diff --git a/core/authorize.php b/core/authorize.php
index ecb7e22..fd987f1 100644
--- a/core/authorize.php
+++ b/core/authorize.php
@@ -58,7 +58,7 @@ function authorize_access_denied_page() {
function authorize_access_allowed() {
require_once DRUPAL_ROOT . '/' . settings()->get('session_inc', 'core/includes/session.inc');
drupal_session_initialize();
- return settings()->get('allow_authorize_operations', TRUE) && user_access('administer software updates');
+ return settings()->get('allow_authorize_operations', TRUE) && \Drupal::currentUser()->hasPermission('administer software updates');
}
// *** Real work of the script begins here. ***
diff --git a/core/includes/bootstrap.inc b/core/includes/bootstrap.inc
index 6d70110..9bd445c 100644
--- a/core/includes/bootstrap.inc
+++ b/core/includes/bootstrap.inc
@@ -2860,13 +2860,13 @@ function drupal_classloader_register($name, $path) {
*
* Example:
* @code
- * function user_access($string, $account = NULL) {
+ * function datetime_default_format_type() {
* // Use the advanced drupal_static() pattern, since this is called very often.
* static $drupal_static_fast;
* if (!isset($drupal_static_fast)) {
- * $drupal_static_fast['perm'] = &drupal_static(__FUNCTION__);
+ * $drupal_static_fast['format_type'] = &drupal_static(__FUNCTION__);
* }
- * $perm = &$drupal_static_fast['perm'];
+ * $format_type = &$drupal_static_fast['format_type'];
* ...
* }
* @endcode
diff --git a/core/includes/menu.inc b/core/includes/menu.inc
index 856c424..ee4f899 100644
--- a/core/includes/menu.inc
+++ b/core/includes/menu.inc
@@ -602,7 +602,7 @@ function _menu_check_access(&$item, $map) {
// As call_user_func_array is quite slow and user_access is a very common
// callback, it is worth making a special case for it.
if ($callback == 'user_access') {
- $item['access'] = (count($arguments) == 1) ? user_access($arguments[0]) : user_access($arguments[0], $arguments[1]);
+ $item['access'] = (count($arguments) == 1) ? Drupal::currentUser()->hasPermission($arguments[0]) : Drupal::currentUser()->hasPermission($arguments[1]);
}
else {
$item['access'] = call_user_func_array($callback, $arguments);
@@ -3200,12 +3200,12 @@ function _menu_router_save($menu, $masks) {
function _menu_site_is_offline($check_only = FALSE) {
// Check if site is in maintenance mode.
if (\Drupal::state()->get('system.maintenance_mode')) {
- if (user_access('access site in maintenance mode')) {
+ if (\Drupal::currentUser()->hasPermission('access site in maintenance mode')) {
// Ensure that the maintenance mode message is displayed only once
// (allowing for page redirects) and specifically suppress its display on
// the maintenance mode settings page.
if (!$check_only && current_path() != 'admin/config/development/maintenance') {
- if (user_access('administer site configuration')) {
+ if (\Drupal::currentUser()->hasPermission('administer site configuration')) {
drupal_set_message(t('Operating in maintenance mode. Go online.', array('@url' => url('admin/config/development/maintenance'))), 'status', FALSE);
}
else {
diff --git a/core/lib/Drupal/Core/Extension/UpdateModuleHandler.php b/core/lib/Drupal/Core/Extension/UpdateModuleHandler.php
index 7d7ac9c..e34b16e 100644
--- a/core/lib/Drupal/Core/Extension/UpdateModuleHandler.php
+++ b/core/lib/Drupal/Core/Extension/UpdateModuleHandler.php
@@ -46,7 +46,9 @@ public function getImplementations($hook) {
return array('system');
// This is called during rebuild to find testing themes.
case 'system_theme_info':
- // Those are needed by user_access() to check access on update.php.
+ // Those are needed by
+ // \Drupal\Core\Session\AccountInterface::hasPermission() to check access
+ // on update.php.
case 'entity_info':
case 'entity_load':
case 'user_role_load':
diff --git a/core/modules/comment/comment.module b/core/modules/comment/comment.module
index 76120b2..8080605 100644
--- a/core/modules/comment/comment.module
+++ b/core/modules/comment/comment.module
@@ -447,6 +447,7 @@ function comment_entity_view(EntityInterface $entity, EntityViewDisplayInterface
// http://drupal.org/node/1901110
return;
}
+ $current_user = \Drupal::currentUser();
$fields = \Drupal::service('comment.manager')->getFields('node');
foreach ($fields as $field_name => $detail) {
// Skip fields that entity does not have.
@@ -474,7 +475,7 @@ function comment_entity_view(EntityInterface $entity, EntityViewDisplayInterface
// Teaser view: display the number of comments that have been posted,
// or a link to add new comments if the user has permission, the node
// is open to new comments, and there currently are none.
- if (user_access('access comments')) {
+ if ($current_user->hasPermission('access comments')) {
if (!empty($entity->get($field_name)->comment_count)) {
$links['comment-comments'] = array(
'title' => format_plural($entity->get($field_name)->comment_count, '1 comment', '@count comments'),
@@ -501,7 +502,7 @@ function comment_entity_view(EntityInterface $entity, EntityViewDisplayInterface
// Provide a link to new comment form.
if ($commenting_status == COMMENT_OPEN) {
$comment_form_location = $instance->getSetting('form_location');
- if (user_access('post comments')) {
+ if ($current_user->hasPermission('post comments')) {
$links['comment-add'] = array(
'title' => t('Add new comment'),
'href' => $uri['path'],
@@ -532,10 +533,10 @@ function comment_entity_view(EntityInterface $entity, EntityViewDisplayInterface
// indexing or constructing a search result excerpt.
if ($commenting_status == COMMENT_OPEN) {
$comment_form_location = $instance->getSetting('form_location');
- if (user_access('post comments')) {
+ if ($current_user->hasPermission('post comments')) {
// Show the "post comment" link if the form is on another page, or
// if there are existing comments that the link will skip past.
- if ($comment_form_location == COMMENT_FORM_SEPARATE_PAGE || (!empty($entity->get($field_name)->comment_count) && user_access('access comments'))) {
+ if ($comment_form_location == COMMENT_FORM_SEPARATE_PAGE || (!empty($entity->get($field_name)->comment_count) && $current_user->hasPermission('access comments'))) {
$links['comment-add'] = array(
'title' => t('Add new comment'),
'attributes' => array('title' => t('Share your thoughts and opinions related to this posting.')),
@@ -567,7 +568,7 @@ function comment_entity_view(EntityInterface $entity, EntityViewDisplayInterface
'#links' => $links,
'#attributes' => array('class' => array('links', 'inline')),
);
- if ($view_mode == 'teaser' && \Drupal::moduleHandler()->moduleExists('history') && \Drupal::currentUser()->isAuthenticated()) {
+ if ($view_mode == 'teaser' && \Drupal::moduleHandler()->moduleExists('history') && $current_user->isAuthenticated()) {
$entity->content['links']['#attached']['library'][] = array('comment', 'drupal.node-new-comments-link');
}
}
@@ -709,7 +710,7 @@ function comment_get_thread(EntityInterface $entity, $field_name, $mode, $commen
->addMetaData('entity', $entity)
->addMetaData('field_name', $field_name);
- if (!user_access('administer comments')) {
+ if (!\Drupal::currentUser()->hasPermission('administer comments')) {
$query->condition('c.status', CommentInterface::PUBLISHED);
$count_query->condition('c.status', CommentInterface::PUBLISHED);
}
@@ -1222,7 +1223,7 @@ function comment_get_display_ordinal($cid, $instance) {
$query->innerJoin('comment', 'c2', 'c2.entity_id = c1.entity_id AND c2.entity_type = c1.entity_type AND c2.field_id = c1.field_id');
$query->addExpression('COUNT(*)', 'count');
$query->condition('c2.cid', $cid);
- if (!user_access('administer comments')) {
+ if (!\Drupal::currentUser()->hasPermission('administer comments')) {
$query->condition('c1.status', CommentInterface::PUBLISHED);
}
@@ -1650,7 +1651,8 @@ function comment_ranking() {
*/
function comment_file_download_access($field, EntityInterface $entity, FileInterface $file) {
if ($entity->entityType() == 'comment') {
- if (user_access('access comments') && $entity->status->value == CommentInterface::PUBLISHED || user_access('administer comments')) {
+ $current_user = \Drupal::currentUser();
+ if ($current_user->hasPermission('access comments') && $entity->status->value == CommentInterface::PUBLISHED || $current_user->hasPermission('administer comments')) {
$commented_entity = entity_load($entity->entity_type->value, $entity->entity_id->value);
// Check access to parent entity.
return $commented_entity->access('view');
diff --git a/core/modules/comment/lib/Drupal/comment/CommentAccessController.php b/core/modules/comment/lib/Drupal/comment/CommentAccessController.php
index ce25a1c..4c95dc8 100644
--- a/core/modules/comment/lib/Drupal/comment/CommentAccessController.php
+++ b/core/modules/comment/lib/Drupal/comment/CommentAccessController.php
@@ -24,20 +24,16 @@ class CommentAccessController extends EntityAccessController {
protected function checkAccess(EntityInterface $entity, $operation, $langcode, AccountInterface $account) {
switch ($operation) {
case 'view':
- return user_access('access comments', $account);
- break;
+ return $account->hasPermission('access comments', $account);
case 'update':
- return ($account->id() && $account->id() == $entity->uid->value && $entity->status->value == CommentInterface::PUBLISHED && user_access('edit own comments', $account)) || user_access('administer comments', $account);
- break;
+ return ($account->id() && $account->id() == $entity->uid->value && $entity->status->value == CommentInterface::PUBLISHED && $account->hasPermission('edit own comments', $account)) || $account->hasPermission('administer comments', $account);
case 'delete':
- return user_access('administer comments', $account);
- break;
+ return $account->hasPermission('administer comments', $account);
case 'approve':
- return user_access('administer comments', $account);
- break;
+ return $account->hasPermission('administer comments', $account);
}
}
@@ -45,7 +41,7 @@ protected function checkAccess(EntityInterface $entity, $operation, $langcode, A
* {@inheritdoc}
*/
protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) {
- return user_access('post comments', $account);
+ return $account->hasPermission('post comments', $account);
}
}
diff --git a/core/modules/comment/lib/Drupal/comment/Plugin/entity_reference/selection/CommentSelection.php b/core/modules/comment/lib/Drupal/comment/Plugin/entity_reference/selection/CommentSelection.php
index 7a627d1..6146798 100644
--- a/core/modules/comment/lib/Drupal/comment/Plugin/entity_reference/selection/CommentSelection.php
+++ b/core/modules/comment/lib/Drupal/comment/Plugin/entity_reference/selection/CommentSelection.php
@@ -33,7 +33,7 @@ public function buildEntityQuery($match = NULL, $match_operator = 'CONTAINS') {
// Adding the 'comment_access' tag is sadly insufficient for comments:
// core requires us to also know about the concept of 'published' and
// 'unpublished'.
- if (!user_access('administer comments')) {
+ if (!\Drupal::currentUser()->hasPermission('administer comments')) {
$query->condition('status', CommentInterface::PUBLISHED);
}
return $query;
@@ -72,7 +72,7 @@ public function entityQueryAlter(SelectInterface $query) {
// Passing the query to node_query_node_access_alter() is sadly
// insufficient for nodes.
// @see SelectionEntityTypeNode::entityQueryAlter()
- if (!user_access('bypass node access') && !count(\Drupal::moduleHandler()->getImplementations('node_grants'))) {
+ if (!\Drupal::currentUser()->hasPermission('bypass node access') && !count(\Drupal::moduleHandler()->getImplementations('node_grants'))) {
$query->condition($node_alias . '.status', 1);
}
}
diff --git a/core/modules/comment/lib/Drupal/comment/Tests/CommentLinksTest.php b/core/modules/comment/lib/Drupal/comment/Tests/CommentLinksTest.php
index 6eabd64..8bdae0a 100644
--- a/core/modules/comment/lib/Drupal/comment/Tests/CommentLinksTest.php
+++ b/core/modules/comment/lib/Drupal/comment/Tests/CommentLinksTest.php
@@ -262,7 +262,7 @@ function assertCommentLinks(array $info) {
// authenticated users are allowed to post comments.
// @see theme_comment_post_forbidden()
if (!$this->loggedInUser) {
- if (user_access('post comments', $this->web_user)) {
+ if ($this->web_user->hasPermission('post comments', $this->web_user)) {
// The note depends on whether users are actually able to register.
if ($info['user_register'] != USER_REGISTER_ADMINISTRATORS_ONLY) {
$this->assertText('Log in or register to post comments');
diff --git a/core/modules/contact/lib/Drupal/contact/MessageFormController.php b/core/modules/contact/lib/Drupal/contact/MessageFormController.php
index ca4a607..d4c8429 100644
--- a/core/modules/contact/lib/Drupal/contact/MessageFormController.php
+++ b/core/modules/contact/lib/Drupal/contact/MessageFormController.php
@@ -207,7 +207,7 @@ public function save(array $form, array &$form_state) {
// To avoid false error messages caused by flood control, redirect away from
// the contact form; either to the contacted user account or the front page.
- if ($message->isPersonal() && user_access('access user profiles')) {
+ if ($message->isPersonal() && $this->currentUser()->hasPermission('access user profiles')) {
$uri = $message->getPersonalRecipient()->uri();
$form_state['redirect'] = array($uri['path'], $uri['options']);
}
diff --git a/core/modules/content_translation/content_translation.admin.inc b/core/modules/content_translation/content_translation.admin.inc
index 9f07191..c2e74a3 100644
--- a/core/modules/content_translation/content_translation.admin.inc
+++ b/core/modules/content_translation/content_translation.admin.inc
@@ -60,7 +60,7 @@ function content_translation_field_sync_widget(FieldDefinitionInterface $field)
function _content_translation_form_language_content_settings_form_alter(array &$form, array &$form_state) {
// Inject into the content language settings the translation settings if the
// user has the required permission.
- if (!user_access('administer content translation')) {
+ if (!\Drupal::currentUser()->hasPermission('administer content translation')) {
return;
}
@@ -146,7 +146,7 @@ function _content_translation_form_language_content_settings_form_alter(array &$
function _content_translation_preprocess_language_content_settings_table(&$variables) {
// Alter the 'build' variable injecting the translation settings if the user
// has the required permission.
- if (!user_access('administer content translation')) {
+ if (!\Drupal::currentUser()->hasPermission('administer content translation')) {
return;
}
diff --git a/core/modules/content_translation/content_translation.module b/core/modules/content_translation/content_translation.module
index 0d476cb..4bd50f1 100644
--- a/core/modules/content_translation/content_translation.module
+++ b/core/modules/content_translation/content_translation.module
@@ -308,8 +308,9 @@ function _content_translation_menu_strip_loaders($path) {
* The entity whose translation overview should be displayed.
*/
function content_translation_translate_access(EntityInterface $entity) {
+ $account = \Drupal::currentUser();
return $entity instanceof ContentEntityInterface && empty($entity->getUntranslated()->language()->locked) && language_multilingual() && $entity->isTranslatable() &&
- (user_access('create content translations') || user_access('update content translations') || user_access('delete content translations'));
+ ($account->hasPermission('create content translations') || $account->hasPermission('update content translations') || $account->hasPermission('delete content translations'));
}
/**
@@ -327,10 +328,11 @@ function content_translation_view_access(EntityInterface $entity, $langcode, Acc
$entity_type = $entity->entityType();
$info = $entity->entityInfo();
$permission = "translate $entity_type";
+ $account = $account ?: \Drupal::currentuser();
if (!empty($info['permission_granularity']) && $info['permission_granularity'] == 'bundle') {
$permission = "translate {$entity->bundle()} $entity_type";
}
- return !empty($entity->translation[$langcode]['status']) || user_access('translate any entity', $account) || user_access($permission, $account);
+ return !empty($entity->translation[$langcode]['status']) || $account->hasPermission('translate any entity') || $account->hasPermission($permission);
}
/**
@@ -902,7 +904,7 @@ function content_translation_enable_widget($entity_type, $bundle, array &$form,
* Processed language configuration element.
*/
function content_translation_language_configuration_element_process(array $element, array &$form_state, array &$form) {
- if (empty($element['#content_translation_skip_alter']) && user_access('administer content translation')) {
+ if (empty($element['#content_translation_skip_alter']) && \Drupal::currentUser()->hasPermission('administer content translation')) {
$form_state['content_translation']['key'] = $element['#name'];
$context = $form_state['language'][$element['#name']];
diff --git a/core/modules/content_translation/lib/Drupal/content_translation/ContentTranslationController.php b/core/modules/content_translation/lib/Drupal/content_translation/ContentTranslationController.php
index 6d14c1b..b902c9c 100644
--- a/core/modules/content_translation/lib/Drupal/content_translation/ContentTranslationController.php
+++ b/core/modules/content_translation/lib/Drupal/content_translation/ContentTranslationController.php
@@ -61,12 +61,13 @@ public function getTranslationAccess(EntityInterface $entity, $op) {
// the translation language and the given account.
$info = $entity->entityInfo();
$translate_permission = TRUE;
+ $account = \Drupal::currentUser();
// If no permission granularity is defined this entity type does not need an
// explicit translate permission.
- if (!user_access('translate any entity') && !empty($info['permission_granularity'])) {
- $translate_permission = user_access($info['permission_granularity'] == 'bundle' ? "translate {$entity->bundle()} {$entity->entityType()}" : "translate {$entity->entityType()}");
+ if (!$account->hasPermission('translate any entity') && !empty($info['permission_granularity'])) {
+ $translate_permission = $account->hasPermission($info['permission_granularity'] == 'bundle' ? "translate {$entity->bundle()} {$entity->entityType()}" : "translate {$entity->entityType()}");
}
- return $translate_permission && user_access("$op content translations");
+ return $translate_permission && $account->hasPermission("$op content translations");
}
/**
diff --git a/core/modules/field_ui/field_ui.module b/core/modules/field_ui/field_ui.module
index bc50a76..a705b70 100644
--- a/core/modules/field_ui/field_ui.module
+++ b/core/modules/field_ui/field_ui.module
@@ -168,9 +168,10 @@ function field_ui_entity_operation_alter(array &$operations, EntityInterface $en
// Add manage fields and display links if this entity type is the bundle
// of another.
if (!empty($info['bundle_of'])) {
+ $account = \Drupal::currentUser();
$bundle_of = $info['bundle_of'];
$uri = $entity->uri();
- if (user_access('administer '. $bundle_of . ' fields')) {
+ if ($account->hasPermission('administer '. $bundle_of . ' fields')) {
$operations['manage-fields'] = array(
'title' => t('Manage fields'),
'href' => $uri['path'] . '/fields',
@@ -178,7 +179,7 @@ function field_ui_entity_operation_alter(array &$operations, EntityInterface $en
'weight' => 15,
);
}
- if (user_access('administer '. $bundle_of . ' form display')) {
+ if ($account->hasPermission('administer '. $bundle_of . ' form display')) {
$operations['manage-form-display'] = array(
'title' => t('Manage form display'),
'href' => $uri['path'] . '/form-display',
@@ -186,7 +187,7 @@ function field_ui_entity_operation_alter(array &$operations, EntityInterface $en
'weight' => 20,
);
}
- if (user_access('administer '. $bundle_of . ' display')) {
+ if ($account->hasPermission('administer '. $bundle_of . ' display')) {
$operations['manage-display'] = array(
'title' => t('Manage display'),
'href' => $uri['path'] . '/display',
diff --git a/core/modules/file/file.module b/core/modules/file/file.module
index 4041886..4298658 100644
--- a/core/modules/file/file.module
+++ b/core/modules/file/file.module
@@ -1949,7 +1949,7 @@ function file_permission() {
$perms = array(
'access files overview' => array(
'title' => t('Access the Files overview page'),
- 'description' => user_access('access files overview')
+ 'description' => \Drupal::currentUser()->hasPermission('access files overview')
? t('Get an overview of all files.', array('@url' => url('admin/content/files')))
: t('Get an overview of all files.'),
),
diff --git a/core/modules/filter/filter.module b/core/modules/filter/filter.module
index 4962044..a788ef5 100644
--- a/core/modules/filter/filter.module
+++ b/core/modules/filter/filter.module
@@ -771,7 +771,7 @@ function filter_process_format($element) {
$all_formats = filter_formats();
$format_exists = isset($all_formats[$element['#format']]);
$user_has_access = isset($formats[$element['#format']]);
- $user_is_admin = user_access('administer filters');
+ $user_is_admin = Drupal::currentUser()->hasPermission('administer filters');
// If the stored format does not exist, administrators have to assign a new
// format.
diff --git a/core/modules/filter/lib/Drupal/filter/Tests/FilterFormatAccessTest.php b/core/modules/filter/lib/Drupal/filter/Tests/FilterFormatAccessTest.php
index cbf1661..5c9229f 100644
--- a/core/modules/filter/lib/Drupal/filter/Tests/FilterFormatAccessTest.php
+++ b/core/modules/filter/lib/Drupal/filter/Tests/FilterFormatAccessTest.php
@@ -130,8 +130,8 @@ function testFormatPermissions() {
// Make sure that a regular user only has permission to use the format
// they were granted access to.
- $this->assertTrue(user_access($this->allowed_format->getPermissionName(), $this->web_user), 'A regular user has permission to use the allowed text format.');
- $this->assertFalse(user_access($this->disallowed_format->getPermissionName(), $this->web_user), 'A regular user does not have permission to use the disallowed text format.');
+ $this->assertTrue($this->web_user->hasPermission($this->allowed_format->getPermissionName()), 'A regular user has permission to use the allowed text format.');
+ $this->assertFalse($this->web_user->hasPermission($this->disallowed_format->getPermissionName()), 'A regular user does not have permission to use the disallowed text format.');
// Make sure that the allowed format appears on the node form and that
// the disallowed format does not.
diff --git a/core/modules/node/lib/Drupal/node/NodeAccessController.php b/core/modules/node/lib/Drupal/node/NodeAccessController.php
index 944b411..5f3b23c 100644
--- a/core/modules/node/lib/Drupal/node/NodeAccessController.php
+++ b/core/modules/node/lib/Drupal/node/NodeAccessController.php
@@ -61,10 +61,12 @@ public static function createInstance(ContainerInterface $container, $entity_typ
* {@inheritdoc}
*/
public function access(EntityInterface $entity, $operation, $langcode = Language::LANGCODE_DEFAULT, AccountInterface $account = NULL) {
- if (user_access('bypass node access', $account)) {
+ $account = $this->prepareUser($account);
+
+ if ($account->hasPermission('bypass node access')) {
return TRUE;
}
- if (!user_access('access content', $account)) {
+ if (!$account->hasPermission('access content')) {
return FALSE;
}
return parent::access($entity, $operation, $langcode, $account);
@@ -76,10 +78,10 @@ public function access(EntityInterface $entity, $operation, $langcode = Language
public function createAccess($entity_bundle = NULL, AccountInterface $account = NULL, array $context = array()) {
$account = $this->prepareUser($account);
- if (user_access('bypass node access', $account)) {
+ if ($account->hasPermission('bypass node access')) {
return TRUE;
}
- if (!user_access('access content', $account)) {
+ if (!$account->hasPermission('access content')) {
return FALSE;
}
@@ -95,7 +97,7 @@ protected function checkAccess(EntityInterface $node, $operation, $langcode, Acc
$uid = $node->getTranslation($langcode)->getAuthorId();
// Check if authors can view their own unpublished nodes.
- if ($operation === 'view' && !$status && user_access('view own unpublished content', $account)) {
+ if ($operation === 'view' && !$status && $account->hasPermission('view own unpublished content')) {
if ($account->id() != 0 && $account->id() == $uid) {
return TRUE;
@@ -121,7 +123,7 @@ protected function checkAccess(EntityInterface $node, $operation, $langcode, Acc
protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) {
$configured_types = node_permissions_get_configured_types();
if (isset($configured_types[$entity_bundle])) {
- return user_access('create ' . $entity_bundle . ' content', $account);
+ return $account->hasPermission('create ' . $entity_bundle . ' content');
}
}
diff --git a/core/modules/node/lib/Drupal/node/NodeFormController.php b/core/modules/node/lib/Drupal/node/NodeFormController.php
index 32c197a..ead532d 100644
--- a/core/modules/node/lib/Drupal/node/NodeFormController.php
+++ b/core/modules/node/lib/Drupal/node/NodeFormController.php
@@ -10,8 +10,11 @@
use Drupal\Component\Utility\NestedArray;
use Drupal\Core\Datetime\DrupalDateTime;
use Drupal\Core\Entity\ContentEntityFormController;
+use Drupal\Core\Entity\EntityManagerInterface;
use Drupal\Core\Language\Language;
+use Drupal\Core\Session\AccountInterface;
use Drupal\Component\Utility\String;
+use Symfony\Component\DependencyInjection\ContainerInterface;
/**
* Form controller for the node edit forms.
@@ -19,6 +22,13 @@
class NodeFormController extends ContentEntityFormController {
/**
+ * The current user.
+ *
+ * @var \Drupal\Core\Session\AccountInterface.
+ */
+ protected $account;
+
+ /**
* Default settings for this content/node type.
*
* @var array
@@ -26,6 +36,29 @@ class NodeFormController extends ContentEntityFormController {
protected $settings;
/**
+ * Constructs a NodeFormController object.
+ *
+ * @param \Drupal\Core\Entity\EntityManagerInterface $entity_manager
+ * The entity manager.
+ * @param \Drupal\Core\Session\AccountInterface $account
+ * The account for which view access should be checked.
+ */
+ public function __construct(EntityManagerInterface $entity_manager, AccountInterface $account) {
+ parent::__construct($entity_manager);
+ $this->account = $account;
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public static function create(ContainerInterface $container) {
+ return new static(
+ $container->get('entity.manager'),
+ $container->get('current_user')
+ );
+ }
+
+ /**
* {@inheritdoc}
*/
protected function prepareEntity() {
@@ -47,7 +80,7 @@ protected function prepareEntity() {
$node->$key = (int) in_array($key, $this->settings['options']);
}
}
- $node->setAuthorId(\Drupal::currentUser()->id());
+ $node->setAuthorId($this->account->id());
$node->setCreatedTime(REQUEST_TIME);
}
else {
@@ -130,14 +163,14 @@ public function form(array $form, array &$form_state) {
'js' => array(drupal_get_path('module', 'node') . '/node.js'),
),
'#weight' => 20,
- '#access' => $node->isNewRevision() || user_access('administer nodes'),
+ '#access' => $node->isNewRevision() || $this->account->hasPermission('administer nodes'),
);
$form['revision_information']['revision']['revision'] = array(
'#type' => 'checkbox',
'#title' => t('Create new revision'),
'#default_value' => $node->isNewRevision(),
- '#access' => user_access('administer nodes'),
+ '#access' => $this->account->hasPermission('administer nodes'),
);
$form['revision_information']['revision']['log'] = array(
@@ -156,7 +189,7 @@ public function form(array $form, array &$form_state) {
// Node author information for administrators.
$form['author'] = array(
'#type' => 'details',
- '#access' => user_access('administer nodes'),
+ '#access' => $this->account->hasPermission('administer nodes'),
'#title' => t('Authoring information'),
'#collapsed' => TRUE,
'#group' => 'advanced',
@@ -195,7 +228,7 @@ public function form(array $form, array &$form_state) {
// Node options for administrators.
$form['options'] = array(
'#type' => 'details',
- '#access' => user_access('administer nodes'),
+ '#access' => $this->account->hasPermission('administer nodes'),
'#title' => t('Promotion options'),
'#collapsed' => TRUE,
'#group' => 'advanced',
@@ -246,7 +279,7 @@ protected function actions(array $form, array &$form_state) {
// modules to integrate with "the Save operation" of this form. Modules
// need a way to plug themselves into 1) the ::submit() step, and
// 2) the ::save() step, both decoupled from the pressed form button.
- if ($element['submit']['#access'] && user_access('administer nodes')) {
+ if ($element['submit']['#access'] && $this->account->hasPermission('administer nodes')) {
// isNew | prev status » default & publish label & unpublish label
// 1 | 1 » publish & Save and publish & Save as unpublished
// 1 | 0 » unpublish & Save and publish & Save as unpublished
@@ -364,7 +397,7 @@ public function submit(array $form, array &$form_state) {
$node->setNewRevision();
// If a new revision is created, save the current user as revision author.
$node->setRevisionCreationTime(REQUEST_TIME);
- $node->setRevisionAuthorId(\Drupal::currentUser()->id());
+ $node->setRevisionAuthorId($this->account->id());
}
$node->validated = TRUE;
diff --git a/core/modules/node/lib/Drupal/node/Plugin/entity_reference/selection/NodeSelection.php b/core/modules/node/lib/Drupal/node/Plugin/entity_reference/selection/NodeSelection.php
index dbbda10..a846144 100644
--- a/core/modules/node/lib/Drupal/node/Plugin/entity_reference/selection/NodeSelection.php
+++ b/core/modules/node/lib/Drupal/node/Plugin/entity_reference/selection/NodeSelection.php
@@ -32,7 +32,8 @@ public function buildEntityQuery($match = NULL, $match_operator = 'CONTAINS') {
// 'unpublished'. We need to do that as long as there are no access control
// modules in use on the site. As long as one access control module is there,
// it is supposed to handle this check.
- if (!user_access('bypass node access') && !count(\Drupal::moduleHandler()->getImplementations('node_grants'))) {
+ if (!\Drupal::currentUser()->hasPermission('bypass node access')
+ && !count(\Drupal::moduleHandler()->getImplementations('node_grants'))) {
$query->condition('status', NODE_PUBLISHED);
}
return $query;
diff --git a/core/modules/node/lib/Drupal/node/Tests/NodeRevisionPermissionsTest.php b/core/modules/node/lib/Drupal/node/Tests/NodeRevisionPermissionsTest.php
index 3bcf362..9a927f8 100644
--- a/core/modules/node/lib/Drupal/node/Tests/NodeRevisionPermissionsTest.php
+++ b/core/modules/node/lib/Drupal/node/Tests/NodeRevisionPermissionsTest.php
@@ -99,7 +99,7 @@ function testNodeRevisionAccessAnyType() {
foreach ($permutations as $case) {
// Skip this test if there are no revisions for the node.
if (!($revision->isDefaultRevision() && (db_query('SELECT COUNT(vid) FROM {node_field_revision} WHERE nid = :nid', array(':nid' => $revision->id()))->fetchField() == 1 || $case['op'] == 'update' || $case['op'] == 'delete'))) {
- if (!empty($case['account']->is_admin) || user_access($this->map[$case['op']], $case['account'])) {
+ if (!empty($case['account']->is_admin) || $case['account']->hasPermission($this->map[$case['op']])) {
$this->assertTrue(_node_revision_access($revision, $case['op'], $case['account']), "{$this->map[$case['op']]} granted.");
}
else {
@@ -145,7 +145,7 @@ function testNodeRevisionAccessPerType() {
foreach ($permutations as $case) {
// Skip this test if there are no revisions for the node.
if (!($revision->isDefaultRevision() && (db_query('SELECT COUNT(vid) FROM {node_field_revision} WHERE nid = :nid', array(':nid' => $revision->id()))->fetchField() == 1 || $case['op'] == 'update' || $case['op'] == 'delete'))) {
- if (!empty($case['account']->is_admin) || user_access($this->type_map[$case['op']], $case['account'])) {
+ if (!empty($case['account']->is_admin) || $case['account']->hasPermission($this->type_map[$case['op']])) {
$this->assertTrue(_node_revision_access($revision, $case['op'], $case['account']), "{$this->type_map[$case['op']]} granted.");
}
else {
diff --git a/core/modules/node/node.api.php b/core/modules/node/node.api.php
index d53673c..458dd19 100644
--- a/core/modules/node/node.api.php
+++ b/core/modules/node/node.api.php
@@ -166,7 +166,7 @@
* sure to restore your {node_access} record after node_access_rebuild() is
* called.
*
- * @param $account
+ * @param \Drupal\Core\Session\AccountInterface $account
* The user object whose grants are requested.
* @param $op
* The node operation to be performed, such as 'view', 'update', or 'delete'.
@@ -181,8 +181,8 @@
* @see node_access_rebuild()
* @ingroup node_access
*/
-function hook_node_grants($account, $op) {
- if (user_access('access private content', $account)) {
+function hook_node_grants(\Drupal\Core\Session\AccountInterface $account, $op) {
+ if ($account->hasPermission('access private content')) {
$grants['example'] = array(1);
}
$grants['example_owner'] = array($account->id());
@@ -555,7 +555,7 @@ function hook_node_load($nodes) {
* - "delete"
* - "update"
* - "view"
- * @param object $account
+ * @param \Drupal\Core\Session\AccountInterface $account
* The user object to perform the access check operation on.
* @param object $langcode
* The language code to perform the access check operation on.
@@ -567,23 +567,27 @@ function hook_node_load($nodes) {
*
* @ingroup node_access
*/
-function hook_node_access(\Drupal\node\NodeInterface $node, $op, $account, $langcode) {
+function hook_node_access(\Drupal\node\NodeInterface $node, $op, \Drupal\Core\Session\AccountInterface $account, $langcode) {
$type = is_string($node) ? $node : $node->getType();
$configured_types = node_permissions_get_configured_types();
if (isset($configured_types[$type])) {
- if ($op == 'create' && user_access('create ' . $type . ' content', $account)) {
+ if ($op == 'create' && $account->hasPermission('create ' . $type . ' content')) {
return NODE_ACCESS_ALLOW;
}
if ($op == 'update') {
- if (user_access('edit any ' . $type . ' content', $account) || (user_access('edit own ' . $type . ' content', $account) && ($account->id() == $node->getAuthorId()))) {
+ if ($account->hasPermission('edit any ' . $type . ' content')
+ || ($account->hasPermission('edit own ' . $type . ' content')
+ && ($account->id() == $node->getAuthorId()))) {
return NODE_ACCESS_ALLOW;
}
}
if ($op == 'delete') {
- if (user_access('delete any ' . $type . ' content', $account) || (user_access('delete own ' . $type . ' content', $account) && ($account->id() == $node->getAuthorId()))) {
+ if ($account->hasPermission('delete any ' . $type . ' content')
+ || ($account->hasPermission('delete own ' . $type . ' content')
+ && ($account->id() == $node->getAuthorId()))) {
return NODE_ACCESS_ALLOW;
}
}
diff --git a/core/modules/node/node.module b/core/modules/node/node.module
index 8d1b07c..7581f4c 100644
--- a/core/modules/node/node.module
+++ b/core/modules/node/node.module
@@ -83,7 +83,7 @@ function node_help($path, $arg) {
// for rebuild. We don't need to issue the message on the confirm form, or
// while the rebuild is being processed.
if ($path != 'admin/reports/status/rebuild' && $path != 'batch' && strpos($path, '#') === FALSE
- && user_access('access administration pages') && node_access_needs_rebuild()) {
+ && \Drupal::currentUser()->hasPermission('access administration pages') && node_access_needs_rebuild()) {
if ($path == 'admin/reports/status') {
$message = t('The content access permissions need to be rebuilt.');
}
@@ -774,7 +774,7 @@ function node_permission() {
),
'access content overview' => array(
'title' => t('Access the Content overview page'),
- 'description' => user_access('access content overview')
+ 'description' => \Drupal::currentUser()->hasPermission('access content overview')
? t('Get an overview of all content.', array('@url' => url('admin/content')))
: t('Get an overview of all content.'),
),
@@ -1091,11 +1091,12 @@ function node_revision_list(EntityInterface $node) {
function node_get_recent($number = 10) {
$query = db_select('node_field_data', 'n');
- if (!user_access('bypass node access')) {
+ $account = \Drupal::currentUser();
+ if (!$account->hasPermission('bypass node access')) {
// If the user is able to view their own unpublished nodes, allow them
// to see these in addition to published nodes. Check that they actually
// have some unpublished nodes to view before adding the condition.
- if (user_access('view own unpublished content') && $own_unpublished = db_query('SELECT DISTINCT nid FROM {node_field_data} WHERE uid = :uid AND status = :status', array(':uid' => \Drupal::currentUser()->id(), ':status' => NODE_NOT_PUBLISHED))->fetchCol()) {
+ if ($account->hasPermission('view own unpublished content') && $own_unpublished = db_query('SELECT DISTINCT nid FROM {node_field_data} WHERE uid = :uid AND status = :status', array(':uid' => \Drupal::currentUser()->id(), ':status' => NODE_NOT_PUBLISHED))->fetchCol()) {
$query->condition(db_or()
->condition('n.status', NODE_PUBLISHED)
->condition('n.nid', $own_unpublished, 'IN')
@@ -1165,7 +1166,7 @@ function theme_node_recent_block($variables) {
'#rows' => $rows,
);
$output = drupal_render($table);
- if (user_access('access content overview')) {
+ if (\Drupal::currentUser()->hasPermission('access content overview')) {
$more_link = array(
'#theme' => 'more_link',
'#url' => 'admin/content',
@@ -1517,18 +1518,18 @@ function node_node_access($node, $op, $account) {
$configured_types = node_permissions_get_configured_types();
if (isset($configured_types[$type])) {
- if ($op == 'create' && user_access('create ' . $type . ' content', $account)) {
+ if ($op == 'create' && $account->hasPermission('create ' . $type . ' content')) {
return NODE_ACCESS_ALLOW;
}
if ($op == 'update') {
- if (user_access('edit any ' . $type . ' content', $account) || (user_access('edit own ' . $type . ' content', $account) && ($account->id() == $node->getAuthorId()))) {
+ if ($account->hasPermission('edit any ' . $type . ' content') || ($account->hasPermission('edit own ' . $type . ' content') && ($account->id() == $node->getAuthorId()))) {
return NODE_ACCESS_ALLOW;
}
}
if ($op == 'delete') {
- if (user_access('delete any ' . $type . ' content', $account) || (user_access('delete own ' . $type . ' content', $account) && ($account->id() == $node->getAuthorId()))) {
+ if ($account->hasPermission('delete any ' . $type . ' content') || ($account->hasPermission('delete own ' . $type . ' content') && ($account->id() == $node->getAuthorId()))) {
return NODE_ACCESS_ALLOW;
}
}
@@ -1713,7 +1714,7 @@ function node_query_node_access_alter(AlterableInterface $query) {
// If $account can bypass node access, or there are no node access modules,
// or the operation is 'view' and the $account has a global view grant
// (such as a view grant for node ID 0), we don't need to alter the query.
- if (user_access('bypass node access', $account)) {
+ if ($account->hasPermission('bypass node access')) {
return;
}
if (!count(\Drupal::moduleHandler()->getImplementations('node_grants'))) {
diff --git a/core/modules/node/node.pages.inc b/core/modules/node/node.pages.inc
index ad96476..bd0468a 100644
--- a/core/modules/node/node.pages.inc
+++ b/core/modules/node/node.pages.inc
@@ -134,11 +134,12 @@ function node_revision_overview($node) {
$type = $node->getType();
$revert_permission = FALSE;
- if ((user_access("revert $type revisions") || user_access('revert all revisions') || user_access('administer nodes')) && $node->access('update')) {
+ $account = \Drupal::currentUser();
+ if (($account->hasPermission("revert $type revisions") || $account->hasPermission('revert all revisions') || $account->hasPermission('administer nodes')) && $node->access('update')) {
$revert_permission = TRUE;
}
$delete_permission = FALSE;
- if ((user_access("delete $type revisions") || user_access('delete all revisions') || user_access('administer nodes')) && $node->access('delete')) {
+ if (($account->hasPermission("delete $type revisions") || $account->hasPermission('delete all revisions') || $account->hasPermission('administer nodes')) && $node->access('delete')) {
$delete_permission = TRUE;
}
foreach ($revisions as $revision) {
diff --git a/core/modules/node/node.views_execution.inc b/core/modules/node/node.views_execution.inc
index daedc33..f97b8ad 100644
--- a/core/modules/node/node.views_execution.inc
+++ b/core/modules/node/node.views_execution.inc
@@ -11,10 +11,11 @@
* Implements hook_views_query_substitutions().
*/
function node_views_query_substitutions(ViewExecutable $view) {
+ $account = \Drupal::currentUser();
return array(
- '***ADMINISTER_NODES***' => intval(user_access('administer nodes')),
- '***VIEW_OWN_UNPUBLISHED_NODES***' => intval(user_access('view own unpublished content')),
- '***BYPASS_NODE_ACCESS***' => intval(user_access('bypass node access')),
+ '***ADMINISTER_NODES***' => intval($account->hasPermission('administer nodes')),
+ '***VIEW_OWN_UNPUBLISHED_NODES***' => intval($account->hasPermission('view own unpublished content')),
+ '***BYPASS_NODE_ACCESS***' => intval($account->hasPermission('bypass node access')),
);
}
diff --git a/core/modules/node/tests/modules/node_access_test/node_access_test.module b/core/modules/node/tests/modules/node_access_test/node_access_test.module
index bcfc3aa..a730a9e 100644
--- a/core/modules/node/tests/modules/node_access_test/node_access_test.module
+++ b/core/modules/node/tests/modules/node_access_test/node_access_test.module
@@ -20,7 +20,7 @@ function node_access_test_node_grants($account, $op) {
$grants = array();
// First grant a grant to the author for own content.
$grants['node_access_test_author'] = array($account->id());
- if ($op == 'view' && user_access('node test view', $account)) {
+ if ($op == 'view' && $account->hasPermission('node test view')) {
$grants['node_access_test'] = array(8888, 8889);
}
diff --git a/core/modules/system/entity.api.php b/core/modules/system/entity.api.php
index 5b880cd..5805592 100644
--- a/core/modules/system/entity.api.php
+++ b/core/modules/system/entity.api.php
@@ -730,7 +730,7 @@ function hook_entity_operation_alter(array &$operations, \Drupal\Core\Entity\Ent
*/
function hook_entity_field_access($operation, \Drupal\Core\Field\FieldDefinitionInterface $field_definition, \Drupal\Core\Session\AccountInterface $account, \Drupal\Core\Field\FieldItemListInterface $items = NULL) {
if ($field_definition->getName() == 'field_of_interest' && $operation == 'edit') {
- return user_access('update field of interest', $account);
+ return $account->hasPermission('update field of interest');
}
}
diff --git a/core/modules/system/lib/Drupal/system/DateFormatAccessController.php b/core/modules/system/lib/Drupal/system/DateFormatAccessController.php
index 9608271..5fe5cb8 100644
--- a/core/modules/system/lib/Drupal/system/DateFormatAccessController.php
+++ b/core/modules/system/lib/Drupal/system/DateFormatAccessController.php
@@ -28,7 +28,7 @@ protected function checkAccess(EntityInterface $entity, $operation, $langcode, A
if (in_array($operation, array('update', 'delete')) && $entity->isLocked()) {
return FALSE;
}
- return user_access('administer site configuration', $account);
+ return $account->hasPermission('administer site configuration');
}
}
diff --git a/core/modules/system/lib/Drupal/system/Form/ModulesListForm.php b/core/modules/system/lib/Drupal/system/Form/ModulesListForm.php
index a090c67..c68c3ac 100644
--- a/core/modules/system/lib/Drupal/system/Form/ModulesListForm.php
+++ b/core/modules/system/lib/Drupal/system/Form/ModulesListForm.php
@@ -186,7 +186,7 @@ protected function buildRow(array $modules, $module, $distribution) {
// Generate link for module's permission, if the user has access to it.
$row['links']['permissions'] = array();
- if ($module->status && user_access('administer permissions') && in_array($module->name, $this->moduleHandler->getImplementations('permission'))) {
+ if ($module->status && $this->currentUser()->hasPermission('administer permissions') && in_array($module->name, $this->moduleHandler->getImplementations('permission'))) {
$row['links']['permissions'] = array(
'#type' => 'link',
'#title' => $this->t('Permissions'),
diff --git a/core/modules/system/system.api.php b/core/modules/system/system.api.php
index cabea75..4b79d27 100644
--- a/core/modules/system/system.api.php
+++ b/core/modules/system/system.api.php
@@ -1174,7 +1174,7 @@ function hook_system_info_alter(&$info, $file, $type) {
* can be selected on the user permissions page and used to grant or restrict
* access to actions the module performs.
*
- * Permissions are checked using user_access().
+ * Permissions are checked using \Drupal::currentUser()->hasPermission().
*
* For a detailed usage example, see page_example.module.
*
@@ -1421,7 +1421,7 @@ function hook_theme_registry_alter(&$theme_registry) {
* @see _template_preprocess_default_variables()
*/
function hook_template_preprocess_default_variables_alter(&$variables) {
- $variables['is_admin'] = user_access('access administration pages');
+ $variables['is_admin'] = \Drupal::currentUser()->hasPermission('access administration pages');
}
/**
@@ -2119,7 +2119,7 @@ function hook_query_TAG_alter(Drupal\Core\Database\Query\AlterableInterface $que
$op = 'view';
}
// Skip the extra joins and conditions for node admins.
- if (!user_access('bypass node access')) {
+ if (!\Drupal::currentUser()->hasPermission('bypass node access')) {
// The node_access table has the access grants for any given node.
$access_alias = $query->join('node_access', 'na', '%alias.nid = n.nid');
$or = db_or();
diff --git a/core/modules/system/system.module b/core/modules/system/system.module
index f4bf194..d33de6a 100644
--- a/core/modules/system/system.module
+++ b/core/modules/system/system.module
@@ -1890,7 +1890,7 @@ function system_stream_wrappers() {
* Menu item access callback - only enabled themes can be accessed.
*/
function _system_themes_access($theme) {
- return user_access('administer themes') && drupal_theme_access($theme);
+ return \Drupal::currentUser()->hasPermission('administer themes') && drupal_theme_access($theme);
}
/**
diff --git a/core/modules/system/tests/modules/entity_test/lib/Drupal/entity_test/EntityTestAccessController.php b/core/modules/system/tests/modules/entity_test/lib/Drupal/entity_test/EntityTestAccessController.php
index 034caa3..b98c67f 100644
--- a/core/modules/system/tests/modules/entity_test/lib/Drupal/entity_test/EntityTestAccessController.php
+++ b/core/modules/system/tests/modules/entity_test/lib/Drupal/entity_test/EntityTestAccessController.php
@@ -23,12 +23,12 @@ class EntityTestAccessController extends EntityAccessController {
protected function checkAccess(EntityInterface $entity, $operation, $langcode, AccountInterface $account) {
if ($operation === 'view') {
if ($langcode != Language::LANGCODE_DEFAULT) {
- return user_access('view test entity translations', $account);
+ return $account->hasPermission('view test entity translations');
}
- return user_access('view test entity', $account);
+ return $account->hasPermission('view test entity');
}
elseif (in_array($operation, array('update', 'delete'))) {
- return user_access('administer entity_test content', $account);
+ return $account->hasPermission('administer entity_test content');
}
}
@@ -36,7 +36,7 @@ protected function checkAccess(EntityInterface $entity, $operation, $langcode, A
* {@inheritdoc}
*/
protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) {
- return user_access('administer entity_test content', $account);
+ return $account->hasPermission('administer entity_test content');
}
}
diff --git a/core/modules/system/tests/modules/form_test/form_test.module b/core/modules/system/tests/modules/form_test/form_test.module
index a932868..a3a92b2 100644
--- a/core/modules/system/tests/modules/form_test/form_test.module
+++ b/core/modules/system/tests/modules/form_test/form_test.module
@@ -519,6 +519,8 @@ function _form_test_tableselect_js_select_form($form, $form_state, $action) {
* @deprecated Use \Drupal\form_test\testVerticalTabs()
*/
function _form_test_vertical_tabs_form($form, &$form_state) {
+ $account = \Drupal::currentUser();
+
$form['vertical_tabs'] = array(
'#type' => 'vertical_tabs',
);
@@ -526,7 +528,7 @@ function _form_test_vertical_tabs_form($form, &$form_state) {
'#type' => 'details',
'#title' => t('Tab 1'),
'#group' => 'vertical_tabs',
- '#access' => user_access('access vertical_tab_test tabs')
+ '#access' => $account->hasPermission('access vertical_tab_test tabs')
);
$form['tab1']['field1'] = array(
'#title' => t('Field 1'),
@@ -536,7 +538,7 @@ function _form_test_vertical_tabs_form($form, &$form_state) {
'#type' => 'details',
'#title' => t('Tab 2'),
'#group' => 'vertical_tabs',
- '#access' => user_access('access vertical_tab_test tabs')
+ '#access' => $account->hasPermission('access vertical_tab_test tabs')
);
$form['tab2']['field2'] = array(
'#title' => t('Field 2'),
diff --git a/core/modules/system/theme.api.php b/core/modules/system/theme.api.php
index 34758da..6909ee0 100644
--- a/core/modules/system/theme.api.php
+++ b/core/modules/system/theme.api.php
@@ -110,7 +110,7 @@ function hook_preprocess(&$variables, $hook) {
// Add contextual links to the variables, if the user has permission.
- if (!user_access('access contextual links')) {
+ if (!\Drupal::currentUser()->hasPermission('access contextual links')) {
return;
}
diff --git a/core/modules/toolbar/toolbar.module b/core/modules/toolbar/toolbar.module
index c8612df..bea2bf3 100644
--- a/core/modules/toolbar/toolbar.module
+++ b/core/modules/toolbar/toolbar.module
@@ -163,7 +163,7 @@ function _toolbar_initialize_page_cache() {
function toolbar_page_build(&$page) {
$page['page_top']['toolbar'] = array(
'#type' => 'toolbar',
- '#access' => user_access('access toolbar'),
+ '#access' => \Drupal::currentUser()->hasPermission('access toolbar'),
);
}
diff --git a/core/modules/update/update.module b/core/modules/update/update.module
index af8143b..401742c 100644
--- a/core/modules/update/update.module
+++ b/core/modules/update/update.module
@@ -94,7 +94,7 @@ function update_help($path, $arg) {
* Implements hook_page_build().
*/
function update_page_build() {
- if (arg(0) == 'admin' && user_access('administer site configuration')) {
+ if (arg(0) == 'admin' && \Drupal::currentUser()->hasPermission('administer site configuration')) {
switch (current_path()) {
// These pages don't need additional nagging.
case 'admin/appearance/update':
@@ -190,7 +190,7 @@ function update_menu() {
* @see update_menu()
*/
function update_manager_access() {
- return settings()->get('allow_authorize_operations', TRUE) && user_access('administer software updates');
+ return settings()->get('allow_authorize_operations', TRUE) && \Drupal::currentUser()->hasPermission('administer software updates');
}
/**
diff --git a/core/modules/user/lib/Drupal/user/AccountFormController.php b/core/modules/user/lib/Drupal/user/AccountFormController.php
index 4983b0f..35f034c 100644
--- a/core/modules/user/lib/Drupal/user/AccountFormController.php
+++ b/core/modules/user/lib/Drupal/user/AccountFormController.php
@@ -58,7 +58,7 @@ public function form(array $form, array &$form_state) {
$language_interface = language(Language::TYPE_INTERFACE);
$register = $account->isAnonymous();
- $admin = user_access('administer users');
+ $admin = $user->hasPermission('administer users');
// Account information.
$form['account'] = array(
@@ -76,7 +76,7 @@ public function form(array $form, array &$form_state) {
'#attributes' => array('class' => array('username'), 'autocorrect' => 'off', 'autocomplete' => 'off', 'autocapitalize' => 'off',
'spellcheck' => 'false'),
'#default_value' => (!$register ? $account->getUsername() : ''),
- '#access' => ($register || ($user->id() == $account->id() && user_access('change own username')) || $admin),
+ '#access' => ($register || ($user->id() == $account->id() && $user->hasPermission('change own username')) || $admin),
'#weight' => -10,
);
@@ -87,7 +87,7 @@ public function form(array $form, array &$form_state) {
'#type' => 'email',
'#title' => $this->t('E-mail address'),
'#description' => $this->t('A valid e-mail address. All e-mails from the system will be sent to this address. The e-mail address is not made public and will only be used if you wish to receive a new password or wish to receive certain news or notifications by e-mail.'),
- '#required' => !(!$account->getEmail() && user_access('administer users')),
+ '#required' => !(!$account->getEmail() && $user->hasPermission('administer users')),
'#default_value' => (!$register ? $account->getEmail() : ''),
'#attributes' => array('autocomplete' => 'off'),
);
@@ -184,7 +184,7 @@ public function form(array $form, array &$form_state) {
'#title' => $this->t('Roles'),
'#default_value' => (!$register ? $account->getRoles() : array()),
'#options' => $roles,
- '#access' => $roles && user_access('administer permissions'),
+ '#access' => $roles && $user->hasPermission('administer permissions'),
DRUPAL_AUTHENTICATED_RID => $checkbox_authenticated,
);
@@ -222,7 +222,7 @@ public function form(array $form, array &$form_state) {
'#title' => $this->t('Language settings'),
// Display language selector when either creating a user on the admin
// interface or editing a user account.
- '#access' => !$register || user_access('administer users'),
+ '#access' => !$register || $user->hasPermission('administer users'),
);
$form['language']['preferred_langcode'] = array(
@@ -249,7 +249,7 @@ public function form(array $form, array &$form_state) {
'#title' => $this->t('Administration pages language'),
'#languages' => Language::STATE_CONFIGURABLE,
'#default_value' => $user_preferred_admin_langcode,
- '#access' => $show_admin_language && user_access('access administration pages', $account),
+ '#access' => $show_admin_language && $account->hasPermission('access administration pages'),
);
// User entities contain both a langcode property (for identifying the
// language of the entity data) and a preferred_langcode property (see
diff --git a/core/modules/user/lib/Drupal/user/EventSubscriber/MaintenanceModeSubscriber.php b/core/modules/user/lib/Drupal/user/EventSubscriber/MaintenanceModeSubscriber.php
index 3c23086..0a42c91 100644
--- a/core/modules/user/lib/Drupal/user/EventSubscriber/MaintenanceModeSubscriber.php
+++ b/core/modules/user/lib/Drupal/user/EventSubscriber/MaintenanceModeSubscriber.php
@@ -24,12 +24,13 @@ class MaintenanceModeSubscriber implements EventSubscriberInterface {
* The event to process.
*/
public function onKernelRequestMaintenance(GetResponseEvent $event) {
+ $user = \Drupal::currentUser();
$request = $event->getRequest();
$site_status = $request->attributes->get('_maintenance');
$path = $request->attributes->get('_system_path');
if ($site_status == MENU_SITE_OFFLINE) {
// If the site is offline, log out unprivileged users.
- if ($GLOBALS['user']->isAuthenticated() && !user_access('access site in maintenance mode')) {
+ if ($user->isAuthenticated() && !$user->hasPermission('access site in maintenance mode')) {
user_logout();
// Redirect to homepage.
$event->setResponse(new RedirectResponse(url('', array('absolute' => TRUE))));
@@ -56,7 +57,7 @@ public function onKernelRequestMaintenance(GetResponseEvent $event) {
}
}
}
- if ($GLOBALS['user']->isAuthenticated()) {
+ if ($user->isAuthenticated()) {
if ($path == 'user/login') {
// If user is logged in, redirect to 'user' instead of giving 403.
$event->setResponse(new RedirectResponse(url('user', array('absolute' => TRUE))));
@@ -64,7 +65,7 @@ public function onKernelRequestMaintenance(GetResponseEvent $event) {
}
if ($path == 'user/register') {
// Authenticated user should be redirected to user edit page.
- $event->setResponse(new RedirectResponse(url('user/' . $GLOBALS['user']->id() . '/edit', array('absolute' => TRUE))));
+ $event->setResponse(new RedirectResponse(url('user/' . $user->id() . '/edit', array('absolute' => TRUE))));
return;
}
}
diff --git a/core/modules/user/lib/Drupal/user/Plugin/entity_reference/selection/UserSelection.php b/core/modules/user/lib/Drupal/user/Plugin/entity_reference/selection/UserSelection.php
index f14bc4e..dc7475f 100644
--- a/core/modules/user/lib/Drupal/user/Plugin/entity_reference/selection/UserSelection.php
+++ b/core/modules/user/lib/Drupal/user/Plugin/entity_reference/selection/UserSelection.php
@@ -88,9 +88,9 @@ public function buildEntityQuery($match = NULL, $match_operator = 'CONTAINS') {
$query->condition('name', $match, $match_operator);
}
- // Adding the 'user_access' tag is sadly insufficient for users: core
+ // Adding the permission check is sadly insufficient for users: core
// requires us to also know about the concept of 'blocked' and 'active'.
- if (!user_access('administer users')) {
+ if (!\Drupal::currentUser()->hasPermission('administer users')) {
$query->condition('status', 1);
}
return $query;
@@ -100,7 +100,7 @@ public function buildEntityQuery($match = NULL, $match_operator = 'CONTAINS') {
* {@inheritdoc}
*/
public function entityQueryAlter(SelectInterface $query) {
- if (user_access('administer users')) {
+ if (\Drupal::currentUser()->hasPermission('administer users')) {
// In addition, if the user is administrator, we need to make sure to
// match the anonymous user, that doesn't actually have a name in the
// database.
diff --git a/core/modules/user/lib/Drupal/user/RegisterFormController.php b/core/modules/user/lib/Drupal/user/RegisterFormController.php
index 38612a2..9062eb4 100644
--- a/core/modules/user/lib/Drupal/user/RegisterFormController.php
+++ b/core/modules/user/lib/Drupal/user/RegisterFormController.php
@@ -18,11 +18,9 @@ class RegisterFormController extends AccountFormController {
* Overrides Drupal\Core\Entity\EntityFormController::form().
*/
public function form(array $form, array &$form_state) {
- global $user;
+ $user = $this->currentUser();
$account = $this->entity;
-
- $admin = user_access('administer users');
-
+ $admin = $user->hasPermission('administer users');
// Pass access information to the submit handler. Running an access check
// inside the submit function interferes with form processing and breaks
// hook_form_alter().
diff --git a/core/modules/user/lib/Drupal/user/Tests/UserPermissionsTest.php b/core/modules/user/lib/Drupal/user/Tests/UserPermissionsTest.php
index 06d4994..d4152ec 100644
--- a/core/modules/user/lib/Drupal/user/Tests/UserPermissionsTest.php
+++ b/core/modules/user/lib/Drupal/user/Tests/UserPermissionsTest.php
@@ -34,7 +34,7 @@ function setUp() {
}
/**
- * Change user permissions and check user_access().
+ * Test changing user permissions through the (UI|permissions page).
*/
function testUserPermissionChanges() {
$permissions_hash_generator = $this->container->get('user.permissions_hash');
@@ -46,27 +46,27 @@ function testUserPermissionChanges() {
$this->assertIdentical($previous_permissions_hash, $permissions_hash_generator->generate($this->loggedInUser));
// Add a permission.
- $this->assertFalse(user_access('administer nodes', $account), 'User does not have "administer nodes" permission.');
+ $this->assertFalse($account->hasPermission('administer nodes'), 'User does not have "administer nodes" permission.');
$edit = array();
$edit[$rid . '[administer nodes]'] = TRUE;
$this->drupalPostForm('admin/people/permissions', $edit, t('Save permissions'));
$this->assertText(t('The changes have been saved.'), 'Successful save message displayed.');
$storage_controller = $this->container->get('entity.manager')->getStorageController('user_role');
$storage_controller->resetCache();
- $this->assertTrue(user_access('administer nodes', $account), 'User now has "administer nodes" permission.');
+ $this->assertTrue($account->hasPermission('administer nodes'), 'User now has "administer nodes" permission.');
$current_permissions_hash = $permissions_hash_generator->generate($account);
$this->assertIdentical($current_permissions_hash, $permissions_hash_generator->generate($this->loggedInUser));
$this->assertNotEqual($previous_permissions_hash, $current_permissions_hash, 'Permissions hash has changed.');
$previous_permissions_hash = $current_permissions_hash;
// Remove a permission.
- $this->assertTrue(user_access('access user profiles', $account), 'User has "access user profiles" permission.');
+ $this->assertTrue($account->hasPermission('access user profiles'), 'User has "access user profiles" permission.');
$edit = array();
$edit[$rid . '[access user profiles]'] = FALSE;
$this->drupalPostForm('admin/people/permissions', $edit, t('Save permissions'));
$this->assertText(t('The changes have been saved.'), 'Successful save message displayed.');
$storage_controller->resetCache();
- $this->assertFalse(user_access('access user profiles', $account), 'User no longer has "access user profiles" permission.');
+ $this->assertFalse($account->hasPermission('access user profiles'), 'User no longer has "access user profiles" permission.');
$current_permissions_hash = $permissions_hash_generator->generate($account);
$this->assertIdentical($current_permissions_hash, $permissions_hash_generator->generate($this->loggedInUser));
$this->assertNotEqual($previous_permissions_hash, $current_permissions_hash, 'Permissions hash has changed.');
@@ -91,7 +91,7 @@ function testAdministratorRole() {
// Aggregator depends on file module, enable that as well.
$edit['modules[Field types][file][enable]'] = TRUE;
$this->drupalPostForm('admin/modules', $edit, t('Save configuration'));
- $this->assertTrue(user_access('administer news feeds', $this->admin_user), 'The permission was automatically assigned to the administrator role');
+ $this->assertTrue($this->admin_user->hasPermission('administer news feeds'), 'The permission was automatically assigned to the administrator role');
}
/**
@@ -105,9 +105,9 @@ function testUserRoleChangePermissions() {
$previous_permissions_hash = $permissions_hash_generator->generate($account);
// Verify current permissions.
- $this->assertFalse(user_access('administer nodes', $account), 'User does not have "administer nodes" permission.');
- $this->assertTrue(user_access('access user profiles', $account), 'User has "access user profiles" permission.');
- $this->assertTrue(user_access('administer site configuration', $account), 'User has "administer site configuration" permission.');
+ $this->assertFalse($account->hasPermission('administer nodes'), 'User does not have "administer nodes" permission.');
+ $this->assertTrue($account->hasPermission('access user profiles'), 'User has "access user profiles" permission.');
+ $this->assertTrue($account->hasPermission('administer site configuration'), 'User has "administer site configuration" permission.');
// Change permissions.
$permissions = array(
@@ -117,9 +117,9 @@ function testUserRoleChangePermissions() {
user_role_change_permissions($rid, $permissions);
// Verify proper permission changes.
- $this->assertTrue(user_access('administer nodes', $account), 'User now has "administer nodes" permission.');
- $this->assertFalse(user_access('access user profiles', $account), 'User no longer has "access user profiles" permission.');
- $this->assertTrue(user_access('administer site configuration', $account), 'User still has "administer site configuration" permission.');
+ $this->assertTrue($account->hasPermission('administer nodes'), 'User now has "administer nodes" permission.');
+ $this->assertFalse($account->hasPermission('access user profiles'), 'User no longer has "access user profiles" permission.');
+ $this->assertTrue($account->hasPermission('administer site configuration'), 'User still has "administer site configuration" permission.');
// Verify the permissions hash has changed.
$current_permissions_hash = $permissions_hash_generator->generate($account);
diff --git a/core/modules/user/lib/Drupal/user/UserAccessController.php b/core/modules/user/lib/Drupal/user/UserAccessController.php
index 618dfe3..9aed19e 100644
--- a/core/modules/user/lib/Drupal/user/UserAccessController.php
+++ b/core/modules/user/lib/Drupal/user/UserAccessController.php
@@ -28,14 +28,14 @@ protected function checkAccess(EntityInterface $entity, $operation, $langcode, A
case 'update':
// Users can always edit their own account. Users with the 'administer
// users' permission can edit any account except the anonymous account.
- return (($account->id() == $entity->id()) || user_access('administer users', $account)) && $entity->id() > 0;
+ return (($account->id() == $entity->id()) || $account->hasPermission('administer users')) && $entity->id() > 0;
break;
case 'delete':
// Users with 'cancel account' permission can cancel their own account,
// users with 'administer users' permission can cancel any account
// except the anonymous account.
- return ((($account->id() == $entity->id()) && user_access('cancel account', $account)) || user_access('administer users', $account)) && $entity->id() > 0;
+ return ((($account->id() == $entity->id()) && $account->hasPermission('cancel account')) || $account->hasPermission('administer users')) && $entity->id() > 0;
break;
}
}
@@ -49,10 +49,10 @@ protected function viewAccess(EntityInterface $entity, $langcode, AccountInterfa
// Never allow access to view the anonymous user account.
if ($entity->id()) {
// Admins can view all, users can view own profiles at all times.
- if ($account->id() == $entity->id() || user_access('administer users', $account)) {
+ if ($account->id() == $entity->id() || $account->hasPermission('administer users')) {
return TRUE;
}
- elseif (user_access('access user profiles', $account)) {
+ elseif ($account->hasPermission('access user profiles')) {
// Only allow view access if the account is active.
return $entity->status->value;
}
diff --git a/core/modules/user/user.api.php b/core/modules/user/user.api.php
index 2d2fbd9..cc18e92 100644
--- a/core/modules/user/user.api.php
+++ b/core/modules/user/user.api.php
@@ -167,8 +167,9 @@ function hook_user_cancel($edit, $account, $method) {
* @see user_cancel_confirm_form()
*/
function hook_user_cancel_methods_alter(&$methods) {
+ $account = \Drupal::currentUser();
// Limit access to disable account and unpublish content method.
- $methods['user_cancel_block_unpublish']['access'] = user_access('administer site configuration');
+ $methods['user_cancel_block_unpublish']['access'] = $account->hasPermission('administer site configuration');
// Remove the content re-assigning method.
unset($methods['user_cancel_reassign']);
@@ -178,7 +179,7 @@ function hook_user_cancel_methods_alter(&$methods) {
'title' => t('Delete the account and remove all content.'),
'description' => t('All your content will be replaced by empty strings.'),
// access should be used for administrative methods only.
- 'access' => user_access('access zero-out account cancellation method'),
+ 'access' => $account->hasPermission('access zero-out account cancellation method'),
);
}
diff --git a/core/modules/user/user.module b/core/modules/user/user.module
index cfb48f8..8f342f2 100644
--- a/core/modules/user/user.module
+++ b/core/modules/user/user.module
@@ -583,7 +583,7 @@ function user_format_name(AccountInterface $account) {
* @see user_user_logout()
*/
function user_template_preprocess_default_variables_alter(&$variables) {
- global $user;
+ $user = \Drupal::currentUser();
// If this function is called from the installer after Drupal has been
// installed then $user will not be set.
@@ -595,7 +595,7 @@ function user_template_preprocess_default_variables_alter(&$variables) {
// Remove password and session IDs, $form_state, since themes should not need nor see them.
unset($variables['user']->pass, $variables['user']->sid, $variables['user']->ssid);
- $variables['is_admin'] = user_access('access administration pages');
+ $variables['is_admin'] = $user->hasPermission('access administration pages');
$variables['logged_in'] = $user->isAuthenticated();
}
@@ -627,7 +627,7 @@ function template_preprocess_username(&$variables) {
$name = drupal_substr($name, 0, 15) . '...';
}
$variables['name'] = check_plain($name);
- $variables['profile_access'] = user_access('access user profiles');
+ $variables['profile_access'] = \Drupal::currentUser()->hasPermission('access user profiles');
// Populate link path and attributes if appropriate.
if ($variables['uid'] && $variables['profile_access']) {
diff --git a/core/modules/views/views.api.php b/core/modules/views/views.api.php
index 52816e2..c17d42f 100644
--- a/core/modules/views/views.api.php
+++ b/core/modules/views/views.api.php
@@ -377,7 +377,7 @@ function hook_views_form_substitutions() {
function hook_views_pre_view(ViewExecutable $view, $display_id, array &$args) {
// Modify contextual filters for my_special_view if user has 'my special permission'.
- if ($view->name == 'my_special_view' && user_access('my special permission')) {
+ if ($view->name == 'my_special_view' && \Drupal::currentUser()->hasPermission('my special permission')) {
$args[0] = 'custom value';
}
}
@@ -444,7 +444,7 @@ function hook_views_pre_execute(ViewExecutable $view) {
// view administrators that the query might be heavy.
// (This action could be performed later in the execution process, but not
// earlier.)
- if (count($view->query->tables) > 2 && user_access('administer views')) {
+ if (count($view->query->tables) > 2 && \Drupal::currentUser()->hasPermission('administer views')) {
drupal_set_message(t('The view %view may be heavy to execute.', array('%view' => $view->name)), 'warning');
}
}
diff --git a/core/modules/views/views.module b/core/modules/views/views.module
index 4ac7613..056077d 100644
--- a/core/modules/views/views.module
+++ b/core/modules/views/views.module
@@ -416,7 +416,7 @@ function views_page_alter(&$page) {
*/
function views_preprocess_html(&$variables) {
// Early-return to prevent adding unnecessary JavaScript.
- if (!user_access('access contextual links')) {
+ if (!\Drupal::currentUser()->hasPermission('access contextual links')) {
return;
}
diff --git a/core/update.php b/core/update.php
index 527a703..5f4ff30 100644
--- a/core/update.php
+++ b/core/update.php
@@ -70,7 +70,7 @@ function update_helpful_links() {
'title' => t('Front page'),
'href' => '',
);
- if (user_access('access administration pages')) {
+ if (\Drupal::currentUser()->hasPermission('access administration pages')) {
$links['admin-pages'] = array(
'title' => t('Administration pages'),
'href' => 'admin',
@@ -101,7 +101,7 @@ function update_results_page() {
update_task_list();
// Report end result.
- if (\Drupal::moduleHandler()->moduleExists('dblog') && user_access('access site reports')) {
+ if (\Drupal::moduleHandler()->moduleExists('dblog') && \Drupal::currentUser()->hasPermission('access site reports')) {
$log_message = ' All errors have been logged.';
}
else {
@@ -256,7 +256,7 @@ function update_access_allowed() {
$module_handler->setModuleList($module_filenames);
$module_handler->reload();
\Drupal::service('kernel')->updateModules($module_filenames, $module_filenames);
- return user_access('administer software updates');
+ return $user->hasPermission('administer software updates');
}
catch (\Exception $e) {
return ($user->id() == 1);