diff --git a/core/core.services.yml b/core/core.services.yml index 8a24ee7..192af35 100644 --- a/core/core.services.yml +++ b/core/core.services.yml @@ -390,6 +390,12 @@ services: class: Drupal\Core\EventSubscriber\AccessSubscriber tags: - { name: event_subscriber } + arguments: ['@access_manager', '@current_user'] + scope: request + access_route_subscriber: + class: Drupal\Core\EventSubscriber\AccessRouteSubscriber + tags: + - { name: event_subscriber } arguments: ['@access_manager'] access_check.default: class: Drupal\Core\Access\DefaultAccessCheck diff --git a/core/includes/menu.inc b/core/includes/menu.inc index d205ac0..a31e892 100644 --- a/core/includes/menu.inc +++ b/core/includes/menu.inc @@ -970,6 +970,7 @@ function _menu_link_translate(&$item, $translate = FALSE) { function menu_item_route_access(Route $route, $href, &$map) { $request = Request::create('/' . $href); $request->attributes->set('_system_path', $href); + $request->attributes->set('_account', Drupal::request()->attributes->get('_account')); // Attempt to match this path to provide a fully built request to the // access checker. try { diff --git a/core/lib/Drupal/Core/Access/AccessInterface.php b/core/lib/Drupal/Core/Access/AccessInterface.php index f555ecb..b79a549 100644 --- a/core/lib/Drupal/Core/Access/AccessInterface.php +++ b/core/lib/Drupal/Core/Access/AccessInterface.php @@ -7,6 +7,7 @@ namespace Drupal\Core\Access; +use Drupal\Core\Session\AccountInterface; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\Routing\Route; @@ -47,12 +48,14 @@ * The route to check against. * @param \Symfony\Component\HttpFoundation\Request $request * The request object. + * @param \Drupal\Core\Session\AccountInterface $account + * The currently logged in account. * * @return mixed * TRUE if access is allowed. * FALSE if not. * NULL if no opinion. */ - public function access(Route $route, Request $request); + public function access(Route $route, Request $request, AccountInterface $account); } diff --git a/core/lib/Drupal/Core/Access/AccessManager.php b/core/lib/Drupal/Core/Access/AccessManager.php index a3b6191..7e5cb6a 100644 --- a/core/lib/Drupal/Core/Access/AccessManager.php +++ b/core/lib/Drupal/Core/Access/AccessManager.php @@ -9,6 +9,7 @@ use Drupal\Core\ParamConverter\ParamConverterManager; use Drupal\Core\Routing\RouteProviderInterface; +use Drupal\Core\Session\AccountInterface; use Symfony\Component\Routing\Generator\UrlGeneratorInterface; use Symfony\Component\Routing\RouteCollection; use Symfony\Component\Routing\Route; @@ -179,6 +180,8 @@ protected function applies(Route $route) { * The route to check access to. * @param array $parameters * Optional array of values to substitute into the route path patern. + * @param \Drupal\Core\Session\AccountInterface $account + * The current user. * @param \Symfony\Component\HttpFoundation\Request $route_request * Optional incoming request object. If not provided, one will be built * using the route information and the current request from the container. @@ -186,18 +189,17 @@ protected function applies(Route $route) { * @return bool * Returns TRUE if the user has access to the route, otherwise FALSE. */ - public function checkNamedRoute($route_name, array $parameters = array(), Request $route_request = NULL) { + public function checkNamedRoute($route_name, array $parameters = array(), AccountInterface $account, Request $route_request = NULL) { try { $route = $this->routeProvider->getRouteByName($route_name, $parameters); if (empty($route_request)) { // Create a request and copy the account from the current request. $route_request = Request::create($this->urlGenerator->generate($route_name, $parameters)); $defaults = $parameters; - $defaults['_account'] = $this->request->attributes->get('_account'); $defaults[RouteObjectInterface::ROUTE_OBJECT] = $route; $route_request->attributes->add($this->paramConverterManager->enhance($defaults, $route_request)); } - return $this->check($route, $route_request); + return $this->check($route, $route_request, $account); } catch (RouteNotFoundException $e) { return FALSE; @@ -216,23 +218,21 @@ public function checkNamedRoute($route_name, array $parameters = array(), Reques * The route to check access to. * @param \Symfony\Component\HttpFoundation\Request $request * The incoming request object. + * @param \Drupal\Core\Session\AccountInterface $account + * The current account. * * @return bool * Returns TRUE if the user has access to the route, otherwise FALSE. - * - * @throws \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException - * If any access check denies access or none explicitly approve. */ - public function check(Route $route, Request $request) { + public function check(Route $route, Request $request, AccountInterface $account) { $checks = $route->getOption('_access_checks') ?: array(); - $conjunction = $route->getOption('_access_mode') ?: 'ANY'; if ($conjunction == 'ALL') { - return $this->checkAll($checks, $route, $request); + return $this->checkAll($checks, $route, $request, $account); } else { - return $this->checkAny($checks, $route, $request); + return $this->checkAny($checks, $route, $request, $account); } } @@ -245,11 +245,13 @@ public function check(Route $route, Request $request) { * The route to check access to. * @param \Symfony\Component\HttpFoundation\Request $request * The incoming request object. + * @param \Drupal\Core\Session\AccountInterface $account + * The current user. * * @return bool * Returns TRUE if the user has access to the route, else FALSE. */ - protected function checkAll(array $checks, Route $route, Request $request) { + protected function checkAll(array $checks, Route $route, Request $request, AccountInterface $account) { $access = FALSE; foreach ($checks as $service_id) { @@ -257,7 +259,7 @@ protected function checkAll(array $checks, Route $route, Request $request) { $this->loadCheck($service_id); } - $service_access = $this->checks[$service_id]->access($route, $request); + $service_access = $this->checks[$service_id]->access($route, $request, $account); if ($service_access === AccessInterface::ALLOW) { $access = TRUE; } @@ -280,11 +282,13 @@ protected function checkAll(array $checks, Route $route, Request $request) { * The route to check access to. * @param \Symfony\Component\HttpFoundation\Request $request * The incoming request object. + * @param \Drupal\Core\Session\AccountInterface $account + * The current user. * * @return bool * Returns TRUE if the user has access to the route, else FALSE. */ - protected function checkAny(array $checks, $route, $request) { + protected function checkAny(array $checks, $route, $request, AccountInterface $account) { // No checks == deny by default. $access = FALSE; @@ -293,7 +297,7 @@ protected function checkAny(array $checks, $route, $request) { $this->loadCheck($service_id); } - $service_access = $this->checks[$service_id]->access($route, $request); + $service_access = $this->checks[$service_id]->access($route, $request, $account); if ($service_access === AccessInterface::ALLOW) { $access = TRUE; } diff --git a/core/lib/Drupal/Core/Access/DefaultAccessCheck.php b/core/lib/Drupal/Core/Access/DefaultAccessCheck.php index 46f8a63..123fc5d 100644 --- a/core/lib/Drupal/Core/Access/DefaultAccessCheck.php +++ b/core/lib/Drupal/Core/Access/DefaultAccessCheck.php @@ -7,6 +7,7 @@ namespace Drupal\Core\Access; +use Drupal\Core\Session\AccountInterface; use Symfony\Component\Routing\Route; use Symfony\Component\HttpFoundation\Request; @@ -25,7 +26,7 @@ public function appliesTo() { /** * {@inheritdoc} */ - public function access(Route $route, Request $request) { + public function access(Route $route, Request $request, AccountInterface $account) { if ($route->getRequirement('_access') === 'TRUE') { return static::ALLOW; } diff --git a/core/lib/Drupal/Core/Entity/EntityAccessCheck.php b/core/lib/Drupal/Core/Entity/EntityAccessCheck.php index 281fb09..06ad0b7 100644 --- a/core/lib/Drupal/Core/Entity/EntityAccessCheck.php +++ b/core/lib/Drupal/Core/Entity/EntityAccessCheck.php @@ -8,6 +8,7 @@ namespace Drupal\Core\Entity; use Drupal\Core\Entity\EntityInterface; +use Drupal\Core\Session\AccountInterface; use Symfony\Component\Routing\Route; use Symfony\Component\HttpFoundation\Request; use Drupal\Core\Access\StaticAccessCheckInterface; @@ -37,7 +38,7 @@ public function appliesTo() { * @endcode * Available operations are 'view', 'update', 'create', and 'delete'. */ - public function access(Route $route, Request $request) { + public function access(Route $route, Request $request, AccountInterface $account) { // Split the entity type and the operation. $requirement = $route->getRequirement('_entity_access'); list($entity_type, $operation) = explode('.', $requirement); @@ -45,7 +46,7 @@ public function access(Route $route, Request $request) { if ($request->attributes->has($entity_type)) { $entity = $request->attributes->get($entity_type); if ($entity instanceof EntityInterface) { - return $entity->access($operation) ? static::ALLOW : static::DENY; + return $entity->access($operation, $account) ? static::ALLOW : static::DENY; } } // No opinion, so other access checks should decide if access should be diff --git a/core/lib/Drupal/Core/Entity/EntityCreateAccessCheck.php b/core/lib/Drupal/Core/Entity/EntityCreateAccessCheck.php index 7f8e1a7..5cdd6ec 100644 --- a/core/lib/Drupal/Core/Entity/EntityCreateAccessCheck.php +++ b/core/lib/Drupal/Core/Entity/EntityCreateAccessCheck.php @@ -8,6 +8,7 @@ namespace Drupal\Core\Entity; use Drupal\Core\Access\StaticAccessCheckInterface; +use Drupal\Core\Session\AccountInterface; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\Routing\Route; @@ -50,9 +51,9 @@ public function appliesTo() { /** * {@inheritdoc} */ - public function access(Route $route, Request $request) { + public function access(Route $route, Request $request, AccountInterface $account) { list($entity_type, $bundle) = explode(':', $route->getRequirement($this->requirementsKey) . ':'); - return $this->entityManager->getAccessController($entity_type)->createAccess($bundle) ? static::ALLOW : static::DENY; + return $this->entityManager->getAccessController($entity_type)->createAccess($bundle, $account) ? static::ALLOW : static::DENY; } } diff --git a/core/lib/Drupal/Core/EventSubscriber/AccessSubscriber.php b/core/lib/Drupal/Core/EventSubscriber/AccessRouteSubscriber.php similarity index 52% copy from core/lib/Drupal/Core/EventSubscriber/AccessSubscriber.php copy to core/lib/Drupal/Core/EventSubscriber/AccessRouteSubscriber.php index 6f18839..1d19c33 100644 --- a/core/lib/Drupal/Core/EventSubscriber/AccessSubscriber.php +++ b/core/lib/Drupal/Core/EventSubscriber/AccessRouteSubscriber.php @@ -2,24 +2,27 @@ /** * @file - * Contains Drupal\Core\EventSubscriber\AccessSubscriber. + * Contains \Drupal\Core\EventSubscriber\AccessRouteSubscriber. */ namespace Drupal\Core\EventSubscriber; -use Symfony\Cmf\Component\Routing\RouteObjectInterface; -use Symfony\Component\HttpKernel\KernelEvents; -use Symfony\Component\HttpKernel\Event\GetResponseEvent; -use Symfony\Component\EventDispatcher\EventSubscriberInterface; -use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException; -use Drupal\Core\Routing\RoutingEvents; use Drupal\Core\Access\AccessManager; use Drupal\Core\Routing\RouteBuildEvent; +use Drupal\Core\Routing\RoutingEvents; +use Symfony\Component\EventDispatcher\EventSubscriberInterface; /** - * Access subscriber for controller requests. + * Provides a subscriber to set access checkers on route building. */ -class AccessSubscriber implements EventSubscriberInterface { +class AccessRouteSubscriber implements EventSubscriberInterface { + + /** + * The access manager. + * + * @var \Drupal\Core\Access\AccessManager + */ + protected $accessManager; /** * Constructs a new AccessSubscriber. @@ -33,26 +36,6 @@ public function __construct(AccessManager $access_manager) { } /** - * Verifies that the current user can access the requested path. - * - * @param \Symfony\Component\HttpKernel\Event\GetResponseEvent $event - * The Event to process. - */ - public function onKernelRequestAccessCheck(GetResponseEvent $event) { - $request = $event->getRequest(); - if (!$request->attributes->has(RouteObjectInterface::ROUTE_OBJECT)) { - // If no Route is available it is likely a static resource and access is - // handled elsewhere. - return; - } - - $access = $this->accessManager->check($request->attributes->get(RouteObjectInterface::ROUTE_OBJECT), $request); - if (!$access) { - throw new AccessDeniedHttpException(); - } - } - - /** * Apply access checks to routes. * * @param \Drupal\Core\Routing\RouteBuildEvent $event @@ -69,7 +52,6 @@ public function onRoutingRouteAlterSetAccessCheck(RouteBuildEvent $event) { * An array of event listener definitions. */ static function getSubscribedEvents() { - $events[KernelEvents::REQUEST][] = array('onKernelRequestAccessCheck', 30); // Setting very low priority to ensure access checks are run after alters. $events[RoutingEvents::ALTER][] = array('onRoutingRouteAlterSetAccessCheck', 0); diff --git a/core/lib/Drupal/Core/EventSubscriber/AccessSubscriber.php b/core/lib/Drupal/Core/EventSubscriber/AccessSubscriber.php index 6f18839..4c0e13f 100644 --- a/core/lib/Drupal/Core/EventSubscriber/AccessSubscriber.php +++ b/core/lib/Drupal/Core/EventSubscriber/AccessSubscriber.php @@ -7,6 +7,7 @@ namespace Drupal\Core\EventSubscriber; +use Drupal\Core\Session\AccountInterface; use Symfony\Cmf\Component\Routing\RouteObjectInterface; use Symfony\Component\HttpKernel\KernelEvents; use Symfony\Component\HttpKernel\Event\GetResponseEvent; @@ -22,14 +23,31 @@ class AccessSubscriber implements EventSubscriberInterface { /** + * The access manager. + * + * @var \Drupal\Core\Access\AccessManager + */ + protected $accessManager; + + /** + * The current user. + * + * @var \Drupal\Core\Session\AccountInterface + */ + protected $account; + + /** * Constructs a new AccessSubscriber. * * @param \Drupal\Core\Access\AccessManager $access_manager * The access check manager that will be responsible for applying * AccessCheckers against routes. + * @param \Drupal\Core\Session\AccountInterface $account + * The current account. */ - public function __construct(AccessManager $access_manager) { + public function __construct(AccessManager $access_manager, AccountInterface $account) { $this->accessManager = $access_manager; + $this->account = $account; } /** @@ -37,6 +55,9 @@ public function __construct(AccessManager $access_manager) { * * @param \Symfony\Component\HttpKernel\Event\GetResponseEvent $event * The Event to process. + * + * @throws \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException + * Thrown when the user does not have access. */ public function onKernelRequestAccessCheck(GetResponseEvent $event) { $request = $event->getRequest(); @@ -46,23 +67,13 @@ public function onKernelRequestAccessCheck(GetResponseEvent $event) { return; } - $access = $this->accessManager->check($request->attributes->get(RouteObjectInterface::ROUTE_OBJECT), $request); + $access = $this->accessManager->check($request->attributes->get(RouteObjectInterface::ROUTE_OBJECT), $request, $this->account); if (!$access) { throw new AccessDeniedHttpException(); } } /** - * Apply access checks to routes. - * - * @param \Drupal\Core\Routing\RouteBuildEvent $event - * The event to process. - */ - public function onRoutingRouteAlterSetAccessCheck(RouteBuildEvent $event) { - $this->accessManager->setChecks($event->getRouteCollection()); - } - - /** * Registers the methods in this class that should be listeners. * * @return array @@ -70,9 +81,8 @@ public function onRoutingRouteAlterSetAccessCheck(RouteBuildEvent $event) { */ static function getSubscribedEvents() { $events[KernelEvents::REQUEST][] = array('onKernelRequestAccessCheck', 30); - // Setting very low priority to ensure access checks are run after alters. - $events[RoutingEvents::ALTER][] = array('onRoutingRouteAlterSetAccessCheck', 0); return $events; } + } diff --git a/core/modules/aggregator/lib/Drupal/aggregator/Access/CategoriesAccessCheck.php b/core/modules/aggregator/lib/Drupal/aggregator/Access/CategoriesAccessCheck.php index 32a0aa1..234dd3f 100644 --- a/core/modules/aggregator/lib/Drupal/aggregator/Access/CategoriesAccessCheck.php +++ b/core/modules/aggregator/lib/Drupal/aggregator/Access/CategoriesAccessCheck.php @@ -9,6 +9,7 @@ use Drupal\Core\Access\StaticAccessCheckInterface; use Drupal\Core\Database\Connection; +use Drupal\Core\Session\AccountInterface; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\Routing\Route; diff --git a/core/modules/block/lib/Drupal/block/Access/BlockThemeAccessCheck.php b/core/modules/block/lib/Drupal/block/Access/BlockThemeAccessCheck.php index 97b53d4..63e2d2c 100644 --- a/core/modules/block/lib/Drupal/block/Access/BlockThemeAccessCheck.php +++ b/core/modules/block/lib/Drupal/block/Access/BlockThemeAccessCheck.php @@ -8,6 +8,7 @@ namespace Drupal\block\Access; use Drupal\Core\Access\StaticAccessCheckInterface; +use Drupal\Core\Session\AccountInterface; use Symfony\Component\Routing\Route; use Symfony\Component\HttpFoundation\Request; @@ -26,9 +27,9 @@ public function appliesTo() { /** * {@inheritdoc} */ - public function access(Route $route, Request $request) { + public function access(Route $route, Request $request, AccountInterface $account) { $theme = $request->attributes->get('theme'); - return (user_access('administer blocks') && drupal_theme_access($theme)) ? static::ALLOW : static::DENY; + return ($account->hasPermission('administer blocks') && drupal_theme_access($theme)) ? static::ALLOW : static::DENY; } } diff --git a/core/modules/edit/lib/Drupal/edit/Access/EditEntityAccessCheck.php b/core/modules/edit/lib/Drupal/edit/Access/EditEntityAccessCheck.php index bce4160..da3df51 100644 --- a/core/modules/edit/lib/Drupal/edit/Access/EditEntityAccessCheck.php +++ b/core/modules/edit/lib/Drupal/edit/Access/EditEntityAccessCheck.php @@ -8,6 +8,7 @@ namespace Drupal\edit\Access; use Drupal\Core\Access\StaticAccessCheckInterface; +use Drupal\Core\Session\AccountInterface; use Symfony\Component\Routing\Route; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpKernel\Exception\NotFoundHttpException; @@ -29,7 +30,7 @@ public function appliesTo() { /** * {@inheritdoc} */ - public function access(Route $route, Request $request) { + public function access(Route $route, Request $request, AccountInterface $account) { // @todo Request argument validation and object loading should happen // elsewhere in the request processing pipeline: // http://drupal.org/node/1798214. diff --git a/core/modules/edit/lib/Drupal/edit/Access/EditEntityFieldAccessCheck.php b/core/modules/edit/lib/Drupal/edit/Access/EditEntityFieldAccessCheck.php index 9559be7..8590987 100644 --- a/core/modules/edit/lib/Drupal/edit/Access/EditEntityFieldAccessCheck.php +++ b/core/modules/edit/lib/Drupal/edit/Access/EditEntityFieldAccessCheck.php @@ -9,6 +9,7 @@ use Drupal\Core\Access\StaticAccessCheckInterface; use Drupal\edit\Access\EditEntityFieldAccessCheckInterface; +use Drupal\Core\Session\AccountInterface; use Symfony\Component\Routing\Route; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpKernel\Exception\NotFoundHttpException; @@ -29,7 +30,7 @@ public function appliesTo() { /** * {@inheritdoc} */ - public function access(Route $route, Request $request) { + public function access(Route $route, Request $request, AccountInterface $account) { // @todo Request argument validation and object loading should happen // elsewhere in the request processing pipeline: // http://drupal.org/node/1798214. diff --git a/core/modules/field_ui/lib/Drupal/field_ui/Access/FormModeAccessCheck.php b/core/modules/field_ui/lib/Drupal/field_ui/Access/FormModeAccessCheck.php index 928b12f..492ec5b 100644 --- a/core/modules/field_ui/lib/Drupal/field_ui/Access/FormModeAccessCheck.php +++ b/core/modules/field_ui/lib/Drupal/field_ui/Access/FormModeAccessCheck.php @@ -8,6 +8,7 @@ namespace Drupal\field_ui\Access; use Drupal\Core\Access\StaticAccessCheckInterface; +use Drupal\Core\Session\AccountInterface; use Symfony\Component\Routing\Route; use Symfony\Component\HttpFoundation\Request; @@ -26,7 +27,7 @@ public function appliesTo() { /** * {@inheritdoc} */ - public function access(Route $route, Request $request) { + public function access(Route $route, Request $request, AccountInterface $account) { if ($entity_type = $request->attributes->get('entity_type')) { $bundle = $request->attributes->get('bundle'); $form_mode = $request->attributes->get('mode'); @@ -35,7 +36,7 @@ public function access(Route $route, Request $request) { $visibility = ($form_mode == 'default') || !empty($form_mode_settings[$form_mode]['status']); if ($visibility) { $permission = $route->getRequirement('_field_ui_form_mode_access'); - return user_access($permission) ? static::ALLOW : static::DENY; + return $account->hasPermission($permission) ? static::ALLOW : static::DENY; } } } diff --git a/core/modules/field_ui/lib/Drupal/field_ui/Access/ViewModeAccessCheck.php b/core/modules/field_ui/lib/Drupal/field_ui/Access/ViewModeAccessCheck.php index a431da2..0e557e7 100644 --- a/core/modules/field_ui/lib/Drupal/field_ui/Access/ViewModeAccessCheck.php +++ b/core/modules/field_ui/lib/Drupal/field_ui/Access/ViewModeAccessCheck.php @@ -8,6 +8,7 @@ namespace Drupal\field_ui\Access; use Drupal\Core\Access\StaticAccessCheckInterface; +use Drupal\Core\Session\AccountInterface; use Symfony\Component\Routing\Route; use Symfony\Component\HttpFoundation\Request; @@ -26,7 +27,7 @@ public function appliesTo() { /** * {@inheritdoc} */ - public function access(Route $route, Request $request) { + public function access(Route $route, Request $request, AccountInterface $account) { if ($entity_type = $request->attributes->get('entity_type')) { $bundle = $request->attributes->get('bundle'); $view_mode = $request->attributes->get('mode'); @@ -35,7 +36,7 @@ public function access(Route $route, Request $request) { $visibility = ($view_mode == 'default') || !empty($view_mode_settings[$view_mode]['status']); if ($visibility) { $permission = $route->getRequirement('_field_ui_view_mode_access'); - return user_access($permission) ? static::ALLOW : static::DENY; + return $account->hasPermission($permission) ? static::ALLOW : static::DENY; } } } diff --git a/core/modules/filter/lib/Drupal/filter/Access/FilterAccessCheck.php b/core/modules/filter/lib/Drupal/filter/Access/FilterAccessCheck.php index 0c7fc91..ff6fa8b 100644 --- a/core/modules/filter/lib/Drupal/filter/Access/FilterAccessCheck.php +++ b/core/modules/filter/lib/Drupal/filter/Access/FilterAccessCheck.php @@ -8,6 +8,7 @@ namespace Drupal\filter\Access; use Drupal\Core\Access\StaticAccessCheckInterface; +use Drupal\Core\Session\AccountInterface; use Symfony\Component\Routing\Route; use Symfony\Component\HttpFoundation\Request; @@ -26,7 +27,7 @@ public function appliesTo() { /** * {@inheritdoc} */ - public function access(Route $route, Request $request) { + public function access(Route $route, Request $request, AccountInterface $account) { if ($format = $request->attributes->get('filter_format')) { // Handle special cases up front. All users have access to the fallback // format. @@ -37,7 +38,7 @@ public function access(Route $route, Request $request) { // Check the permission if one exists; otherwise, we have a non-existent // format so we return FALSE. $permission = filter_permission_name($format); - return !empty($permission) && user_access($permission) ? static::ALLOW : static::DENY; + return !empty($permission) && $account->hasPermission($permission) ? static::ALLOW : static::DENY; } } } diff --git a/core/modules/filter/lib/Drupal/filter/Access/FormatDisableCheck.php b/core/modules/filter/lib/Drupal/filter/Access/FormatDisableCheck.php index be486d7..7653eaa 100644 --- a/core/modules/filter/lib/Drupal/filter/Access/FormatDisableCheck.php +++ b/core/modules/filter/lib/Drupal/filter/Access/FormatDisableCheck.php @@ -8,6 +8,7 @@ namespace Drupal\filter\Access; use Drupal\Core\Access\StaticAccessCheckInterface; +use Drupal\Core\Session\AccountInterface; use Symfony\Component\Routing\Route; use Symfony\Component\HttpFoundation\Request; @@ -26,9 +27,9 @@ public function appliesTo() { /** * Implements \Drupal\Core\Access\AccessCheckInterface::access(). */ - public function access(Route $route, Request $request) { + public function access(Route $route, Request $request, AccountInterface $account) { if ($format = $request->attributes->get('filter_format')) { - return (user_access('administer filters') && ($format->format != filter_fallback_format())) ? static::ALLOW : static::DENY; + return ($account->hasPermission('administer filters') && ($format->format != filter_fallback_format())) ? static::ALLOW : static::DENY; } return static::DENY; diff --git a/core/modules/node/lib/Drupal/node/Access/NodeRevisionAccessCheck.php b/core/modules/node/lib/Drupal/node/Access/NodeRevisionAccessCheck.php index aca491d..5e15cd3 100644 --- a/core/modules/node/lib/Drupal/node/Access/NodeRevisionAccessCheck.php +++ b/core/modules/node/lib/Drupal/node/Access/NodeRevisionAccessCheck.php @@ -72,9 +72,9 @@ public function applies(Route $route) { /** * {@inheritdoc} */ - public function access(Route $route, Request $request) { + public function access(Route $route, Request $request, AccountInterface $account) { $revision = $this->nodeStorage->loadRevision($request->attributes->get('node_revision')); - return $this->checkAccess($revision, $route->getRequirement('_access_node_revision')) ? static::ALLOW : static::DENY; + return $this->checkAccess($revision, $account, $route->getRequirement('_access_node_revision')) ? static::ALLOW : static::DENY; } /** @@ -82,12 +82,11 @@ public function access(Route $route, Request $request) { * * @param \Drupal\node\NodeInterface $node * The node to check. + * @param \Drupal\Core\Session\AccountInterface $account + * A user object representing the user for whom the operation is + * to be performed. * @param string $op * (optional) The specific operation being checked. Defaults to 'view.' - * @param \Drupal\Core\Session\AccountInterface|null $account - * (optional) A user object representing the user for whom the operation is - * to be performed. Determines access for a user other than the current user. - * Defaults to NULL. * @param string|null $langcode * (optional) Language code for the variant of the node. Different language * variants might have different permissions associated. If NULL, the @@ -96,7 +95,7 @@ public function access(Route $route, Request $request) { * @return bool * TRUE if the operation may be performed, FALSE otherwise. */ - public function checkAccess(NodeInterface $node, $op = 'view', AccountInterface $account = NULL, $langcode = NULL) { + public function checkAccess(NodeInterface $node, AccountInterface $account, $op = 'view', $langcode = NULL) { $map = array( 'view' => 'view all revisions', 'update' => 'revert all revisions', @@ -115,10 +114,6 @@ public function checkAccess(NodeInterface $node, $op = 'view', AccountInterface return FALSE; } - if (!isset($account)) { - $account = $GLOBALS['user']; - } - // If no language code was provided, default to the node revision's langcode. if (empty($langcode)) { $langcode = $node->language()->id; diff --git a/core/modules/node/node.module b/core/modules/node/node.module index 44f60e7..6c8b008 100644 --- a/core/modules/node/node.module +++ b/core/modules/node/node.module @@ -1075,7 +1075,7 @@ function theme_node_search_admin($variables) { * @see node_menu() */ function _node_revision_access(EntityInterface $node, $op = 'view', $account = NULL, $langcode = NULL) { - return Drupal::service('access_check.node.revision')->checkAccess($node, $op, $account, $langcode); + return Drupal::service('access_check.node.revision')->checkAccess($node, $account ?: \Drupal::currentUser(), $op, $langcode); } /** diff --git a/core/modules/overlay/lib/Drupal/overlay/Access/DismissMessageAccessCheck.php b/core/modules/overlay/lib/Drupal/overlay/Access/DismissMessageAccessCheck.php index fca139c..3bd55c7 100644 --- a/core/modules/overlay/lib/Drupal/overlay/Access/DismissMessageAccessCheck.php +++ b/core/modules/overlay/lib/Drupal/overlay/Access/DismissMessageAccessCheck.php @@ -8,6 +8,7 @@ namespace Drupal\overlay\Access; use Drupal\Core\Access\AccessCheckInterface; +use Drupal\Core\Session\AccountInterface; use Symfony\Component\Routing\Route; use Symfony\Component\HttpFoundation\Request; @@ -26,8 +27,7 @@ public function applies(Route $route) { /** * {@inheritdoc} */ - public function access(Route $route, Request $request) { - $account = $request->attributes->get('_account'); + public function access(Route $route, Request $request, AccountInterface $account) { if (!user_access('access overlay', $account)) { return static::DENY; } diff --git a/core/modules/rest/lib/Drupal/rest/Access/CSRFAccessCheck.php b/core/modules/rest/lib/Drupal/rest/Access/CSRFAccessCheck.php index e96e6f7..c53bcea 100644 --- a/core/modules/rest/lib/Drupal/rest/Access/CSRFAccessCheck.php +++ b/core/modules/rest/lib/Drupal/rest/Access/CSRFAccessCheck.php @@ -8,6 +8,7 @@ namespace Drupal\rest\Access; use Drupal\Core\Access\AccessCheckInterface; +use Drupal\Core\Session\AccountInterface; use Symfony\Component\Routing\Route; use Symfony\Component\HttpFoundation\Request; @@ -42,7 +43,7 @@ public function applies(Route $route) { /** * Implements AccessCheckInterface::access(). */ - public function access(Route $route, Request $request) { + public function access(Route $route, Request $request, AccountInterface $account) { $method = $request->getMethod(); $cookie = $request->cookies->get(session_name(), FALSE); // This check only applies if @@ -50,7 +51,7 @@ public function access(Route $route, Request $request) { // 2. the user was successfully authenticated and // 3. the request comes with a session cookie. if (!in_array($method, array('GET', 'HEAD', 'OPTIONS', 'TRACE')) - && $GLOBALS['user']->isAuthenticated() + && $account->isAuthenticated() && $cookie ) { $csrf_token = $request->headers->get('X-CSRF-Token'); diff --git a/core/modules/shortcut/lib/Drupal/shortcut/Access/LinkDeleteAccessCheck.php b/core/modules/shortcut/lib/Drupal/shortcut/Access/LinkDeleteAccessCheck.php index 30153df..97a0958 100644 --- a/core/modules/shortcut/lib/Drupal/shortcut/Access/LinkDeleteAccessCheck.php +++ b/core/modules/shortcut/lib/Drupal/shortcut/Access/LinkDeleteAccessCheck.php @@ -8,6 +8,7 @@ namespace Drupal\shortcut\Access; use Drupal\Core\Access\StaticAccessCheckInterface; +use Drupal\Core\Session\AccountInterface; use Symfony\Component\Routing\Route; use Symfony\Component\HttpFoundation\Request; @@ -26,7 +27,7 @@ public function appliesTo() { /** * {@inheritdoc} */ - public function access(Route $route, Request $request) { + public function access(Route $route, Request $request, AccountInterface $account) { $menu_link = $request->attributes->get('menu_link'); $set_name = str_replace('shortcut-', '', $menu_link['menu_name']); if ($shortcut_set = shortcut_set_load($set_name)) { diff --git a/core/modules/system/lib/Drupal/system/Access/CronAccessCheck.php b/core/modules/system/lib/Drupal/system/Access/CronAccessCheck.php index 05a131d..c5055bf 100644 --- a/core/modules/system/lib/Drupal/system/Access/CronAccessCheck.php +++ b/core/modules/system/lib/Drupal/system/Access/CronAccessCheck.php @@ -8,6 +8,7 @@ namespace Drupal\system\Access; use Drupal\Core\Access\StaticAccessCheckInterface; +use Drupal\Core\Session\AccountInterface; use Symfony\Component\Routing\Route; use Symfony\Component\HttpFoundation\Request; @@ -26,7 +27,7 @@ public function appliesTo() { /** * Implements AccessCheckInterface::access(). */ - public function access(Route $route, Request $request) { + public function access(Route $route, Request $request, AccountInterface $account) { $key = $request->attributes->get('key'); if ($key != \Drupal::state()->get('system.cron_key')) { watchdog('cron', 'Cron could not run because an invalid key was used.', array(), WATCHDOG_NOTICE); diff --git a/core/modules/system/tests/modules/router_test/lib/Drupal/router_test/Access/DefinedTestAccessCheck.php b/core/modules/system/tests/modules/router_test/lib/Drupal/router_test/Access/DefinedTestAccessCheck.php index f2cc4d9..7abafd4 100644 --- a/core/modules/system/tests/modules/router_test/lib/Drupal/router_test/Access/DefinedTestAccessCheck.php +++ b/core/modules/system/tests/modules/router_test/lib/Drupal/router_test/Access/DefinedTestAccessCheck.php @@ -8,6 +8,7 @@ namespace Drupal\router_test\Access; use Drupal\Core\Access\AccessCheckInterface; +use Drupal\Core\Session\AccountInterface; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\Routing\Route; @@ -26,7 +27,7 @@ public function applies(Route $route) { /** * {@inheritdoc} */ - public function access(Route $route, Request $request) { + public function access(Route $route, Request $request, AccountInterface $account) { if ($route->getRequirement('_test_access') === 'TRUE') { return static::ALLOW; } diff --git a/core/modules/system/tests/modules/router_test/lib/Drupal/router_test/Access/TestAccessCheck.php b/core/modules/system/tests/modules/router_test/lib/Drupal/router_test/Access/TestAccessCheck.php index 422bd26..2f3664a 100644 --- a/core/modules/system/tests/modules/router_test/lib/Drupal/router_test/Access/TestAccessCheck.php +++ b/core/modules/system/tests/modules/router_test/lib/Drupal/router_test/Access/TestAccessCheck.php @@ -8,6 +8,7 @@ namespace Drupal\router_test\Access; use Drupal\Core\Access\AccessCheckInterface; +use Drupal\Core\Session\AccountInterface; use Symfony\Component\Routing\Route; use Symfony\Component\HttpFoundation\Request; @@ -26,7 +27,7 @@ public function applies(Route $route) { /** * Implements AccessCheckInterface::access(). */ - public function access(Route $route, Request $request) { + public function access(Route $route, Request $request, AccountInterface $account) { // No opinion, so other access checks should decide if access should be // allowed or not. return static::DENY; diff --git a/core/modules/taxonomy/lib/Drupal/taxonomy/Access/TaxonomyTermCreateAccess.php b/core/modules/taxonomy/lib/Drupal/taxonomy/Access/TaxonomyTermCreateAccess.php index db620cb..21baa7c 100644 --- a/core/modules/taxonomy/lib/Drupal/taxonomy/Access/TaxonomyTermCreateAccess.php +++ b/core/modules/taxonomy/lib/Drupal/taxonomy/Access/TaxonomyTermCreateAccess.php @@ -8,6 +8,7 @@ namespace Drupal\taxonomy\Access; use Drupal\Core\Entity\EntityCreateAccessCheck; +use Drupal\Core\Session\AccountInterface; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\Routing\Route; @@ -24,12 +25,12 @@ class TaxonomyTermCreateAccess extends EntityCreateAccessCheck { /** * {@inheritdoc} */ - public function access(Route $route, Request $request) { + public function access(Route $route, Request $request, AccountInterface $account) { $entity_type = $route->getRequirement($this->requirementsKey); if ($vocabulary = $request->attributes->get('taxonomy_vocabulary')) { return $this->entityManager->getAccessController($entity_type)->createAccess($vocabulary->id()) ? static::ALLOW : static::DENY; } - return parent::access($route, $request); + return parent::access($route, $request, $account); } } diff --git a/core/modules/toolbar/lib/Drupal/toolbar/Access/SubtreeAccess.php b/core/modules/toolbar/lib/Drupal/toolbar/Access/SubtreeAccess.php index 41813c0..e994c31 100644 --- a/core/modules/toolbar/lib/Drupal/toolbar/Access/SubtreeAccess.php +++ b/core/modules/toolbar/lib/Drupal/toolbar/Access/SubtreeAccess.php @@ -8,6 +8,7 @@ namespace Drupal\toolbar\Access; use Drupal\Core\Access\StaticAccessCheckInterface; +use Drupal\Core\Session\AccountInterface; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\Routing\Route; @@ -26,9 +27,9 @@ public function appliesTo() { /** * {@inheritdoc} */ - public function access(Route $route, Request $request) { + public function access(Route $route, Request $request, AccountInterface $account) { $hash = $request->get('hash'); - return (user_access('access toolbar') && ($hash == _toolbar_get_subtree_hash())) ? static::ALLOW : static::DENY; + return ($account->hasPermission('access toolbar') && ($hash == _toolbar_get_subtree_hash())) ? static::ALLOW : static::DENY; } } diff --git a/core/modules/user/lib/Drupal/user/Access/LoginStatusCheck.php b/core/modules/user/lib/Drupal/user/Access/LoginStatusCheck.php index 9ea44fc..547057b 100644 --- a/core/modules/user/lib/Drupal/user/Access/LoginStatusCheck.php +++ b/core/modules/user/lib/Drupal/user/Access/LoginStatusCheck.php @@ -8,6 +8,7 @@ namespace Drupal\user\Access; use Drupal\Core\Access\StaticAccessCheckInterface; +use Drupal\Core\Session\AccountInterface; use Symfony\Component\Routing\Route; use Symfony\Component\HttpFoundation\Request; @@ -26,8 +27,8 @@ public function appliesTo() { /** * {@inheritdoc} */ - public function access(Route $route, Request $request) { - return $GLOBALS['user']->isAuthenticated() ? static::ALLOW : static::DENY; + public function access(Route $route, Request $request, AccountInterface $account) { + return $account->isAuthenticated() ? static::ALLOW : static::DENY; } } diff --git a/core/modules/user/lib/Drupal/user/Access/PermissionAccessCheck.php b/core/modules/user/lib/Drupal/user/Access/PermissionAccessCheck.php index f175653..b9d084e 100644 --- a/core/modules/user/lib/Drupal/user/Access/PermissionAccessCheck.php +++ b/core/modules/user/lib/Drupal/user/Access/PermissionAccessCheck.php @@ -8,6 +8,7 @@ namespace Drupal\user\Access; use Drupal\Core\Access\StaticAccessCheckInterface; +use Drupal\Core\Session\AccountInterface; use Symfony\Component\Routing\Route; use Symfony\Component\HttpFoundation\Request; @@ -26,11 +27,9 @@ public function appliesTo() { /** * Implements AccessCheckInterface::access(). */ - public function access(Route $route, Request $request) { + public function access(Route $route, Request $request, AccountInterface $account) { $permission = $route->getRequirement('_permission'); - // @todo Replace user_access() with a correctly injected and session-using - // alternative. - // If user_access() fails, return NULL to give other checks a chance. - return user_access($permission) ? static::ALLOW : static::DENY; + // If the access check fails, return NULL to give other checks a chance. + return $account->hasPermission($permission) ? static::ALLOW : static::DENY; } } diff --git a/core/modules/user/lib/Drupal/user/Access/RegisterAccessCheck.php b/core/modules/user/lib/Drupal/user/Access/RegisterAccessCheck.php index ff0b0dc..6ba064e 100644 --- a/core/modules/user/lib/Drupal/user/Access/RegisterAccessCheck.php +++ b/core/modules/user/lib/Drupal/user/Access/RegisterAccessCheck.php @@ -8,6 +8,7 @@ namespace Drupal\user\Access; use Drupal\Core\Access\StaticAccessCheckInterface; +use Drupal\Core\Session\AccountInterface; use Symfony\Component\Routing\Route; use Symfony\Component\HttpFoundation\Request; @@ -26,7 +27,7 @@ public function appliesTo() { /** * Implements AccessCheckInterface::access(). */ - public function access(Route $route, Request $request) { - return (user_is_anonymous() && (\Drupal::config('user.settings')->get('register') != USER_REGISTER_ADMINISTRATORS_ONLY)) ? static::ALLOW : static::DENY; + public function access(Route $route, Request $request, AccountInterface $account) { + return ($account->isAnonymous() && (\Drupal::config('user.settings')->get('register') != USER_REGISTER_ADMINISTRATORS_ONLY)) ? static::ALLOW : static::DENY; } } diff --git a/core/modules/user/lib/Drupal/user/Access/RoleAccessCheck.php b/core/modules/user/lib/Drupal/user/Access/RoleAccessCheck.php index 5485a9b..0253a42 100644 --- a/core/modules/user/lib/Drupal/user/Access/RoleAccessCheck.php +++ b/core/modules/user/lib/Drupal/user/Access/RoleAccessCheck.php @@ -8,6 +8,7 @@ namespace Drupal\user\Access; use Drupal\Core\Access\StaticAccessCheckInterface; +use Drupal\Core\Session\AccountInterface; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\Routing\Route; @@ -30,12 +31,10 @@ public function appliesTo() { /** * {@inheritdoc} */ - public function access(Route $route, Request $request) { + public function access(Route $route, Request $request, AccountInterface $account) { // Requirements just allow strings, so this might be a comma separated list. $rid_string = $route->getRequirement('_role'); - $account = $request->attributes->get('_account'); - $explode_and = array_filter(array_map('trim', explode('+', $rid_string))); if (count($explode_and) > 1) { $diff = array_diff($explode_and, $account->getRoles()); diff --git a/core/modules/views/lib/Drupal/views/ViewsAccessCheck.php b/core/modules/views/lib/Drupal/views/ViewsAccessCheck.php index cf5e24d..483f582 100644 --- a/core/modules/views/lib/Drupal/views/ViewsAccessCheck.php +++ b/core/modules/views/lib/Drupal/views/ViewsAccessCheck.php @@ -8,6 +8,7 @@ namespace Drupal\views; use Drupal\Core\Access\StaticAccessCheckInterface; +use Drupal\Core\Session\AccountInterface; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\Routing\Route; @@ -28,8 +29,8 @@ public function appliesTo() { /** * Implements AccessCheckInterface::applies(). */ - public function access(Route $route, Request $request) { - $access = user_access('access all views'); + public function access(Route $route, Request $request, AccountInterface $account) { + $access = $account->hasPermission('access all views'); return $access ? static::ALLOW : static::DENY; } diff --git a/core/tests/Drupal/Tests/Core/Access/AccessManagerTest.php b/core/tests/Drupal/Tests/Core/Access/AccessManagerTest.php index 097cdd3..f1cc4a9 100644 --- a/core/tests/Drupal/Tests/Core/Access/AccessManagerTest.php +++ b/core/tests/Drupal/Tests/Core/Access/AccessManagerTest.php @@ -70,6 +70,13 @@ class AccessManagerTest extends UnitTestCase { */ protected $paramConverter; + /** + * The mocked account. + * + * @var \Drupal\Core\Session\AccountInterface|\PHPUnit_Framework_MockObject_MockObject + */ + protected $account; + public static function getInfo() { return array( 'name' => 'Access manager tests', @@ -115,7 +122,9 @@ protected function setUp() { $this->paramConverter = $this->getMock('\Drupal\Core\ParamConverter\ParamConverterManager'); - $this->accessManager = new AccessManager($this->routeProvider, $this->urlGenerator, $this->paramConverter); + $this->account = $this->getMock('Drupal\Core\Session\AccountInterface'); + + $this->accessManager = new AccessManager($this->routeProvider, $this->urlGenerator, $this->paramConverter, $this->account); $this->accessManager->setContainer($this->container); } @@ -147,7 +156,7 @@ public function testCheck() { // Check check without any access checker defined yet. foreach ($this->routeCollection->all() as $route) { - $this->assertFalse($this->accessManager->check($route, $request)); + $this->assertFalse($this->accessManager->check($route, $request, $this->account)); } $this->setupAccessChecker(); @@ -155,14 +164,14 @@ public function testCheck() { // An access checker got setup, but the routes haven't been setup using // setChecks. foreach ($this->routeCollection->all() as $route) { - $this->assertFalse($this->accessManager->check($route, $request)); + $this->assertFalse($this->accessManager->check($route, $request, $this->account)); } $this->accessManager->setChecks($this->routeCollection); - $this->assertFalse($this->accessManager->check($this->routeCollection->get('test_route_1'), $request)); - $this->assertTrue($this->accessManager->check($this->routeCollection->get('test_route_2'), $request)); - $this->assertFalse($this->accessManager->check($this->routeCollection->get('test_route_3'), $request)); + $this->assertFalse($this->accessManager->check($this->routeCollection->get('test_route_1'), $request, $this->account)); + $this->assertTrue($this->accessManager->check($this->routeCollection->get('test_route_2'), $request, $this->account)); + $this->assertFalse($this->accessManager->check($this->routeCollection->get('test_route_3'), $request, $this->account)); } /** @@ -287,7 +296,7 @@ public function testCheckConjunctions($conjunction, $name, $condition_one, $cond $route_collection->add($name, $route); $this->accessManager->setChecks($route_collection); - $this->assertSame($this->accessManager->check($route, $request), $expected_access); + $this->assertSame($this->accessManager->check($route, $request, $this->account), $expected_access); } /** @@ -316,18 +325,17 @@ public function testCheckNamedRoute() { // Tests the access with routes without parameters. $request = new Request(); - $this->assertTrue($this->accessManager->checkNamedRoute('test_route_2', array(), $request)); - $this->assertFalse($this->accessManager->checkNamedRoute('test_route_3', array(), $request)); + $this->assertTrue($this->accessManager->checkNamedRoute('test_route_2', array(), $this->account, $request)); + $this->assertFalse($this->accessManager->checkNamedRoute('test_route_3', array(), $this->account, $request)); // Tests the access with routes with parameters with given request. $request = new Request(); $request->attributes->set('value', 'example'); $request->attributes->set('value2', 'example2'); - $this->assertTrue($this->accessManager->checkNamedRoute('test_route_4', array(), $request)); + $this->assertTrue($this->accessManager->checkNamedRoute('test_route_4', array(), $this->account, $request)); // Tests the access with routes without given request. - $account = $this->getMock('Drupal\Core\Session\AccountInterface'); - $this->accessManager->setRequest(new Request(array(), array(), array('_account' => $account))); + $this->accessManager->setRequest(new Request()); $this->paramConverter->expects($this->at(0)) ->method('enhance') @@ -338,8 +346,8 @@ public function testCheckNamedRoute() { ->will($this->returnValue(array())); // Tests the access with routes with parameters without given request. - $this->assertTrue($this->accessManager->checkNamedRoute('test_route_2', array())); - $this->assertTrue($this->accessManager->checkNamedRoute('test_route_4', array('value' => 'example'))); + $this->assertTrue($this->accessManager->checkNamedRoute('test_route_2', array(), $this->account)); + $this->assertTrue($this->accessManager->checkNamedRoute('test_route_4', array('value' => 'example'), $this->account)); } /** @@ -381,9 +389,9 @@ public function testCheckNamedRouteWithUpcastedValues() { ->with('/test-route-1/example') ->will($this->returnValue($subrequest)); - $this->accessManager = new AccessManager($this->routeProvider, $this->urlGenerator, $this->paramConverter); + $this->accessManager = new AccessManager($this->routeProvider, $this->urlGenerator, $this->paramConverter, $this->account); $this->accessManager->setContainer($this->container); - $this->accessManager->setRequest(new Request(array(), array(), array('_account' => $account))); + $this->accessManager->setRequest(new Request()); $access_check = $this->getMock('Drupal\Core\Access\AccessCheckInterface'); $access_check->expects($this->any()) @@ -400,7 +408,7 @@ public function testCheckNamedRouteWithUpcastedValues() { $this->accessManager->addCheckService('test_access'); $this->accessManager->setChecks($this->routeCollection); - $this->assertFalse($this->accessManager->checkNamedRoute('test_route_1', array('value' => 'example'))); + $this->assertFalse($this->accessManager->checkNamedRoute('test_route_1', array('value' => 'example'), $this->account)); } /** @@ -415,7 +423,7 @@ public function testCheckNamedRouteWithNonExistingRoute() { $this->setupAccessChecker(); - $this->assertFalse($this->accessManager->checkNamedRoute('test_route_1'), 'A non existing route lead to access.'); + $this->assertFalse($this->accessManager->checkNamedRoute('test_route_1', array(), $this->account), 'A non existing route lead to access.'); } /** @@ -446,7 +454,7 @@ protected static function convertAccessCheckInterfaceToString($constant) { * Adds a default access check service to the container and the access manager. */ protected function setupAccessChecker() { - $this->accessManager = new AccessManager($this->routeProvider, $this->urlGenerator, $this->paramConverter); + $this->accessManager = new AccessManager($this->routeProvider, $this->urlGenerator, $this->paramConverter, $this->account); $this->accessManager->setContainer($this->container); $access_check = new DefaultAccessCheck(); $this->container->register('test_access_default', $access_check); diff --git a/core/tests/Drupal/Tests/Core/Access/DefaultAccessCheckTest.php b/core/tests/Drupal/Tests/Core/Access/DefaultAccessCheckTest.php index ab02aec..89c845a 100644 --- a/core/tests/Drupal/Tests/Core/Access/DefaultAccessCheckTest.php +++ b/core/tests/Drupal/Tests/Core/Access/DefaultAccessCheckTest.php @@ -26,6 +26,13 @@ class DefaultAccessCheckTest extends UnitTestCase { */ protected $accessChecker; + /** + * The mocked account. + * + * @var \Drupal\Core\Session\AccountInterface|\PHPUnit_Framework_MockObject_MockObject + */ + protected $account; + public static function getInfo() { return array( 'name' => 'DefaultAccessCheck access checker', @@ -40,6 +47,7 @@ public static function getInfo() { protected function setUp() { parent::setUp(); + $this->account = $this->getMock('Drupal\Core\Session\AccountInterface'); $this->accessChecker = new DefaultAccessCheck(); } @@ -58,13 +66,13 @@ public function testAccess() { $request = new Request(array()); $route = new Route('/test-route', array(), array('_access' => 'NULL')); - $this->assertNull($this->accessChecker->access($route, $request)); + $this->assertNull($this->accessChecker->access($route, $request, $this->account)); $route = new Route('/test-route', array(), array('_access' => 'FALSE')); - $this->assertFalse($this->accessChecker->access($route, $request)); + $this->assertFalse($this->accessChecker->access($route, $request, $this->account)); $route = new Route('/test-route', array(), array('_access' => 'TRUE')); - $this->assertTrue($this->accessChecker->access($route, $request)); + $this->assertTrue($this->accessChecker->access($route, $request, $this->account)); } } diff --git a/core/tests/Drupal/Tests/Core/Entity/EntityAccessCheckTest.php b/core/tests/Drupal/Tests/Core/Entity/EntityAccessCheckTest.php index 18a5403..f57d38d 100644 --- a/core/tests/Drupal/Tests/Core/Entity/EntityAccessCheckTest.php +++ b/core/tests/Drupal/Tests/Core/Entity/EntityAccessCheckTest.php @@ -49,7 +49,8 @@ public function testAccess() { ->will($this->returnValue(TRUE)); $access_check = new EntityAccessCheck(); $request->attributes->set('node', $node); - $access = $access_check->access($route, $request); + $account = $this->getMock('Drupal\Core\Session\AccountInterface'); + $access = $access_check->access($route, $request, $account); $this->assertEquals(TRUE, $access); } diff --git a/core/tests/Drupal/Tests/Core/Entity/EntityCreateAccessCheckTest.php b/core/tests/Drupal/Tests/Core/Entity/EntityCreateAccessCheckTest.php index d5f50d0..5f4ec6b 100644 --- a/core/tests/Drupal/Tests/Core/Entity/EntityCreateAccessCheckTest.php +++ b/core/tests/Drupal/Tests/Core/Entity/EntityCreateAccessCheckTest.php @@ -104,7 +104,9 @@ public function testAccess($entity_bundle, $requirement, $access, $expected) { $request = new Request(); - $this->assertEquals($expected, $applies_check->access($route, $request)); + $account = $this->getMock('Drupal\Core\Session\AccountInterface'); + $this->assertEquals($expected, $applies_check->access($route, $request, $account)); + } } diff --git a/core/tests/Drupal/Tests/Core/Route/RoleAccessCheckTest.php b/core/tests/Drupal/Tests/Core/Route/RoleAccessCheckTest.php index a745cc4..873ff0e 100644 --- a/core/tests/Drupal/Tests/Core/Route/RoleAccessCheckTest.php +++ b/core/tests/Drupal/Tests/Core/Route/RoleAccessCheckTest.php @@ -160,17 +160,15 @@ public function testRoleAccess($path, $grant_accounts, $deny_accounts) { foreach ($grant_accounts as $account) { $subrequest = Request::create($path, 'GET'); - $subrequest->attributes->set('_account', $account); $message = sprintf('Access granted for user with the roles %s on path: %s', implode(', ', $account->getRoles()), $path); - $this->assertSame(AccessCheckInterface::ALLOW, $role_access_check->access($collection->get($path), $subrequest), $message); + $this->assertSame(AccessCheckInterface::ALLOW, $role_access_check->access($collection->get($path), $subrequest, $account), $message); } // Check all users which don't have access. foreach ($deny_accounts as $account) { $subrequest = Request::create($path, 'GET'); - $subrequest->attributes->set('_account', $account); $message = sprintf('Access denied for user %s with the roles %s on path: %s', $account->id(), implode(', ', $account->getRoles()), $path); - $has_access = $role_access_check->access($collection->get($path), $subrequest); + $has_access = $role_access_check->access($collection->get($path), $subrequest, $account); $this->assertSame(AccessCheckInterface::DENY, $has_access , $message); } }