diff --git a/core/modules/user/lib/Drupal/user/EventSubscriber/MaintenanceModeSubscriber.php b/core/modules/user/lib/Drupal/user/EventSubscriber/MaintenanceModeSubscriber.php index 424f44a..0a42c91 100644 --- a/core/modules/user/lib/Drupal/user/EventSubscriber/MaintenanceModeSubscriber.php +++ b/core/modules/user/lib/Drupal/user/EventSubscriber/MaintenanceModeSubscriber.php @@ -30,7 +30,7 @@ public function onKernelRequestMaintenance(GetResponseEvent $event) { $path = $request->attributes->get('_system_path'); if ($site_status == MENU_SITE_OFFLINE) { // If the site is offline, log out unprivileged users. - if ($user->isAuthenticated() && $user->hasPermission('access site in maintenance mode')) { + if ($user->isAuthenticated() && !$user->hasPermission('access site in maintenance mode')) { user_logout(); // Redirect to homepage. $event->setResponse(new RedirectResponse(url('', array('absolute' => TRUE)))); diff --git a/core/modules/user/lib/Drupal/user/Plugin/views/access/Permission.php b/core/modules/user/lib/Drupal/user/Plugin/views/access/Permission.php index 3892cfb..2251a6e 100644 --- a/core/modules/user/lib/Drupal/user/Plugin/views/access/Permission.php +++ b/core/modules/user/lib/Drupal/user/Plugin/views/access/Permission.php @@ -52,6 +52,7 @@ public function summaryTitle() { return t($this->options['perm']); } + protected function defineOptions() { $options = parent::defineOptions(); $options['perm'] = array('default' => 'access content'); diff --git a/core/modules/user/lib/Drupal/user/Plugin/views/field/Language.php b/core/modules/user/lib/Drupal/user/Plugin/views/field/Language.php index c429a75..924bf56 100644 --- a/core/modules/user/lib/Drupal/user/Plugin/views/field/Language.php +++ b/core/modules/user/lib/Drupal/user/Plugin/views/field/Language.php @@ -24,7 +24,7 @@ class Language extends User { protected function renderLink($data, ResultRow $values) { if (!empty($this->options['link_to_user'])) { $uid = $this->getValue($values, 'uid'); - if (Drupal::currentUser()->hasPermission('access user profiles') && $uid) { + if ($this->view->getUser()->hasPermission('access user profiles') && $uid) { $this->options['alter']['make_link'] = TRUE; $this->options['alter']['path'] = 'user/' . $uid; } diff --git a/core/modules/user/lib/Drupal/user/Plugin/views/field/Link.php b/core/modules/user/lib/Drupal/user/Plugin/views/field/Link.php index 5627b55..5c75d85 100644 --- a/core/modules/user/lib/Drupal/user/Plugin/views/field/Link.php +++ b/core/modules/user/lib/Drupal/user/Plugin/views/field/Link.php @@ -54,10 +54,11 @@ public function buildOptionsForm(&$form, &$form_state) { parent::buildOptionsForm($form, $form_state); } - // An example of field level access control. - public function access() { - $user = \Drupal::currentUser(); - return $user->hasPermission('administer users') || $user->hasPermission('access user profiles'); + /** + * {@inheritdoc} + */ + public function access(AccountInterface $account) { + return $account->hasPermission('administer users') || $account->hasPermission('access user profiles'); } public function query() { diff --git a/core/modules/user/lib/Drupal/user/Plugin/views/field/User.php b/core/modules/user/lib/Drupal/user/Plugin/views/field/User.php index 4a27741..c40f204 100644 --- a/core/modules/user/lib/Drupal/user/Plugin/views/field/User.php +++ b/core/modules/user/lib/Drupal/user/Plugin/views/field/User.php @@ -7,12 +7,10 @@ namespace Drupal\user\Plugin\views\field; -use Drupal\Core\Session\AccountInterface; use Drupal\views\Plugin\views\field\FieldPluginBase; use Drupal\views\Plugin\views\display\DisplayPluginBase; use Drupal\views\ResultRow; use Drupal\views\ViewExecutable; -use Symfony\Component\DependencyInjection\ContainerInterface; /** * Field handler to provide simple renderer that allows linking to a user. @@ -24,33 +22,6 @@ class User extends FieldPluginBase { /** - * The current user. - * - * @var \Drupal\Core\Session\AccountInterface - */ - protected $currentUser; - - /** - * Constructor. - * - * @param array $configuration - * @param string $plugin_id - * @param array $plugin_definition - * @param \Drupal\Core\Session\AccountInterface $current_user - */ - public function __construct(array $configuration, $plugin_id, array $plugin_definition, AccountInterface $current_user) { - parent::__construct($configuration, $plugin_id, $plugin_definition); - $this->currentUser = $current_user; - } - - /** - * {@inheritdoc} - */ - public static function create(ContainerInterface $container, array $configuration, $plugin_id, array $plugin_definition) { - return new static($configuration, $plugin_id, $plugin_definition, $container->get('current_user')); - } - - /** * Overrides \Drupal\views\Plugin\views\field\FieldPluginBase::init(). */ public function init(ViewExecutable $view, DisplayPluginBase $display, array &$options = NULL) { @@ -92,7 +63,7 @@ public function buildOptionsForm(&$form, &$form_state) { * Returns a string for the link text. */ protected function renderLink($data, ResultRow $values) { - if (!empty($this->options['link_to_user']) && $this->currentUser->hasPermission('access user profiles') && ($entity = $this->getEntity($values)) && $data !== NULL && $data !== '') { + if (!empty($this->options['link_to_user']) && $this->view->getUser()->hasPermission('access user profiles') && ($entity = $this->getEntity($values)) && $data !== NULL && $data !== '') { $this->options['alter']['make_link'] = TRUE; $uri = $entity->uri(); $this->options['alter']['path'] = $uri['path']; diff --git a/core/modules/user/lib/Drupal/user/RegisterFormController.php b/core/modules/user/lib/Drupal/user/RegisterFormController.php index b4b7fb2..0a24647 100644 --- a/core/modules/user/lib/Drupal/user/RegisterFormController.php +++ b/core/modules/user/lib/Drupal/user/RegisterFormController.php @@ -21,7 +21,6 @@ public function form(array $form, array &$form_state) { $user = \Drupal::currentUser(); $account = $this->entity; $admin = $user->hasPermission('administer users'); - // Pass access information to the submit handler. Running an access check // inside the submit function interferes with form processing and breaks // hook_form_alter(). diff --git a/core/modules/user/lib/Drupal/user/Tests/UserPermissionsTest.php b/core/modules/user/lib/Drupal/user/Tests/UserPermissionsTest.php index 7365df4..b60dcd3 100644 --- a/core/modules/user/lib/Drupal/user/Tests/UserPermissionsTest.php +++ b/core/modules/user/lib/Drupal/user/Tests/UserPermissionsTest.php @@ -54,6 +54,10 @@ function testUserPermissionChanges() { $storage_controller = $this->container->get('entity.manager')->getStorageController('user_role'); $storage_controller->resetCache(); $this->assertTrue($account->hasPermission('administer nodes'), 'User now has "administer nodes" permission.'); + $current_permissions_hash = $permissions_hash_generator->generate($account); + $this->assertIdentical($current_permissions_hash, $permissions_hash_generator->generate($this->loggedInUser)); + $this->assertNotEqual($previous_permissions_hash, $current_permissions_hash, 'Permissions hash has changed.'); + $previous_permissions_hash = $current_permissions_hash; // Remove a permission. $this->assertTrue($account->hasPermission('access user profiles'), 'User has "access user profiles" permission.'); @@ -63,6 +67,9 @@ function testUserPermissionChanges() { $this->assertText(t('The changes have been saved.'), 'Successful save message displayed.'); $storage_controller->resetCache(); $this->assertFalse($account->hasPermission('access user profiles'), 'User no longer has "access user profiles" permission.'); + $current_permissions_hash = $permissions_hash_generator->generate($account); + $this->assertIdentical($current_permissions_hash, $permissions_hash_generator->generate($this->loggedInUser)); + $this->assertNotEqual($previous_permissions_hash, $current_permissions_hash, 'Permissions hash has changed.'); } /** @@ -113,6 +120,10 @@ function testUserRoleChangePermissions() { $this->assertTrue($account->hasPermission('administer nodes'), 'User now has "administer nodes" permission.'); $this->assertFalse($account->hasPermission('access user profiles'), 'User no longer has "access user profiles" permission.'); $this->assertTrue($account->hasPermission('administer site configuration'), 'User still has "administer site configuration" permission.'); + + // Verify the permissions hash has changed. + $current_permissions_hash = $permissions_hash_generator->generate($account); + $this->assertNotEqual($previous_permissions_hash, $current_permissions_hash, 'Permissions hash has changed.'); } } diff --git a/core/modules/user/user.api.php b/core/modules/user/user.api.php index 6fa8447..cc18e92 100644 --- a/core/modules/user/user.api.php +++ b/core/modules/user/user.api.php @@ -167,9 +167,9 @@ function hook_user_cancel($edit, $account, $method) { * @see user_cancel_confirm_form() */ function hook_user_cancel_methods_alter(&$methods) { - $user = \Drupal::currentUser(); + $account = \Drupal::currentUser(); // Limit access to disable account and unpublish content method. - $methods['user_cancel_block_unpublish']['access'] = $user->hasPermission('administer site configuration'); + $methods['user_cancel_block_unpublish']['access'] = $account->hasPermission('administer site configuration'); // Remove the content re-assigning method. unset($methods['user_cancel_reassign']); @@ -179,7 +179,7 @@ function hook_user_cancel_methods_alter(&$methods) { 'title' => t('Delete the account and remove all content.'), 'description' => t('All your content will be replaced by empty strings.'), // access should be used for administrative methods only. - 'access' => $user->hasPermission('access zero-out account cancellation method'), + 'access' => $account->hasPermission('access zero-out account cancellation method'), ); }