diff --git a/core/lib/Drupal/Core/Access/AccessInterface.php b/core/lib/Drupal/Core/Access/AccessInterface.php index f555ecb..4e8b885 100644 --- a/core/lib/Drupal/Core/Access/AccessInterface.php +++ b/core/lib/Drupal/Core/Access/AccessInterface.php @@ -7,6 +7,7 @@ namespace Drupal\Core\Access; +use Drupal\Core\Session\AccountInterface; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\Routing\Route; @@ -47,12 +48,14 @@ * The route to check against. * @param \Symfony\Component\HttpFoundation\Request $request * The request object. + * @param \Drupal\Core\Session\AccountInterface $account + * (optional) The currently logged in account. * * @return mixed * TRUE if access is allowed. * FALSE if not. * NULL if no opinion. */ - public function access(Route $route, Request $request); + public function access(Route $route, Request $request, AccountInterface $account = NULL); } diff --git a/core/lib/Drupal/Core/Access/AccessManager.php b/core/lib/Drupal/Core/Access/AccessManager.php index 14729a5..c81b534 100644 --- a/core/lib/Drupal/Core/Access/AccessManager.php +++ b/core/lib/Drupal/Core/Access/AccessManager.php @@ -125,7 +125,6 @@ protected function applies(Route $route) { */ public function check(Route $route, Request $request) { $checks = $route->getOption('_access_checks') ?: array(); - $conjunction = $route->getOption('_access_mode') ?: 'ANY'; if ($conjunction == 'ALL') { @@ -157,7 +156,8 @@ protected function checkAll(array $checks, Route $route, Request $request) { $this->loadCheck($service_id); } - $service_access = $this->checks[$service_id]->access($route, $request); + $account = $request->attributes->get('account'); + $service_access = $this->checks[$service_id]->access($route, $request, $account); if ($service_access === AccessInterface::ALLOW) { $access = TRUE; } @@ -193,7 +193,8 @@ protected function checkAny(array $checks, $route, $request) { $this->loadCheck($service_id); } - $service_access = $this->checks[$service_id]->access($route, $request); + $account = $request->attributes->get('account'); + $service_access = $this->checks[$service_id]->access($route, $request, $account); if ($service_access === AccessInterface::ALLOW) { $access = TRUE; } diff --git a/core/lib/Drupal/Core/Access/DefaultAccessCheck.php b/core/lib/Drupal/Core/Access/DefaultAccessCheck.php index 46f8a63..21a6c11 100644 --- a/core/lib/Drupal/Core/Access/DefaultAccessCheck.php +++ b/core/lib/Drupal/Core/Access/DefaultAccessCheck.php @@ -7,6 +7,7 @@ namespace Drupal\Core\Access; +use Drupal\Core\Session\AccountInterface; use Symfony\Component\Routing\Route; use Symfony\Component\HttpFoundation\Request; @@ -25,7 +26,7 @@ public function appliesTo() { /** * {@inheritdoc} */ - public function access(Route $route, Request $request) { + public function access(Route $route, Request $request, AccountInterface $account = NULL) { if ($route->getRequirement('_access') === 'TRUE') { return static::ALLOW; } diff --git a/core/lib/Drupal/Core/Entity/EntityAccessCheck.php b/core/lib/Drupal/Core/Entity/EntityAccessCheck.php index bce3a9e..1fb4637 100644 --- a/core/lib/Drupal/Core/Entity/EntityAccessCheck.php +++ b/core/lib/Drupal/Core/Entity/EntityAccessCheck.php @@ -8,6 +8,7 @@ namespace Drupal\Core\Entity; use Drupal\Core\Entity\EntityInterface; +use Drupal\Core\Session\AccountInterface; use Symfony\Component\Routing\Route; use Symfony\Component\HttpFoundation\Request; use Drupal\Core\Access\StaticAccessCheckInterface; @@ -37,7 +38,7 @@ public function appliesTo() { * @endcode * Available operations are 'view', 'update', 'create', and 'delete'. */ - public function access(Route $route, Request $request) { + public function access(Route $route, Request $request, AccountInterface $account = NULL) { // Split the entity type and the operation. $requirement = $route->getRequirement('_entity_access'); list($entity_type, $operation) = explode('.', $requirement); @@ -45,7 +46,7 @@ public function access(Route $route, Request $request) { if ($request->attributes->has($entity_type)) { $entity = $request->attributes->get($entity_type); if ($entity instanceof EntityInterface) { - return $entity->access($operation); + return $entity->access($operation, $account); } } // No opinion, so other access checks should decide if access should be diff --git a/core/lib/Drupal/Core/Entity/EntityCreateAccessCheck.php b/core/lib/Drupal/Core/Entity/EntityCreateAccessCheck.php index 2630034..f7156f0 100644 --- a/core/lib/Drupal/Core/Entity/EntityCreateAccessCheck.php +++ b/core/lib/Drupal/Core/Entity/EntityCreateAccessCheck.php @@ -8,6 +8,7 @@ namespace Drupal\Core\Entity; use Drupal\Core\Access\StaticAccessCheckInterface; +use Drupal\Core\Session\AccountInterface; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\Routing\Route; @@ -50,9 +51,9 @@ public function appliesTo() { /** * {@inheritdoc} */ - public function access(Route $route, Request $request) { + public function access(Route $route, Request $request, AccountInterface $account = NULL) { list($entity_type, $bundle) = explode(':', $route->getRequirement($this->requirementsKey) . ':'); - return $this->entityManager->getAccessController($entity_type)->createAccess($bundle); + return $this->entityManager->getAccessController($entity_type)->createAccess($bundle, $account); } } diff --git a/core/modules/aggregator/lib/Drupal/aggregator/Access/CategoriesAccessCheck.php b/core/modules/aggregator/lib/Drupal/aggregator/Access/CategoriesAccessCheck.php index 2429572..4b02b5d 100644 --- a/core/modules/aggregator/lib/Drupal/aggregator/Access/CategoriesAccessCheck.php +++ b/core/modules/aggregator/lib/Drupal/aggregator/Access/CategoriesAccessCheck.php @@ -9,6 +9,7 @@ use Drupal\Core\Access\StaticAccessCheckInterface; use Drupal\Core\Database\Connection; +use Drupal\Core\Session\AccountInterface; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\Routing\Route; @@ -44,10 +45,8 @@ public function appliesTo() { /** * {@inheritdoc} */ - public function access(Route $route, Request $request) { - // @todo Replace user_access() with a correctly injected and session-using - // alternative. - return user_access('access news feeds') && (bool) $this->database->queryRange('SELECT 1 FROM {aggregator_category}', 0, 1)->fetchField(); + public function access(Route $route, Request $request, AccountInterface $account = NULL) { + return $account->hasPermission('access news feeds') && (bool) $this->database->queryRange('SELECT 1 FROM {aggregator_category}', 0, 1)->fetchField(); } } diff --git a/core/modules/block/lib/Drupal/block/Access/BlockThemeAccessCheck.php b/core/modules/block/lib/Drupal/block/Access/BlockThemeAccessCheck.php index b5ca0b2..b43dcc4 100644 --- a/core/modules/block/lib/Drupal/block/Access/BlockThemeAccessCheck.php +++ b/core/modules/block/lib/Drupal/block/Access/BlockThemeAccessCheck.php @@ -8,6 +8,7 @@ namespace Drupal\block\Access; use Drupal\Core\Access\StaticAccessCheckInterface; +use Drupal\Core\Session\AccountInterface; use Symfony\Component\Routing\Route; use Symfony\Component\HttpFoundation\Request; @@ -26,9 +27,9 @@ public function appliesTo() { /** * {@inheritdoc} */ - public function access(Route $route, Request $request) { + public function access(Route $route, Request $request, AccountInterface $account = NULL) { $theme = $request->attributes->get('theme'); - return user_access('administer blocks') && drupal_theme_access($theme); + return $account->hasPermission('administer blocks') && drupal_theme_access($theme); } } diff --git a/core/modules/edit/lib/Drupal/edit/Access/EditEntityAccessCheck.php b/core/modules/edit/lib/Drupal/edit/Access/EditEntityAccessCheck.php index bce4160..f91671e 100644 --- a/core/modules/edit/lib/Drupal/edit/Access/EditEntityAccessCheck.php +++ b/core/modules/edit/lib/Drupal/edit/Access/EditEntityAccessCheck.php @@ -8,6 +8,7 @@ namespace Drupal\edit\Access; use Drupal\Core\Access\StaticAccessCheckInterface; +use Drupal\Core\Session\AccountInterface; use Symfony\Component\Routing\Route; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpKernel\Exception\NotFoundHttpException; @@ -29,7 +30,7 @@ public function appliesTo() { /** * {@inheritdoc} */ - public function access(Route $route, Request $request) { + public function access(Route $route, Request $request, AccountInterface $account = NULL) { // @todo Request argument validation and object loading should happen // elsewhere in the request processing pipeline: // http://drupal.org/node/1798214. diff --git a/core/modules/edit/lib/Drupal/edit/Access/EditEntityFieldAccessCheck.php b/core/modules/edit/lib/Drupal/edit/Access/EditEntityFieldAccessCheck.php index 9559be7..6db45cf 100644 --- a/core/modules/edit/lib/Drupal/edit/Access/EditEntityFieldAccessCheck.php +++ b/core/modules/edit/lib/Drupal/edit/Access/EditEntityFieldAccessCheck.php @@ -9,6 +9,7 @@ use Drupal\Core\Access\StaticAccessCheckInterface; use Drupal\edit\Access\EditEntityFieldAccessCheckInterface; +use Drupal\Core\Session\AccountInterface; use Symfony\Component\Routing\Route; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpKernel\Exception\NotFoundHttpException; @@ -29,7 +30,7 @@ public function appliesTo() { /** * {@inheritdoc} */ - public function access(Route $route, Request $request) { + public function access(Route $route, Request $request, AccountInterface $account = NULL) { // @todo Request argument validation and object loading should happen // elsewhere in the request processing pipeline: // http://drupal.org/node/1798214. diff --git a/core/modules/field_ui/lib/Drupal/field_ui/Access/FormModeAccessCheck.php b/core/modules/field_ui/lib/Drupal/field_ui/Access/FormModeAccessCheck.php index 871db1f..75f5f81 100644 --- a/core/modules/field_ui/lib/Drupal/field_ui/Access/FormModeAccessCheck.php +++ b/core/modules/field_ui/lib/Drupal/field_ui/Access/FormModeAccessCheck.php @@ -8,6 +8,7 @@ namespace Drupal\field_ui\Access; use Drupal\Core\Access\StaticAccessCheckInterface; +use Drupal\Core\Session\AccountInterface; use Symfony\Component\Routing\Route; use Symfony\Component\HttpFoundation\Request; @@ -26,7 +27,7 @@ public function appliesTo() { /** * {@inheritdoc} */ - public function access(Route $route, Request $request) { + public function access(Route $route, Request $request, AccountInterface $account = NULL) { if ($entity_type = $request->attributes->get('entity_type')) { $bundle = $request->attributes->get('bundle'); $form_mode = $request->attributes->get('mode'); @@ -35,7 +36,7 @@ public function access(Route $route, Request $request) { $visibility = ($form_mode == 'default') || !empty($form_mode_settings[$form_mode]['status']); if ($visibility) { $permission = $route->getRequirement('_field_ui_form_mode_access'); - return user_access($permission); + return $account->hasPermission($permission); } } } diff --git a/core/modules/field_ui/lib/Drupal/field_ui/Access/ViewModeAccessCheck.php b/core/modules/field_ui/lib/Drupal/field_ui/Access/ViewModeAccessCheck.php index e0c3c92..fd620be 100644 --- a/core/modules/field_ui/lib/Drupal/field_ui/Access/ViewModeAccessCheck.php +++ b/core/modules/field_ui/lib/Drupal/field_ui/Access/ViewModeAccessCheck.php @@ -8,6 +8,7 @@ namespace Drupal\field_ui\Access; use Drupal\Core\Access\StaticAccessCheckInterface; +use Drupal\Core\Session\AccountInterface; use Symfony\Component\Routing\Route; use Symfony\Component\HttpFoundation\Request; @@ -26,7 +27,7 @@ public function appliesTo() { /** * {@inheritdoc} */ - public function access(Route $route, Request $request) { + public function access(Route $route, Request $request, AccountInterface $account = NULL) { if ($entity_type = $request->attributes->get('entity_type')) { $bundle = $request->attributes->get('bundle'); $view_mode = $request->attributes->get('mode'); @@ -35,7 +36,7 @@ public function access(Route $route, Request $request) { $visibility = ($view_mode == 'default') || !empty($view_mode_settings[$view_mode]['status']); if ($visibility) { $permission = $route->getRequirement('_field_ui_view_mode_access'); - return user_access($permission); + return $account->hasPermission($permission); } } } diff --git a/core/modules/filter/lib/Drupal/filter/Access/FilterAccessCheck.php b/core/modules/filter/lib/Drupal/filter/Access/FilterAccessCheck.php index 25918e8..5c674fc 100644 --- a/core/modules/filter/lib/Drupal/filter/Access/FilterAccessCheck.php +++ b/core/modules/filter/lib/Drupal/filter/Access/FilterAccessCheck.php @@ -8,6 +8,7 @@ namespace Drupal\filter\Access; use Drupal\Core\Access\StaticAccessCheckInterface; +use Drupal\Core\Session\AccountInterface; use Symfony\Component\Routing\Route; use Symfony\Component\HttpFoundation\Request; @@ -26,7 +27,7 @@ public function appliesTo() { /** * {@inheritdoc} */ - public function access(Route $route, Request $request) { + public function access(Route $route, Request $request, AccountInterface $account = NULL) { if ($format = $request->attributes->get('filter_format')) { // Handle special cases up front. All users have access to the fallback // format. @@ -37,7 +38,7 @@ public function access(Route $route, Request $request) { // Check the permission if one exists; otherwise, we have a non-existent // format so we return FALSE. $permission = filter_permission_name($format); - return !empty($permission) && user_access($permission); + return !empty($permission) && $account->hasPermission($permission); } } } diff --git a/core/modules/filter/lib/Drupal/filter/Access/FormatDisableCheck.php b/core/modules/filter/lib/Drupal/filter/Access/FormatDisableCheck.php index 1f905bb..67befb0 100644 --- a/core/modules/filter/lib/Drupal/filter/Access/FormatDisableCheck.php +++ b/core/modules/filter/lib/Drupal/filter/Access/FormatDisableCheck.php @@ -8,6 +8,7 @@ namespace Drupal\filter\Access; use Drupal\Core\Access\StaticAccessCheckInterface; +use Drupal\Core\Session\AccountInterface; use Symfony\Component\Routing\Route; use Symfony\Component\HttpFoundation\Request; @@ -26,9 +27,9 @@ public function appliesTo() { /** * Implements \Drupal\Core\Access\AccessCheckInterface::access(). */ - public function access(Route $route, Request $request) { + public function access(Route $route, Request $request, AccountInterface $account = NULL) { if ($format = $request->attributes->get('filter_format')) { - return user_access('administer filters') && ($format->format != filter_fallback_format()); + return $account->hasPermission('administer filters') && ($format->format != filter_fallback_format()); } return FALSE; diff --git a/core/modules/menu/lib/Drupal/menu/Access/DeleteLinkAccessCheck.php b/core/modules/menu/lib/Drupal/menu/Access/DeleteLinkAccessCheck.php index 45560dc..a274cb4 100644 --- a/core/modules/menu/lib/Drupal/menu/Access/DeleteLinkAccessCheck.php +++ b/core/modules/menu/lib/Drupal/menu/Access/DeleteLinkAccessCheck.php @@ -8,6 +8,7 @@ namespace Drupal\menu\Access; use Drupal\Core\Access\StaticAccessCheckInterface; +use Drupal\Core\Session\AccountInterface; use Symfony\Component\Routing\Route; use Symfony\Component\HttpFoundation\Request; @@ -26,8 +27,8 @@ public function appliesTo() { /** * {@inheritdoc} */ - public function access(Route $route, Request $request) { - if (user_access('administer menu') && $menu_link = $request->attributes->get('menu_link')) { + public function access(Route $route, Request $request, AccountInterface $account = NULL) { + if ($account->hasPermission('administer menu') && $menu_link = $request->attributes->get('menu_link')) { // Links defined via hook_menu may not be deleted. Updated items are an // exception, as they can be broken. return $menu_link->module !== 'system' || $menu_link->updated; diff --git a/core/modules/menu/lib/Drupal/menu/Access/DeleteMenuAccessCheck.php b/core/modules/menu/lib/Drupal/menu/Access/DeleteMenuAccessCheck.php index e8fb6f2..cfdff92 100644 --- a/core/modules/menu/lib/Drupal/menu/Access/DeleteMenuAccessCheck.php +++ b/core/modules/menu/lib/Drupal/menu/Access/DeleteMenuAccessCheck.php @@ -8,6 +8,7 @@ namespace Drupal\menu\Access; use Drupal\Core\Access\StaticAccessCheckInterface; +use Drupal\Core\Session\AccountInterface; use Symfony\Component\Routing\Route; use Symfony\Component\HttpFoundation\Request; @@ -26,8 +27,8 @@ public function appliesTo() { /** * {@inheritdoc} */ - public function access(Route $route, Request $request) { - if (user_access('administer menu') && $menu = $request->attributes->get('menu')) { + public function access(Route $route, Request $request, AccountInterface $account = NULL) { + if ($account->hasPermission('administer menu') && $menu = $request->attributes->get('menu')) { // System-defined menus may not be deleted. $system_menus = menu_list_system_menus(); return !isset($system_menus[$menu->id()]); diff --git a/core/modules/node/lib/Drupal/node/Access/NodeRevisionAccessCheck.php b/core/modules/node/lib/Drupal/node/Access/NodeRevisionAccessCheck.php index aca491d..779d71a 100644 --- a/core/modules/node/lib/Drupal/node/Access/NodeRevisionAccessCheck.php +++ b/core/modules/node/lib/Drupal/node/Access/NodeRevisionAccessCheck.php @@ -72,9 +72,9 @@ public function applies(Route $route) { /** * {@inheritdoc} */ - public function access(Route $route, Request $request) { + public function access(Route $route, Request $request, AccountInterface $account = NULL) { $revision = $this->nodeStorage->loadRevision($request->attributes->get('node_revision')); - return $this->checkAccess($revision, $route->getRequirement('_access_node_revision')) ? static::ALLOW : static::DENY; + return $this->checkAccess($revision, $account, $route->getRequirement('_access_node_revision')) ? static::ALLOW : static::DENY; } /** @@ -82,12 +82,11 @@ public function access(Route $route, Request $request) { * * @param \Drupal\node\NodeInterface $node * The node to check. + * @param \Drupal\Core\Session\AccountInterface $account + * A user object representing the user for whom the operation is + * to be performed. * @param string $op * (optional) The specific operation being checked. Defaults to 'view.' - * @param \Drupal\Core\Session\AccountInterface|null $account - * (optional) A user object representing the user for whom the operation is - * to be performed. Determines access for a user other than the current user. - * Defaults to NULL. * @param string|null $langcode * (optional) Language code for the variant of the node. Different language * variants might have different permissions associated. If NULL, the @@ -96,7 +95,7 @@ public function access(Route $route, Request $request) { * @return bool * TRUE if the operation may be performed, FALSE otherwise. */ - public function checkAccess(NodeInterface $node, $op = 'view', AccountInterface $account = NULL, $langcode = NULL) { + public function checkAccess(NodeInterface $node, AccountInterface $account, $op = 'view', $langcode = NULL) { $map = array( 'view' => 'view all revisions', 'update' => 'revert all revisions', @@ -115,10 +114,6 @@ public function checkAccess(NodeInterface $node, $op = 'view', AccountInterface return FALSE; } - if (!isset($account)) { - $account = $GLOBALS['user']; - } - // If no language code was provided, default to the node revision's langcode. if (empty($langcode)) { $langcode = $node->language()->id; diff --git a/core/modules/overlay/lib/Drupal/overlay/Access/DismissMessageAccessCheck.php b/core/modules/overlay/lib/Drupal/overlay/Access/DismissMessageAccessCheck.php index 3c74bab..828d489 100644 --- a/core/modules/overlay/lib/Drupal/overlay/Access/DismissMessageAccessCheck.php +++ b/core/modules/overlay/lib/Drupal/overlay/Access/DismissMessageAccessCheck.php @@ -8,6 +8,7 @@ namespace Drupal\overlay\Access; use Drupal\Core\Access\AccessCheckInterface; +use Drupal\Core\Session\AccountInterface; use Symfony\Component\Routing\Route; use Symfony\Component\HttpFoundation\Request; @@ -26,8 +27,7 @@ public function applies(Route $route) { /** * {@inheritdoc} */ - public function access(Route $route, Request $request) { - $account = $request->attributes->get('account'); + public function access(Route $route, Request $request, AccountInterface $account = NULL) { if (!user_access('access overlay', $account)) { return static::DENY; } diff --git a/core/modules/rest/lib/Drupal/rest/Access/CSRFAccessCheck.php b/core/modules/rest/lib/Drupal/rest/Access/CSRFAccessCheck.php index 0d9dd87..460de6c 100644 --- a/core/modules/rest/lib/Drupal/rest/Access/CSRFAccessCheck.php +++ b/core/modules/rest/lib/Drupal/rest/Access/CSRFAccessCheck.php @@ -8,6 +8,7 @@ namespace Drupal\rest\Access; use Drupal\Core\Access\AccessCheckInterface; +use Drupal\Core\Session\AccountInterface; use Symfony\Component\Routing\Route; use Symfony\Component\HttpFoundation\Request; @@ -42,7 +43,7 @@ public function applies(Route $route) { /** * Implements AccessCheckInterface::access(). */ - public function access(Route $route, Request $request) { + public function access(Route $route, Request $request, AccountInterface $account = NULL) { $method = $request->getMethod(); $cookie = $request->cookies->get(session_name(), FALSE); // This check only applies if @@ -50,7 +51,7 @@ public function access(Route $route, Request $request) { // 2. the user was successfully authenticated and // 3. the request comes with a session cookie. if (!in_array($method, array('GET', 'HEAD', 'OPTIONS', 'TRACE')) - && $GLOBALS['user']->isAuthenticated() + && $account->isAuthenticated() && $cookie ) { $csrf_token = $request->headers->get('X-CSRF-Token'); diff --git a/core/modules/shortcut/lib/Drupal/shortcut/Access/LinkDeleteAccessCheck.php b/core/modules/shortcut/lib/Drupal/shortcut/Access/LinkDeleteAccessCheck.php index 6fad35c..ab3931e 100644 --- a/core/modules/shortcut/lib/Drupal/shortcut/Access/LinkDeleteAccessCheck.php +++ b/core/modules/shortcut/lib/Drupal/shortcut/Access/LinkDeleteAccessCheck.php @@ -8,6 +8,7 @@ namespace Drupal\shortcut\Access; use Drupal\Core\Access\StaticAccessCheckInterface; +use Drupal\Core\Session\AccountInterface; use Symfony\Component\Routing\Route; use Symfony\Component\HttpFoundation\Request; @@ -26,7 +27,7 @@ public function appliesTo() { /** * {@inheritdoc} */ - public function access(Route $route, Request $request) { + public function access(Route $route, Request $request, AccountInterface $account = NULL) { $menu_link = $request->attributes->get('menu_link'); $set_name = str_replace('shortcut-', '', $menu_link['menu_name']); if ($shortcut_set = shortcut_set_load($set_name)) { diff --git a/core/modules/system/lib/Drupal/system/Access/CronAccessCheck.php b/core/modules/system/lib/Drupal/system/Access/CronAccessCheck.php index a0cc981..d9d7089 100644 --- a/core/modules/system/lib/Drupal/system/Access/CronAccessCheck.php +++ b/core/modules/system/lib/Drupal/system/Access/CronAccessCheck.php @@ -8,6 +8,7 @@ namespace Drupal\system\Access; use Drupal\Core\Access\StaticAccessCheckInterface; +use Drupal\Core\Session\AccountInterface; use Symfony\Component\Routing\Route; use Symfony\Component\HttpFoundation\Request; @@ -26,7 +27,7 @@ public function appliesTo() { /** * Implements AccessCheckInterface::access(). */ - public function access(Route $route, Request $request) { + public function access(Route $route, Request $request, AccountInterface $account = NULL) { $key = $request->attributes->get('key'); if ($key != \Drupal::state()->get('system.cron_key')) { watchdog('cron', 'Cron could not run because an invalid key was used.', array(), WATCHDOG_NOTICE); diff --git a/core/modules/system/lib/Drupal/system/Access/SystemPluginUiCheck.php b/core/modules/system/lib/Drupal/system/Access/SystemPluginUiCheck.php index db13644..7d6aef7 100644 --- a/core/modules/system/lib/Drupal/system/Access/SystemPluginUiCheck.php +++ b/core/modules/system/lib/Drupal/system/Access/SystemPluginUiCheck.php @@ -9,6 +9,7 @@ use Drupal\Component\Plugin\PluginManagerInterface; use Drupal\Core\Access\AccessCheckInterface; +use Drupal\Core\Session\AccountInterface; use Symfony\Component\Routing\Route; use Symfony\Component\HttpFoundation\Request; @@ -44,7 +45,7 @@ public function applies(Route $route) { /** * {@inheritdoc} */ - public function access(Route $route, Request $request) { + public function access(Route $route, Request $request, AccountInterface $account = NULL) { if ($request->attributes->get('plugin_id')) { // Checks access for a given plugin using the plugin's access() method. $plugin_ui = $this->pluginUiManager->createInstance($request->attributes->get('plugin_id'), array()); diff --git a/core/modules/system/tests/modules/router_test/lib/Drupal/router_test/Access/DefinedTestAccessCheck.php b/core/modules/system/tests/modules/router_test/lib/Drupal/router_test/Access/DefinedTestAccessCheck.php index f2cc4d9..a3e1200 100644 --- a/core/modules/system/tests/modules/router_test/lib/Drupal/router_test/Access/DefinedTestAccessCheck.php +++ b/core/modules/system/tests/modules/router_test/lib/Drupal/router_test/Access/DefinedTestAccessCheck.php @@ -8,6 +8,7 @@ namespace Drupal\router_test\Access; use Drupal\Core\Access\AccessCheckInterface; +use Drupal\Core\Session\AccountInterface; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\Routing\Route; @@ -26,7 +27,7 @@ public function applies(Route $route) { /** * {@inheritdoc} */ - public function access(Route $route, Request $request) { + public function access(Route $route, Request $request, AccountInterface $account = NULL) { if ($route->getRequirement('_test_access') === 'TRUE') { return static::ALLOW; } diff --git a/core/modules/system/tests/modules/router_test/lib/Drupal/router_test/Access/TestAccessCheck.php b/core/modules/system/tests/modules/router_test/lib/Drupal/router_test/Access/TestAccessCheck.php index f615600..14245f6 100644 --- a/core/modules/system/tests/modules/router_test/lib/Drupal/router_test/Access/TestAccessCheck.php +++ b/core/modules/system/tests/modules/router_test/lib/Drupal/router_test/Access/TestAccessCheck.php @@ -8,6 +8,7 @@ namespace Drupal\router_test\Access; use Drupal\Core\Access\AccessCheckInterface; +use Drupal\Core\Session\AccountInterface; use Symfony\Component\Routing\Route; use Symfony\Component\HttpFoundation\Request; @@ -26,7 +27,7 @@ public function applies(Route $route) { /** * Implements AccessCheckInterface::access(). */ - public function access(Route $route, Request $request) { + public function access(Route $route, Request $request, AccountInterface $account = NULL) { // No opinion, so other access checks should decide if access should be // allowed or not. return NULL; diff --git a/core/modules/taxonomy/lib/Drupal/taxonomy/Access/TaxonomyTermCreateAccess.php b/core/modules/taxonomy/lib/Drupal/taxonomy/Access/TaxonomyTermCreateAccess.php index b6305e6..b4aaab4 100644 --- a/core/modules/taxonomy/lib/Drupal/taxonomy/Access/TaxonomyTermCreateAccess.php +++ b/core/modules/taxonomy/lib/Drupal/taxonomy/Access/TaxonomyTermCreateAccess.php @@ -8,6 +8,7 @@ namespace Drupal\taxonomy\Access; use Drupal\Core\Entity\EntityCreateAccessCheck; +use Drupal\Core\Session\AccountInterface; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\Routing\Route; @@ -24,7 +25,7 @@ class TaxonomyTermCreateAccess extends EntityCreateAccessCheck { /** * {@inheritdoc} */ - public function access(Route $route, Request $request) { + public function access(Route $route, Request $request, AccountInterface $account = NULL) { $entity_type = $route->getRequirement($this->requirementsKey); if ($vocabulary = $request->attributes->get('taxonomy_vocabulary')) { return $this->entityManager->getAccessController($entity_type)->createAccess($vocabulary->id()); diff --git a/core/modules/toolbar/lib/Drupal/toolbar/Access/SubtreeAccess.php b/core/modules/toolbar/lib/Drupal/toolbar/Access/SubtreeAccess.php index f61add9..9931175 100644 --- a/core/modules/toolbar/lib/Drupal/toolbar/Access/SubtreeAccess.php +++ b/core/modules/toolbar/lib/Drupal/toolbar/Access/SubtreeAccess.php @@ -8,6 +8,7 @@ namespace Drupal\toolbar\Access; use Drupal\Core\Access\StaticAccessCheckInterface; +use Drupal\Core\Session\AccountInterface; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\Routing\Route; @@ -26,9 +27,9 @@ public function appliesTo() { /** * {@inheritdoc} */ - public function access(Route $route, Request $request) { + public function access(Route $route, Request $request, AccountInterface $account = NULL) { $hash = $request->get('hash'); - if (user_access('access toolbar') && ($hash == _toolbar_get_subtree_hash())) { + if ($account->hasPermission('access toolbar') && ($hash == _toolbar_get_subtree_hash())) { return TRUE; } else { diff --git a/core/modules/user/lib/Drupal/user/Access/LoginStatusCheck.php b/core/modules/user/lib/Drupal/user/Access/LoginStatusCheck.php index de92fc4..da59f07 100644 --- a/core/modules/user/lib/Drupal/user/Access/LoginStatusCheck.php +++ b/core/modules/user/lib/Drupal/user/Access/LoginStatusCheck.php @@ -8,6 +8,7 @@ namespace Drupal\user\Access; use Drupal\Core\Access\StaticAccessCheckInterface; +use Drupal\Core\Session\AccountInterface; use Symfony\Component\Routing\Route; use Symfony\Component\HttpFoundation\Request; @@ -26,8 +27,8 @@ public function appliesTo() { /** * {@inheritdoc} */ - public function access(Route $route, Request $request) { - return (bool) $GLOBALS['user']->id(); + public function access(Route $route, Request $request, AccountInterface $account = NULL) { + return $account->isAuthenticated(); } } diff --git a/core/modules/user/lib/Drupal/user/Access/PermissionAccessCheck.php b/core/modules/user/lib/Drupal/user/Access/PermissionAccessCheck.php index f175653..d75b5a6 100644 --- a/core/modules/user/lib/Drupal/user/Access/PermissionAccessCheck.php +++ b/core/modules/user/lib/Drupal/user/Access/PermissionAccessCheck.php @@ -8,6 +8,7 @@ namespace Drupal\user\Access; use Drupal\Core\Access\StaticAccessCheckInterface; +use Drupal\Core\Session\AccountInterface; use Symfony\Component\Routing\Route; use Symfony\Component\HttpFoundation\Request; @@ -26,11 +27,9 @@ public function appliesTo() { /** * Implements AccessCheckInterface::access(). */ - public function access(Route $route, Request $request) { + public function access(Route $route, Request $request, AccountInterface $account = NULL) { $permission = $route->getRequirement('_permission'); - // @todo Replace user_access() with a correctly injected and session-using - // alternative. - // If user_access() fails, return NULL to give other checks a chance. - return user_access($permission) ? static::ALLOW : static::DENY; + // If the access check fails, return NULL to give other checks a chance. + return $account->hasPermission($permission) ? static::ALLOW : static::DENY; } } diff --git a/core/modules/user/lib/Drupal/user/Access/RegisterAccessCheck.php b/core/modules/user/lib/Drupal/user/Access/RegisterAccessCheck.php index a7e3933..7760eff 100644 --- a/core/modules/user/lib/Drupal/user/Access/RegisterAccessCheck.php +++ b/core/modules/user/lib/Drupal/user/Access/RegisterAccessCheck.php @@ -8,6 +8,7 @@ namespace Drupal\user\Access; use Drupal\Core\Access\StaticAccessCheckInterface; +use Drupal\Core\Session\AccountInterface; use Symfony\Component\Routing\Route; use Symfony\Component\HttpFoundation\Request; @@ -26,7 +27,7 @@ public function appliesTo() { /** * Implements AccessCheckInterface::access(). */ - public function access(Route $route, Request $request) { + public function access(Route $route, Request $request, AccountInterface $account = NULL) { return user_is_anonymous() && (config('user.settings')->get('register') != USER_REGISTER_ADMINISTRATORS_ONLY); } } diff --git a/core/modules/user/lib/Drupal/user/Access/RoleAccessCheck.php b/core/modules/user/lib/Drupal/user/Access/RoleAccessCheck.php index b543dde..20b16f7 100644 --- a/core/modules/user/lib/Drupal/user/Access/RoleAccessCheck.php +++ b/core/modules/user/lib/Drupal/user/Access/RoleAccessCheck.php @@ -8,6 +8,7 @@ namespace Drupal\user\Access; use Drupal\Core\Access\StaticAccessCheckInterface; +use Drupal\Core\Session\AccountInterface; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\Routing\Route; @@ -30,12 +31,10 @@ public function appliesTo() { /** * {@inheritdoc} */ - public function access(Route $route, Request $request) { + public function access(Route $route, Request $request, AccountInterface $account = NULL) { // Requirements just allow strings, so this might be a comma separated list. $rid_string = $route->getRequirement('_role'); - $account = $request->attributes->get('account'); - $explode_and = array_filter(array_map('trim', explode('+', $rid_string))); if (count($explode_and) > 1) { $diff = array_diff($explode_and, $account->getRoles()); diff --git a/core/modules/views/lib/Drupal/views/ViewsAccessCheck.php b/core/modules/views/lib/Drupal/views/ViewsAccessCheck.php index 8d6c962..44c42f7 100644 --- a/core/modules/views/lib/Drupal/views/ViewsAccessCheck.php +++ b/core/modules/views/lib/Drupal/views/ViewsAccessCheck.php @@ -8,6 +8,7 @@ namespace Drupal\views; use Drupal\Core\Access\StaticAccessCheckInterface; +use Drupal\Core\Session\AccountInterface; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\Routing\Route; @@ -28,8 +29,8 @@ public function appliesTo() { /** * Implements AccessCheckInterface::applies(). */ - public function access(Route $route, Request $request) { - $access = user_access('access all views'); + public function access(Route $route, Request $request, AccountInterface $account = NULL) { + $access = $account->hasPermission('access all views'); return $access ?: NULL; }