diff --git a/core/modules/block/lib/Drupal/block/Tests/BlockUserAccountSettingsTest.php b/core/modules/block/lib/Drupal/block/Tests/BlockUserAccountSettingsTest.php index ef482ee..69af511 100644 --- a/core/modules/block/lib/Drupal/block/Tests/BlockUserAccountSettingsTest.php +++ b/core/modules/block/lib/Drupal/block/Tests/BlockUserAccountSettingsTest.php @@ -31,7 +31,7 @@ public static function getInfo() { public function setUp() { parent::setUp(); - $admin_user = $this->drupalCreateUser(array('administer users')); + $admin_user = $this->drupalCreateUser(array('administer users', 'administer user fields')); $this->drupalLogin($admin_user); } diff --git a/core/modules/comment/comment.module b/core/modules/comment/comment.module index e700723..e0d3586 100644 --- a/core/modules/comment/comment.module +++ b/core/modules/comment/comment.module @@ -117,7 +117,6 @@ function comment_entity_info(&$info) { 'path' => 'admin/structure/types/manage/%comment_node_type/comment', 'bundle argument' => 4, 'real path' => 'admin/structure/types/manage/' . $type . '/comment', - 'access arguments' => array('administer content types'), ), ); } diff --git a/core/modules/comment/lib/Drupal/comment/Tests/CommentTestBase.php b/core/modules/comment/lib/Drupal/comment/Tests/CommentTestBase.php index 902dbdd..8241e0f 100644 --- a/core/modules/comment/lib/Drupal/comment/Tests/CommentTestBase.php +++ b/core/modules/comment/lib/Drupal/comment/Tests/CommentTestBase.php @@ -57,6 +57,7 @@ function setUp() { $this->admin_user = $this->drupalCreateUser(array( 'administer content types', 'administer comments', + 'administer comment fields', 'skip comment approval', 'post comments', 'access comments', diff --git a/core/modules/field_ui/field_ui.module b/core/modules/field_ui/field_ui.module index a04c0dd..32713f1 100644 --- a/core/modules/field_ui/field_ui.module +++ b/core/modules/field_ui/field_ui.module @@ -94,11 +94,15 @@ function field_ui_menu() { // items below. $field_position = count(explode('/', $path)) + 1; - // Extract access information, providing defaults. - $access = array_intersect_key($bundle_info['admin'], drupal_map_assoc(array('access callback', 'access arguments'))); - $access += array( + // User access check to be done against the permission to edit + // fields or the display per entity type. + $access_fields = array( 'access callback' => 'user_access', - 'access arguments' => array('administer site configuration'), + 'access arguments' => array('administer ' . $entity_type . ' fields'), + ); + $access_display = array( + 'access callback' => 'user_access', + 'access arguments' => array('administer ' . $entity_type . ' display'), ); $items["$path/fields"] = array( @@ -108,7 +112,7 @@ function field_ui_menu() { 'type' => MENU_LOCAL_TASK, 'weight' => 1, 'file' => 'field_ui.admin.inc', - ) + $access; + ) + $access_fields; $items["$path/fields/%field_ui_menu"] = array( 'load arguments' => array($entity_type, $bundle_arg, $bundle_pos, '%map'), 'title callback' => 'field_ui_menu_title', @@ -116,7 +120,7 @@ function field_ui_menu() { 'page callback' => 'drupal_get_form', 'page arguments' => array('field_ui_field_edit_form', $field_position), 'file' => 'field_ui.admin.inc', - ) + $access; + ) + $access_fields; $items["$path/fields/%field_ui_menu/edit"] = array( 'load arguments' => array($entity_type, $bundle_arg, $bundle_pos, '%map'), 'title' => 'Edit', @@ -124,7 +128,7 @@ function field_ui_menu() { 'page arguments' => array('field_ui_field_edit_form', $field_position), 'type' => MENU_DEFAULT_LOCAL_TASK, 'file' => 'field_ui.admin.inc', - ) + $access; + ) + $access_fields; $items["$path/fields/%field_ui_menu/field-settings"] = array( 'load arguments' => array($entity_type, $bundle_arg, $bundle_pos, '%map'), 'title' => 'Field settings', @@ -132,7 +136,7 @@ function field_ui_menu() { 'page arguments' => array('field_ui_field_settings_form', $field_position), 'type' => MENU_LOCAL_TASK, 'file' => 'field_ui.admin.inc', - ) + $access; + ) + $access_fields; $items["$path/fields/%field_ui_menu/widget-type"] = array( 'load arguments' => array($entity_type, $bundle_arg, $bundle_pos, '%map'), 'title' => 'Widget type', @@ -140,7 +144,7 @@ function field_ui_menu() { 'page arguments' => array('field_ui_widget_type_form', $field_position), 'type' => MENU_LOCAL_TASK, 'file' => 'field_ui.admin.inc', - ) + $access; + ) + $access_fields; $items["$path/fields/%field_ui_menu/delete"] = array( 'load arguments' => array($entity_type, $bundle_arg, $bundle_pos, '%map'), 'title' => 'Delete', @@ -149,7 +153,7 @@ function field_ui_menu() { 'type' => MENU_VISIBLE_IN_BREADCRUMB, 'weight' => 10, 'file' => 'field_ui.admin.inc', - ) + $access; + ) + $access_fields; // 'Manage display' tab. $items["$path/display"] = array( @@ -159,7 +163,7 @@ function field_ui_menu() { 'type' => MENU_LOCAL_TASK, 'weight' => 2, 'file' => 'field_ui.admin.inc', - ) + $access; + ) + $access_display; // View modes secondary tabs. // The same base $path for the menu item (with a placeholder) can be @@ -179,7 +183,7 @@ function field_ui_menu() { // display' setting for the view mode, and the overall access // rules for the bundle admin pages. 'access callback' => '_field_ui_view_mode_menu_access', - 'access arguments' => array_merge(array($entity_type, $bundle_arg, $view_mode, $access['access callback']), $access['access arguments']), + 'access arguments' => array_merge(array($entity_type, $bundle_arg, $view_mode, $access_display['access callback']), $access_display['access arguments']), 'type' => ($view_mode == 'default' ? MENU_DEFAULT_LOCAL_TASK : MENU_LOCAL_TASK), 'weight' => ($view_mode == 'default' ? -10 : $weight++), 'file' => 'field_ui.admin.inc', @@ -193,6 +197,30 @@ function field_ui_menu() { } /** + * Implements hook_permission(). + */ +function field_ui_permission() { + $permissions = array(); + + foreach (entity_get_info() as $entity_type => $entity_info) { + if ($entity_info['fieldable']) { + // Create a permission for each fieldable entity to manage + // the fields and the display. + $label = strtolower($entity_info['label']); + $permissions['administer ' . $label . ' fields'] = array( + 'title' => t('Administer ' . $label . ' fields'), + 'restrict access' => TRUE, + ); + $permissions['administer ' . $label . ' display'] = array( + 'title' => t('Administer ' . $label . ' display') + ); + } + } + + return $permissions; +} + +/** * Menu loader callback: Loads a field instance based on field and bundle name. * * @param $field_name diff --git a/core/modules/image/lib/Drupal/image/Tests/ImageFieldTestBase.php b/core/modules/image/lib/Drupal/image/Tests/ImageFieldTestBase.php index fc964ac..08c6110 100644 --- a/core/modules/image/lib/Drupal/image/Tests/ImageFieldTestBase.php +++ b/core/modules/image/lib/Drupal/image/Tests/ImageFieldTestBase.php @@ -50,7 +50,7 @@ function setUp() { $this->drupalCreateContentType(array('type' => 'article', 'name' => 'Article')); } - $this->admin_user = $this->drupalCreateUser(array('access content', 'access administration pages', 'administer site configuration', 'administer content types', 'administer nodes', 'create article content', 'edit any article content', 'delete any article content', 'administer image styles')); + $this->admin_user = $this->drupalCreateUser(array('access content', 'access administration pages', 'administer site configuration', 'administer content types', 'administer node fields', 'administer nodes', 'create article content', 'edit any article content', 'delete any article content', 'administer image styles')); $this->drupalLogin($this->admin_user); } diff --git a/core/modules/node/content_types.inc b/core/modules/node/content_types.inc index 999de7f..ea00db6 100644 --- a/core/modules/node/content_types.inc +++ b/core/modules/node/content_types.inc @@ -30,12 +30,14 @@ function node_overview_types() { 'weight' => 0, ); - if ($field_ui) { + if ($field_ui && user_access('administer node fields')) { $links['fields'] = array( 'title' => t('manage fields'), 'href' => 'admin/structure/types/manage/' . $type->type . '/fields', 'weight' => 5, ); + } + if ($field_ui && user_access('administer node display')) { $links['display'] = array( 'title' => t('manage display'), 'href' => 'admin/structure/types/manage/' . $type->type . '/display', diff --git a/core/modules/node/lib/Drupal/node/Tests/NodeAccessFieldTest.php b/core/modules/node/lib/Drupal/node/Tests/NodeAccessFieldTest.php index 8dd2ab6..130eafd 100644 --- a/core/modules/node/lib/Drupal/node/Tests/NodeAccessFieldTest.php +++ b/core/modules/node/lib/Drupal/node/Tests/NodeAccessFieldTest.php @@ -34,7 +34,7 @@ public function setUp() { // Create some users. $this->admin_user = $this->drupalCreateUser(array('access content', 'bypass node access')); - $this->content_admin_user = $this->drupalCreateUser(array('access content', 'administer content types')); + $this->content_admin_user = $this->drupalCreateUser(array('access content', 'administer content types', 'administer node fields')); // Add a custom field to the page content type. $this->field_name = drupal_strtolower($this->randomName() . '_field_name'); diff --git a/core/modules/node/lib/Drupal/node/Tests/NodeTypeInitialLanguageTest.php b/core/modules/node/lib/Drupal/node/Tests/NodeTypeInitialLanguageTest.php index 5c906d7..7041a30 100644 --- a/core/modules/node/lib/Drupal/node/Tests/NodeTypeInitialLanguageTest.php +++ b/core/modules/node/lib/Drupal/node/Tests/NodeTypeInitialLanguageTest.php @@ -30,7 +30,7 @@ public static function getInfo() { function setUp() { parent::setUp(); - $web_user = $this->drupalCreateUser(array('bypass node access', 'administer content types', 'administer languages')); + $web_user = $this->drupalCreateUser(array('bypass node access', 'administer content types', 'administer node fields', 'administer node display', 'administer languages')); $this->drupalLogin($web_user); } diff --git a/core/modules/node/lib/Drupal/node/Tests/NodeTypeTest.php b/core/modules/node/lib/Drupal/node/Tests/NodeTypeTest.php index 944af15..5b0435b 100644 --- a/core/modules/node/lib/Drupal/node/Tests/NodeTypeTest.php +++ b/core/modules/node/lib/Drupal/node/Tests/NodeTypeTest.php @@ -80,7 +80,7 @@ function testNodeTypeCreation() { * Tests editing a node type using the UI. */ function testNodeTypeEditing() { - $web_user = $this->drupalCreateUser(array('bypass node access', 'administer content types')); + $web_user = $this->drupalCreateUser(array('bypass node access', 'administer content types', 'administer node fields')); $this->drupalLogin($web_user); $instance = field_info_instance('node', 'body', 'page'); diff --git a/core/modules/node/node.module b/core/modules/node/node.module index 08d7810..7a0904b 100644 --- a/core/modules/node/node.module +++ b/core/modules/node/node.module @@ -205,7 +205,6 @@ function node_entity_info(&$info) { 'path' => 'admin/structure/types/manage/%node_type', 'real path' => 'admin/structure/types/manage/' . $type, 'bundle argument' => 4, - 'access arguments' => array('administer content types'), ), ); } diff --git a/core/modules/picture/lib/Drupal/picture/Tests/PictureFieldDisplayTest.php b/core/modules/picture/lib/Drupal/picture/Tests/PictureFieldDisplayTest.php index 69b0231..7798eae 100644 --- a/core/modules/picture/lib/Drupal/picture/Tests/PictureFieldDisplayTest.php +++ b/core/modules/picture/lib/Drupal/picture/Tests/PictureFieldDisplayTest.php @@ -46,6 +46,7 @@ public function setUp() { 'access administration pages', 'administer site configuration', 'administer content types', + 'administer node display', 'administer nodes', 'create article content', 'edit any article content', diff --git a/core/modules/taxonomy/lib/Drupal/taxonomy/Tests/RssTest.php b/core/modules/taxonomy/lib/Drupal/taxonomy/Tests/RssTest.php index e87d931..483c954 100644 --- a/core/modules/taxonomy/lib/Drupal/taxonomy/Tests/RssTest.php +++ b/core/modules/taxonomy/lib/Drupal/taxonomy/Tests/RssTest.php @@ -30,7 +30,7 @@ public static function getInfo() { function setUp() { parent::setUp(); - $this->admin_user = $this->drupalCreateUser(array('administer taxonomy', 'bypass node access', 'administer content types')); + $this->admin_user = $this->drupalCreateUser(array('administer taxonomy', 'bypass node access', 'administer content types', 'administer node display')); $this->drupalLogin($this->admin_user); $this->vocabulary = $this->createVocabulary(); diff --git a/core/modules/taxonomy/taxonomy.module b/core/modules/taxonomy/taxonomy.module index d8ea5b7..99b9a18 100644 --- a/core/modules/taxonomy/taxonomy.module +++ b/core/modules/taxonomy/taxonomy.module @@ -116,7 +116,6 @@ function taxonomy_entity_info(&$info) { 'path' => 'admin/structure/taxonomy/%taxonomy_vocabulary_machine_name', 'real path' => 'admin/structure/taxonomy/' . $machine_name, 'bundle argument' => 3, - 'access arguments' => array('administer taxonomy'), ), ); } diff --git a/core/modules/translation_entity/translation_entity.pages.inc b/core/modules/translation_entity/translation_entity.pages.inc index be06e6a..3b930c9 100644 --- a/core/modules/translation_entity/translation_entity.pages.inc +++ b/core/modules/translation_entity/translation_entity.pages.inc @@ -20,7 +20,7 @@ function translation_entity_overview(EntityInterface $entity) { $languages = language_list(); $original = $entity->language()->langcode; $translations = $entity->getTranslationLanguages(); - $field_ui = module_exists('field_ui'); + $field_ui = module_exists('field_ui') && user_access('administer ' . $entity->entityType() . ' fields'); $path = $controller->getViewPath($entity); $base_path = $controller->getBasePath($entity); diff --git a/core/modules/user/lib/Drupal/user/Plugin/Core/Entity/User.php b/core/modules/user/lib/Drupal/user/Plugin/Core/Entity/User.php index dbedf89..f57d4fe 100644 --- a/core/modules/user/lib/Drupal/user/Plugin/Core/Entity/User.php +++ b/core/modules/user/lib/Drupal/user/Plugin/Core/Entity/User.php @@ -39,7 +39,6 @@ * "label" = "User", * "admin" = { * "path" = "admin/config/people/accounts", - * "access arguments" = {"administer users"} * } * } * },