A quick search in PHPStorm reveals 37 in-code usages of node_load(). There will be a few more occurrences of that in the menu system (@see 'access callback' => 'node_access') which have to be replaced with requirement checks in the new routing system. I'd suggest postponing that part of the conversion and only replacing the obvious invocations of that function and keep node_load() until it is also deprecated for %node loading in the menu system.
Considering the above and due to the suggestion of not replacing node_load() in the menu system just yet makes this a Novice task. Anynone interested? :)
Comment | File | Size | Author |
---|---|---|---|
#84 | drupal_1947880_84.patch | 24.01 KB | Xano |
#79 | interdiff.txt | 4.34 KB | Xano |
#79 | drupal_1947880_79.patch | 24.45 KB | Xano |
#73 | node-access-1947880-73.patch | 22.87 KB | tim.plunkett |
#73 | interdiff.txt | 1.33 KB | tim.plunkett |
Comments
Comment #1
chrisjlee CreditAttribution: chrisjlee commentedYes, i'm interested if you can provide me an example or a change notice of how to do this change. I don't really know what i'm doing. :)
Comment #2
BerdirSure, sorry for not providing that already.
Basically, look for calls like "node_access($node, 'view')" and replace them with "$node->access('view')". There will quite a few of those and some might be more complicated. Just start with what you can do and we'll look into the more complicated cases later.
See http://drupal.org/node/1862420 for the change notice.
Comment #3
chrisjlee CreditAttribution: chrisjlee commenteda babystep to see if i'm doing things right.
Comment #4
chrisjlee CreditAttribution: chrisjlee commentedComment #6
chrisjlee CreditAttribution: chrisjlee commentedForgot a parentheses the last patch will fail.
Comment #7
BerdirYes, that looks good ( I had the argument order switched in my example, sorry). Now we just need a lot more of those :)
Comment #8
fubhy CreditAttribution: fubhy commentedThat's exactly what we need chrisjlee :).
Comment #9
chrisjlee CreditAttribution: chrisjlee commentedPatch includes a bunch of low hanging fruit and simple instances. More complex cases to come. Have at it bot.
@fubhy @Berdir: This maybe a silly question but where can i find the $node->access method definition? I did a couple greps and google's and didn't have any luck. I'm probably missing something really simple. I'm trying to see what arguments it accepts.
Comment #10
fubhy CreditAttribution: fubhy commented@chrisjlee: You can find the ->access() method in the AccessibleInterface (core/lib/Drupal/Core/TypedData/AccessibleInterface.php). All entities implement that interface (@see EntityInterface which, among others, extends the AccessibleInterface).
Comment #11
BerdirYou can see the definition here: http://api.drupal.org/api/drupal/core%21lib%21Drupal%21Core%21TypedData%...
The implementation(s) are linked there as well.
What we are currently missing and will be required for some of the conversions here is the language code, which we should probably add in a separate issue.
Comment #12
BerdirOr maybe instead of adding the language code, we'll do something like $entity->getTranslation('de')->access() but that too, might need to be correctly implemented.
Comment #13
BerdirHere you can actually remove the $entity_type check as ->access() works for all entities, unlike node_access(). Note that the $entity_type variable is still required as it's passed to field_access()
You should probably ignore this one as it is already being converted in another issue.
Same here, I'm removing the whole hook now that we have $entity->access() in a different issue.
This one is a bit tricky because we don't have a node yet. So what you need to do is $node = entity_create('node', array('type' => $type)) and then call access on $node. Which is a bit unfortunate here as we are looping over possibly quite a few types and entity_create() is quite costly. But node_access() is already doing that internally, so it doesn't matter.
Looks like this one could maybe be generalized into an entity argument access validator or something like that but that's a separate issue, this is good enough for now.
Same as above, just remove the @todo and ignore for now.
As in the other example, entity_create() first. Which here, is really quite bad. @fubhy, ideas?
Comment #15
chrisjlee CreditAttribution: chrisjlee commentedLooks like it didn't like my changes in the book.module file. Maybe i'll revert that and a couple other instances and see where i'm at. But i have to do that a bit later.
Thanks for the feedback @berdir and @fuhby it's been most helpful. I'll get those changes in the next patch. Probably separately. I'm going to divide and conquer and see which ones are causing the errors and hopefully get back to green.
Comment #16
BerdirThat looks like a Node NG issue and not something that's wrong in your patch.
What's happening is that before, we passed a decorated node object that still allows old-style access to something like $node->uid but now it goes through the decorator and passed the NodeNG object into the access controller and it seems we have a case where we call something like $node->uid or $node->status and got an integer before and now a Field object. I'll look into it.
Comment #17
BerdirThis should take care of those fails, or most of them and allow you to get back to this if you're interested (or someone else!). Didn't fix most of my review above except removing the conflicting part in EntityReferenceAutocomplete.php that didn't apply anymore.
Comment #19
chrisjlee CreditAttribution: chrisjlee commentedSounds good. I'll get back at it once we get back to green or if you can help me figure out how to get it back to green?
Comment #20
BerdirThis should fix the book tests, the views ones were a HEAD failure unrelated to this patch.
Comment #21
chrisjlee CreditAttribution: chrisjlee commentedimplemented all the feedback from #13. Let me know if i missed anything. Let's hope this goes green!
Comment #22
chrisjlee CreditAttribution: chrisjlee commentedRan a grep to find all the other instances:
Comment #23
BerdirI know that WimLeers is working on this part, I would just ignore it. You would still need to do a $entity->access('update') if you want to keep it. but it's probably just going to conflict.
Comment #25
chrisjlee CreditAttribution: chrisjlee commentedDidn't know which direction to go. Might need some clarification from Berdir.
Patch fixes php error and restores previous return statement as suggested in #23
Comment #26
chrisjlee CreditAttribution: chrisjlee commentedComment #27
chrisjlee CreditAttribution: chrisjlee commentedAnyone able to provide me feedback? Or has this been postponed?
Comment #28
Berdir#25: 1947880-deprecate-node-access-25.patch queued for re-testing.
Comment #30
BerdirThe changes so far look good but we want to remove node_access() completely. Multiple of the remaining cases that I mentioned have already been removed, so most if not all of the remaining cases can now be converted.
Note that your grep contains a fair amount of hook_node_access() references, those should stay. Grepping for " node_access(" should give you better results.
Comment #31
jameswoods CreditAttribution: jameswoods commentedComment #32
dawehnerIt would be cool to have a test for that, as it's sort of security relevant.
Comment #33
chrisjlee CreditAttribution: chrisjlee commentedBeen a while. I'm going to take this task back. If you'd like to jump back in james please let me know.
Reroll caused a couple conflicts. Didn't feel super confident doing this. So i thought i'd breakdown the merge conflicts:
core/lib/Drupal/Core/Entity/Entity.php
I went with head on this one.
core/modules/edit/lib/Drupal/edit/Access/EditEntityFieldAccessCheck.php
More on core/modules/edit/lib/Drupal/edit/Access/EditEntityFieldAccessCheck.php
Went with head there too
Ended up with head on all of them. I just assumed that those references have been removed.
Attached is the patch after being rerolled.
Comment #34
chrisjlee CreditAttribution: chrisjlee commentedI was going to add changes. But we should see if the patch still works or if i messed up the reroll.
Comment #36
chrisjlee CreditAttribution: chrisjlee commentedGoing to try the reroll again. Instead this time i just reverted my changes on the merge conflicted files.
Comment #38
s_leu CreditAttribution: s_leu commentedHere's a reroll that should apply for now.
Unfortunately it's not already possible to remove the node_access function due to existing access callback definitions in node_menu(). This has to wait until the node_menu function will be cleaned up. I addressed this in a follow up issue #2019677: Remove node_access.
Comment #40
BerdirThis replaces the already existing $node variable. You need to use something like $child_node instead.
Comment #41
s_leu CreditAttribution: s_leu commentedI was not able to fix the issues with the node access test, fixed the book related failing though here's what i have for now.
Comment #42
s_leu CreditAttribution: s_leu commentedGot it now
Comment #44
tim.plunkettThis blocks any routes that want to properly use the NodeAccessController as requirements.
The innards of node_access() need to be moved into NodeAccessController.
Comment #45
dawehnerJust a usual rerole. plach thought that langcode would not be really needed so we maybe just drop the passing?
Comment #47
BerdirNot passing in the language code breaks the node access language tests :)
Comment #48
BerdirI will get back to this after #1810370: Entity Translation API improvements landed, we'll see how this changes things in regards to the language.
Comment #49
penyaskito#1810370: Entity Translation API improvements landed, rerolled patch.
Comment #51
YesCT CreditAttribution: YesCT commentedComment #52
BerdirSee also #1979094: Separate create access operation entity access controllers to avoid costly EntityNG instantiation, which improves the performance for create access checks.
Both issues are "only" major, but I think node_access() can be considered @deprecated in favor of the new entity access API anyway and as long as we don't actually remove it, this is not an API change anyway. So doesn't need to get in before api freeze.
Comment #53
tim.plunkettOkay, this should get us closer.
Comment #55
tim.plunkettHah, I must have hit paste while saving the file :)
Comment #57
tim.plunkettFixed some silly mistakes.
Comment #59
tim.plunkettSo now it's failing only for speficic language when the op is 'view'...
Not sure why.
Comment #60
BerdirLanguage stuff is tricky. See #1953892: Move language node access logic into NodeAccessController about that snippet. According to @plach, we might be able to just remove it, use the current entity language and if you want to check access in a different language, use $entity->getTranslation('de')->access('view'). I thought we did that already at some point?
Comment #61
effulgentsia CreditAttribution: effulgentsia commentedStraight reroll. Fixing #60 doesn't appear to be a Novice task, so removing that tag.
Comment #63
catchThis apparently blocks #1938318: Convert book_remove_form to a new-style Form object so bumping to critical.
Comment #64
tim.plunkett^
Comment #65
BerdirRe-roll and also actually removing the function.
Looks like the other issue unblocked itself with a hack, which I'm trying to remove again in #2072945: Remove the $langcode parameter in EntityAccessControllerInterface::access() and friends, but more than happy to remove this anyway, we should really use our API's. Not sure if it's still critical but I don't think we should keep node specific language stuff here.
Comment #67
XanoUpdating the title, since we are not keeping node_access().
Comment #68
Xano#65: node-1947880-65.patch queued for re-testing.
Comment #70
XanoRe-roll.
Comment #72
tim.plunkettI think I know what's wrong. Trying something out.
Comment #73
tim.plunkettNodeTestBase::assertNodeAccess() was still assuming the magic lived in node_access().
But langcode cannot be passed to Node::access().
Comment #75
tim.plunkett#73: node-access-1947880-73.patch queued for re-testing.
Comment #77
tim.plunkett#73: node-access-1947880-73.patch queued for re-testing.
Comment #78
XanoCreate access should not be run through $accessController->access() like that.
The test case does not run the check through $node->access(), but through the access controller directly.
Comment #79
XanoComment #80
BerdirYay that it's green, but not sure how useful it is if we convert here to the API's that we're trying to remove in #2072945: Remove the $langcode parameter in EntityAccessControllerInterface::access() and friends
Comment #81
BerdirDisregard that, it's not yet clear if that will even happen like that, the $langcode parameter might still remain.
So I'm fine moving on here. Will check if the patch still applies.
Comment #82
Berdir79: drupal_1947880_79.patch queued for re-testing.
Comment #83
star-szrTagging for reroll.
Comment #84
XanoRe-roll. I also removed one last code comment reference to node_access().
Comment #85
Crell CreditAttribution: Crell commentedLet's do.
Comment #86
catchDo we have an issue for making these calls a bit less verbose? This isn't just about access checks so doesn't affect this patch.
Otherwise looks great. Committed/pushed to 8.x, thanks!
Comment #87
BerdirThis issue mostly just implements the existing new API and is already referenced in https://drupal.org/node/1862420. Add a sentence about the removed function.