Drupal Association members fund grants that make connections all over the world.
This issue is part of.
EntityNG fields implement access control via Drupal\Core\Entity\Field\Type\Field::access() which invokes hook_entity_field_access(). Meanwhile, field.module has field_access() which invokes hook_field_access(). These hooks have different signatures. We need to unify all this into a common API.
Motivations for the API break
In place editing currently only checks "configurable fields" field_access(), and bypasses access checks on "entity fields".
WidgetBase & FormatterBase also have a field_access() check, with a @todo on this issue.
- Field access is queried by calling EntityAccessController::fieldAccess(), which reproduces the behavior of current HEAD's for "EntityNG" field access: invoke hook_entity_field_access() & hook_entity_field_access_alter(). hook_field_access(), used by the "old Field API", is removed in favor of the above.
- This EntityAccessController::fieldAccess() method *optionally* receives a FieldItemList object, allowing the various hooks to implement optional logic based on specific values of the field. There are however cases for checking field access for "a field generally", not in the context of a specific $entity (ex: Views UI), so this parameter needs to be optional. D7's field_access() worked that way already.
- As a shorthand, fetching access grants in the context of a specific entity can be done by calling the access() method on the FieldItemList object : $node->body->access($op);
- Implementors of hook_entity_field_access_alter() need to be able to reason on a FieldDefinitionInterface object (which unifies base fields and configurable fields). Thus the patch adds an initial implementation of a FieldDefinition class for base fields, that is currently still missing in HEAD.
- D7's field_access() is deprecated in favor of EntityNG's Field::access() / EntityAccessController::getFieldAccess()
- D7's hook_field_access() is removed in favor of EntityNG's hook_entity_field_access()
- agree on the approach :-)
- convert remaining field_access() calls in Edit, Views, WidgetBase / FormatterBase
PASSED: [[SimpleTest]]: [MySQL] 59,100 pass(es). View
FAILED: [[SimpleTest]]: [MySQL] 59,306 pass(es), 1 fail(s), and 0 exception(s). View
PASSED: [[SimpleTest]]: [MySQL] 59,191 pass(es). View