diff --git a/core/lib/Drupal/Core/Access/AccessCheckInterface.php b/core/lib/Drupal/Core/Access/AccessCheckInterface.php index a675f41..cd382c9 100644 --- a/core/lib/Drupal/Core/Access/AccessCheckInterface.php +++ b/core/lib/Drupal/Core/Access/AccessCheckInterface.php @@ -8,6 +8,7 @@ namespace Drupal\Core\Access; use Symfony\Component\Routing\Route; +use Symfony\Component\HttpFoundation\Request; /** * A access check service determines access rules for particular routes. @@ -36,5 +37,5 @@ public function applies(Route $route); * FALSE if not. * NULL if no opinion. */ - public function access(Route $route); + public function access(Route $route, Request $request); } diff --git a/core/lib/Drupal/Core/Access/AccessManager.php b/core/lib/Drupal/Core/Access/AccessManager.php index d2cab6a..d42c992 100644 --- a/core/lib/Drupal/Core/Access/AccessManager.php +++ b/core/lib/Drupal/Core/Access/AccessManager.php @@ -32,6 +32,18 @@ class AccessManager extends ContainerAware { protected $checks; /** + * Request Object + * @var object + */ + protected $request; + + /** + * Constructs a new AccessManager. + */ + public function __construct(Request $request) { + $this->request = $request; + } + /** * Registers a new AccessCheck by service ID. * * @param string $service_id @@ -103,7 +115,7 @@ public function check(Route $route) { $this->loadCheck($service_id); } - $access = $this->checks[$service_id]->access($route); + $access = $this->checks[$service_id]->access($route, $this->request); if ($access === FALSE) { // A check has denied access, no need to continue checking. break; diff --git a/core/lib/Drupal/Core/Access/DefaultAccessCheck.php b/core/lib/Drupal/Core/Access/DefaultAccessCheck.php index 7904656..487aa53 100644 --- a/core/lib/Drupal/Core/Access/DefaultAccessCheck.php +++ b/core/lib/Drupal/Core/Access/DefaultAccessCheck.php @@ -8,6 +8,7 @@ namespace Drupal\Core\Access; use Symfony\Component\Routing\Route; +use Symfony\Component\HttpFoundation\Request; /** * Allows access to routes to be controlled by an '_access' boolean parameter. @@ -25,7 +26,7 @@ public function applies(Route $route) { /** * Implements Drupal\Core\Access\AccessCheckInterface::access(). */ - public function access(Route $route) { + public function access(Route $route, Request $request) { return $route->getRequirement('_access'); } } diff --git a/core/lib/Drupal/Core/Access/PermissionAccessCheck.php b/core/lib/Drupal/Core/Access/PermissionAccessCheck.php index f89a423..e36ebcb 100644 --- a/core/lib/Drupal/Core/Access/PermissionAccessCheck.php +++ b/core/lib/Drupal/Core/Access/PermissionAccessCheck.php @@ -8,6 +8,7 @@ namespace Drupal\Core\Access; use Symfony\Component\Routing\Route; +use Symfony\Component\HttpFoundation\Request; /** * Determines access to routes based on permissions defined via hook_permission(). @@ -24,7 +25,7 @@ public function applies(Route $route) { /** * Implements Drupal\Core\Access\AccessCheckInterface::access(). */ - public function access(Route $route) { + public function access(Route $route, Request $request) { $permission = $route->getDefault('_permission'); // @todo Replace user_access() with a correctly injected and session-using // alternative. diff --git a/core/lib/Drupal/Core/CoreBundle.php b/core/lib/Drupal/Core/CoreBundle.php index aa4b66b..477ae55 100644 --- a/core/lib/Drupal/Core/CoreBundle.php +++ b/core/lib/Drupal/Core/CoreBundle.php @@ -109,6 +109,7 @@ public function build(ContainerBuilder $container) { $container->register('legacy_access_subscriber', 'Drupal\Core\EventSubscriber\LegacyAccessSubscriber') ->addTag('event_subscriber'); $container->register('access_manager', 'Drupal\Core\Access\AccessManager') + ->addArgument(new Reference('request')) ->addMethodCall('setContainer', array(new Reference('service_container'))); $container->register('access_subscriber', 'Drupal\Core\EventSubscriber\AccessSubscriber') ->addArgument(new Reference('access_manager')) diff --git a/core/modules/system/lib/Drupal/system/Access/CronAccessCheck.php b/core/modules/system/lib/Drupal/system/Access/CronAccessCheck.php new file mode 100644 index 0000000..bfff5d5 --- /dev/null +++ b/core/modules/system/lib/Drupal/system/Access/CronAccessCheck.php @@ -0,0 +1,41 @@ +getRequirement('_type') == 'cron'; + } + + /** + * Implements Drupal\system\Access\AccessCheckInterface::access(). + */ + public function access(Route $route, Request $request) { + $key = $request->attributes->get('key'); + if ($key != state()->get('system.cron_key')) { + watchdog('cron', 'Cron could not run because an invalid key was used.', array(), WATCHDOG_NOTICE); + return FALSE; + } + elseif (config('system.maintenance')->get('enabled')) { + watchdog('cron', 'Cron could not run because the site is in maintenance mode.', array(), WATCHDOG_NOTICE); + return FALSE; + } + return TRUE; + } +} diff --git a/core/modules/system/lib/Drupal/system/CronController.php b/core/modules/system/lib/Drupal/system/CronController.php index 292d242..1996015 100644 --- a/core/modules/system/lib/Drupal/system/CronController.php +++ b/core/modules/system/lib/Drupal/system/CronController.php @@ -22,34 +22,10 @@ class CronController { * A Symfony response object. */ public function run($key) { - if (!$this->access($key)) { - throw new AccessDeniedHttpException(); - } - // @todo Make this an injected object. drupal_cron_run(); // HTTP 204 is "No content", meaning "I did what you asked and we're done." return new Response('', 204); } - - /** - * Determines if the user has access to run cron. - * - * @todo Eliminate this method in favor of a new-style access checker once - * http://drupal.org/node/1793520 gets in. - */ - function access($key) { - if ($key != state()->get('system.cron_key')) { - watchdog('cron', 'Cron could not run because an invalid key was used.', array(), WATCHDOG_NOTICE); - return FALSE; - } - elseif (config('system.maintenance')->get('enabled')) { - watchdog('cron', 'Cron could not run because the site is in maintenance mode.', array(), WATCHDOG_NOTICE); - return FALSE; - } - - return TRUE; - } - } diff --git a/core/modules/system/lib/Drupal/system/SystemBundle.php b/core/modules/system/lib/Drupal/system/SystemBundle.php new file mode 100644 index 0000000..a290d0e --- /dev/null +++ b/core/modules/system/lib/Drupal/system/SystemBundle.php @@ -0,0 +1,26 @@ +register('access_check.cron', 'Drupal\system\Access\CronAccessCheck') + ->addTag('access_check'); + } +} diff --git a/core/modules/system/system.routing.yml b/core/modules/system/system.routing.yml index 85e0517..05b92ce 100644 --- a/core/modules/system/system.routing.yml +++ b/core/modules/system/system.routing.yml @@ -2,3 +2,5 @@ cron: pattern: '/cron/{key}' defaults: _controller: '\Drupal\system\CronController::run' + requirements: + _type: 'cron'