diff --git a/core/modules/node/lib/Drupal/node/NodeAccessController.php b/core/modules/node/lib/Drupal/node/NodeAccessController.php index 944b411..5f3b23c 100644 --- a/core/modules/node/lib/Drupal/node/NodeAccessController.php +++ b/core/modules/node/lib/Drupal/node/NodeAccessController.php @@ -61,10 +61,12 @@ public static function createInstance(ContainerInterface $container, $entity_typ * {@inheritdoc} */ public function access(EntityInterface $entity, $operation, $langcode = Language::LANGCODE_DEFAULT, AccountInterface $account = NULL) { - if (user_access('bypass node access', $account)) { + $account = $this->prepareUser($account); + + if ($account->hasPermission('bypass node access')) { return TRUE; } - if (!user_access('access content', $account)) { + if (!$account->hasPermission('access content')) { return FALSE; } return parent::access($entity, $operation, $langcode, $account); @@ -76,10 +78,10 @@ public function access(EntityInterface $entity, $operation, $langcode = Language public function createAccess($entity_bundle = NULL, AccountInterface $account = NULL, array $context = array()) { $account = $this->prepareUser($account); - if (user_access('bypass node access', $account)) { + if ($account->hasPermission('bypass node access')) { return TRUE; } - if (!user_access('access content', $account)) { + if (!$account->hasPermission('access content')) { return FALSE; } @@ -95,7 +97,7 @@ protected function checkAccess(EntityInterface $node, $operation, $langcode, Acc $uid = $node->getTranslation($langcode)->getAuthorId(); // Check if authors can view their own unpublished nodes. - if ($operation === 'view' && !$status && user_access('view own unpublished content', $account)) { + if ($operation === 'view' && !$status && $account->hasPermission('view own unpublished content')) { if ($account->id() != 0 && $account->id() == $uid) { return TRUE; @@ -121,7 +123,7 @@ protected function checkAccess(EntityInterface $node, $operation, $langcode, Acc protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) { $configured_types = node_permissions_get_configured_types(); if (isset($configured_types[$entity_bundle])) { - return user_access('create ' . $entity_bundle . ' content', $account); + return $account->hasPermission('create ' . $entity_bundle . ' content'); } } diff --git a/core/modules/node/lib/Drupal/node/NodeFormController.php b/core/modules/node/lib/Drupal/node/NodeFormController.php index e37eb41..5653022 100644 --- a/core/modules/node/lib/Drupal/node/NodeFormController.php +++ b/core/modules/node/lib/Drupal/node/NodeFormController.php @@ -131,14 +131,14 @@ public function form(array $form, array &$form_state) { 'js' => array(drupal_get_path('module', 'node') . '/node.js'), ), '#weight' => 20, - '#access' => $node->isNewRevision() || user_access('administer nodes'), + '#access' => $node->isNewRevision() || \Drupal::currentUser()->hasPermission('administer nodes'), ); $form['revision_information']['revision']['revision'] = array( '#type' => 'checkbox', '#title' => t('Create new revision'), '#default_value' => $node->isNewRevision(), - '#access' => user_access('administer nodes'), + '#access' => \Drupal::currentUser()->hasPermission('administer nodes'), ); $form['revision_information']['revision']['log'] = array( @@ -157,7 +157,7 @@ public function form(array $form, array &$form_state) { // Node author information for administrators. $form['author'] = array( '#type' => 'details', - '#access' => user_access('administer nodes'), + '#access' => \Drupal::currentUser()->hasPermission('administer nodes'), '#title' => t('Authoring information'), '#collapsed' => TRUE, '#group' => 'advanced', @@ -196,7 +196,7 @@ public function form(array $form, array &$form_state) { // Node options for administrators. $form['options'] = array( '#type' => 'details', - '#access' => user_access('administer nodes'), + '#access' => \Drupal::currentUser()->hasPermission('administer nodes'), '#title' => t('Promotion options'), '#collapsed' => TRUE, '#group' => 'advanced', @@ -247,7 +247,7 @@ protected function actions(array $form, array &$form_state) { // modules to integrate with "the Save operation" of this form. Modules // need a way to plug themselves into 1) the ::submit() step, and // 2) the ::save() step, both decoupled from the pressed form button. - if ($element['submit']['#access'] && user_access('administer nodes')) { + if ($element['submit']['#access'] && \Drupal::currentUser()->hasPermission('administer nodes')) { // isNew | prev status » default & publish label & unpublish label // 1 | 1 » publish & Save and publish & Save as unpublished // 1 | 0 » unpublish & Save and publish & Save as unpublished diff --git a/core/modules/node/lib/Drupal/node/Plugin/entity_reference/selection/NodeSelection.php b/core/modules/node/lib/Drupal/node/Plugin/entity_reference/selection/NodeSelection.php index 5a087a8..25036c7 100644 --- a/core/modules/node/lib/Drupal/node/Plugin/entity_reference/selection/NodeSelection.php +++ b/core/modules/node/lib/Drupal/node/Plugin/entity_reference/selection/NodeSelection.php @@ -34,7 +34,8 @@ public function buildEntityQuery($match = NULL, $match_operator = 'CONTAINS') { // 'unpublished'. We need to do that as long as there are no access control // modules in use on the site. As long as one access control module is there, // it is supposed to handle this check. - if (!user_access('bypass node access') && !count(\Drupal::moduleHandler()->getImplementations('node_grants'))) { + if (!\Drupal::currentUser()->hasPermission('bypass node access') && + !count(\Drupal::moduleHandler()->getImplementations('node_grants'))) { $query->condition('status', NODE_PUBLISHED); } return $query; diff --git a/core/modules/node/lib/Drupal/node/Plugin/views/field/RevisionLinkDelete.php b/core/modules/node/lib/Drupal/node/Plugin/views/field/RevisionLinkDelete.php index 0f8cc64..4ddfd36 100644 --- a/core/modules/node/lib/Drupal/node/Plugin/views/field/RevisionLinkDelete.php +++ b/core/modules/node/lib/Drupal/node/Plugin/views/field/RevisionLinkDelete.php @@ -21,7 +21,8 @@ class RevisionLinkDelete extends RevisionLink { public function access() { - return user_access('delete revisions') || user_access('administer nodes'); + return \Drupal::currentUser()->hasPermission('delete revisions') || + \Drupal::currentUser()->hasPermission('administer nodes'); } /** diff --git a/core/modules/node/lib/Drupal/node/Plugin/views/field/RevisionLinkRevert.php b/core/modules/node/lib/Drupal/node/Plugin/views/field/RevisionLinkRevert.php index 13c10fd..d0cb683 100644 --- a/core/modules/node/lib/Drupal/node/Plugin/views/field/RevisionLinkRevert.php +++ b/core/modules/node/lib/Drupal/node/Plugin/views/field/RevisionLinkRevert.php @@ -21,7 +21,8 @@ class RevisionLinkRevert extends RevisionLink { public function access() { - return user_access('revert revisions') || user_access('administer nodes'); + return \Drupal::currentUser()->hasPermission(('revert revisions') || + \Drupal::currentUser()->hasPermission('administer nodes'); } /** diff --git a/core/modules/node/lib/Drupal/node/Plugin/views/filter/Access.php b/core/modules/node/lib/Drupal/node/Plugin/views/filter/Access.php index b5bf773..573ddfa 100644 --- a/core/modules/node/lib/Drupal/node/Plugin/views/filter/Access.php +++ b/core/modules/node/lib/Drupal/node/Plugin/views/filter/Access.php @@ -29,7 +29,7 @@ public function canExpose() { * See _node_access_where_sql() for a non-views query based implementation. */ public function query() { - if (!user_access('administer nodes')) { + if (!\Drupal::currentUser()->hasPermission('administer nodes')) { $table = $this->ensureMyTable(); $grants = db_or(); foreach (node_access_grants('view') as $realm => $gids) { diff --git a/core/modules/node/lib/Drupal/node/Tests/NodeRevisionPermissionsTest.php b/core/modules/node/lib/Drupal/node/Tests/NodeRevisionPermissionsTest.php index 3bcf362..9a927f8 100644 --- a/core/modules/node/lib/Drupal/node/Tests/NodeRevisionPermissionsTest.php +++ b/core/modules/node/lib/Drupal/node/Tests/NodeRevisionPermissionsTest.php @@ -99,7 +99,7 @@ function testNodeRevisionAccessAnyType() { foreach ($permutations as $case) { // Skip this test if there are no revisions for the node. if (!($revision->isDefaultRevision() && (db_query('SELECT COUNT(vid) FROM {node_field_revision} WHERE nid = :nid', array(':nid' => $revision->id()))->fetchField() == 1 || $case['op'] == 'update' || $case['op'] == 'delete'))) { - if (!empty($case['account']->is_admin) || user_access($this->map[$case['op']], $case['account'])) { + if (!empty($case['account']->is_admin) || $case['account']->hasPermission($this->map[$case['op']])) { $this->assertTrue(_node_revision_access($revision, $case['op'], $case['account']), "{$this->map[$case['op']]} granted."); } else { @@ -145,7 +145,7 @@ function testNodeRevisionAccessPerType() { foreach ($permutations as $case) { // Skip this test if there are no revisions for the node. if (!($revision->isDefaultRevision() && (db_query('SELECT COUNT(vid) FROM {node_field_revision} WHERE nid = :nid', array(':nid' => $revision->id()))->fetchField() == 1 || $case['op'] == 'update' || $case['op'] == 'delete'))) { - if (!empty($case['account']->is_admin) || user_access($this->type_map[$case['op']], $case['account'])) { + if (!empty($case['account']->is_admin) || $case['account']->hasPermission($this->type_map[$case['op']])) { $this->assertTrue(_node_revision_access($revision, $case['op'], $case['account']), "{$this->type_map[$case['op']]} granted."); } else { diff --git a/core/modules/node/node.api.php b/core/modules/node/node.api.php index 9c2f1df..3982518 100644 --- a/core/modules/node/node.api.php +++ b/core/modules/node/node.api.php @@ -182,7 +182,7 @@ * @ingroup node_access */ function hook_node_grants($account, $op) { - if (user_access('access private content', $account)) { + if ($account->hasPermission('access private content')) { $grants['example'] = array(1); } $grants['example_owner'] = array($account->id()); @@ -569,18 +569,20 @@ function hook_node_access(\Drupal\node\NodeInterface $node, $op, $account, $lang $configured_types = node_permissions_get_configured_types(); if (isset($configured_types[$type])) { - if ($op == 'create' && user_access('create ' . $type . ' content', $account)) { + if ($op == 'create' && $account->hasPermission('create ' . $type . ' content')) { return NODE_ACCESS_ALLOW; } if ($op == 'update') { - if (user_access('edit any ' . $type . ' content', $account) || (user_access('edit own ' . $type . ' content', $account) && ($account->id() == $node->getAuthorId()))) { + if ($account->hasPermission('edit any ' . $type . ' content') || + ($account->hasPermission('edit own ' . $type . ' content') && ($account->id() == $node->getAuthorId()))) { return NODE_ACCESS_ALLOW; } } if ($op == 'delete') { - if (user_access('delete any ' . $type . ' content', $account) || (user_access('delete own ' . $type . ' content', $account) && ($account->id() == $node->getAuthorId()))) { + if ($account->hasPermission('delete any ' . $type . ' content') || + ($account->hasPermission('delete own ' . $type . ' content') && ($account->id() == $node->getAuthorId()))) { return NODE_ACCESS_ALLOW; } } diff --git a/core/modules/node/node.module b/core/modules/node/node.module index b767b9b..22ae094 100644 --- a/core/modules/node/node.module +++ b/core/modules/node/node.module @@ -22,6 +22,7 @@ use Drupal\entity\Entity\EntityFormDisplay; use Drupal\file\Entity\File; use Drupal\user\UserInterface; +use Drupal\Core\Session\AccountInterface; /** * Denotes that the node is not published. @@ -85,7 +86,7 @@ function node_help($path, $arg) { // for rebuild. We don't need to issue the message on the confirm form, or // while the rebuild is being processed. if ($path != 'admin/reports/status/rebuild' && $path != 'batch' && strpos($path, '#') === FALSE - && user_access('access administration pages') && node_access_needs_rebuild()) { + && \Drupal::currentUser()->hasPermission('access administration pages') && node_access_needs_rebuild()) { if ($path == 'admin/reports/status') { $message = t('The content access permissions need to be rebuilt.'); } @@ -776,7 +777,7 @@ function node_permission() { ), 'access content overview' => array( 'title' => t('Access the Content overview page'), - 'description' => user_access('access content overview') + 'description' => \Drupal::currentUser()->hasPermission('access content overview') ? t('Get an overview of all content.', array('@url' => url('admin/content'))) : t('Get an overview of all content.'), ), @@ -1108,11 +1109,11 @@ function node_revision_list(EntityInterface $node) { function node_get_recent($number = 10) { $query = db_select('node_field_data', 'n'); - if (!user_access('bypass node access')) { + if (!\Drupal::currentUser()->hasPermission('bypass node access')) { // If the user is able to view their own unpublished nodes, allow them // to see these in addition to published nodes. Check that they actually // have some unpublished nodes to view before adding the condition. - if (user_access('view own unpublished content') && $own_unpublished = db_query('SELECT DISTINCT nid FROM {node_field_data} WHERE uid = :uid AND status = :status', array(':uid' => $GLOBALS['user']->id(), ':status' => NODE_NOT_PUBLISHED))->fetchCol()) { + if (\Drupal::currentUser()->hasPermission('view own unpublished content') && $own_unpublished = db_query('SELECT DISTINCT nid FROM {node_field_data} WHERE uid = :uid AND status = :status', array(':uid' => $GLOBALS['user']->id(), ':status' => NODE_NOT_PUBLISHED))->fetchCol()) { $query->condition(db_or() ->condition('n.status', NODE_PUBLISHED) ->condition('n.nid', $own_unpublished, 'IN') @@ -1182,7 +1183,7 @@ function theme_node_recent_block($variables) { '#rows' => $rows, ); $output = drupal_render($table); - if (user_access('access content overview')) { + if (\Drupal::currentUser()->hasPermission('access content overview')) { $more_link = array( '#theme' => 'more_link', '#url' => 'admin/content', @@ -1534,18 +1535,18 @@ function node_node_access($node, $op, $account) { $configured_types = node_permissions_get_configured_types(); if (isset($configured_types[$type])) { - if ($op == 'create' && user_access('create ' . $type . ' content', $account)) { + if ($op == 'create' && $account->hasPermission('create ' . $type . ' content')) { return NODE_ACCESS_ALLOW; } if ($op == 'update') { - if (user_access('edit any ' . $type . ' content', $account) || (user_access('edit own ' . $type . ' content', $account) && ($account->id() == $node->getAuthorId()))) { + if ($account->hasPermission('edit any ' . $type . ' content') || ($account->hasPermission('edit own ' . $type . ' content') && ($account->id() == $node->getAuthorId()))) { return NODE_ACCESS_ALLOW; } } if ($op == 'delete') { - if (user_access('delete any ' . $type . ' content', $account) || (user_access('delete own ' . $type . ' content', $account) && ($account->id() == $node->getAuthorId()))) { + if ($account->hasPermission('delete any ' . $type . ' content') || ($account->hasPermission('delete own ' . $type . ' content') && ($account->id() == $node->getAuthorId()))) { return NODE_ACCESS_ALLOW; } } @@ -1634,24 +1635,19 @@ function node_permissions_get_configured_types() { * * @param $op * The operation that the user is trying to perform. - * @param $account - * (optional) The user object for the user performing the operation. If - * omitted, the current user is used. Defaults to NULL. + * @param \Drupal\Core\Session\AccountInterface $account + * The user object for the user performing the operation. * * @return * An associative array in which the keys are realms, and the values are * arrays of grants for those realms. */ -function node_access_grants($op, $account = NULL) { - - if (!isset($account)) { - $account = $GLOBALS['user']; - } +function node_access_grants($op, AccountInterface $account) { // Fetch node access grants from other modules. $grants = \Drupal::moduleHandler()->invokeAll('node_grants', array($account, $op)); // Allow modules to alter the assigned grants. - drupal_alter('node_grants', $grants, $account, $op); + \Drupal::moduleHandler()->alter('node_grants', $grants, $account, $op); return array_merge(array('all' => array(0)), $grants); } @@ -1730,7 +1726,7 @@ function node_query_node_access_alter(AlterableInterface $query) { // If $account can bypass node access, or there are no node access modules, // or the operation is 'view' and the $account has a global view grant // (such as a view grant for node ID 0), we don't need to alter the query. - if (user_access('bypass node access', $account)) { + if ($account->hasPermission('bypass node access')) { return; } if (!count(\Drupal::moduleHandler()->getImplementations('node_grants'))) { diff --git a/core/modules/node/node.pages.inc b/core/modules/node/node.pages.inc index 42eb2c5..e5551d3 100644 --- a/core/modules/node/node.pages.inc +++ b/core/modules/node/node.pages.inc @@ -193,11 +193,11 @@ function node_revision_overview($node) { $type = $node->getType(); $revert_permission = FALSE; - if ((user_access("revert $type revisions") || user_access('revert all revisions') || user_access('administer nodes')) && $node->access('update')) { + if ((\Drupal::currentUser()->hasPermission("revert $type revisions") || \Drupal::currentUser()->hasPermission('revert all revisions') || \Drupal::currentUser()->hasPermission('administer nodes')) && $node->access('update')) { $revert_permission = TRUE; } $delete_permission = FALSE; - if ((user_access("delete $type revisions") || user_access('delete all revisions') || user_access('administer nodes')) && $node->access('delete')) { + if ((\Drupal::currentUser()->hasPermission("delete $type revisions") || \Drupal::currentUser()->hasPermission('delete all revisions') || \Drupal::currentUser()->hasPermission('administer nodes')) && $node->access('delete')) { $delete_permission = TRUE; } foreach ($revisions as $revision) { diff --git a/core/modules/node/node.views_execution.inc b/core/modules/node/node.views_execution.inc index daedc33..02dd82e 100644 --- a/core/modules/node/node.views_execution.inc +++ b/core/modules/node/node.views_execution.inc @@ -12,9 +12,9 @@ */ function node_views_query_substitutions(ViewExecutable $view) { return array( - '***ADMINISTER_NODES***' => intval(user_access('administer nodes')), - '***VIEW_OWN_UNPUBLISHED_NODES***' => intval(user_access('view own unpublished content')), - '***BYPASS_NODE_ACCESS***' => intval(user_access('bypass node access')), + '***ADMINISTER_NODES***' => intval(\Drupal::currentUser()->hasPermission('administer nodes')), + '***VIEW_OWN_UNPUBLISHED_NODES***' => intval(\Drupal::currentUser()->hasPermission('view own unpublished content')), + '***BYPASS_NODE_ACCESS***' => intval(\Drupal::currentUser()->hasPermission('bypass node access')), ); } diff --git a/core/modules/node/tests/modules/node_access_test/node_access_test.module b/core/modules/node/tests/modules/node_access_test/node_access_test.module index 12800b1..2923d55 100644 --- a/core/modules/node/tests/modules/node_access_test/node_access_test.module +++ b/core/modules/node/tests/modules/node_access_test/node_access_test.module @@ -20,7 +20,7 @@ function node_access_test_node_grants($account, $op) { $grants = array(); // First grant a grant to the author for own content. $grants['node_access_test_author'] = array($account->id()); - if ($op == 'view' && user_access('node test view', $account)) { + if ($op == 'view' && $account->hasPermission('node test view')) { $grants['node_access_test'] = array(8888, 8889); }