diff --git a/core/lib/Drupal/Core/Entity/Entity.php b/core/lib/Drupal/Core/Entity/Entity.php index 785c81c..5e98001 100644 --- a/core/lib/Drupal/Core/Entity/Entity.php +++ b/core/lib/Drupal/Core/Entity/Entity.php @@ -257,10 +257,9 @@ public function getIterator() { * Implements \Drupal\Core\TypedData\AccessibleInterface::access(). */ public function access($operation = 'view', \Drupal\user\Plugin\Core\Entity\User $account = NULL) { - $method = $operation . 'Access'; return drupal_container()->get('plugin.manager.entity') ->getAccessController($this->entityType) - ->$method($this, LANGUAGE_DEFAULT, $account); + ->access($this, $operation, LANGUAGE_DEFAULT, $account); } /** diff --git a/core/lib/Drupal/Core/Entity/EntityAccessController.php b/core/lib/Drupal/Core/Entity/EntityAccessController.php index 423281f..731e1b8 100644 --- a/core/lib/Drupal/Core/Entity/EntityAccessController.php +++ b/core/lib/Drupal/Core/Entity/EntityAccessController.php @@ -22,55 +22,52 @@ class EntityAccessController implements EntityAccessControllerInterface { protected $accessCache = array(); /** - * Implements \Drupal\Core\Entity\EntityAccessControllerInterface::viewAccess(). + * Implements \Drupal\Core\Entity\EntityAccessControllerInterface::access(). + * + * This method provides result caching to prevent redundant computation. + * To utilize this, extending classes should not override access(), + * but instead implement the checkAccess() method as below. */ - public function viewAccess(EntityInterface $entity, $langcode = LANGUAGE_DEFAULT, User $account = NULL) { - if (($access = $this->getCache($entity, 'view', $langcode, $account)) !== NULL) { - return $access; - } + public function access(EntityInterface $entity, $operation, $langcode = LANGUAGE_DEFAULT, User $account = NULL) { - $access = (bool) $this->access($entity, 'view', $langcode, $account); - return $this->setCache($access, $entity, 'view', $langcode, $account); - } - - /** - * Implements \Drupal\Core\Entity\EntityAccessControllerInterface::createAccess(). - */ - public function createAccess(EntityInterface $entity, $langcode = LANGUAGE_DEFAULT, User $account = NULL) { - if (($access = $this->getCache($entity, 'create', $langcode, $account)) !== NULL) { - return $access; + // @todo Remove this once we can rely on $account. + if (!$account) { + $account = user_load($GLOBALS['user']->uid); } - $access = (bool) $this->access($entity, 'create', $langcode, $account); - return $this->setCache($access, $entity, 'create', $langcode, $account); - } - - /** - * Implements \Drupal\Core\Entity\EntityAccessControllerInterface::updateAccess(). - */ - public function updateAccess(EntityInterface $entity, $langcode = LANGUAGE_DEFAULT, User $account = NULL) { - if (($access = $this->getCache($entity, 'update', $langcode, $account)) !== NULL) { + if (($access = $this->getCache($entity, $operation, $langcode, $account)) !== NULL) { + // Cache hit, no work necessary. return $access; } - $access = (bool) $this->access($entity, 'update', $langcode, $account); - return $this->setCache($access, $entity, 'update', $langcode, $account); - } + // Invoke hook_entity_access(), hook results take precedence over overridden + // implementations of EntityAccessController::checkAccess(). Entities + // that have checks that need to be done before the hook is invoked should + // do so by overridding this method. - /** - * Implements \Drupal\Core\Entity\EntityAccessControllerInterface::deleteAccess(). - */ - public function deleteAccess(EntityInterface $entity, $langcode = LANGUAGE_DEFAULT, User $account = NULL) { - if (($access = $this->getCache($entity, 'delete', $langcode, $account)) !== NULL) { - return $access; - } + // We grant access to the entity if both of these conditions are met: + // - No modules say to deny access. + // - At least one module says to grant access. + $access = module_invoke_all($entity->entityType() . '_access', $entity, $operation, $account, $langcode); - $access = (bool) $this->access($entity, 'delete', $langcode, $account); - return $this->setCache($access, $entity, 'delete', $langcode, $account); + if (in_array(FALSE, $access, TRUE)) { + $return = FALSE; + } + elseif (in_array(TRUE, $access, TRUE)) { + $return = TRUE; + } + else { + // No result from hook, so entity checks are done. + $return = (bool) $this->checkAccess($entity, $operation, $langcode, $account); + } + return $this->setCache($return, $entity, $operation, $langcode, $account); } /** - * Performs default, shared access checks. + * Performs access checks. + * + * This method is supposed to be overwritten by extending classes that + * do their own custom access checking. * * @param \Drupal\Core\Entity\EntityInterface $entity * The entity for which to check 'create' access. @@ -78,32 +75,16 @@ public function deleteAccess(EntityInterface $entity, $langcode = LANGUAGE_DEFAU * The entity operation. Usually one of 'view', 'edit', 'create' or * 'delete'. * @param string $langcode - * (optional) The language code for which to check access. Defaults to - * LANGUAGE_DEFAULT. + * The language code for which to check access. * @param \Drupal\user\Plugin\Core\Entity\User $account - * (optional) The user for which to check access, or NULL to check access - * for the current user. Defaults to NULL. + * The user for which to check access. * * @return bool|null * TRUE if access was granted, FALSE if access was denied and NULL if access * could not be determined. */ - protected function access(EntityInterface $entity, $operation, $langcode = LANGUAGE_DEFAULT, User $account = NULL) { - // @todo Remove this once we can rely on $account. - if (!$account) { - $account = user_load($GLOBALS['user']->uid); - } - - // We grant access to the entity if both of these conditions are met: - // - No modules say to deny access. - // - At least one module says to grant access. - $access = module_invoke_all($entity->entityType() . '_access', $entity, $operation, $account, $langcode); - if (in_array(FALSE, $access, TRUE)) { - return FALSE; - } - elseif (in_array(TRUE, $access, TRUE)) { - return TRUE; - } + protected function checkAccess(EntityInterface $entity, $operation, $langcode, User $account) { + return NULL; } /** @@ -115,23 +96,16 @@ protected function access(EntityInterface $entity, $operation, $langcode = LANGU * The entity operation. Usually one of 'view', 'edit', 'create' or * 'delete'. * @param string $langcode - * (optional) The language code for which to check access. Defaults to - * LANGUAGE_DEFAULT. + * The language code for which to check access. * @param \Drupal\user\Plugin\Core\Entity\User $account - * (optional) The user for which to check access, or NULL to check access - * for the current user. Defaults to NULL. + * The user for which to check access. * * @return bool|null * TRUE if access was granted, FALSE if access was denied and NULL if there * is no record for the given user, operation, langcode and entity in the * cache. */ - protected function getCache(EntityInterface $entity, $operation, $langcode = LANGUAGE_DEFAULT, User $account = NULL) { - // @todo Remove this once we can rely on $account. - if (!$account) { - $account = user_load($GLOBALS['user']->uid); - } - + protected function getCache(EntityInterface $entity, $operation, $langcode, User $account) { $uid = $account ? $account->id() : 0; $uuid = $entity->uuid(); @@ -150,21 +124,14 @@ protected function getCache(EntityInterface $entity, $operation, $langcode = LAN * The entity operation. Usually one of 'view', 'edit', 'create' or * 'delete'. * @param string $langcode - * (optional) The language code for which to check access. Defaults to - * LANGUAGE_DEFAULT. + * The language code for which to check access. * @param \Drupal\user\Plugin\Core\Entity\User $account - * (optional) The user for which to check access, or NULL to check access - * for the current user. Defaults to NULL. + * The user for which to check access. * * @return bool * TRUE if access was granted, FALSE otherwise. */ - protected function setCache($access, EntityInterface $entity, $operation, $langcode = LANGUAGE_DEFAULT, User $account = NULL) { - // @todo Remove this once we can rely on $account. - if (!$account) { - $account = user_load($GLOBALS['user']->uid); - } - + protected function setCache($access, EntityInterface $entity, $operation, $langcode, User $account) { $uid = $account ? $account->id() : 0; $uuid = $entity->uuid(); diff --git a/core/lib/Drupal/Core/Entity/EntityAccessControllerInterface.php b/core/lib/Drupal/Core/Entity/EntityAccessControllerInterface.php index 66730f6..ddf3dfd 100644 --- a/core/lib/Drupal/Core/Entity/EntityAccessControllerInterface.php +++ b/core/lib/Drupal/Core/Entity/EntityAccessControllerInterface.php @@ -16,10 +16,13 @@ interface EntityAccessControllerInterface { /** - * Checks 'view' access for a given entity or entity translation. + * Checks access to an operation on a given entity or entity translation. * * @param \Drupal\Core\Entity\EntityInterface $entity - * The entity for which to check 'view' access. + * The entity for which to check access. + * @param string $operation + * The operation access should be checked for. + * Usually one of "view", "create", "update" or "delete". * @param string $langcode * (optional) The language code for which to check access. Defaults to * LANGUAGE_DEFAULT. @@ -30,61 +33,11 @@ * @return bool * TRUE if access was granted, FALSE otherwise. */ - public function viewAccess(EntityInterface $entity, $langcode = LANGUAGE_DEFAULT, User $account = NULL); - - /** - * Checks 'create' access for a given entity or entity translation. - * - * @param \Drupal\Core\Entity\EntityInterface $entity - * The entity for which to check 'create' access. - * @param string $langcode - * (optional) The language code for which to check access. Defaults to - * LANGUAGE_DEFAULT. - * @param \Drupal\user\Plugin\Core\Entity\User $account - * (optional) The user for which to check access, or NULL to check access - * for the current user. Defaults to NULL. - * - * @return bool - * TRUE if access was granted, FALSE otherwise. - */ - public function createAccess(EntityInterface $entity, $langcode = LANGUAGE_DEFAULT, User $account = NULL); - - /** - * Checks 'update' access for a given entity or entity translation. - * - * @param \Drupal\Core\Entity\EntityInterface $entity - * The entity to check 'update' access. - * @param string $langcode - * (optional) The language code for which to check access. Defaults to - * LANGUAGE_DEFAULT. - * @param \Drupal\user\Plugin\Core\Entity\User $account - * (optional) The user for which to check access, or NULL to check access - * for the current user. Defaults to NULL. - * - * @return bool - * TRUE if access was granted, FALSE otherwise. - */ - public function updateAccess(EntityInterface $entity, $langcode = LANGUAGE_DEFAULT, User $account = NULL); - - /** - * Checks 'delete' access for a given entity or entity translation. - * - * @param \Drupal\Core\Entity\EntityInterface $entity - * The entity for which to check 'delete' access. - * @param string $langcode - * (optional) The language code for which to check access. Defaults to - * LANGUAGE_DEFAULT. - * @param \Drupal\user\Plugin\Core\Entity\User $account - * (optional) The user for which to check access, or NULL to check access - * for the current user. Defaults to NULL. - * - * @return bool - * TRUE if access was granted, FALSE otherwise. - */ - public function deleteAccess(EntityInterface $entity, $langcode = LANGUAGE_DEFAULT, User $account = NULL); + public function access(EntityInterface $entity, $operation, $langcode = LANGUAGE_DEFAULT, User $account = NULL); /** * Clears all cached access checks. */ public function resetCache(); + } diff --git a/core/lib/Drupal/Core/Entity/Field/Type/EntityTranslation.php b/core/lib/Drupal/Core/Entity/Field/Type/EntityTranslation.php index 97a5627..b34f3d7 100644 --- a/core/lib/Drupal/Core/Entity/Field/Type/EntityTranslation.php +++ b/core/lib/Drupal/Core/Entity/Field/Type/EntityTranslation.php @@ -196,7 +196,6 @@ public function isEmpty() { * Implements \Drupal\Core\TypedData\AccessibleInterface::access(). */ public function access($operation = 'view', \Drupal\user\Plugin\Core\Entity\User $account = NULL) { - $method = $operation . 'Access'; // Determine the language code of this translation by cutting of the // leading "@" from the property name to get the langcode. // @todo Add a way to set and get the langcode so that's more obvious what @@ -204,6 +203,6 @@ public function access($operation = 'view', \Drupal\user\Plugin\Core\Entity\User $langcode = substr($this->getName(), 1); return drupal_container()->get('plugin.manager.entity') ->getAccessController($this->parent->entityType()) - ->$method($this->parent, $langcode, $account); + ->access($this->parent, $operation, $langcode, $account); } } diff --git a/core/modules/block/custom_block/lib/Drupal/custom_block/CustomBlockAccessController.php b/core/modules/block/custom_block/lib/Drupal/custom_block/CustomBlockAccessController.php index 014d54f..c9350ee 100644 --- a/core/modules/block/custom_block/lib/Drupal/custom_block/CustomBlockAccessController.php +++ b/core/modules/block/custom_block/lib/Drupal/custom_block/CustomBlockAccessController.php @@ -17,31 +17,15 @@ class CustomBlockAccessController extends EntityAccessController { /** - * Implements EntityAccessControllerInterface::viewAccess(). + * Overrides \Drupal\Core\Entity\EntityAccessControllerInterface::checkAccess(). */ - public function viewAccess(EntityInterface $entity, $langcode = LANGUAGE_DEFAULT, User $account = NULL) { - return TRUE; - } - - /** - * Implements EntityAccessControllerInterface::createAccess(). - */ - public function createAccess(EntityInterface $entity, $langcode = LANGUAGE_DEFAULT, User $account = NULL) { - return user_access('administer blocks', $account); - } - - /** - * Implements EntityAccessControllerInterface::updateAccess(). - */ - public function updateAccess(EntityInterface $entity, $langcode = LANGUAGE_DEFAULT, User $account = NULL) { - return user_access('administer blocks', $account); - } - - /** - * Implements EntityAccessControllerInterface::deleteAccess(). - */ - public function deleteAccess(EntityInterface $entity, $langcode = LANGUAGE_DEFAULT, User $account = NULL) { - return user_access('administer blocks', $account); + public function checkAccess(EntityInterface $entity, $operation, $langcode, User $account) { + if ($operation === 'view') { + return TRUE; + } + elseif (in_array($operation, array('create', 'update', 'delete'))) { + return user_access('administer blocks', $account); + } } } diff --git a/core/modules/block/lib/Drupal/block/BlockAccessController.php b/core/modules/block/lib/Drupal/block/BlockAccessController.php index 8e8a563..5ab7704 100644 --- a/core/modules/block/lib/Drupal/block/BlockAccessController.php +++ b/core/modules/block/lib/Drupal/block/BlockAccessController.php @@ -17,10 +17,12 @@ class BlockAccessController extends EntityAccessController { /** - * Overrides \Drupal\Core\Entity\EntityAccessController::viewAccess(). + * Overrides \Drupal\Core\Entity\EntityAccessController::checkAccess(). */ - public function viewAccess(EntityInterface $entity, $langcode = LANGUAGE_DEFAULT, User $account = NULL) { - return $entity->getPlugin()->access(); + public function checkAccess(EntityInterface $entity, $operation, $langcode, User $account) { + if ($operation === 'view') { + return $entity->getPlugin()->access(); + } } } diff --git a/core/modules/node/lib/Drupal/node/NodeAccessController.php b/core/modules/node/lib/Drupal/node/NodeAccessController.php index ec68b7e..08789b6 100644 --- a/core/modules/node/lib/Drupal/node/NodeAccessController.php +++ b/core/modules/node/lib/Drupal/node/NodeAccessController.php @@ -18,39 +18,22 @@ class NodeAccessController extends EntityAccessController { /** - * Overrides \Drupal\Core\Entity\EntityAccessController::viewAccess(). - */ - public function viewAccess(EntityInterface $node, $langcode = LANGUAGE_DEFAULT, User $account = NULL) { - if (($cached = $this->getCache($node, 'view', $langcode, $account)) !== NULL ) { - return $cached; - } - - if (($access = $this->access($node, 'view', $langcode, $account)) !== NULL) { - return $this->setCache((bool) $access, $node, 'view', $langcode, $account); - }; - - // If no modules implement hook_node_grants(), the default behavior is to - // allow all users to view published nodes, so reflect that here. - $status = $node instanceof EntityNG ? $node->getTranslation($langcode, FALSE)->status->value : $node->status; - return $this->setCache($status, $node, 'view', $langcode, $account); - } - - /** * Overrides \Drupal\Core\Entity\EntityAccessController::access(). */ - protected function access(EntityInterface $node, $operation, $langcode = LANGUAGE_DEFAULT, User $account = NULL) { + public function access(EntityInterface $entity, $operation, $langcode = LANGUAGE_DEFAULT, User $account = NULL) { if (user_access('bypass node access', $account)) { return TRUE; } - if (!user_access('access content', $account)) { return FALSE; } + return parent::access($entity, $operation, $langcode, $account); + } - if (($access = parent::access($node, $operation, $langcode, $account)) !== NULL) { - return (bool) $access; - }; - + /** + * Overrides \Drupal\Core\Entity\EntityAccessController::checkAccess(). + */ + protected function checkAccess(EntityInterface $node, $operation, $langcode, User $account) { // Fetch information from the node object if possible. $status = isset($node->status) ? $node->status : NULL; $uid = isset($node->uid) ? $node->uid : NULL; @@ -61,11 +44,7 @@ protected function access(EntityInterface $node, $operation, $langcode = LANGUAG } // Check if authors can view their own unpublished nodes. - if ($operation == 'view' && !$status && user_access('view own unpublished content', $account)) { - // @todo Remove this once we can rely on $account. - if (!$account) { - $account = user_load($GLOBALS['user']->uid); - } + if ($operation === 'view' && !$status && user_access('view own unpublished content', $account)) { if ($account->id() != 0 && $account->id() == $uid) { return TRUE; @@ -75,31 +54,35 @@ protected function access(EntityInterface $node, $operation, $langcode = LANGUAG // If no module specified either allow or deny, we fall back to the // node_access table. if (($grants = $this->accessGrants($node, $operation, $langcode, $account)) !== NULL) { - return (bool) $grants; + return $grants; + } + + // If no modules implement hook_node_grants(), the default behavior is to + // allow all users to view published nodes, so reflect that here. + if ($operation === 'view') { + return $status; } } /** * Determines access to nodes based on node grants. * - * @param \Drupal\Core\Entity\EntityInterface $entity + * @param \Drupal\Core\Entity\EntityInterface $node * The entity for which to check 'create' access. * @param string $operation * The entity operation. Usually one of 'view', 'edit', 'create' or * 'delete'. * @param string $langcode - * (optional) The language code for which to check access. Defaults to - * LANGUAGE_DEFAULT. + * The language code for which to check access. * @param \Drupal\user\Plugin\Core\Entity\User $account - * (optional) The user for which to check access, or NULL to check access - * for the current user. Defaults to NULL. + * The user for which to check access. * * @return bool|null * TRUE if access was granted, FALSE if access was denied or NULL if no * module implements hook_node_grants(), the node does not (yet) have an id * or none of the implementing modules explicitly granted or denied access. */ - protected function accessGrants(EntityInterface $node, $operation, $langcode = LANGUAGE_DEFAULT, User $account = NULL) { + protected function accessGrants(EntityInterface $node, $operation, $langcode, User $account) { // If no module implements the hook or the node does not have an id there is // no point in querying the database for access grants. if (!module_implements('node_grants') || !$node->id()) { diff --git a/core/modules/node/node.module b/core/modules/node/node.module index 36dcfe0..3182939 100644 --- a/core/modules/node/node.module +++ b/core/modules/node/node.module @@ -2539,8 +2539,7 @@ function node_access($op, $node, $account = NULL, $langcode = NULL) { $account = user_load($account->uid); } - $method = $op . 'Access'; - return entity_access_controller('node')->$method($node, $langcode, $account); + return entity_access_controller('node')->access($node, $op, $langcode, $account); } /** diff --git a/core/modules/system/lib/Drupal/system/Tests/Entity/EntityAccessTest.php b/core/modules/system/lib/Drupal/system/Tests/Entity/EntityAccessTest.php index 0642032..c29e4f3 100644 --- a/core/modules/system/lib/Drupal/system/Tests/Entity/EntityAccessTest.php +++ b/core/modules/system/lib/Drupal/system/Tests/Entity/EntityAccessTest.php @@ -89,6 +89,10 @@ function testEntityAccess() { * Ensures that the default controller is used as a fallback. */ function testEntityAccessDefaultController() { + // The implementation requires that the global user id can be loaded. + global $user; + $user = $this->createUser(array('uid' => 2)); + // Check that the default access controller is used for entities that don't // have a specific access controller defined. $controller = $this->container->get('plugin.manager.entity')->getAccessController('entity_test_default_access'); diff --git a/core/modules/system/tests/modules/entity_test/lib/Drupal/entity_test/EntityTestAccessController.php b/core/modules/system/tests/modules/entity_test/lib/Drupal/entity_test/EntityTestAccessController.php index b9e9361..f559dea 100644 --- a/core/modules/system/tests/modules/entity_test/lib/Drupal/entity_test/EntityTestAccessController.php +++ b/core/modules/system/tests/modules/entity_test/lib/Drupal/entity_test/EntityTestAccessController.php @@ -17,34 +17,18 @@ class EntityTestAccessController extends EntityAccessController { /** - * Implements \Drupal\Core\Entity\EntityAccessControllerInterface::viewAccess(). + * Overrides EntityAccessControllerInterface::checkAccess(). */ - public function viewAccess(EntityInterface $entity, $langcode = LANGUAGE_DEFAULT, User $account = NULL) { - if ($langcode != LANGUAGE_DEFAULT) { - return user_access('view test entity translations', $account); + public function checkAccess(EntityInterface $entity, $operation, $langcode, User $account) { + if ($operation === 'view') { + if ($langcode != LANGUAGE_DEFAULT) { + return user_access('view test entity translations', $account); + } + return user_access('view test entity', $account); + } + elseif (in_array($operation, array('create', 'update', 'delete'))) { + return user_access('administer entity_test content', $account); } - return user_access('view test entity', $account); - } - - /** - * Implements \Drupal\Core\Entity\EntityAccessControllerInterface::createAccess(). - */ - public function createAccess(EntityInterface $entity, $langcode = LANGUAGE_DEFAULT, User $account = NULL) { - return user_access('administer entity_test content', $account); - } - - /** - * Implements \Drupal\Core\Entity\EntityAccessControllerInterface::updateAccess(). - */ - public function updateAccess(EntityInterface $entity, $langcode = LANGUAGE_DEFAULT, User $account = NULL) { - return user_access('administer entity_test content', $account); - } - - /** - * Implements \Drupal\Core\Entity\EntityAccessControllerInterface::deleteAccess(). - */ - public function deleteAccess(EntityInterface $entity, $langcode = LANGUAGE_DEFAULT, User $account = NULL) { - return user_access('administer entity_test content', $account); } } diff --git a/core/modules/taxonomy/lib/Drupal/taxonomy/TermAccessController.php b/core/modules/taxonomy/lib/Drupal/taxonomy/TermAccessController.php index c45aa02..d10d13a 100644 --- a/core/modules/taxonomy/lib/Drupal/taxonomy/TermAccessController.php +++ b/core/modules/taxonomy/lib/Drupal/taxonomy/TermAccessController.php @@ -19,31 +19,26 @@ class TermAccessController extends EntityAccessController { /** - * Implements \Drupal\Core\Entity\EntityAccessControllerInterface::viewAccess(). + * Overrides \Drupal\Core\Entity\EntityAccessControllerInterface::checkAccess(). */ - public function viewAccess(EntityInterface $entity, $langcode = LANGUAGE_DEFAULT, User $account = NULL) { - return user_access('access content', $account); - } - - /** - * Implements \Drupal\Core\Entity\EntityAccessControllerInterface::createAccess(). - */ - public function createAccess(EntityInterface $entity, $langcode = LANGUAGE_DEFAULT, User $account = NULL) { - return user_access('administer taxonomy', $account); - } - - /** - * Implements \Drupal\Core\Entity\EntityAccessControllerInterface::updateAccess(). - */ - public function updateAccess(EntityInterface $entity, $langcode = LANGUAGE_DEFAULT, User $account = NULL) { - return user_access("update terms in {$entity->bundle()}", $account) || user_access('administer taxonomy', $account); - } - - /** - * Implements \Drupal\Core\Entity\EntityAccessControllerInterface::deleteAccess(). - */ - public function deleteAccess(EntityInterface $entity, $langcode = LANGUAGE_DEFAULT, User $account = NULL) { - return user_access("delete terms in {$entity->bundle()}", $account) || user_access('administer taxonomy', $account); + public function checkAccess(EntityInterface $entity, $operation, $langcode, User $account) { + switch ($operation) { + case 'view': + return user_access('access content', $account); + break; + + case 'create': + return user_access('administer taxonomy', $account); + break; + + case 'update': + return user_access("update terms in {$entity->bundle()}", $account) || user_access('administer taxonomy', $account); + break; + + case 'delete': + return user_access("delete terms in {$entity->bundle()}", $account) || user_access('administer taxonomy', $account); + break; + } } } diff --git a/core/modules/taxonomy/lib/Drupal/taxonomy/VocabularyAccessController.php b/core/modules/taxonomy/lib/Drupal/taxonomy/VocabularyAccessController.php index b1ec119..57a03ea 100644 --- a/core/modules/taxonomy/lib/Drupal/taxonomy/VocabularyAccessController.php +++ b/core/modules/taxonomy/lib/Drupal/taxonomy/VocabularyAccessController.php @@ -19,30 +19,9 @@ class VocabularyAccessController extends EntityAccessController { /** - * Implements \Drupal\Core\Entity\EntityAccessControllerInterface::viewAccess(). + * Overrides \Drupal\Core\Entity\EntityAccessControllerInterface::checkAccess(). */ - public function viewAccess(EntityInterface $entity, $langcode = LANGUAGE_DEFAULT, User $account = NULL) { - return user_access('administer taxonomy', $account); - } - - /** - * Implements \Drupal\Core\Entity\EntityAccessControllerInterface::createAccess(). - */ - public function createAccess(EntityInterface $entity, $langcode = LANGUAGE_DEFAULT, User $account = NULL) { - return user_access('administer taxonomy', $account); - } - - /** - * Implements \Drupal\Core\Entity\EntityAccessControllerInterface::updateAccess(). - */ - public function updateAccess(EntityInterface $entity, $langcode = LANGUAGE_DEFAULT, User $account = NULL) { - return user_access('administer taxonomy', $account); - } - - /** - * Implements \Drupal\Core\Entity\EntityAccessControllerInterface::deleteAccess(). - */ - public function deleteAccess(EntityInterface $entity, $langcode = LANGUAGE_DEFAULT, User $account = NULL) { + public function checkAccess(EntityInterface $entity, $operation, $langcode, User $account) { return user_access('administer taxonomy', $account); } diff --git a/core/modules/user/lib/Drupal/user/UserAccessController.php b/core/modules/user/lib/Drupal/user/UserAccessController.php index 13b8c6b..1af20e3 100644 --- a/core/modules/user/lib/Drupal/user/UserAccessController.php +++ b/core/modules/user/lib/Drupal/user/UserAccessController.php @@ -17,18 +17,43 @@ class UserAccessController extends EntityAccessController { /** - * Implements EntityAccessControllerInterface::viewAccess(). + * Overrides EntityAccessControllerInterface::checkAccess(). */ - public function viewAccess(EntityInterface $entity, $langcode = LANGUAGE_DEFAULT, User $account = NULL) { - $uid = $entity->uid; - if (!$account) { - $account = $GLOBALS['user']; + public function checkAccess(EntityInterface $entity, $operation, $langcode, User $account) { + switch ($operation) { + case 'view': + return $this->viewAccess($entity, $langcode, $account); + break; + + case 'create': + return user_access('administer users', $account); + break; + + case 'update': + // Users can always edit their own account. Users with the 'administer + // users' permission can edit any account except the anonymous account. + return (($account->uid == $entity->uid) || user_access('administer users', $account)) && $entity->uid > 0; + break; + + case 'delete': + // Users with 'cancel account' permission can cancel their own account, + // users with 'administer users' permission can cancel any account + // except the anonymous account. + return ((($account->uid == $entity->uid) && user_access('cancel account', $account)) || user_access('administer users', $account)) && $entity->uid > 0; + break; } + } + /** + * Check view access. + * + * See EntityAccessControllerInterface::view() for parameters. + */ + protected function viewAccess(EntityInterface $entity, $langcode, User $account) { // Never allow access to view the anonymous user account. - if ($uid) { + if ($entity->uid) { // Admins can view all, users can view own profiles at all times. - if ($account->uid == $uid || user_access('administer users', $account)) { + if ($account->uid == $entity->uid || user_access('administer users', $account)) { return TRUE; } elseif (user_access('access user profiles', $account)) { @@ -39,36 +64,4 @@ public function viewAccess(EntityInterface $entity, $langcode = LANGUAGE_DEFAULT return FALSE; } - /** - * Implements EntityAccessControllerInterface::createAccess(). - */ - public function createAccess(EntityInterface $entity, $langcode = LANGUAGE_DEFAULT, User $account = NULL) { - return user_access('administer users', $account); - } - - /** - * Implements EntityAccessControllerInterface::updateAccess(). - */ - public function updateAccess(EntityInterface $entity, $langcode = LANGUAGE_DEFAULT, User $account = NULL) { - if (!$account) { - $account = $GLOBALS['user']; - } - // Users can always edit their own account. Users with the 'administer - // users' permission can edit any account except the anonymous account. - return (($account->uid == $entity->uid) || user_access('administer users', $account)) && $entity->uid > 0; - } - - /** - * Implements EntityAccessControllerInterface::deleteAccess(). - */ - public function deleteAccess(EntityInterface $entity, $langcode = LANGUAGE_DEFAULT, User $account = NULL) { - if (!$account) { - $account = $GLOBALS['user']; - } - // Users with 'cancel account' permission can cancel their own account, - // users with 'administer users' permission can cancel any account except - // the anonymous account. - return ((($account->uid == $entity->uid) && user_access('cancel account', $account)) || user_access('administer users', $account)) && $entity->uid > 0; - } - }