diff --git a/core/modules/user/tests/modules/user_access_test/user_access_test.module b/core/modules/user/tests/modules/user_access_test/user_access_test.module index a5cdb4b3f5..37f1b2f130 100644 --- a/core/modules/user/tests/modules/user_access_test/user_access_test.module +++ b/core/modules/user/tests/modules/user_access_test/user_access_test.module @@ -15,21 +15,29 @@ use Drupal\user\Entity\User; * Implements hook_ENTITY_TYPE_access() for entity type "user". */ function user_access_test_user_access(User $entity, $operation, $account) { + $access = AccessResult::neutral(); if ($entity->getAccountName() == "no_edit" && $operation == "update") { // Deny edit access. - return AccessResult::forbidden(); + $access = AccessResult::forbidden(); } if ($entity->getAccountName() == "no_delete" && $operation == "delete") { // Deny delete access. - return AccessResult::forbidden(); + $access = AccessResult::forbidden(); + } + if ($entity->getAccountName() == "no_view_label" && $operation == "view label") { + // Deny view label access. + $access = AccessResult::forbidden(); + } + if (isset($entity->testAccessAddCacheTags)) { + $access->addCacheTags($entity->testAccessAddCacheTags); } // Account with role sub-admin can manage users with no roles. if (count($entity->getRoles()) == 1) { - return AccessResult::allowedIfHasPermission($account, 'sub-admin'); + $access = AccessResult::allowedIfHasPermission($account, 'sub-admin'); } - return AccessResult::neutral(); + return $access; } /** diff --git a/core/modules/user/user.module b/core/modules/user/user.module index 7c18443ef1..9ce6587ed6 100644 --- a/core/modules/user/user.module +++ b/core/modules/user/user.module @@ -10,7 +10,9 @@ use Drupal\Component\Render\PlainTextOutput; use Drupal\Component\Utility\Unicode; use Drupal\Core\Access\AccessibleInterface; use Drupal\Core\Asset\AttachedAssetsInterface; +use Drupal\Core\Cache\CacheableMetadata; use Drupal\Core\Entity\Display\EntityViewDisplayInterface; +use Drupal\Core\Entity\EntityInterface; use Drupal\Core\Field\BaseFieldDefinition; use Drupal\Core\Render\Element; use Drupal\Core\Routing\RouteMatchInterface; @@ -486,21 +488,35 @@ function template_preprocess_username(&$variables) { } } - // Set the name to a formatted name that is safe for printing and - // that won't break tables by being too long. Keep an unshortened, - // unsanitized version, in case other preprocess functions want to implement - // their own shortening logic or add markup. If they do so, they must ensure - // that $variables['name'] is safe for printing. - $name = $account->getDisplayName(); - $variables['name_raw'] = $account->getAccountName(); - if (mb_strlen($name) > 20) { - $name = Unicode::truncate($name, 15, FALSE, TRUE); - $variables['truncated'] = TRUE; + // Check the current user can view label, or allow if not an entity. + if ($account instanceof EntityInterface) { + $access = $account->access('view label', NULL, TRUE); + $access_label = $access->isAllowed(); + $cacheability = new CacheableMetadata(); + $cacheability + ->addCacheableDependency($access) + ->addCacheableDependency($account) + ->applyTo($variables); + } + else { + $access_label = TRUE; + } + + if ($access_label) { + // Set the name to a formatted name that is safe for printing and that won't + // break tables by being too long. Keep an unshortened, unsanitized version, + // in case other preprocess functions want to implement their own shortening + // logic or add markup. If they do so, they must ensure that + // $variables['name'] is safe for printing. + $variables['name_raw'] = $account->getDisplayName(); + $variables['truncated'] = mb_strlen($variables['name_raw']) > 20; + $variables['name'] = $variables['truncated'] ? Unicode::truncate($variables['name_raw'], 15, FALSE, TRUE) : $variables['name_raw']; } else { $variables['truncated'] = FALSE; + $variables['name'] = $variables['name_raw'] = t('- Restricted access -'); } - $variables['name'] = $name; + if ($account instanceof AccessibleInterface) { $variables['profile_access'] = $account->access('view'); }