diff --git a/core/lib/Drupal/Core/Access/AccessibleInterface.php b/core/lib/Drupal/Core/Access/AccessibleInterface.php index 324beea..4432d4c 100644 --- a/core/lib/Drupal/Core/Access/AccessibleInterface.php +++ b/core/lib/Drupal/Core/Access/AccessibleInterface.php @@ -19,8 +19,6 @@ /** * Checks data value access. * - * @param string $operation - * The operation to be performed. * @param \Drupal\Core\Session\AccountInterface $account * (optional) The user for which to check access, or NULL to check access * for the current user. Defaults to NULL. @@ -34,6 +32,6 @@ * returned, i.e. TRUE means access is explicitly allowed, FALSE means * access is either explicitly forbidden or "no opinion". */ - public function access($operation, AccountInterface $account = NULL, $return_as_object = FALSE); + public function access(AccountInterface $account = NULL, $return_as_object = FALSE); } diff --git a/core/lib/Drupal/Core/Action/ActionInterface.php b/core/lib/Drupal/Core/Action/ActionInterface.php index fe04acb..21a5c5e 100644 --- a/core/lib/Drupal/Core/Action/ActionInterface.php +++ b/core/lib/Drupal/Core/Action/ActionInterface.php @@ -9,6 +9,7 @@ use Drupal\Component\Plugin\PluginInspectionInterface; use Drupal\Core\Executable\ExecutableInterface; +use Drupal\Core\Access\AccessibleInterface; /** * Provides an interface for an Action plugin. @@ -34,7 +35,7 @@ * @see \Drupal\Core\Action\ActionBase * @see plugin_api */ -interface ActionInterface extends ExecutableInterface, PluginInspectionInterface { +interface ActionInterface extends ExecutableInterface, PluginInspectionInterface, AccessibleInterface { /** * Executes the plugin for an array of objects. diff --git a/core/lib/Drupal/Core/Block/BlockBase.php b/core/lib/Drupal/Core/Block/BlockBase.php index ba1026b..2a251d2 100644 --- a/core/lib/Drupal/Core/Block/BlockBase.php +++ b/core/lib/Drupal/Core/Block/BlockBase.php @@ -119,7 +119,7 @@ public function calculateDependencies() { /** * {@inheritdoc} */ - public function access(AccountInterface $account) { + public function access(AccountInterface $account = NULL, $return_as_object = FALSE) { // @todo Remove self::blockAccess() and force individual plugins to return // their own AccessResult logic. Until that is done in // https://www.drupal.org/node/2375689 the access will be set uncacheable. @@ -129,7 +129,8 @@ public function access(AccountInterface $account) { else { $access = AccessResult::forbidden(); } - return $access->setCacheable(FALSE); + $access->setCacheable(FALSE); + return $return_as_object ? $access : $access->isAllowed(); } /** diff --git a/core/lib/Drupal/Core/Block/BlockPluginInterface.php b/core/lib/Drupal/Core/Block/BlockPluginInterface.php index f63a955..812daa0 100644 --- a/core/lib/Drupal/Core/Block/BlockPluginInterface.php +++ b/core/lib/Drupal/Core/Block/BlockPluginInterface.php @@ -12,8 +12,8 @@ use Drupal\Component\Plugin\PluginInspectionInterface; use Drupal\Component\Plugin\ConfigurablePluginInterface; use Drupal\Core\Form\FormStateInterface; +use Drupal\Core\Access\AccessibleInterface; use Drupal\Core\Plugin\PluginFormInterface; -use Drupal\Core\Session\AccountInterface; /** * Defines the required interface for all block plugins. @@ -25,7 +25,7 @@ * * @ingroup block_api */ -interface BlockPluginInterface extends ConfigurablePluginInterface, PluginFormInterface, PluginInspectionInterface, CacheableInterface, DerivativeInspectionInterface { +interface BlockPluginInterface extends ConfigurablePluginInterface, PluginFormInterface, PluginInspectionInterface, CacheableInterface, DerivativeInspectionInterface, AccessibleInterface { /** * Returns the user-facing block label. @@ -39,22 +39,6 @@ public function label(); /** - * Indicates whether the block should be shown. - * - * This method allows base implementations to add general access restrictions - * that should apply to all extending block plugins. - * - * @param \Drupal\Core\Session\AccountInterface $account - * The user session for which to check access. - * - * @return bool - * TRUE if the block should be shown, or FALSE otherwise. - * - * @see \Drupal\block\BlockAccessControlHandler - */ - public function access(AccountInterface $account); - - /** * Builds and returns the renderable array for this block plugin. * * @return array diff --git a/core/lib/Drupal/Core/Entity/ContentEntityBase.php b/core/lib/Drupal/Core/Entity/ContentEntityBase.php index 826193b..18dede9 100644 --- a/core/lib/Drupal/Core/Entity/ContentEntityBase.php +++ b/core/lib/Drupal/Core/Entity/ContentEntityBase.php @@ -436,7 +436,7 @@ public function toArray() { /** * {@inheritdoc} */ - public function access($operation, AccountInterface $account = NULL, $return_as_object = FALSE) { + public function access(AccountInterface $account = NULL, $return_as_object = FALSE) { if ($operation == 'create') { return $this->entityManager() ->getAccessControlHandler($this->entityTypeId) diff --git a/core/lib/Drupal/Core/Entity/Entity.php b/core/lib/Drupal/Core/Entity/Entity.php index e582f0e..9344faf 100644 --- a/core/lib/Drupal/Core/Entity/Entity.php +++ b/core/lib/Drupal/Core/Entity/Entity.php @@ -294,7 +294,7 @@ public function uriRelationships() { /** * {@inheritdoc} */ - public function access($operation, AccountInterface $account = NULL, $return_as_object = FALSE) { + public function access(AccountInterface $account = NULL, $return_as_object = FALSE) { if ($operation == 'create') { return $this->entityManager() ->getAccessControlHandler($this->entityTypeId) diff --git a/core/lib/Drupal/Core/Field/FieldItemList.php b/core/lib/Drupal/Core/Field/FieldItemList.php index 27305dc..86666f0 100644 --- a/core/lib/Drupal/Core/Field/FieldItemList.php +++ b/core/lib/Drupal/Core/Field/FieldItemList.php @@ -188,7 +188,7 @@ public function __unset($property_name) { /** * {@inheritdoc} */ - public function access($operation = 'view', AccountInterface $account = NULL, $return_as_object = FALSE) { + public function access(AccountInterface $account = NULL, $return_as_object = FALSE) { $access_control_handler = \Drupal::entityManager()->getAccessControlHandler($this->getEntity()->getEntityTypeId()); return $access_control_handler->fieldAccess($operation, $this->getFieldDefinition(), $account, $this, $return_as_object); } diff --git a/core/modules/action/src/Plugin/Action/EmailAction.php b/core/modules/action/src/Plugin/Action/EmailAction.php index 2a1e3a9..177b794 100644 --- a/core/modules/action/src/Plugin/Action/EmailAction.php +++ b/core/modules/action/src/Plugin/Action/EmailAction.php @@ -11,6 +11,7 @@ use Drupal\Core\Entity\EntityManagerInterface; use Drupal\Core\Form\FormStateInterface; use Drupal\Core\Plugin\ContainerFactoryPluginInterface; +use Drupal\Core\Session\AccountInterface; use Drupal\Core\Utility\Token; use Psr\Log\LoggerInterface; use Symfony\Component\DependencyInjection\ContainerInterface; @@ -172,4 +173,11 @@ public function submitConfigurationForm(array &$form, FormStateInterface $form_s $this->configuration['message'] = $form_state->getValue('message'); } + /** + * {@inheritdoc} + */ + public function access(AccountInterface $account = NULL, $return_as_object = FALSE) { + return TRUE; + } + } diff --git a/core/modules/action/src/Plugin/Action/GotoAction.php b/core/modules/action/src/Plugin/Action/GotoAction.php index 833f304..872db53 100644 --- a/core/modules/action/src/Plugin/Action/GotoAction.php +++ b/core/modules/action/src/Plugin/Action/GotoAction.php @@ -113,4 +113,11 @@ public function submitConfigurationForm(array &$form, FormStateInterface $form_s $this->configuration['url'] = $form_state->getValue('url'); } + /** + * {@inheritdoc} + */ + public function access(AccountInterface $account = NULL, $return_as_object = FALSE) { + return TRUE; + } + } diff --git a/core/modules/action/src/Plugin/Action/MessageAction.php b/core/modules/action/src/Plugin/Action/MessageAction.php index 7996514..432d9db 100644 --- a/core/modules/action/src/Plugin/Action/MessageAction.php +++ b/core/modules/action/src/Plugin/Action/MessageAction.php @@ -11,6 +11,7 @@ use Drupal\Core\Action\ConfigurableActionBase; use Drupal\Core\Form\FormStateInterface; use Drupal\Core\Plugin\ContainerFactoryPluginInterface; +use Drupal\Core\Session\AccountInterface; use Drupal\Core\Utility\Token; use Symfony\Component\DependencyInjection\ContainerInterface; @@ -89,4 +90,11 @@ public function submitConfigurationForm(array &$form, FormStateInterface $form_s unset($this->configuration['node']); } + /** + * {@inheritdoc} + */ + public function access(AccountInterface $account = NULL, $return_as_object = FALSE) { + return TRUE; + } + } diff --git a/core/modules/comment/src/Plugin/Action/PublishComment.php b/core/modules/comment/src/Plugin/Action/PublishComment.php index 41ed873..282f5ec 100644 --- a/core/modules/comment/src/Plugin/Action/PublishComment.php +++ b/core/modules/comment/src/Plugin/Action/PublishComment.php @@ -9,6 +9,7 @@ use Drupal\Core\Action\ActionBase; use Drupal\comment\CommentInterface; +use Drupal\Core\Session\AccountInterface; /** * Publishes a comment. @@ -29,4 +30,11 @@ public function execute($comment = NULL) { $comment->save(); } + /** + * {@inheritdoc} + */ + public function access(AccountInterface $account = NULL, $return_as_object = FALSE) { + return $account->hasPermission('administer comments'); + } + } diff --git a/core/modules/comment/src/Plugin/Action/SaveComment.php b/core/modules/comment/src/Plugin/Action/SaveComment.php index 5ce763e..4530398 100644 --- a/core/modules/comment/src/Plugin/Action/SaveComment.php +++ b/core/modules/comment/src/Plugin/Action/SaveComment.php @@ -8,6 +8,7 @@ namespace Drupal\comment\Plugin\Action; use Drupal\Core\Action\ActionBase; +use Drupal\Core\Session\AccountInterface; /** * Saves a comment. @@ -27,4 +28,11 @@ public function execute($comment = NULL) { $comment->save(); } + /** + * {@inheritdoc} + */ + public function access(AccountInterface $account = NULL, $return_as_object = FALSE) { + return $account->hasPermission('administer comments'); + } + } diff --git a/core/modules/comment/src/Plugin/Action/UnpublishByKeywordComment.php b/core/modules/comment/src/Plugin/Action/UnpublishByKeywordComment.php index 3d10bcb..02cc994 100644 --- a/core/modules/comment/src/Plugin/Action/UnpublishByKeywordComment.php +++ b/core/modules/comment/src/Plugin/Action/UnpublishByKeywordComment.php @@ -11,6 +11,7 @@ use Drupal\Core\Action\ConfigurableActionBase; use Drupal\comment\CommentInterface; use Drupal\Core\Form\FormStateInterface; +use Drupal\Core\Session\AccountInterface; /** * Unpublishes a comment containing certain keywords. @@ -67,4 +68,11 @@ public function submitConfigurationForm(array &$form, FormStateInterface $form_s $this->configuration['keywords'] = Tags::explode($form_state->getValue('keywords')); } + /** + * {@inheritdoc} + */ + public function access(AccountInterface $account = NULL, $return_as_object = FALSE) { + return $account->hasPermission('administer comments'); + } + } diff --git a/core/modules/comment/src/Plugin/Action/UnpublishComment.php b/core/modules/comment/src/Plugin/Action/UnpublishComment.php index 74d565a..ab3ec2f 100644 --- a/core/modules/comment/src/Plugin/Action/UnpublishComment.php +++ b/core/modules/comment/src/Plugin/Action/UnpublishComment.php @@ -9,6 +9,7 @@ use Drupal\Core\Action\ActionBase; use Drupal\comment\CommentInterface; +use Drupal\Core\Session\AccountInterface; /** * Unpublishes a comment. @@ -29,4 +30,11 @@ public function execute($comment = NULL) { $comment->save(); } + /** + * {@inheritdoc} + */ + public function access(AccountInterface $account = NULL, $return_as_object = FALSE) { + return $account->hasPermission('administer comments'); + } + } diff --git a/core/modules/node/src/Entity/Node.php b/core/modules/node/src/Entity/Node.php index 4b7671f..503e23e 100644 --- a/core/modules/node/src/Entity/Node.php +++ b/core/modules/node/src/Entity/Node.php @@ -146,7 +146,7 @@ public function getType() { /** * {@inheritdoc} */ - public function access($operation = 'view', AccountInterface $account = NULL, $return_as_object = FALSE) { + public function access(AccountInterface $account = NULL, $return_as_object = FALSE) { if ($operation == 'create') { return parent::access($operation, $account, $return_as_object); } diff --git a/core/modules/node/src/Plugin/Action/AssignOwnerNode.php b/core/modules/node/src/Plugin/Action/AssignOwnerNode.php index 17e62d1..90c426a 100644 --- a/core/modules/node/src/Plugin/Action/AssignOwnerNode.php +++ b/core/modules/node/src/Plugin/Action/AssignOwnerNode.php @@ -11,6 +11,7 @@ use Drupal\Core\Database\Connection; use Drupal\Core\Form\FormStateInterface; use Drupal\Core\Plugin\ContainerFactoryPluginInterface; +use Drupal\Core\Session\AccountInterface; use Symfony\Component\DependencyInjection\ContainerInterface; /** @@ -132,4 +133,11 @@ public function submitConfigurationForm(array &$form, FormStateInterface $form_s $this->configuration['owner_uid'] = $this->connection->query('SELECT uid from {users_field_data} WHERE name = :name AND default_langcode = 1', array(':name' => $form_state->getValue('owner_name')))->fetchField(); } + /** + * {@inheritdoc} + */ + public function access(AccountInterface $account = NULL, $return_as_object = FALSE) { + return $account->hasPermission('administer nodes'); + } + } diff --git a/core/modules/node/src/Plugin/Action/DeleteNode.php b/core/modules/node/src/Plugin/Action/DeleteNode.php index e71b581..f4c6a4b 100644 --- a/core/modules/node/src/Plugin/Action/DeleteNode.php +++ b/core/modules/node/src/Plugin/Action/DeleteNode.php @@ -9,6 +9,7 @@ use Drupal\Core\Action\ActionBase; use Drupal\Core\Plugin\ContainerFactoryPluginInterface; +use Drupal\Core\Session\AccountInterface; use Drupal\user\TempStoreFactory; use Symfony\Component\DependencyInjection\ContainerInterface; @@ -70,4 +71,11 @@ public function execute($object = NULL) { $this->executeMultiple(array($object)); } + /** + * {@inheritdoc} + */ + public function access(AccountInterface $account = NULL, $return_as_object = FALSE) { + return $account->hasPermission('administer nodes'); + } + } diff --git a/core/modules/node/src/Plugin/Action/DemoteNode.php b/core/modules/node/src/Plugin/Action/DemoteNode.php index e490ecb..646c187 100644 --- a/core/modules/node/src/Plugin/Action/DemoteNode.php +++ b/core/modules/node/src/Plugin/Action/DemoteNode.php @@ -8,6 +8,7 @@ namespace Drupal\node\Plugin\Action; use Drupal\Core\Action\ActionBase; +use Drupal\Core\Session\AccountInterface; /** * Demotes a node. @@ -28,4 +29,11 @@ public function execute($entity = NULL) { $entity->save(); } + /** + * {@inheritdoc} + */ + public function access(AccountInterface $account = NULL, $return_as_object = FALSE) { + return $account->hasPermission('administer content'); + } + } diff --git a/core/modules/node/src/Plugin/Action/PromoteNode.php b/core/modules/node/src/Plugin/Action/PromoteNode.php index 0cfc316..3207f42 100644 --- a/core/modules/node/src/Plugin/Action/PromoteNode.php +++ b/core/modules/node/src/Plugin/Action/PromoteNode.php @@ -8,6 +8,7 @@ namespace Drupal\node\Plugin\Action; use Drupal\Core\Action\ActionBase; +use Drupal\Core\Session\AccountInterface; /** * Promotes a node. @@ -29,4 +30,11 @@ public function execute($entity = NULL) { $entity->save(); } + /** + * {@inheritdoc} + */ + public function access(AccountInterface $account = NULL, $return_as_object = FALSE) { + return $account->hasPermission('administer content'); + } + } diff --git a/core/modules/node/src/Plugin/Action/PublishNode.php b/core/modules/node/src/Plugin/Action/PublishNode.php index 20da55e..8bb1beb 100644 --- a/core/modules/node/src/Plugin/Action/PublishNode.php +++ b/core/modules/node/src/Plugin/Action/PublishNode.php @@ -8,6 +8,7 @@ namespace Drupal\node\Plugin\Action; use Drupal\Core\Action\ActionBase; +use Drupal\Core\Session\AccountInterface; /** * Publishes a node. @@ -28,4 +29,11 @@ public function execute($entity = NULL) { $entity->save(); } + /** + * {@inheritdoc} + */ + public function access(AccountInterface $account = NULL, $return_as_object = FALSE) { + return $account->hasPermission('administer users'); + } + } diff --git a/core/modules/node/src/Plugin/Action/SaveNode.php b/core/modules/node/src/Plugin/Action/SaveNode.php index b758b72..0d98022 100644 --- a/core/modules/node/src/Plugin/Action/SaveNode.php +++ b/core/modules/node/src/Plugin/Action/SaveNode.php @@ -8,6 +8,7 @@ namespace Drupal\node\Plugin\Action; use Drupal\Core\Action\ActionBase; +use Drupal\Core\Session\AccountInterface; /** * Provides an action that can save any entity. @@ -27,4 +28,11 @@ public function execute($entity = NULL) { $entity->save(); } + /** + * {@inheritdoc} + */ + public function access(AccountInterface $account = NULL, $return_as_object = FALSE) { + return $account->hasPermission('administer content'); + } + } diff --git a/core/modules/node/src/Plugin/Action/StickyNode.php b/core/modules/node/src/Plugin/Action/StickyNode.php index c4613ce..06be00a 100644 --- a/core/modules/node/src/Plugin/Action/StickyNode.php +++ b/core/modules/node/src/Plugin/Action/StickyNode.php @@ -8,6 +8,7 @@ namespace Drupal\node\Plugin\Action; use Drupal\Core\Action\ActionBase; +use Drupal\Core\Session\AccountInterface; /** * Makes a node sticky. @@ -29,4 +30,11 @@ public function execute($entity = NULL) { $entity->save(); } + /** + * {@inheritdoc} + */ + public function access(AccountInterface $account = NULL, $return_as_object = FALSE) { + return $account->hasPermission('administer content'); + } + } diff --git a/core/modules/node/src/Plugin/Action/UnpublishByKeywordNode.php b/core/modules/node/src/Plugin/Action/UnpublishByKeywordNode.php index 60bd836..cf619e5 100644 --- a/core/modules/node/src/Plugin/Action/UnpublishByKeywordNode.php +++ b/core/modules/node/src/Plugin/Action/UnpublishByKeywordNode.php @@ -10,6 +10,7 @@ use Drupal\Component\Utility\Tags; use Drupal\Core\Action\ConfigurableActionBase; use Drupal\Core\Form\FormStateInterface; +use Drupal\Core\Session\AccountInterface; /** * Unpublishes a node containing certain keywords. @@ -65,4 +66,11 @@ public function submitConfigurationForm(array &$form, FormStateInterface $form_s $this->configuration['keywords'] = Tags::explode($form_state->getValue('keywords')); } + /** + * {@inheritdoc} + */ + public function access(AccountInterface $account = NULL, $return_as_object = FALSE) { + return $account->hasPermission('administer nodes'); + } + } diff --git a/core/modules/node/src/Plugin/Action/UnpublishNode.php b/core/modules/node/src/Plugin/Action/UnpublishNode.php index d462d6d..ba1f527 100644 --- a/core/modules/node/src/Plugin/Action/UnpublishNode.php +++ b/core/modules/node/src/Plugin/Action/UnpublishNode.php @@ -8,6 +8,7 @@ namespace Drupal\node\Plugin\Action; use Drupal\Core\Action\ActionBase; +use Drupal\Core\Session\AccountInterface; /** * Unpublishes a node. @@ -28,4 +29,11 @@ public function execute($entity = NULL) { $entity->save(); } + /** + * {@inheritdoc} + */ + public function access(AccountInterface $account = NULL, $return_as_object = FALSE) { + return $account->hasPermission('administer content'); + } + } diff --git a/core/modules/node/src/Plugin/Action/UnstickyNode.php b/core/modules/node/src/Plugin/Action/UnstickyNode.php index 204b9d5..aff5239 100644 --- a/core/modules/node/src/Plugin/Action/UnstickyNode.php +++ b/core/modules/node/src/Plugin/Action/UnstickyNode.php @@ -8,6 +8,7 @@ namespace Drupal\node\Plugin\Action; use Drupal\Core\Action\ActionBase; +use Drupal\Core\Session\AccountInterface; /** * Makes a node not sticky. @@ -28,4 +29,11 @@ public function execute($entity = NULL) { $entity->save(); } + /** + * {@inheritdoc} + */ + public function access(AccountInterface $account = NULL, $return_as_object = FALSE) { + return $account->hasPermission('administer content'); + } + } diff --git a/core/modules/node/src/Plugin/Search/NodeSearch.php b/core/modules/node/src/Plugin/Search/NodeSearch.php index 8c795a2..8d1029e 100644 --- a/core/modules/node/src/Plugin/Search/NodeSearch.php +++ b/core/modules/node/src/Plugin/Search/NodeSearch.php @@ -147,7 +147,7 @@ public function __construct(array $configuration, $plugin_id, $plugin_definition /** * {@inheritdoc} */ - public function access($operation = 'view', AccountInterface $account = NULL, $return_as_object = FALSE) { + public function access(AccountInterface $account = NULL, $return_as_object = FALSE) { $result = AccessResult::allowedIfHasPermission($account, 'access content'); return $return_as_object ? $result : $result->isAllowed(); } diff --git a/core/modules/system/tests/modules/action_test/src/Plugin/Action/NoType.php b/core/modules/system/tests/modules/action_test/src/Plugin/Action/NoType.php index 7f18b57..e5954d5 100644 --- a/core/modules/system/tests/modules/action_test/src/Plugin/Action/NoType.php +++ b/core/modules/system/tests/modules/action_test/src/Plugin/Action/NoType.php @@ -8,6 +8,7 @@ namespace Drupal\action_test\Plugin\Action; use Drupal\Core\Action\ActionBase; +use Drupal\Core\Session\AccountInterface; /** * Provides an operation with no type specified. @@ -25,4 +26,11 @@ class NoType extends ActionBase { public function execute($entity = NULL) { } + /** + * {@inheritdoc} + */ + public function access(AccountInterface $account = NULL, $return_as_object = FALSE) { + return TRUE; + } + } diff --git a/core/modules/user/src/Plugin/Action/AddRoleUser.php b/core/modules/user/src/Plugin/Action/AddRoleUser.php index acf4dd9..84e0458 100644 --- a/core/modules/user/src/Plugin/Action/AddRoleUser.php +++ b/core/modules/user/src/Plugin/Action/AddRoleUser.php @@ -7,6 +7,7 @@ namespace Drupal\user\Plugin\Action; +use Drupal\Core\Session\AccountInterface; use Drupal\user\Plugin\Action\ChangeUserRoleBase; /** @@ -35,4 +36,11 @@ public function execute($account = NULL) { } } + /** + * {@inheritdoc} + */ + public function access(AccountInterface $account = NULL, $return_as_object = FALSE) { + return $account->hasPermission('administer users'); + } + } diff --git a/core/modules/user/src/Plugin/Action/BlockUser.php b/core/modules/user/src/Plugin/Action/BlockUser.php index a488f31..dd66e3b 100644 --- a/core/modules/user/src/Plugin/Action/BlockUser.php +++ b/core/modules/user/src/Plugin/Action/BlockUser.php @@ -8,6 +8,7 @@ namespace Drupal\user\Plugin\Action; use Drupal\Core\Action\ActionBase; +use Drupal\Core\Session\AccountInterface; /** * Blocks a user. @@ -34,4 +35,11 @@ public function execute($account = NULL) { } } + /** + * {@inheritdoc} + */ + public function access(AccountInterface $account = NULL, $return_as_object = FALSE) { + return $account->hasPermission('administer users'); + } + } diff --git a/core/modules/user/src/Plugin/Action/CancelUser.php b/core/modules/user/src/Plugin/Action/CancelUser.php index 6c0e392..4da18a4 100644 --- a/core/modules/user/src/Plugin/Action/CancelUser.php +++ b/core/modules/user/src/Plugin/Action/CancelUser.php @@ -9,6 +9,7 @@ use Drupal\Core\Action\ActionBase; use Drupal\Core\Plugin\ContainerFactoryPluginInterface; +use Drupal\Core\Session\AccountInterface; use Drupal\user\TempStoreFactory; use Symfony\Component\DependencyInjection\ContainerInterface; @@ -70,4 +71,11 @@ public function execute($object = NULL) { $this->executeMultiple(array($object)); } + /** + * {@inheritdoc} + */ + public function access(AccountInterface $account = NULL, $return_as_object = FALSE) { + return $account->hasPermission('administer users'); + } + } diff --git a/core/modules/user/src/Plugin/Action/ChangeUserRoleBase.php b/core/modules/user/src/Plugin/Action/ChangeUserRoleBase.php index 5e5c176..055d10e 100644 --- a/core/modules/user/src/Plugin/Action/ChangeUserRoleBase.php +++ b/core/modules/user/src/Plugin/Action/ChangeUserRoleBase.php @@ -12,6 +12,7 @@ use Drupal\Core\Entity\EntityTypeInterface; use Drupal\Core\Form\FormStateInterface; use Drupal\Core\Plugin\ContainerFactoryPluginInterface; +use Drupal\Core\Session\AccountInterface; use Symfony\Component\DependencyInjection\ContainerInterface; /** @@ -91,4 +92,11 @@ public function calculateDependencies() { return $this->dependencies; } + /** + * {@inheritdoc} + */ + public function access(AccountInterface $account = NULL, $return_as_object = FALSE) { + return $account->hasPermission('administer users'); + } + } diff --git a/core/modules/user/src/Plugin/Action/RemoveRoleUser.php b/core/modules/user/src/Plugin/Action/RemoveRoleUser.php index e63a70a..f1174ab 100644 --- a/core/modules/user/src/Plugin/Action/RemoveRoleUser.php +++ b/core/modules/user/src/Plugin/Action/RemoveRoleUser.php @@ -7,6 +7,7 @@ namespace Drupal\user\Plugin\Action; +use Drupal\Core\Session\AccountInterface; use Drupal\user\Plugin\Action\ChangeUserRoleBase; /** @@ -35,4 +36,11 @@ public function execute($account = NULL) { } } + /** + * {@inheritdoc} + */ + public function access(AccountInterface $account = NULL, $return_as_object = FALSE) { + return $account->hasPermission('administer users'); + } + } diff --git a/core/modules/user/src/Plugin/Action/UnblockUser.php b/core/modules/user/src/Plugin/Action/UnblockUser.php index 9c30ebc..2098272 100644 --- a/core/modules/user/src/Plugin/Action/UnblockUser.php +++ b/core/modules/user/src/Plugin/Action/UnblockUser.php @@ -8,6 +8,7 @@ namespace Drupal\user\Plugin\Action; use Drupal\Core\Action\ActionBase; +use Drupal\Core\Session\AccountInterface; /** * Unblocks a user. @@ -31,4 +32,11 @@ public function execute($account = NULL) { } } + /** + * {@inheritdoc} + */ + public function access(AccountInterface $account = NULL, $return_as_object = FALSE) { + return $account->hasPermission('administer users'); + } + } diff --git a/core/modules/user/src/Plugin/Search/UserSearch.php b/core/modules/user/src/Plugin/Search/UserSearch.php index cee66e8..4cd82f8 100644 --- a/core/modules/user/src/Plugin/Search/UserSearch.php +++ b/core/modules/user/src/Plugin/Search/UserSearch.php @@ -98,7 +98,7 @@ public function __construct(Connection $database, EntityManagerInterface $entity /** * {@inheritdoc} */ - public function access($operation = 'view', AccountInterface $account = NULL, $return_as_object = FALSE) { + public function access(AccountInterface $account = NULL, $return_as_object = FALSE) { $result = AccessResult::allowedIf(!empty($account) && $account->hasPermission('access user profiles'))->cachePerRole(); return $return_as_object ? $result : $result->isAllowed(); } diff --git a/core/modules/user/src/Plugin/views/access/Permission.php b/core/modules/user/src/Plugin/views/access/Permission.php index e7c4691..8127411 100644 --- a/core/modules/user/src/Plugin/views/access/Permission.php +++ b/core/modules/user/src/Plugin/views/access/Permission.php @@ -72,8 +72,10 @@ public static function create(ContainerInterface $container, array $configuratio /** * {@inheritdoc} */ - public function access(AccountInterface $account) { - return $account->hasPermission($this->options['perm']); + public function access(AccountInterface $account = NULL, $return_as_object = FALSE) { + $permissions = array($this->options['perm']); + $result = AccessResult::allowedIfHasPermissions($account, $permissions, 'OR'); + return $return_as_object ? $result : $result->isAllowed(); } /** diff --git a/core/modules/views/src/Plugin/views/access/AccessPluginBase.php b/core/modules/views/src/Plugin/views/access/AccessPluginBase.php index c0aaa5d..5f709c7 100644 --- a/core/modules/views/src/Plugin/views/access/AccessPluginBase.php +++ b/core/modules/views/src/Plugin/views/access/AccessPluginBase.php @@ -7,7 +7,7 @@ namespace Drupal\views\Plugin\views\access; -use Drupal\Core\Session\AccountInterface; +use Drupal\Core\Access\AccessibleInterface; use Drupal\views\Plugin\views\PluginBase; use Symfony\Component\Routing\Route; @@ -30,7 +30,7 @@ /** * The base plugin to handle access control. */ -abstract class AccessPluginBase extends PluginBase { +abstract class AccessPluginBase extends PluginBase implements AccessibleInterface { /** * {@inheritdoc} @@ -40,17 +40,6 @@ public function summaryTitle() { } /** - * Determine if the current user has access or not. - * - * @param \Drupal\Core\Session\AccountInterface $account - * The user who wants to access this view. - * - * @return TRUE - * Returns whether the user has access to the view. - */ - abstract public function access(AccountInterface $account); - - /** * Allows access plugins to alter the route definition of a view. * * Likely the access plugin will add new requirements, so its custom access diff --git a/core/modules/views/src/Plugin/views/access/None.php b/core/modules/views/src/Plugin/views/access/None.php index fa1789b..536107b 100644 --- a/core/modules/views/src/Plugin/views/access/None.php +++ b/core/modules/views/src/Plugin/views/access/None.php @@ -33,9 +33,9 @@ public function summaryTitle() { /** * {@inheritdoc} */ - public function access(AccountInterface $account) { + public function access(AccountInterface $account = NULL, $return_as_object = FALSE) { // No access control. - return TRUE; + return $return_as_object ? AccessResult::Allowed() : TRUE; } /** diff --git a/core/modules/views_ui/src/ViewUI.php b/core/modules/views_ui/src/ViewUI.php index 9716499..a7d7b39 100644 --- a/core/modules/views_ui/src/ViewUI.php +++ b/core/modules/views_ui/src/ViewUI.php @@ -987,7 +987,7 @@ public function language() { /** * {@inheritdoc} */ - public function access($operation = 'view', AccountInterface $account = NULL, $return_as_object = FALSE) { + public function access(AccountInterface $account = NULL, $return_as_object = FALSE) { return $this->storage->access($operation, $account, $return_as_object); }