diff --git a/core/includes/update.inc b/core/includes/update.inc index 0fcf79e..134e853 100644 --- a/core/includes/update.inc +++ b/core/includes/update.inc @@ -1615,8 +1615,8 @@ function update_replace_permissions($replace) { $role_names = Drupal::service('config.storage')->listAll($prefix); foreach ($role_names as $role_name) { $rid = substr($role_name, $cut); - $config = Drupal::config("user.permission.$rid"); - $permissions = $config->get(); + $config = Drupal::config("user.role.$rid"); + $permissions = $config->get('permissions'); foreach ($replace as $old_permission => $new_permissions) { $key = array_search($old_permission, $permissions); if ($key !== FALSE) { @@ -1625,7 +1625,7 @@ function update_replace_permissions($replace) { } } $config - ->setData($permissions) + ->set('permissions', $permissions) ->save(); } } diff --git a/core/modules/comment/comment.module b/core/modules/comment/comment.module index c262037..54f744d 100644 --- a/core/modules/comment/comment.module +++ b/core/modules/comment/comment.module @@ -1231,9 +1231,10 @@ function comment_node_update_index(EntityInterface $node, $langcode) { // edit could change the security situation so it is not safe to index the // comments. $index_comments = TRUE; - $authenticated_can_access = in_array('access comments', Drupal::config('user.permission.' . DRUPAL_AUTHENTICATED_RID)->get()); + $roles = user_roles(); + $authenticated_can_access = in_array('access comments', $roles[DRUPAL_AUTHENTICATED_RID]->permissions); foreach (user_roles() as $rid => $role_object) { - $permissions = \Drupal::config("user.permission.$rid")->get(); + $permissions = $roles[$rid]->permissions; if (in_array('search content', $permissions) && !in_array('access comments', $permissions) && ($rid == DRUPAL_AUTHENTICATED_RID || $rid == DRUPAL_ANONYMOUS_RID || !$authenticated_can_access)) { $index_comments = FALSE; diff --git a/core/modules/node/lib/Drupal/node/Tests/NodeAccessTest.php b/core/modules/node/lib/Drupal/node/Tests/NodeAccessTest.php index 03b3152..c073b4b 100644 --- a/core/modules/node/lib/Drupal/node/Tests/NodeAccessTest.php +++ b/core/modules/node/lib/Drupal/node/Tests/NodeAccessTest.php @@ -26,7 +26,7 @@ public static function getInfo() { function setUp() { parent::setUp(); // Clear permissions for authenticated users. - $this->container->get('config.factory')->get('user.permission.' . DRUPAL_AUTHENTICATED_RID)->delete(); + $this->container->get('config.factory')->get('user.role.' . DRUPAL_AUTHENTICATED_RID)->clear('permissions'); } /** diff --git a/core/modules/node/node.views_execution.inc b/core/modules/node/node.views_execution.inc index 4c397eb..f264bf2 100644 --- a/core/modules/node/node.views_execution.inc +++ b/core/modules/node/node.views_execution.inc @@ -30,8 +30,8 @@ function node_views_analyze(ViewExecutable $view) { // check for no access control $access = $display->getOption('access'); if (empty($access['type']) || $access['type'] == 'none') { - $anonymous_has_access = in_array('access content', Drupal::config('user.permission.' . DRUPAL_ANONYMOUS_RID)->get()); - $authenticated_has_access = in_array('access content', Drupal::config('user.permission.' . DRUPAL_AUTHENTICATED_RID)->get()); + $anonymous_has_access = in_array('access content', entity_load('user_role', DRUPAL_ANONYMOUS_RID)->permissions); + $authenticated_has_access = in_array('access content', entity_load('user_role.', DRUPAL_AUTHENTICATED_RID)->permissions); if (!$anonymous_has_access || !$authenticated_has_access) { $ret[] = Analyzer::formatMessage(t('Some roles lack permission to access content, but display %display has no access control.', array('%display' => $display->display['display_title'])), 'warning'); } diff --git a/core/modules/simpletest/lib/Drupal/simpletest/WebTestBase.php b/core/modules/simpletest/lib/Drupal/simpletest/WebTestBase.php index 1a51020..753a616 100644 --- a/core/modules/simpletest/lib/Drupal/simpletest/WebTestBase.php +++ b/core/modules/simpletest/lib/Drupal/simpletest/WebTestBase.php @@ -551,7 +551,7 @@ protected function drupalCreateRole(array $permissions, $rid = NULL, $name = NUL // Grant the specified permissions to the role, if any. if (!empty($permissions)) { user_role_grant_permissions($role->id(), $permissions); - $assigned_permissions = $this->container->get('config.factory')->get('user.permission.' . $role->id())->get(); + $assigned_permissions = entity_load('user_role', $role->id())->permissions; $missing_permissions = array_diff($permissions, $assigned_permissions); if (!$missing_permissions) { $this->pass(t('Created permissions: @perms', array('@perms' => implode(', ', $permissions))), t('Role')); diff --git a/core/modules/user/lib/Drupal/user/Plugin/Core/Entity/Role.php b/core/modules/user/lib/Drupal/user/Plugin/Core/Entity/Role.php index 62cc7d3..f4dd1b8 100644 --- a/core/modules/user/lib/Drupal/user/Plugin/Core/Entity/Role.php +++ b/core/modules/user/lib/Drupal/user/Plugin/Core/Entity/Role.php @@ -65,6 +65,13 @@ class Role extends ConfigEntityBase implements RoleInterface { public $weight; /** + * The permissions belonging to this role. + * + * @var array + */ + public $permissions = array(); + + /** * {@inheritdoc} */ public function uri() { diff --git a/core/modules/user/lib/Drupal/user/Plugin/views/field/Permissions.php b/core/modules/user/lib/Drupal/user/Plugin/views/field/Permissions.php index 380832b..cbd5cc2 100644 --- a/core/modules/user/lib/Drupal/user/Plugin/views/field/Permissions.php +++ b/core/modules/user/lib/Drupal/user/Plugin/views/field/Permissions.php @@ -49,9 +49,16 @@ function pre_render(&$values) { $query->fields('u', array('uid', 'rid')); $query->condition('u.uid', $uids); $result = $query->execute(); + $rids = array(); foreach ($result as $row) { - foreach (\Drupal::config("user.permission.$row->rid")->get() as $permission) { - $this->items[$row->uid][$permission]['permission'] = $permission_names[$permission]['title']; + $rids[] = $row->rid; + } + if ($rids) { + $roles = entity_load_multiple('user_role', $rids); + foreach ($result as $row) { + foreach ($roles[$row->rid]->permissions as $permission) { + $this->items[$row->uid][$permission]['permission'] = $permission_names[$permission]['title']; + } } } foreach ($uids as $uid) { diff --git a/core/modules/user/lib/Drupal/user/RoleStorageController.php b/core/modules/user/lib/Drupal/user/RoleStorageController.php index 2864b66..5a42ca8 100644 --- a/core/modules/user/lib/Drupal/user/RoleStorageController.php +++ b/core/modules/user/lib/Drupal/user/RoleStorageController.php @@ -55,15 +55,9 @@ public function resetCache(array $ids = NULL) { * {@inheritdoc} */ protected function postDelete($entities) { - $rids = array_keys($entities); - - // Delete permission assignments. - foreach ($rids as $rid) { - \Drupal::config("user.permission.$rid")->delete(); - } // Remove the role from all users. db_delete('users_roles') - ->condition('rid', $rids) + ->condition('rid', array_keys($entities)) ->execute(); } diff --git a/core/modules/user/user.install b/core/modules/user/user.install index 7f2c742..b57d760 100644 --- a/core/modules/user/user.install +++ b/core/modules/user/user.install @@ -1027,8 +1027,8 @@ function user_update_8018() { $new_permissions[_user_update_map_rid($permission->rid)][] = $permission->permission; } foreach ($new_permissions as $rid => $permissions) { - config("user.permission.$rid") - ->setData($permissions) + config("user.role.$rid") + ->set('permissions', $permissions) ->save(); } } diff --git a/core/modules/user/user.module b/core/modules/user/user.module index 34c7178..f0bfa6b 100644 --- a/core/modules/user/user.module +++ b/core/modules/user/user.module @@ -425,7 +425,7 @@ function user_role_permissions(array $roles) { $role_permissions = array(); foreach ($roles as $rid => $name) { $role_permissions[$rid] = array(); - foreach (Drupal::config("user.permission.$rid")->get() as $permission) { + foreach (Drupal::config("user.role.$rid")->get('permissions') as $permission) { $role_permissions[$rid][$permission] = TRUE; } } @@ -1849,8 +1849,7 @@ function user_roles($membersonly = FALSE, $permission = NULL) { if (!empty($permission)) { foreach ($roles as $rid => $role_object) { - $permissions = Drupal::config("user.permission.$rid")->get(); - if (!in_array($permission, $permissions)) { + if (!in_array($permission, $role_object->permissions)) { unset($roles[$rid]); } } @@ -1961,12 +1960,9 @@ function user_role_change_permissions($rid, array $permissions = array()) { */ function user_role_grant_permissions($rid, array $permissions = array()) { // Grant new permissions for the role. - $config = Drupal::config("user.permission.$rid"); - $old_permissions = $config->get(); - $new_permissions = array_unique(array_merge($old_permissions, $permissions)); - $config - ->setData($new_permissions) - ->save(); + $role_entity = entity_load('user_role', $rid); + $role_entity->permissions = array_unique(array_merge($role_entity->permissions, $permissions)); + $role_entity->save(); $modules = user_permission_get_modules(); $config = Drupal::config('user.module.permission'); @@ -1992,12 +1988,9 @@ function user_role_grant_permissions($rid, array $permissions = array()) { */ function user_role_revoke_permissions($rid, array $permissions = array()) { // Revoke permissions for the role. - $config = config("user.permission.$rid"); - $old_permissions = $config->get(); - $new_permissions = array_diff($old_permissions, $permissions); - $config - ->setData($new_permissions) - ->save(); + $role_entity = entity_load('user_role', $rid); + $role_entity->permissions = array_diff($role_entity->permissions, $permissions); + $role_entity->save(); // Clear the user access cache. drupal_static_reset('user_access'); } @@ -2623,12 +2616,9 @@ function user_modules_uninstalled($modules) { $config->save(); if ($permissions_to_remove) { $permissions_to_remove = array_keys($permissions_to_remove); - foreach (user_roles() as $rid => $role_object) { - $config = Drupal::config("user.permission.$rid"); - $permissions = $config->get(); - $config - ->setData(array_diff($permissions, $permissions_to_remove)) - ->save(); + foreach (user_roles() as $rid => $role_entity) { + $role_entity->permissions = array_diff($role_entity->permissions, $permissions_to_remove); + $role_entity->save(); } } // Remove any potentially orphan module data stored for users.