Problem/Motivation

In node_node_access(), the calls to $account->hasPermission() have a extra argument that shouldn't be there.

Proposed resolution

Remove the extra argument.

Remaining tasks

-

User interface changes

-

API changes

-

Data model changes

-

CommentFileSizeAuthor
#12 interdiff-9-12.txt1.23 KBmsankhala
#12 remove-obsolete-args-hasPermission-2883553-12.patch4.23 KBmsankhala
#9 2883553-2_9.txt1.92 KBgovind.maloo
#9 2883553-9.diff5.44 KBgovind.maloo
#2 2883553-2.patch3.54 KBseanB
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

seanB created an issue. See original summary.

seanB’s picture

seanB
Primary language Dutch
Location Netherlands
CreditAttribution: seanB commented
FileSize
2883553-2.patch3.54 KB

Version: 8.4.x-dev » 8.5.x-dev

Drupal 8.4.0-alpha1 will be released the week of July 31, 2017, which means new developments and disruptive changes should now be targeted against the 8.5.x-dev branch. For more information see the Drupal 8 minor version schedule and the Allowed changes during the Drupal 8 release cycle.

plopesc’s picture

plopesc
he/him
Primary language Spanish
CreditAttribution: plopesc commented
Status: Needs review » Reviewed & tested by the community

I noticed this error as well. The patch looks good to me and tests are green :)

xjm’s picture

xjm
she/her
Primary language English
CreditAttribution: xjm at Acquia commented
Status: Reviewed & tested by the community » Needs work

I tried to think of any way this might break something. The only scenario I could come up with involved swapping out the entity access checker to call a different implementation of AccountInterface::hasPermission() that also did a func_get_args() (because an added parameter in the method signature would break the contract of the interface).

That's pretty scifi, so I think we're fine.

I did find one more instance of this error though:
core/modules/node/tests/modules/node_access_test/node_access_test.module: if ($op == 'view' && $account->hasPermission('node test view', $account)) {

Version: 8.5.x-dev » 8.6.x-dev

Drupal 8.5.0-alpha1 will be released the week of January 17, 2018, which means new developments and disruptive changes should now be targeted against the 8.6.x-dev branch. For more information see the Drupal 8 minor version schedule and the Allowed changes during the Drupal 8 release cycle.

Version: 8.6.x-dev » 8.7.x-dev

Drupal 8.6.0-alpha1 will be released the week of July 16, 2018, which means new developments and disruptive changes should now be targeted against the 8.7.x-dev branch. For more information see the Drupal 8 minor version schedule and the Allowed changes during the Drupal 8 release cycle.

Berdir’s picture

Berdir
Primary language German
Location Switzerland
CreditAttribution: Berdir at MD Systems GmbH commented
Issue tags: +Novice

Tagging novice for that additional usage.

govind.maloo’s picture

govind.maloo CreditAttribution: govind.maloo at Salsa Digital commented
FileSize
2883553-9.diff5.44 KB
2883553-2_9.txt1.92 KB
govind.maloo’s picture

govind.maloo CreditAttribution: govind.maloo at Salsa Digital commented
Status: Needs work » Needs review
Berdir’s picture

Berdir
Primary language German
Location Switzerland
CreditAttribution: Berdir at MD Systems GmbH commented
Status: Needs review » Needs work

Thanks, looks like you accidently added an unrelated change though?

msankhala’s picture

msankhala CreditAttribution: msankhala at Srijan | A Material+ Company commented
Status: Needs work » Needs review
FileSize
remove-obsolete-args-hasPermission-2883553-12.patch4.23 KB
interdiff-9-12.txt1.23 KB

Here is updated patch

rcodina’s picture

rcodina CreditAttribution: rcodina commented

Patch on #12 looks fine and it works for me!

Berdir’s picture

Berdir
Primary language German
Location Switzerland
CreditAttribution: Berdir at MD Systems GmbH commented

Thanks. There are about 3 different issues touching this function, it has more weirdness/bugs than lines of code. Lets see if we can get this one in this time ;)

Berdir’s picture

Berdir
Primary language German
Location Switzerland
CreditAttribution: Berdir at MD Systems GmbH commented
Status: Needs review » Reviewed & tested by the community
alexpott’s picture

alexpott
he/they
Primary language English
Location 🇪🇺🌍
CreditAttribution: alexpott commented
Status: Reviewed & tested by the community » Fixed

Committed and pushed 269c716d1d to 8.7.x and 3e22551b1d to 8.6.x. Thanks!

I found one more using a regex....

diff --git a/core/modules/node/tests/src/Functional/NodeRevisionPermissionsTest.php b/core/modules/node/tests/src/Functional/NodeRevisionPermissionsTest.php
index ed632a7e92..d0aa88efbb 100644
--- a/core/modules/node/tests/src/Functional/NodeRevisionPermissionsTest.php
+++ b/core/modules/node/tests/src/Functional/NodeRevisionPermissionsTest.php
@@ -153,7 +153,7 @@ public function testNodeRevisionAccessPerType() {
     foreach ($permutations as $case) {
       // Skip this test if there are no revisions for the node.
       if (!($revision->isDefaultRevision() && (db_query('SELECT COUNT(vid) FROM {node_field_revision} WHERE nid = :nid', [':nid' => $revision->id()])->fetchField() == 1 || $case['op'] == 'update' || $case['op'] == 'delete'))) {
-        if (!empty($case['account']->is_admin) || $case['account']->hasPermission($this->typeMap[$case['op']], $case['account'])) {
+        if (!empty($case['account']->is_admin) || $case['account']->hasPermission($this->typeMap[$case['op']])) {
           $this->assertTrue($node_revision_access->checkAccess($revision, $case['account'], $case['op']), "{$this->typeMap[$case['op']]} granted.");
         }
         else {

Fixed on commit. I ran the test locally.

  • alexpott committed 269c716 on 8.7.x 
    Issue #2883553 by govind.maloo, msankhala, seanB, Berdir, xjm, alexpott...

  • alexpott committed 3e22551 on 8.6.x 
    Issue #2883553 by govind.maloo, msankhala, seanB, Berdir, xjm, alexpott...

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.