diff --git a/core/modules/book/book.module b/core/modules/book/book.module index 21f9bb0..d075b21 100644 --- a/core/modules/book/book.module +++ b/core/modules/book/book.module @@ -135,7 +135,8 @@ function book_node_view_link(NodeInterface $node, $view_mode) { if (isset($node->book['depth'])) { if ($view_mode == 'full' && node_is_page($node)) { $child_type = \Drupal::config('book.settings')->get('child_type'); - if (($account->hasPermission('add content to books') || $account->hasPermission('administer book outlines')) && node_access('create', $child_type) && $node->isPublished() && $node->book['depth'] < MENU_MAX_DEPTH) { + $access_controller = Drupal::entityManager()->getAccessController('node'); + if (($account->hasPermission('add content to books') || $account->hasPermission('administer book outlines')) && $access_controller->createAccess($child_type) && $node->isPublished() && $node->book['depth'] < MENU_MAX_DEPTH) { $links['book_add_child'] = array( 'title' => t('Add child page'), 'href' => 'node/add/' . $child_type, @@ -197,7 +198,7 @@ function book_menu() { * @see book_menu() */ function _book_outline_access(EntityInterface $node) { - return \Drupal::currentUser()->hasPermission('administer book outlines') && node_access('view', $node); + return \Drupal::currentUser()->hasPermission('administer book outlines') && $node->access('view'); } /** diff --git a/core/modules/book/lib/Drupal/book/Plugin/Block/BookNavigationBlock.php b/core/modules/book/lib/Drupal/book/Plugin/Block/BookNavigationBlock.php index ba74b14..ce32dca 100644 --- a/core/modules/book/lib/Drupal/book/Plugin/Block/BookNavigationBlock.php +++ b/core/modules/book/lib/Drupal/book/Plugin/Block/BookNavigationBlock.php @@ -81,7 +81,7 @@ public function build() { $book['in_active_trail'] = FALSE; // Check whether user can access the book link. $book_node = node_load($book['nid']); - $book['access'] = node_access('view', $book_node); + $book['access'] = $book_node->access('view'); $pseudo_tree[0]['link'] = $book; $book_menus[$book_id] = menu_tree_output($pseudo_tree); } diff --git a/core/modules/file/file.api.php b/core/modules/file/file.api.php index 242e9ab..9ebbc95 100644 --- a/core/modules/file/file.api.php +++ b/core/modules/file/file.api.php @@ -220,7 +220,7 @@ function hook_file_delete(Drupal\file\FileInterface $file) { */ function hook_file_download_access($field, Drupal\Core\Entity\EntityInterface $entity, Drupal\file\FileInterface $file) { if ($entity->entityType() == 'node') { - return node_access('view', $entity); + return $entity->access('view'); } } diff --git a/core/modules/forum/forum.module b/core/modules/forum/forum.module index 29decd5..95ebe76 100644 --- a/core/modules/forum/forum.module +++ b/core/modules/forum/forum.module @@ -149,7 +149,7 @@ function forum_menu_local_tasks(&$data, $route_name) { // Loop through all bundles for forum taxonomy vocabulary field. $field = Field::fieldInfo()->getField('node', 'taxonomy_forums'); foreach ($field->getBundles() as $type) { - if (node_access('create', $type)) { + if (\Drupal::entityManager()->getAccessController('node')->createAccess($type)) { $links[$type] = array( '#theme' => 'menu_local_action', '#link' => array( diff --git a/core/modules/node/lib/Drupal/node/NodeAccessControllerInterface.php b/core/modules/node/lib/Drupal/node/NodeAccessControllerInterface.php index 6387185..686a0b8 100644 --- a/core/modules/node/lib/Drupal/node/NodeAccessControllerInterface.php +++ b/core/modules/node/lib/Drupal/node/NodeAccessControllerInterface.php @@ -33,7 +33,7 @@ public function acquireGrants(NodeInterface $node); * * If a realm is provided, it will only delete grants from that realm, but it * will always delete a grant from the 'all' realm. Modules that utilize - * node_access() can use this function when doing mass updates due to widespread + * node access can use this function when doing mass updates due to widespread * permission changes. * * Note: Don't call this function directly from a contributed module. Call diff --git a/core/modules/node/lib/Drupal/node/NodeFormController.php b/core/modules/node/lib/Drupal/node/NodeFormController.php index 1af5932..70cf1da 100644 --- a/core/modules/node/lib/Drupal/node/NodeFormController.php +++ b/core/modules/node/lib/Drupal/node/NodeFormController.php @@ -305,7 +305,7 @@ protected function actions(array $form, array &$form_state) { } $element['preview'] = array( - '#access' => $preview_mode != DRUPAL_DISABLED && (node_access('create', $node) || node_access('update', $node)), + '#access' => $preview_mode != DRUPAL_DISABLED && ($node->access('create') || $node->access('update')), '#value' => t('Preview'), '#weight' => 20, '#validate' => array( @@ -317,7 +317,7 @@ protected function actions(array $form, array &$form_state) { ), ); - $element['delete']['#access'] = node_access('delete', $node); + $element['delete']['#access'] = $node->access('delete'); $element['delete']['#weight'] = 100; return $element; diff --git a/core/modules/node/lib/Drupal/node/NodeGrantDatabaseStorageInterface.php b/core/modules/node/lib/Drupal/node/NodeGrantDatabaseStorageInterface.php index 2457b8f..5b95616 100644 --- a/core/modules/node/lib/Drupal/node/NodeGrantDatabaseStorageInterface.php +++ b/core/modules/node/lib/Drupal/node/NodeGrantDatabaseStorageInterface.php @@ -56,8 +56,8 @@ public function alterQuery($query, array $tables, $op, AccountInterface $account * * If a realm is provided, it will only delete grants from that realm, but * it will always delete a grant from the 'all' realm. Modules that use - * node_access() can use this method when doing mass updates due to - * widespread permission changes. + * node access can use this method when doing mass updates due to widespread + * permission changes. * * Note: Don't call this method directly from a contributed module. Call * node_access_write_grants() instead. diff --git a/core/modules/node/lib/Drupal/node/Plugin/views/argument_validator/Node.php b/core/modules/node/lib/Drupal/node/Plugin/views/argument_validator/Node.php index 028f49e..781f75e 100644 --- a/core/modules/node/lib/Drupal/node/Plugin/views/argument_validator/Node.php +++ b/core/modules/node/lib/Drupal/node/Plugin/views/argument_validator/Node.php @@ -93,7 +93,7 @@ public function validateArgument($argument) { } if (!empty($this->options['access'])) { - if (!node_access($this->options['access_op'], $node)) { + if (!$node->access($this->options['access_op'])) { return FALSE; } } @@ -125,7 +125,7 @@ public function validateArgument($argument) { } if (!empty($this->options['access'])) { - if (!node_access($this->options['access_op'], $node)) { + if (!$node->access($this->options['access_op'])) { return FALSE; } } diff --git a/core/modules/node/lib/Drupal/node/Plugin/views/field/Link.php b/core/modules/node/lib/Drupal/node/Plugin/views/field/Link.php index 18a9a9a..4ab3c85 100644 --- a/core/modules/node/lib/Drupal/node/Plugin/views/field/Link.php +++ b/core/modules/node/lib/Drupal/node/Plugin/views/field/Link.php @@ -67,7 +67,7 @@ public function render(ResultRow $values) { * Returns a string for the link text. */ protected function renderLink($node, ResultRow $values) { - if (node_access('view', $node)) { + if ($node->access('view')) { $this->options['alter']['make_link'] = TRUE; $this->options['alter']['path'] = 'node/' . $node->id(); $text = !empty($this->options['text']) ? $this->options['text'] : t('view'); diff --git a/core/modules/node/lib/Drupal/node/Plugin/views/field/LinkDelete.php b/core/modules/node/lib/Drupal/node/Plugin/views/field/LinkDelete.php index ed04c4f..eec172a 100644 --- a/core/modules/node/lib/Drupal/node/Plugin/views/field/LinkDelete.php +++ b/core/modules/node/lib/Drupal/node/Plugin/views/field/LinkDelete.php @@ -33,7 +33,7 @@ class LinkDelete extends Link { */ protected function renderLink($node, ResultRow $values) { // Ensure user has access to delete this node. - if (!node_access('delete', $node)) { + if (!$node->access('delete')) { return; } diff --git a/core/modules/node/lib/Drupal/node/Plugin/views/field/LinkEdit.php b/core/modules/node/lib/Drupal/node/Plugin/views/field/LinkEdit.php index 9dbc9ac..24dbdef 100644 --- a/core/modules/node/lib/Drupal/node/Plugin/views/field/LinkEdit.php +++ b/core/modules/node/lib/Drupal/node/Plugin/views/field/LinkEdit.php @@ -33,7 +33,7 @@ class LinkEdit extends Link { */ protected function renderLink($node, ResultRow $values) { // Ensure user has access to edit this node. - if (!node_access('update', $node)) { + if (!$node->access('update')) { return; } diff --git a/core/modules/node/lib/Drupal/node/Plugin/views/field/RevisionLink.php b/core/modules/node/lib/Drupal/node/Plugin/views/field/RevisionLink.php index f56388b..6a733f3 100644 --- a/core/modules/node/lib/Drupal/node/Plugin/views/field/RevisionLink.php +++ b/core/modules/node/lib/Drupal/node/Plugin/views/field/RevisionLink.php @@ -83,7 +83,7 @@ function get_revision_entity($values, $op) { // Unpublished nodes ignore access control. $node->setPublished(TRUE); // Ensure user has access to perform the operation on this node. - if (!node_access($op, $node)) { + if (!$node->access($op)) { return array($node, NULL); } return array($node, $vid); diff --git a/core/modules/node/lib/Drupal/node/Tests/NodeAccessLanguageAwareCombinationTest.php b/core/modules/node/lib/Drupal/node/Tests/NodeAccessLanguageAwareCombinationTest.php index 0459555..b14281e 100644 --- a/core/modules/node/lib/Drupal/node/Tests/NodeAccessLanguageAwareCombinationTest.php +++ b/core/modules/node/lib/Drupal/node/Tests/NodeAccessLanguageAwareCombinationTest.php @@ -167,7 +167,7 @@ public function setUp() { } /** - * Tests node_access() and node access queries with multiple node languages. + * Tests node access and node access queries with multiple node languages. */ function testNodeAccessLanguageAwareCombination() { diff --git a/core/modules/node/lib/Drupal/node/Tests/NodeAccessLanguageAwareTest.php b/core/modules/node/lib/Drupal/node/Tests/NodeAccessLanguageAwareTest.php index 9344ec5..48824ab 100644 --- a/core/modules/node/lib/Drupal/node/Tests/NodeAccessLanguageAwareTest.php +++ b/core/modules/node/lib/Drupal/node/Tests/NodeAccessLanguageAwareTest.php @@ -123,7 +123,7 @@ public function setUp() { } /** - * Tests node_access() and node access queries with multiple node languages. + * Tests node access and node access queries with multiple node languages. */ function testNodeAccessLanguageAware() { // The node_access_test_language module only grants view access. diff --git a/core/modules/node/lib/Drupal/node/Tests/NodeAccessLanguageTest.php b/core/modules/node/lib/Drupal/node/Tests/NodeAccessLanguageTest.php index 353a687..9ea6731 100644 --- a/core/modules/node/lib/Drupal/node/Tests/NodeAccessLanguageTest.php +++ b/core/modules/node/lib/Drupal/node/Tests/NodeAccessLanguageTest.php @@ -10,7 +10,7 @@ use Drupal\Core\Language\Language; /** - * Verifies node_access() functionality for multiple languages. + * Verifies node access functionality for multiple languages. */ class NodeAccessLanguageTest extends NodeTestBase { @@ -54,7 +54,7 @@ function setUp() { } /** - * Tests node_access() with multiple node languages and no private nodes. + * Tests node access with multiple node languages and no private nodes. */ function testNodeAccess() { $web_user = $this->drupalCreateUser(array('access content')); @@ -96,7 +96,7 @@ function testNodeAccess() { $this->assertNodeAccess($expected_node_access_no_access, $node_public_no_language, $web_user, 'ca'); $this->assertNodeAccess($expected_node_access_no_access, $node_public_no_language, $web_user, 'hr'); - // Reset the node access cache and turn on our test node_access() code. + // Reset the node access cache and turn on our test node access code. drupal_static_reset('node_access'); variable_set('node_access_test_secret_catalan', 1); @@ -111,7 +111,7 @@ function testNodeAccess() { } /** - * Tests node_access() with multiple node languages and private nodes. + * Tests node access with multiple node languages and private nodes. */ function testNodeAccessPrivate() { $web_user = $this->drupalCreateUser(array('access content')); @@ -154,7 +154,7 @@ function testNodeAccessPrivate() { $this->assertNodeAccess($expected_node_access_no_access, $node_private_no_language, $web_user, 'ca'); $this->assertNodeAccess($expected_node_access_no_access, $node_private_no_language, $web_user, 'hr'); - // Reset the node access cache and turn on our test node_access() code. + // Reset the node access cache and turn on our test node access code. entity_access_controller('node')->resetCache(); \Drupal::state()->set('node_access_test_secret_catalan', 1); diff --git a/core/modules/node/lib/Drupal/node/Tests/NodeAccessTest.php b/core/modules/node/lib/Drupal/node/Tests/NodeAccessTest.php index 66448d0..127ea5d 100644 --- a/core/modules/node/lib/Drupal/node/Tests/NodeAccessTest.php +++ b/core/modules/node/lib/Drupal/node/Tests/NodeAccessTest.php @@ -36,13 +36,13 @@ function testNodeAccess() { // Ensures user without 'access content' permission can do nothing. $web_user1 = $this->drupalCreateUser(array('create page content', 'edit any page content', 'delete any page content')); $node1 = $this->drupalCreateNode(array('type' => 'page')); - $this->assertNodeAccess(array('create' => FALSE), 'page', $web_user1); + $this->assertNodeCreateAccess($node1->bundle(), FALSE, $web_user1); $this->assertNodeAccess(array('view' => FALSE, 'update' => FALSE, 'delete' => FALSE), $node1, $web_user1); // Ensures user with 'bypass node access' permission can do everything. $web_user2 = $this->drupalCreateUser(array('bypass node access')); $node2 = $this->drupalCreateNode(array('type' => 'page')); - $this->assertNodeAccess(array('create' => TRUE), 'page', $web_user2); + $this->assertNodeCreateAccess($node2->bundle(), TRUE, $web_user2); $this->assertNodeAccess(array('view' => TRUE, 'update' => TRUE, 'delete' => TRUE), $node2, $web_user2); // User cannot 'view own unpublished content'. @@ -51,7 +51,7 @@ function testNodeAccess() { $this->assertNodeAccess(array('view' => FALSE), $node3, $web_user3); // User cannot create content without permission. - $this->assertNodeAccess(array('create' => FALSE), 'page', $web_user3); + $this->assertNodeCreateAccess($node3->bundle(), FALSE, $web_user3); // User can 'view own unpublished content', but another user cannot. $web_user4 = $this->drupalCreateUser(array('access content', 'view own unpublished content')); diff --git a/core/modules/node/lib/Drupal/node/Tests/NodeTestBase.php b/core/modules/node/lib/Drupal/node/Tests/NodeTestBase.php index 1043fb6..bb06621 100644 --- a/core/modules/node/lib/Drupal/node/Tests/NodeTestBase.php +++ b/core/modules/node/lib/Drupal/node/Tests/NodeTestBase.php @@ -22,6 +22,13 @@ */ public static $modules = array('node', 'datetime'); + /** + * The node access controller. + * + * @var \Drupal\Core\Entity\EntityAccessControllerInterface + */ + protected $accessController; + function setUp() { parent::setUp(); @@ -30,10 +37,11 @@ function setUp() { $this->drupalCreateContentType(array('type' => 'page', 'name' => 'Basic page')); $this->drupalCreateContentType(array('type' => 'article', 'name' => 'Article')); } + $this->accessController = \Drupal::entityManager()->getAccessController('node'); } /** - * Asserts that node_access() correctly grants or denies access. + * Asserts that node access correctly grants or denies access. * * @param array $ops * An associative array of the expected node access grants for the node @@ -50,16 +58,54 @@ function setUp() { */ function assertNodeAccess(array $ops, $node, AccountInterface $account, $langcode = NULL) { foreach ($ops as $op => $result) { - $msg = format_string( - 'node_access() returns @result with operation %op, language code %langcode.', - array( - '@result' => $result ? 'true' : 'false', - '%op' => $op, - '%langcode' => !empty($langcode) ? $langcode : 'empty' - ) - ); - $this->assertEqual($result, node_access($op, $node, $account, $langcode), $msg); + if (empty($langcode)) { + $langcode = $node->prepareLangcode(); + } + $this->assertEqual($result, $this->accessController->access($node, $op, $langcode, $account), $this->nodeAccessAssertMessage($op, $result, $langcode)); } } + /** + * Asserts that node create access correctly grants or denies access. + * + * @param string $bundle + * The node bundle to check access to. + * @param bool $result + * Whether access should be granted or not. + * @param \Drupal\Core\Session\AccountInterface $account + * The user account for which to check access. + * @param string|null $langcode + * (optional) The language code indicating which translation of the node + * to check. If NULL, the untranslated (fallback) access is checked. + */ + function assertNodeCreateAccess($bundle, $result, AccountInterface $account, $langcode = NULL) { + $this->assertEqual($result, $this->accessController->createAccess($bundle, $account, array( + 'langcode' => $langcode, + )), $this->nodeAccessAssertMessage('create', $result, $langcode)); + } + + /** + * Constructs an assert message for checking node access. + * + * @param string $operation + * The operation to check access for. + * @param bool $result + * Whether access should be granted or not. + * @param string|null $langcode + * (optional) The language code indicating which translation of the node + * to check. If NULL, the untranslated (fallback) access is checked. + * + * @return string + */ + function nodeAccessAssertMessage($operation, $result, $langcode = NULL) { + return format_string( + 'Node access returns @result with operation %op, language code %langcode.', + array( + '@result' => $result ? 'true' : 'false', + '%op' => $operation, + '%langcode' => !empty($langcode) ? $langcode : 'empty' + ) + ); + } + } diff --git a/core/modules/node/node.module b/core/modules/node/node.module index a860f3f..8da4271 100644 --- a/core/modules/node/node.module +++ b/core/modules/node/node.module @@ -1119,13 +1119,13 @@ function theme_node_recent_block($variables) { 'data' => drupal_render($node_recent_content), 'class' => 'title-author', ); - if (node_access('update', $node)) { + if ($node->access('update')) { $row[] = array( 'data' => l(t('edit'), 'node/' . $node->id() . '/edit', $l_options), 'class' => 'edit', ); } - if (node_access('delete', $node)) { + if ($node->access('delete')) { $row[] = array( 'data' => l(t('delete'), 'node/' . $node->id() . '/delete', $l_options), 'class' => 'delete', @@ -1445,9 +1445,10 @@ function node_form_system_themes_admin_form_submit($form, &$form_state) { * @{ * The node access system determines who can do what to which nodes. * - * In determining access rights for a node, node_access() first checks whether - * the user has the "bypass node access" permission. Such users have - * unrestricted access to all nodes. user 1 will always pass this check. + * In determining access rights for a node, \Drupal\node\NodeAccessController + * first checks whether the user has the "bypass node access" permission. Such + * users have unrestricted access to all nodes. user 1 will always pass this + * check. * * Next, all implementations of hook_node_access() will be called. Each * implementation may explicitly allow, explicitly deny, or ignore the access @@ -1484,55 +1485,6 @@ function node_form_system_themes_admin_form_submit($form, &$form_state) { */ /** - * Access callback: Checks a user's permission for performing a node operation. - * - * @param $op - * The operation to be performed on the node. Possible values are: - * - "view" - * - "update" - * - "delete" - * - "create" - * @param \Drupal\Core\Entity\EntityInterface|string|stdClass $node - * The node entity on which the operation is to be performed, or the node type - * object, or node type string (e.g., 'forum') for the 'create' operation. - * @param $account - * (optional) A user object representing the user for whom the operation is to - * be performed. Determines access for a user other than the current user. - * Defaults to NULL. - * @param $langcode - * (optional) Language code for the variant of the node. Different language - * variants might have different permissions associated. If NULL, the - * original langcode of the node is used. Defaults to NULL. - * - * @return - * TRUE if the operation may be performed, FALSE otherwise. - * - * @see node_menu() - */ -function node_access($op, $node, $account = NULL, $langcode = NULL) { - $access_controller = \Drupal::entityManager()->getAccessController('node'); - - if ($op == 'create') { - if (!$node instanceof EntityInterface) { - $bundle = $node; - } - elseif ($node instanceof NodeTypeInterface) { - $bundle = $node->id(); - } - else { - $bundle = $node->bundle(); - } - return $access_controller->createAccess($bundle, $account, array('langcode' => $langcode)); - } - - // If no language code was provided, default to the node's langcode. - if (empty($langcode)) { - $langcode = $node->prepareLangcode(); - } - return $access_controller->access($node, $op, $langcode, $account); -} - -/** * Implements hook_node_access(). */ function node_node_access($node, $op, $account) { @@ -1992,7 +1944,7 @@ function node_modules_uninstalled($modules) { */ function node_file_download_access($field, EntityInterface $entity, File $file) { if ($entity->entityType() == 'node') { - return node_access('view', $entity); + return $entity->access('view'); } } diff --git a/core/modules/node/node.pages.inc b/core/modules/node/node.pages.inc index 0a010f9..3086499 100644 --- a/core/modules/node/node.pages.inc +++ b/core/modules/node/node.pages.inc @@ -30,8 +30,9 @@ function node_add_page() { $content = array(); // Only use node types the user has access to. + $access_controller = Drupal::entityManager()->getAccessController('node'); foreach (node_type_get_types() as $type) { - if (node_access('create', $type->type)) { + if ($access_controller->createAccess($type->type)) { $content[$type->type] = $type; } } @@ -111,7 +112,7 @@ function node_add($node_type) { * @see node_form_build_preview() */ function node_preview(NodeInterface $node, array &$form_state) { - if (node_access('create', $node) || node_access('update', $node)) { + if ($node->access('create') || $node->access('update')) { $node->changed = REQUEST_TIME; @@ -192,11 +193,11 @@ function node_revision_overview($node) { $type = $node->getType(); $revert_permission = FALSE; - if ((user_access("revert $type revisions") || user_access('revert all revisions') || user_access('administer nodes')) && node_access('update', $node)) { + if ((user_access("revert $type revisions") || user_access('revert all revisions') || user_access('administer nodes')) && $node->access('update')) { $revert_permission = TRUE; } $delete_permission = FALSE; - if ((user_access("delete $type revisions") || user_access('delete all revisions') || user_access('administer nodes')) && node_access('delete', $node)) { + if ((user_access("delete $type revisions") || user_access('delete all revisions') || user_access('administer nodes')) && $node->access('delete')) { $delete_permission = TRUE; } foreach ($revisions as $revision) {