diff --git a/core/lib/Drupal/Core/Action/ActionInterface.php b/core/lib/Drupal/Core/Action/ActionInterface.php index fe04acb..21a5c5e 100644 --- a/core/lib/Drupal/Core/Action/ActionInterface.php +++ b/core/lib/Drupal/Core/Action/ActionInterface.php @@ -9,6 +9,7 @@ use Drupal\Component\Plugin\PluginInspectionInterface; use Drupal\Core\Executable\ExecutableInterface; +use Drupal\Core\Access\AccessibleInterface; /** * Provides an interface for an Action plugin. @@ -34,7 +35,7 @@ * @see \Drupal\Core\Action\ActionBase * @see plugin_api */ -interface ActionInterface extends ExecutableInterface, PluginInspectionInterface { +interface ActionInterface extends ExecutableInterface, PluginInspectionInterface, AccessibleInterface { /** * Executes the plugin for an array of objects. diff --git a/core/lib/Drupal/Core/Block/BlockBase.php b/core/lib/Drupal/Core/Block/BlockBase.php index ba1026b..ad8ed47 100644 --- a/core/lib/Drupal/Core/Block/BlockBase.php +++ b/core/lib/Drupal/Core/Block/BlockBase.php @@ -119,7 +119,7 @@ public function calculateDependencies() { /** * {@inheritdoc} */ - public function access(AccountInterface $account) { + public function access($operation, AccountInterface $account = NULL, $return_as_object = FALSE) { // @todo Remove self::blockAccess() and force individual plugins to return // their own AccessResult logic. Until that is done in // https://www.drupal.org/node/2375689 the access will be set uncacheable. @@ -129,7 +129,8 @@ public function access(AccountInterface $account) { else { $access = AccessResult::forbidden(); } - return $access->setCacheable(FALSE); + $access->setCacheable(FALSE); + return $return_as_object ? $access : $access->isAllowed(); } /** diff --git a/core/lib/Drupal/Core/Block/BlockPluginInterface.php b/core/lib/Drupal/Core/Block/BlockPluginInterface.php index f63a955..812daa0 100644 --- a/core/lib/Drupal/Core/Block/BlockPluginInterface.php +++ b/core/lib/Drupal/Core/Block/BlockPluginInterface.php @@ -12,8 +12,8 @@ use Drupal\Component\Plugin\PluginInspectionInterface; use Drupal\Component\Plugin\ConfigurablePluginInterface; use Drupal\Core\Form\FormStateInterface; +use Drupal\Core\Access\AccessibleInterface; use Drupal\Core\Plugin\PluginFormInterface; -use Drupal\Core\Session\AccountInterface; /** * Defines the required interface for all block plugins. @@ -25,7 +25,7 @@ * * @ingroup block_api */ -interface BlockPluginInterface extends ConfigurablePluginInterface, PluginFormInterface, PluginInspectionInterface, CacheableInterface, DerivativeInspectionInterface { +interface BlockPluginInterface extends ConfigurablePluginInterface, PluginFormInterface, PluginInspectionInterface, CacheableInterface, DerivativeInspectionInterface, AccessibleInterface { /** * Returns the user-facing block label. @@ -39,22 +39,6 @@ public function label(); /** - * Indicates whether the block should be shown. - * - * This method allows base implementations to add general access restrictions - * that should apply to all extending block plugins. - * - * @param \Drupal\Core\Session\AccountInterface $account - * The user session for which to check access. - * - * @return bool - * TRUE if the block should be shown, or FALSE otherwise. - * - * @see \Drupal\block\BlockAccessControlHandler - */ - public function access(AccountInterface $account); - - /** * Builds and returns the renderable array for this block plugin. * * @return array diff --git a/core/modules/action/src/Plugin/Action/EmailAction.php b/core/modules/action/src/Plugin/Action/EmailAction.php index 2a1e3a9..96ca170 100644 --- a/core/modules/action/src/Plugin/Action/EmailAction.php +++ b/core/modules/action/src/Plugin/Action/EmailAction.php @@ -11,6 +11,7 @@ use Drupal\Core\Entity\EntityManagerInterface; use Drupal\Core\Form\FormStateInterface; use Drupal\Core\Plugin\ContainerFactoryPluginInterface; +use Drupal\Core\Session\AccountInterface; use Drupal\Core\Utility\Token; use Psr\Log\LoggerInterface; use Symfony\Component\DependencyInjection\ContainerInterface; @@ -172,4 +173,11 @@ public function submitConfigurationForm(array &$form, FormStateInterface $form_s $this->configuration['message'] = $form_state->getValue('message'); } + /** + * {@inheritdoc} + */ + public function access($operation, AccountInterface $account = NULL, $return_as_object = FALSE) { + return TRUE; + } + } diff --git a/core/modules/action/src/Plugin/Action/GotoAction.php b/core/modules/action/src/Plugin/Action/GotoAction.php index 833f304..d2f9e43 100644 --- a/core/modules/action/src/Plugin/Action/GotoAction.php +++ b/core/modules/action/src/Plugin/Action/GotoAction.php @@ -11,6 +11,7 @@ use Drupal\Core\Form\FormStateInterface; use Drupal\Core\Plugin\ContainerFactoryPluginInterface; use Drupal\Core\Routing\UrlGeneratorInterface; +use Drupal\Core\Session\AccountInterface; use Symfony\Component\DependencyInjection\ContainerInterface; use Symfony\Component\EventDispatcher\EventDispatcherInterface; use Symfony\Component\HttpFoundation\RedirectResponse; @@ -113,4 +114,11 @@ public function submitConfigurationForm(array &$form, FormStateInterface $form_s $this->configuration['url'] = $form_state->getValue('url'); } + /** + * {@inheritdoc} + */ + public function access($operation, AccountInterface $account = NULL, $return_as_object = FALSE) { + return TRUE; + } + } diff --git a/core/modules/action/src/Plugin/Action/MessageAction.php b/core/modules/action/src/Plugin/Action/MessageAction.php index 7996514..29440cd 100644 --- a/core/modules/action/src/Plugin/Action/MessageAction.php +++ b/core/modules/action/src/Plugin/Action/MessageAction.php @@ -11,6 +11,7 @@ use Drupal\Core\Action\ConfigurableActionBase; use Drupal\Core\Form\FormStateInterface; use Drupal\Core\Plugin\ContainerFactoryPluginInterface; +use Drupal\Core\Session\AccountInterface; use Drupal\Core\Utility\Token; use Symfony\Component\DependencyInjection\ContainerInterface; @@ -89,4 +90,11 @@ public function submitConfigurationForm(array &$form, FormStateInterface $form_s unset($this->configuration['node']); } + /** + * {@inheritdoc} + */ + public function access($operation, AccountInterface $account = NULL, $return_as_object = FALSE) { + return TRUE; + } + } diff --git a/core/modules/block/src/BlockAccessControlHandler.php b/core/modules/block/src/BlockAccessControlHandler.php index 6160f84..93fb27c 100644 --- a/core/modules/block/src/BlockAccessControlHandler.php +++ b/core/modules/block/src/BlockAccessControlHandler.php @@ -100,7 +100,7 @@ protected function checkAccess(EntityInterface $entity, $operation, $langcode, A } if ($this->resolveConditions($conditions, 'and') !== FALSE) { // Delegate to the plugin. - $access = $entity->getPlugin()->access($account); + $access = $entity->getPlugin()->access('view', $account, TRUE); } else { $access = AccessResult::forbidden(); diff --git a/core/modules/comment/src/Plugin/Action/PublishComment.php b/core/modules/comment/src/Plugin/Action/PublishComment.php index 41ed873..a838f75 100644 --- a/core/modules/comment/src/Plugin/Action/PublishComment.php +++ b/core/modules/comment/src/Plugin/Action/PublishComment.php @@ -9,6 +9,7 @@ use Drupal\Core\Action\ActionBase; use Drupal\comment\CommentInterface; +use Drupal\Core\Session\AccountInterface; /** * Publishes a comment. @@ -29,4 +30,11 @@ public function execute($comment = NULL) { $comment->save(); } + /** + * {@inheritdoc} + */ + public function access($operation, AccountInterface $account = NULL, $return_as_object = FALSE) { + return $account->hasPermission('administer comments'); + } + } diff --git a/core/modules/comment/src/Plugin/Action/SaveComment.php b/core/modules/comment/src/Plugin/Action/SaveComment.php index 5ce763e..c7d419c 100644 --- a/core/modules/comment/src/Plugin/Action/SaveComment.php +++ b/core/modules/comment/src/Plugin/Action/SaveComment.php @@ -8,6 +8,7 @@ namespace Drupal\comment\Plugin\Action; use Drupal\Core\Action\ActionBase; +use Drupal\Core\Session\AccountInterface; /** * Saves a comment. @@ -27,4 +28,11 @@ public function execute($comment = NULL) { $comment->save(); } + /** + * {@inheritdoc} + */ + public function access($operation, AccountInterface $account = NULL, $return_as_object = FALSE) { + return $account->hasPermission('administer comments'); + } + } diff --git a/core/modules/comment/src/Plugin/Action/UnpublishByKeywordComment.php b/core/modules/comment/src/Plugin/Action/UnpublishByKeywordComment.php index 3d10bcb..747b3e3 100644 --- a/core/modules/comment/src/Plugin/Action/UnpublishByKeywordComment.php +++ b/core/modules/comment/src/Plugin/Action/UnpublishByKeywordComment.php @@ -11,6 +11,7 @@ use Drupal\Core\Action\ConfigurableActionBase; use Drupal\comment\CommentInterface; use Drupal\Core\Form\FormStateInterface; +use Drupal\Core\Session\AccountInterface; /** * Unpublishes a comment containing certain keywords. @@ -67,4 +68,11 @@ public function submitConfigurationForm(array &$form, FormStateInterface $form_s $this->configuration['keywords'] = Tags::explode($form_state->getValue('keywords')); } + /** + * {@inheritdoc} + */ + public function access($operation, AccountInterface $account = NULL, $return_as_object = FALSE) { + return $account->hasPermission('administer comments'); + } + } diff --git a/core/modules/comment/src/Plugin/Action/UnpublishComment.php b/core/modules/comment/src/Plugin/Action/UnpublishComment.php index 74d565a..7dc221d 100644 --- a/core/modules/comment/src/Plugin/Action/UnpublishComment.php +++ b/core/modules/comment/src/Plugin/Action/UnpublishComment.php @@ -9,6 +9,7 @@ use Drupal\Core\Action\ActionBase; use Drupal\comment\CommentInterface; +use Drupal\Core\Session\AccountInterface; /** * Unpublishes a comment. @@ -29,4 +30,11 @@ public function execute($comment = NULL) { $comment->save(); } + /** + * {@inheritdoc} + */ + public function access($operation, AccountInterface $account = NULL, $return_as_object = FALSE) { + return $account->hasPermission('administer comments'); + } + } diff --git a/core/modules/node/src/Plugin/Action/AssignOwnerNode.php b/core/modules/node/src/Plugin/Action/AssignOwnerNode.php index 17e62d1..cb93865 100644 --- a/core/modules/node/src/Plugin/Action/AssignOwnerNode.php +++ b/core/modules/node/src/Plugin/Action/AssignOwnerNode.php @@ -11,6 +11,7 @@ use Drupal\Core\Database\Connection; use Drupal\Core\Form\FormStateInterface; use Drupal\Core\Plugin\ContainerFactoryPluginInterface; +use Drupal\Core\Session\AccountInterface; use Symfony\Component\DependencyInjection\ContainerInterface; /** @@ -132,4 +133,11 @@ public function submitConfigurationForm(array &$form, FormStateInterface $form_s $this->configuration['owner_uid'] = $this->connection->query('SELECT uid from {users_field_data} WHERE name = :name AND default_langcode = 1', array(':name' => $form_state->getValue('owner_name')))->fetchField(); } + /** + * {@inheritdoc} + */ + public function access($operation, AccountInterface $account = NULL, $return_as_object = FALSE) { + return $account->hasPermission('administer nodes'); + } + } diff --git a/core/modules/node/src/Plugin/Action/DeleteNode.php b/core/modules/node/src/Plugin/Action/DeleteNode.php index e71b581..9da719b 100644 --- a/core/modules/node/src/Plugin/Action/DeleteNode.php +++ b/core/modules/node/src/Plugin/Action/DeleteNode.php @@ -9,6 +9,7 @@ use Drupal\Core\Action\ActionBase; use Drupal\Core\Plugin\ContainerFactoryPluginInterface; +use Drupal\Core\Session\AccountInterface; use Drupal\user\TempStoreFactory; use Symfony\Component\DependencyInjection\ContainerInterface; @@ -70,4 +71,11 @@ public function execute($object = NULL) { $this->executeMultiple(array($object)); } + /** + * {@inheritdoc} + */ + public function access($operation, AccountInterface $account = NULL, $return_as_object = FALSE) { + return $account->hasPermission('administer nodes'); + } + } diff --git a/core/modules/node/src/Plugin/Action/DemoteNode.php b/core/modules/node/src/Plugin/Action/DemoteNode.php index e490ecb..b37eea6 100644 --- a/core/modules/node/src/Plugin/Action/DemoteNode.php +++ b/core/modules/node/src/Plugin/Action/DemoteNode.php @@ -8,6 +8,7 @@ namespace Drupal\node\Plugin\Action; use Drupal\Core\Action\ActionBase; +use Drupal\Core\Session\AccountInterface; /** * Demotes a node. @@ -28,4 +29,11 @@ public function execute($entity = NULL) { $entity->save(); } + /** + * {@inheritdoc} + */ + public function access($operation, AccountInterface $account = NULL, $return_as_object = FALSE) { + return $account->hasPermission('administer content'); + } + } diff --git a/core/modules/node/src/Plugin/Action/PromoteNode.php b/core/modules/node/src/Plugin/Action/PromoteNode.php index 0cfc316..b53f77c 100644 --- a/core/modules/node/src/Plugin/Action/PromoteNode.php +++ b/core/modules/node/src/Plugin/Action/PromoteNode.php @@ -8,6 +8,7 @@ namespace Drupal\node\Plugin\Action; use Drupal\Core\Action\ActionBase; +use Drupal\Core\Session\AccountInterface; /** * Promotes a node. @@ -29,4 +30,11 @@ public function execute($entity = NULL) { $entity->save(); } + /** + * {@inheritdoc} + */ + public function access($operation, AccountInterface $account = NULL, $return_as_object = FALSE) { + return $account->hasPermission('administer content'); + } + } diff --git a/core/modules/node/src/Plugin/Action/PublishNode.php b/core/modules/node/src/Plugin/Action/PublishNode.php index 20da55e..914f78f 100644 --- a/core/modules/node/src/Plugin/Action/PublishNode.php +++ b/core/modules/node/src/Plugin/Action/PublishNode.php @@ -8,6 +8,7 @@ namespace Drupal\node\Plugin\Action; use Drupal\Core\Action\ActionBase; +use Drupal\Core\Session\AccountInterface; /** * Publishes a node. @@ -28,4 +29,11 @@ public function execute($entity = NULL) { $entity->save(); } + /** + * {@inheritdoc} + */ + public function access($operation, AccountInterface $account = NULL, $return_as_object = FALSE) { + return $account->hasPermission('administer users'); + } + } diff --git a/core/modules/node/src/Plugin/Action/SaveNode.php b/core/modules/node/src/Plugin/Action/SaveNode.php index b758b72..4160fe9 100644 --- a/core/modules/node/src/Plugin/Action/SaveNode.php +++ b/core/modules/node/src/Plugin/Action/SaveNode.php @@ -8,6 +8,7 @@ namespace Drupal\node\Plugin\Action; use Drupal\Core\Action\ActionBase; +use Drupal\Core\Session\AccountInterface; /** * Provides an action that can save any entity. @@ -27,4 +28,11 @@ public function execute($entity = NULL) { $entity->save(); } + /** + * {@inheritdoc} + */ + public function access($operation, AccountInterface $account = NULL, $return_as_object = FALSE) { + return $account->hasPermission('administer content'); + } + } diff --git a/core/modules/node/src/Plugin/Action/StickyNode.php b/core/modules/node/src/Plugin/Action/StickyNode.php index c4613ce..cdd6b5f 100644 --- a/core/modules/node/src/Plugin/Action/StickyNode.php +++ b/core/modules/node/src/Plugin/Action/StickyNode.php @@ -8,6 +8,7 @@ namespace Drupal\node\Plugin\Action; use Drupal\Core\Action\ActionBase; +use Drupal\Core\Session\AccountInterface; /** * Makes a node sticky. @@ -29,4 +30,11 @@ public function execute($entity = NULL) { $entity->save(); } + /** + * {@inheritdoc} + */ + public function access($operation, AccountInterface $account = NULL, $return_as_object = FALSE) { + return $account->hasPermission('administer content'); + } + } diff --git a/core/modules/node/src/Plugin/Action/UnpublishByKeywordNode.php b/core/modules/node/src/Plugin/Action/UnpublishByKeywordNode.php index 60bd836..03e7db1 100644 --- a/core/modules/node/src/Plugin/Action/UnpublishByKeywordNode.php +++ b/core/modules/node/src/Plugin/Action/UnpublishByKeywordNode.php @@ -10,6 +10,7 @@ use Drupal\Component\Utility\Tags; use Drupal\Core\Action\ConfigurableActionBase; use Drupal\Core\Form\FormStateInterface; +use Drupal\Core\Session\AccountInterface; /** * Unpublishes a node containing certain keywords. @@ -65,4 +66,11 @@ public function submitConfigurationForm(array &$form, FormStateInterface $form_s $this->configuration['keywords'] = Tags::explode($form_state->getValue('keywords')); } + /** + * {@inheritdoc} + */ + public function access($operation, AccountInterface $account = NULL, $return_as_object = FALSE) { + return $account->hasPermission('administer nodes'); + } + } diff --git a/core/modules/node/src/Plugin/Action/UnpublishNode.php b/core/modules/node/src/Plugin/Action/UnpublishNode.php index d462d6d..49cdac6 100644 --- a/core/modules/node/src/Plugin/Action/UnpublishNode.php +++ b/core/modules/node/src/Plugin/Action/UnpublishNode.php @@ -8,6 +8,7 @@ namespace Drupal\node\Plugin\Action; use Drupal\Core\Action\ActionBase; +use Drupal\Core\Session\AccountInterface; /** * Unpublishes a node. @@ -28,4 +29,11 @@ public function execute($entity = NULL) { $entity->save(); } + /** + * {@inheritdoc} + */ + public function access($operation, AccountInterface $account = NULL, $return_as_object = FALSE) { + return $account->hasPermission('administer content'); + } + } diff --git a/core/modules/node/src/Plugin/Action/UnstickyNode.php b/core/modules/node/src/Plugin/Action/UnstickyNode.php index 204b9d5..faeca3f 100644 --- a/core/modules/node/src/Plugin/Action/UnstickyNode.php +++ b/core/modules/node/src/Plugin/Action/UnstickyNode.php @@ -8,6 +8,7 @@ namespace Drupal\node\Plugin\Action; use Drupal\Core\Action\ActionBase; +use Drupal\Core\Session\AccountInterface; /** * Makes a node not sticky. @@ -28,4 +29,11 @@ public function execute($entity = NULL) { $entity->save(); } + /** + * {@inheritdoc} + */ + public function access($operation, AccountInterface $account = NULL, $return_as_object = FALSE) { + return $account->hasPermission('administer content'); + } + } diff --git a/core/modules/system/tests/modules/action_test/src/Plugin/Action/NoType.php b/core/modules/system/tests/modules/action_test/src/Plugin/Action/NoType.php index 7f18b57..a5ede61 100644 --- a/core/modules/system/tests/modules/action_test/src/Plugin/Action/NoType.php +++ b/core/modules/system/tests/modules/action_test/src/Plugin/Action/NoType.php @@ -8,6 +8,7 @@ namespace Drupal\action_test\Plugin\Action; use Drupal\Core\Action\ActionBase; +use Drupal\Core\Session\AccountInterface; /** * Provides an operation with no type specified. @@ -25,4 +26,11 @@ class NoType extends ActionBase { public function execute($entity = NULL) { } + /** + * {@inheritdoc} + */ + public function access($operation, AccountInterface $account = NULL, $return_as_object = FALSE) { + return TRUE; + } + } diff --git a/core/modules/system/tests/modules/action_test/src/Plugin/Action/SaveEntity.php b/core/modules/system/tests/modules/action_test/src/Plugin/Action/SaveEntity.php index e3d296f..98e94bd 100644 --- a/core/modules/system/tests/modules/action_test/src/Plugin/Action/SaveEntity.php +++ b/core/modules/system/tests/modules/action_test/src/Plugin/Action/SaveEntity.php @@ -7,7 +7,9 @@ namespace Drupal\action_test\Plugin\Action; +use Drupal\Core\Access\AccessResult; use Drupal\Core\Action\ActionBase; +use Drupal\Core\Session\AccountInterface; /** * Provides an operation to save user entities. @@ -27,4 +29,12 @@ public function execute($entity = NULL) { $entity->save(); } + /** + * {@inheritdoc} + */ + public function access($operation, AccountInterface $account = NULL, $return_as_object = FALSE) { + $result = AccessResult::allowedIfHasPermission($account, 'administer users', 'OR'); + return $return_as_object ? $result : $result->isAllowed(); + } + } diff --git a/core/modules/user/src/Plugin/Action/AddRoleUser.php b/core/modules/user/src/Plugin/Action/AddRoleUser.php index acf4dd9..8f6165a 100644 --- a/core/modules/user/src/Plugin/Action/AddRoleUser.php +++ b/core/modules/user/src/Plugin/Action/AddRoleUser.php @@ -7,6 +7,7 @@ namespace Drupal\user\Plugin\Action; +use Drupal\Core\Session\AccountInterface; use Drupal\user\Plugin\Action\ChangeUserRoleBase; /** @@ -35,4 +36,11 @@ public function execute($account = NULL) { } } + /** + * {@inheritdoc} + */ + public function access($operation, AccountInterface $account = NULL, $return_as_object = FALSE) { + return $account->hasPermission('administer users'); + } + } diff --git a/core/modules/user/src/Plugin/Action/BlockUser.php b/core/modules/user/src/Plugin/Action/BlockUser.php index a488f31..3d0b000 100644 --- a/core/modules/user/src/Plugin/Action/BlockUser.php +++ b/core/modules/user/src/Plugin/Action/BlockUser.php @@ -8,6 +8,7 @@ namespace Drupal\user\Plugin\Action; use Drupal\Core\Action\ActionBase; +use Drupal\Core\Session\AccountInterface; /** * Blocks a user. @@ -34,4 +35,11 @@ public function execute($account = NULL) { } } + /** + * {@inheritdoc} + */ + public function access($operation, AccountInterface $account = NULL, $return_as_object = FALSE) { + return $account->hasPermission('administer users'); + } + } diff --git a/core/modules/user/src/Plugin/Action/CancelUser.php b/core/modules/user/src/Plugin/Action/CancelUser.php index 6c0e392..3a04b4d 100644 --- a/core/modules/user/src/Plugin/Action/CancelUser.php +++ b/core/modules/user/src/Plugin/Action/CancelUser.php @@ -9,6 +9,7 @@ use Drupal\Core\Action\ActionBase; use Drupal\Core\Plugin\ContainerFactoryPluginInterface; +use Drupal\Core\Session\AccountInterface; use Drupal\user\TempStoreFactory; use Symfony\Component\DependencyInjection\ContainerInterface; @@ -70,4 +71,11 @@ public function execute($object = NULL) { $this->executeMultiple(array($object)); } + /** + * {@inheritdoc} + */ + public function access($operation, AccountInterface $account = NULL, $return_as_object = FALSE) { + return $account->hasPermission('administer users'); + } + } diff --git a/core/modules/user/src/Plugin/Action/ChangeUserRoleBase.php b/core/modules/user/src/Plugin/Action/ChangeUserRoleBase.php index 5e5c176..243f4d5 100644 --- a/core/modules/user/src/Plugin/Action/ChangeUserRoleBase.php +++ b/core/modules/user/src/Plugin/Action/ChangeUserRoleBase.php @@ -12,6 +12,7 @@ use Drupal\Core\Entity\EntityTypeInterface; use Drupal\Core\Form\FormStateInterface; use Drupal\Core\Plugin\ContainerFactoryPluginInterface; +use Drupal\Core\Session\AccountInterface; use Symfony\Component\DependencyInjection\ContainerInterface; /** @@ -91,4 +92,11 @@ public function calculateDependencies() { return $this->dependencies; } + /** + * {@inheritdoc} + */ + public function access($operation, AccountInterface $account = NULL, $return_as_object = FALSE) { + return $account->hasPermission('administer users'); + } + } diff --git a/core/modules/user/src/Plugin/Action/RemoveRoleUser.php b/core/modules/user/src/Plugin/Action/RemoveRoleUser.php index e63a70a..4b8acc2 100644 --- a/core/modules/user/src/Plugin/Action/RemoveRoleUser.php +++ b/core/modules/user/src/Plugin/Action/RemoveRoleUser.php @@ -7,6 +7,7 @@ namespace Drupal\user\Plugin\Action; +use Drupal\Core\Session\AccountInterface; use Drupal\user\Plugin\Action\ChangeUserRoleBase; /** @@ -35,4 +36,11 @@ public function execute($account = NULL) { } } + /** + * {@inheritdoc} + */ + public function access($operation, AccountInterface $account = NULL, $return_as_object = FALSE) { + return $account->hasPermission('administer users'); + } + } diff --git a/core/modules/user/src/Plugin/Action/UnblockUser.php b/core/modules/user/src/Plugin/Action/UnblockUser.php index 9c30ebc..b5673e6 100644 --- a/core/modules/user/src/Plugin/Action/UnblockUser.php +++ b/core/modules/user/src/Plugin/Action/UnblockUser.php @@ -8,6 +8,7 @@ namespace Drupal\user\Plugin\Action; use Drupal\Core\Action\ActionBase; +use Drupal\Core\Session\AccountInterface; /** * Unblocks a user. @@ -31,4 +32,11 @@ public function execute($account = NULL) { } } + /** + * {@inheritdoc} + */ + public function access($operation, AccountInterface $account = NULL, $return_as_object = FALSE) { + return $account->hasPermission('administer users'); + } + } diff --git a/core/modules/user/src/Plugin/views/access/Permission.php b/core/modules/user/src/Plugin/views/access/Permission.php index e7c4691..2d2a0c5 100644 --- a/core/modules/user/src/Plugin/views/access/Permission.php +++ b/core/modules/user/src/Plugin/views/access/Permission.php @@ -8,6 +8,7 @@ namespace Drupal\user\Plugin\views\access; use Drupal\Component\Utility\String; +use Drupal\Core\Access\AccessResult; use Drupal\Core\Form\FormStateInterface; use Drupal\Core\Session\AccountInterface; use Drupal\user\PermissionHandlerInterface; @@ -72,8 +73,9 @@ public static function create(ContainerInterface $container, array $configuratio /** * {@inheritdoc} */ - public function access(AccountInterface $account) { - return $account->hasPermission($this->options['perm']); + public function access($operation, AccountInterface $account = NULL, $return_as_object = FALSE) { + $result = AccessResult::allowedIfHasPermission($account, $this->options['perm'], 'OR'); + return $return_as_object ? $result : $result->isAllowed(); } /** diff --git a/core/modules/user/src/Plugin/views/access/Role.php b/core/modules/user/src/Plugin/views/access/Role.php index d821b11..6aa955d 100644 --- a/core/modules/user/src/Plugin/views/access/Role.php +++ b/core/modules/user/src/Plugin/views/access/Role.php @@ -8,6 +8,7 @@ namespace Drupal\user\Plugin\views\access; use Drupal\Component\Utility\String; +use Drupal\Core\Access\AccessResult; use Drupal\Core\Form\FormStateInterface; use Drupal\views\Plugin\views\access\AccessPluginBase; use Symfony\Component\Routing\Route; @@ -34,8 +35,9 @@ class Role extends AccessPluginBase { /** * {@inheritdoc} */ - public function access(AccountInterface $account) { - return array_intersect(array_filter($this->options['role']), $account->getRoles()); + public function access($operation, AccountInterface $account = NULL, $return_as_object = FALSE) { + $result = AccessResult::allowedIf((bool) array_intersect(array_filter($this->options['role']), $account->getRoles())); + return $return_as_object ? $result : $result->isAllowed(); } /** diff --git a/core/modules/views/src/Plugin/views/access/AccessPluginBase.php b/core/modules/views/src/Plugin/views/access/AccessPluginBase.php index c0aaa5d..5f709c7 100644 --- a/core/modules/views/src/Plugin/views/access/AccessPluginBase.php +++ b/core/modules/views/src/Plugin/views/access/AccessPluginBase.php @@ -7,7 +7,7 @@ namespace Drupal\views\Plugin\views\access; -use Drupal\Core\Session\AccountInterface; +use Drupal\Core\Access\AccessibleInterface; use Drupal\views\Plugin\views\PluginBase; use Symfony\Component\Routing\Route; @@ -30,7 +30,7 @@ /** * The base plugin to handle access control. */ -abstract class AccessPluginBase extends PluginBase { +abstract class AccessPluginBase extends PluginBase implements AccessibleInterface { /** * {@inheritdoc} @@ -40,17 +40,6 @@ public function summaryTitle() { } /** - * Determine if the current user has access or not. - * - * @param \Drupal\Core\Session\AccountInterface $account - * The user who wants to access this view. - * - * @return TRUE - * Returns whether the user has access to the view. - */ - abstract public function access(AccountInterface $account); - - /** * Allows access plugins to alter the route definition of a view. * * Likely the access plugin will add new requirements, so its custom access diff --git a/core/modules/views/src/Plugin/views/access/None.php b/core/modules/views/src/Plugin/views/access/None.php index fa1789b..ebf7254 100644 --- a/core/modules/views/src/Plugin/views/access/None.php +++ b/core/modules/views/src/Plugin/views/access/None.php @@ -33,9 +33,9 @@ public function summaryTitle() { /** * {@inheritdoc} */ - public function access(AccountInterface $account) { + public function access($operation, AccountInterface $account = NULL, $return_as_object = FALSE) { // No access control. - return TRUE; + return $return_as_object ? AccessResult::Allowed() : TRUE; } /** diff --git a/core/modules/views/src/Plugin/views/display/DisplayPluginBase.php b/core/modules/views/src/Plugin/views/display/DisplayPluginBase.php index e471d8a..f9ca564 100644 --- a/core/modules/views/src/Plugin/views/display/DisplayPluginBase.php +++ b/core/modules/views/src/Plugin/views/display/DisplayPluginBase.php @@ -2249,7 +2249,7 @@ public function access(AccountInterface $account = NULL) { $plugin = $this->getPlugin('access'); /** @var \Drupal\views\Plugin\views\access\AccessPluginBase $plugin */ if ($plugin) { - return $plugin->access($account); + return $plugin->access('view', $account); } // fallback to all access if no plugin. diff --git a/core/modules/views/tests/modules/views_test_data/src/Plugin/views/access/StaticTest.php b/core/modules/views/tests/modules/views_test_data/src/Plugin/views/access/StaticTest.php index d0fa62f..cac2cd8 100644 --- a/core/modules/views/tests/modules/views_test_data/src/Plugin/views/access/StaticTest.php +++ b/core/modules/views/tests/modules/views_test_data/src/Plugin/views/access/StaticTest.php @@ -7,6 +7,7 @@ namespace Drupal\views_test_data\Plugin\views\access; +use Drupal\Core\Access\AccessResult; use Drupal\Core\Session\AccountInterface; use Drupal\views\Plugin\views\access\AccessPluginBase; use Symfony\Component\Routing\Route; @@ -29,8 +30,12 @@ protected function defineOptions() { return $options; } - public function access(AccountInterface $account) { - return !empty($this->options['access']); + /** + * {@inheritdoc} + */ + public function access($operation, AccountInterface $account = NULL, $return_as_object = FALSE) { + $result = AccessResult::allowedIf(!empty($this->options['access'])); + return $return_as_object ? $result : $result->isAllowed(); } /**