); if (empty($permission)) { $user_roles[$cid] = $roles; - return $user_roles[$cid]; } return $roles; @@ -2098,87 +2101,7 @@ function user_roles($membersonly = FALSE, $permission = NULL) { * otherwise. */ function user_role_load($rid) { - return db_select('role', 'r') - ->fields('r') - ->condition('rid', $rid) - ->execute() - ->fetchObject(); -} - -/** - * Save a user role to the database. - * - * @param $role - * A role object to modify or add. - * - * @return - * Status constant indicating if role was created or updated. - * Failure to write the user role record will return FALSE. Otherwise - * SAVED_NEW or SAVED_UPDATED is returned depending on the operation - * performed. - */ -function user_role_save($role) { - if ($role->name) { - // Prevent leading and trailing spaces in role names. - $role->name = trim($role->name); - } - if (!isset($role->weight)) { - // Set a role weight to make this new role last. - $query = db_select('role'); - $query->addExpression('MAX(weight)'); - $role->weight = $query->execute()->fetchField() + 1; - } - - // Let modules modify the user role before it is saved to the database. - module_invoke_all('user_role_presave', $role); - - $exists = db_select('role', 'r') - ->fields('r', array('rid')) - ->condition('rid', $role->rid) - ->execute() - ->fetchAll(); - - if (empty($exists)) { - $status = drupal_write_record('role', $role); - module_invoke_all('user_role_insert', $role); - } - else { - $status = drupal_write_record('role', $role, 'rid'); - module_invoke_all('user_role_update', $role); - } - - // Clear the user access cache. - drupal_static_reset('user_access'); - drupal_static_reset('user_role_permissions'); - - return $status; -} - -/** - * Delete a user role from database. - * - * @param $role - * A string with the role ID. - */ -function user_role_delete($role) { - $role = user_role_load($role); - - db_delete('role') - ->condition('rid', $role->rid) - ->execute(); - db_delete('role_permission') - ->condition('rid', $role->rid) - ->execute(); - // Update the users who have this role set: - db_delete('users_roles') - ->condition('rid', $role->rid) - ->execute(); - - module_invoke_all('user_role_delete', $role); - - // Clear the user access cache. - drupal_static_reset('user_access'); - drupal_static_reset('user_role_permissions'); + return entity_load('user_role', $rid); } /** @@ -2266,17 +2189,11 @@ function user_role_change_permissions($rid, array $permissions = array()) { function user_role_grant_permissions($rid, array $permissions = array()) { $modules = user_permission_get_modules(); // Grant new permissions for the role. + $config = config('user.permissions.' . $rid); foreach ($permissions as $name) { - db_merge('role_permission') - ->key(array( - 'rid' => $rid, - 'permission' => $name, - )) - ->fields(array( - 'module' => $modules[$name], - )) - ->execute(); + $config->set($name, $modules[$name]); } + $config->save(); // Clear the user access cache. drupal_static_reset('user_access'); @@ -2296,10 +2213,11 @@ function user_role_grant_permissions($rid, array $permissions = array()) { */ function user_role_revoke_permissions($rid, array $permissions = array()) { // Revoke permissions for the role. - db_delete('role_permission') - ->condition('rid', $rid) - ->condition('permission', $permissions, 'IN') - ->execute(); + $config = config('user.permissions.' . $rid); + foreach ($permissions as $name) { + $config->clear($name); + } + $config->save(); // Clear the user access cache. drupal_static_reset('user_access'); @@ -2325,7 +2243,7 @@ function user_user_operations($form = array(), $form_state = array()) { ); if (user_access('administer permissions')) { - $roles = user_roles(TRUE); + $roles = user_role_names(TRUE); unset($roles[DRUPAL_AUTHENTICATED_RID]); // Can't edit authenticated role. $add_roles = array(); @@ -2410,7 +2328,7 @@ function user_user_operations_block($accounts) { * Callback function for admin mass adding/deleting a user role. */ function user_multiple_role_edit($accounts, $operation, $rid) { - $role_name = db_query('SELECT name FROM {role} WHERE rid = :rid', array(':rid' => $rid))->fetchField(); + $role_name = entity_load('user_role', $rid)->name; switch ($operation) { case 'add_role': @@ -2542,7 +2460,7 @@ function user_multiple_cancel_confirm_submit($form, &$form_state) { function user_filters() { // Regular filters $filters = array(); - $roles = user_roles(TRUE); + $roles = user_role_names(TRUE); unset($roles[DRUPAL_AUTHENTICATED_RID]); // Don't list authorized role. if (count($roles)) { $filters['role'] = array( @@ -2605,9 +2523,10 @@ function user_build_filter_query(SelectInterface $query) { if (user_access($value, $account)) { continue; } + + $roles = user_permission_roles($value, user_roles()); $users_roles_alias = $query->join('users_roles', 'ur', '%alias.uid = u.uid'); - $permission_alias = $query->join('role_permission', 'p', $users_roles_alias . '.rid = %alias.rid'); - $query->condition($permission_alias . '.permission', $value); + $query->condition($users_roles_alias . '.rid', $roles ?: NULL); } elseif ($key == 'role') { $users_roles_alias = $query->join('users_roles', 'ur', '%alias.uid = u.uid'); @@ -2901,8 +2820,7 @@ function user_form_field_ui_field_edit_form_submit($form, &$form_state) { */ function user_modules_installed($modules) { // Assign all available permissions to the administrator role. - $rid = config('user.settings')->get('admin_role'); - if ($rid) { + if ($rid = config('user.settings')->get('admin_role')) { $permissions = array(); foreach ($modules as $module) { if ($module_permissions = module_invoke($module, 'permission')) { @@ -2919,6 +2837,13 @@ function user_modules_installed($modules) { * Implements hook_modules_uninstalled(). */ function user_modules_uninstalled($modules) { + $permissions = module_invoke_all('permission'); + $roles = user_roles(); + $role_permissions = user_role_permissions($roles); + // Delete all permissions that are no longer available. + foreach ($roles as $role) { + user_role_revoke_permissions($role->rid, array_keys(array_diff_key($role_permissions[$role->rid], $permissions))); + } db_delete('role_permission') ->condition('module', $modules, 'IN') ->execute(); diff --git a/core/modules/user/user.views.inc b/core/modules/user/user.views.inc index 48b6138..d9a0efa 100644 --- a/core/modules/user/user.views.inc +++ b/core/modules/user/user.views.inc @@ -351,22 +351,6 @@ function user_views_data() { ), ); - // role table - - $data['role']['table']['join'] = array( - // Directly links to users table. - 'users' => array( - 'left_table' => 'users_roles', - 'left_field' => 'rid', - 'field' => 'rid', - ), - // needed for many to one helper sometimes - 'users_roles' => array( - 'left_field' => 'rid', - 'field' => 'rid', - ), - ); - // permission table $data['role_permission']['table']['group'] = t('User'); $data['role_permission']['table']['join'] = array( diff --git a/core/modules/views/lib/Drupal/views/Plugin/views/filter/FilterPluginBase.php b/core/modules/views/lib/Drupal/views/Plugin/views/filter/FilterPluginBase.php index 6b32ca3..9a3a224 100644 --- a/core/modules/views/lib/Drupal/views/Plugin/views/filter/FilterPluginBase.php +++ b/core/modules/views/lib/Drupal/views/Plugin/views/filter/FilterPluginBase.php @@ -548,7 +548,7 @@ public function buildExposeForm(&$form, &$form_state) { '#default_value' => $this->options['expose']['remember'], ); - $role_options = array_map('check_plain', user_roles()); + $role_options = array_map('check_plain', user_role_names()); $form['expose']['remember_roles'] = array( '#type' => 'checkboxes', '#title' => t('User roles'), diff --git a/core/profiles/standard/standard.install b/core/profiles/standard/standard.install index 071bf31..9f722b3 100644 --- a/core/profiles/standard/standard.install +++ b/core/profiles/standard/standard.install @@ -394,11 +394,12 @@ function standard_install() { user_role_grant_permissions(DRUPAL_AUTHENTICATED_RID, array('access content', 'access comments', 'post comments', 'skip comment approval', $filtered_html_permission)); // Create a default role for site administrators, with all available permissions assigned. - $admin_role = new stdClass(); - $admin_role->rid = 'administrator'; - $admin_role->name = 'Administrator'; - $admin_role->weight = 2; - user_role_save($admin_role); + $admin_role = entity_create('user_role', array( + 'rid' => 'administrator', + 'name' => 'Administrator', + 'weight' => 2, + )); + $admin_role->save(); user_role_grant_permissions($admin_role->rid, array_keys(module_invoke_all('permission'))); // Set this as the administrator role. $user_settings->set('admin_role', $admin_role->rid)->save();