Let's start to convert all calls to user_access() with the new AccountInterface::hasPermission() method.

Part of #2048171: [meta] Replace user_access() calls with $account->hasPermission() wherever possible.

Change records for this issue:

CommentFileSizeAuthor
#25 drupal-block_replace_user_access_2061971-24.patch4.74 KBherom
#19 interdiff-2061971-17-19.txt1.31 KBherom
#19 drupal-block_replace_user_access_2061971-19.patch4.72 KBherom
#17 drupal-block_replace_user_access_2061971-17.patch4.77 KBherom
#17 interdiff-2061971-13-17.txt737 bytesherom
#13 drupal-block_replace_user_access_2061971-13.patch9.8 KBInternetDevels
#10 drupal-block_replace_user_access_2061971-10.patch7.75 KBnaveenvalecha
#7 drupal-block_replace_user_access_2061971-6.patch8.5 KBnaveenvalecha
#7 interdiff-4-6.diff3.55 KBnaveenvalecha
#4 drupal-block_replace_user_access_2061971-4.patch6.53 KBnaveenvalecha
#3 drupal-block_replace_user_access_2061971-3.patch6.64 KBnaveenvalecha
#1 drupal-block_replace_user_access_2061971.patch8 KBInternetDevels
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

InternetDevels’s picture

InternetDevels CreditAttribution: InternetDevels commented
Status: Active » Needs review
FileSize
drupal-block_replace_user_access_2061971.patch8 KB

Here is the patch. $request haven't contained information about user, so I've used Drupal::request()->attributes->get('_account') instead.

andypost’s picture

andypost
he/him
Primary language Russian
CreditAttribution: andypost commented
Component: user system » block.module
Status: Needs review » Needs work 
+++ b/core/modules/block/block.module
@@ -180,7 +180,7 @@ function block_menu() {
+  return Drupal::request()->attributes->get('_account')->hasPermission('administer blocks') && drupal_theme_access($theme);

+++ b/core/modules/block/custom_block/lib/Drupal/custom_block/CustomBlockFormController.php
@@ -41,6 +41,7 @@ protected function prepareEntity() {
+    $account = \Drupal::request()->attributes->get('_account');

+++ b/core/modules/block/custom_block/lib/Drupal/custom_block/Plugin/Block/CustomBlockBlock.php
@@ -79,9 +79,9 @@ public function build() {
+        '#access' => \Drupal::request()->attributes->get('_account')->hasPermission('administer blocks'),

+++ b/core/modules/block/lib/Drupal/block/Access/BlockThemeAccessCheck.php
@@ -28,7 +28,8 @@ public function appliesTo() {
+    $account = \Drupal::request()->attributes->get('_account');

+++ b/core/modules/block/lib/Drupal/block/BlockFormController.php
@@ -119,7 +119,7 @@ public function form(array $form, array &$form_state) {
+    $access = \Drupal::request()->attributes->get('_account')->hasPermission('use PHP for settings');

+++ b/core/modules/block/tests/modules/block_test/lib/Drupal/block_test/Plugin/Block/TestBlockInstantiation.php
@@ -35,7 +35,7 @@ public function settings() {
+    return Drupal::request()->attributes->get('_account')->hasPermission('access content');

Use Drupal::currentUser() service https://drupal.org/node/2032447

naveenvalecha’s picture

naveenvalecha
He/Him
Primary language Hindi
CreditAttribution: naveenvalecha commented
Assigned: Unassigned » naveenvalecha
Status: Needs work » Needs review
FileSize
drupal-block_replace_user_access_2061971-3.patch6.64 KB

The #1 was no longer applied.So I rewrote the patch.Got testbot go !

naveenvalecha’s picture

naveenvalecha
He/Him
Primary language Hindi
CreditAttribution: naveenvalecha commented
FileSize
drupal-block_replace_user_access_2061971-4.patch6.53 KB

Reviewed my patch and found that there are white space errors.

	+++ b/core/modules/block/custom_block/lib/Drupal/custom_block/CustomBlockFormController.php
		@@ -41,7 +41,8 @@
+ $account = \Drupal::currentUser();
		+

So rerolled the patch again after removing white space errors.

andypost’s picture

andypost
he/him
Primary language Russian
CreditAttribution: andypost commented
Status: Needs review » Needs work 
  1. +++ b/core/modules/block/custom_block/lib/Drupal/custom_block/CustomBlockFormController.php
@@ -41,6 +41,7 @@
+    $account = \Drupal::currentUser();

@@ -106,14 +107,14 @@
+      '#access' => $block->isNewRevision() || $account->hasPermission('administer blocks'),
...
+      '#access' => $account->hasPermission('administer blocks'),

    Forms now have helper method, use $this->getCurrentUser() 

  2. +++ b/core/modules/block/custom_block/lib/Drupal/custom_block/Plugin/Block/CustomBlockBlock.php
@@ -132,7 +132,7 @@
+        '#access' => \Drupal::currentUser()->hasPermission('administer blocks')

+++ b/core/modules/block/tests/modules/block_test/lib/Drupal/block_test/Plugin/Block/TestBlockInstantiation.php
@@ -34,7 +35,7 @@
+    return \Drupal::currentUser()->hasPermission('access content');

    This is a plugin, so 'current_user' service needs injection.
    Just add $container->get('current_user') to create.
    And AccountInterface $account to __construct() 

  3. +++ b/core/modules/block/lib/Drupal/block/Access/BlockThemeAccessCheck.php
@@ -28,7 +28,7 @@
+    return (\Drupal::currentUser()->hasPermission('administer blocks') && drupal_theme_access($theme)) ? static::ALLOW : static::DENY;

    This could be solved after #2048223: Add $account argument to AccessCheckInterface::access() method and use the current_user service 

  4. +++ b/core/modules/block/tests/modules/block_test/lib/Drupal/block_test/Plugin/Block/TestBlockInstantiation.php
@@ -10,6 +10,7 @@
+use Drupal\Core\Session\AccountInterface;

    I see no reason

andypost’s picture

andypost
he/him
Primary language Russian
CreditAttribution: andypost commented

I'd like to postpone this on #5.3 but please roll patches for injection

naveenvalecha’s picture

naveenvalecha
He/Him
Primary language Hindi
CreditAttribution: naveenvalecha commented
Status: Needs work » Needs review
FileSize
interdiff-4-6.diff3.55 KB
drupal-block_replace_user_access_2061971-6.patch8.5 KB

@andypost Thanks for checking me out.Here's the updated patch and interdiff.

Status: Needs review » Needs work

The last submitted patch, interdiff-4-6.diff, failed testing.

andypost’s picture

andypost
he/him
Primary language Russian
CreditAttribution: andypost commented

Overall looks good, just somehow tests broken

Just a nutpick:

+++ b/core/modules/block/custom_block/lib/Drupal/custom_block/Plugin/Block/CustomBlockBlock.php
@@ -53,12 +61,16 @@
+    $this->currentUser = $container->get('current_user',$account); ¶

needs space after ',' and remove trailing white space

naveenvalecha’s picture

naveenvalecha
He/Him
Primary language Hindi
CreditAttribution: naveenvalecha commented
FileSize
drupal-block_replace_user_access_2061971-10.patch7.75 KB

Added the suggestions of #9 in the new patch.I think for this little change interdiff is not required.
@andypost, I think my IDE needs some configuration that is showing trailing space errors.Also let me know if there is other IDE which is better than Netbeans.

naveenvalecha’s picture

naveenvalecha
He/Him
Primary language Hindi
CreditAttribution: naveenvalecha commented
Status: Needs work » Needs review

Status: Needs review » Needs work

The last submitted patch, drupal-block_replace_user_access_2061971-10.patch, failed testing.

InternetDevels’s picture

InternetDevels CreditAttribution: InternetDevels commented
Status: Needs work » Needs review
FileSize
drupal-block_replace_user_access_2061971-13.patch9.8 KB

next one :)

andypost’s picture

andypost
he/him
Primary language Russian
CreditAttribution: andypost commented

#13: drupal-block_replace_user_access_2061971-13.patch queued for re-testing.

benjy’s picture

benjy CreditAttribution: benjy commented
Status: Needs review » Needs work
Issue tags: +Needs reroll

Needs reroll.

tim.plunkett’s picture

tim.plunkett
he/him
Primary language English
Location Philadelphia
CreditAttribution: tim.plunkett commented 
  1. +++ b/core/modules/block/block.module
@@ -158,7 +158,7 @@ function block_menu() {
 function _block_themes_access($theme) {
-  return user_access('administer blocks') && drupal_theme_access($theme);
+  return \Drupal::currentUser()->hasPermission('administer blocks') && drupal_theme_access($theme);

    This will be removed shortly in #2115077: Remove _block_themes_access() 

  2. +++ b/core/modules/block/custom_block/lib/Drupal/custom_block/Plugin/Block/CustomBlockBlock.php
@@ -41,6 +42,13 @@ class CustomBlockBlock extends BlockBase implements ContainerFactoryPluginInterf
+   * The Drupal account to use for checking for access to block.
+   *
+   * @var \Drupal\Core\Session\AccountInterface.
+   */
+  protected $account;
+

@@ -53,12 +61,16 @@ class CustomBlockBlock extends BlockBase implements ContainerFactoryPluginInterf
+  public function __construct(array $configuration, $plugin_id, array $plugin_definition, BlockManager $block_manager, ModuleHandlerInterface $module_handler, AccountInterface $account = NULL) {
     parent::__construct($configuration, $plugin_id, $plugin_definition);
...
+    $this->account = $account;

@@ -70,7 +82,8 @@ public static function create(ContainerInterface $container, array $configuratio
       $container->get('plugin.manager.block'),
-      $container->get('module_handler')
+      $container->get('module_handler'),
+      $container->get('current_user')

+++ b/core/modules/block/tests/modules/block_test/lib/Drupal/block_test/Plugin/Block/TestBlockInstantiation.php
@@ -22,6 +24,44 @@
+   * Constructs a new TestBlockInstantiation.
+   *
+   * @param array $configuration
+   *   A configuration array containing information about the plugin instance.
+   * @param string $plugin_id
+   *   The plugin ID for the plugin instance.
+   * @param array $plugin_definition
+   *   The plugin implementation definition.
+   * @param \Drupal\Core\Session\AccountInterface $account
+   *   (optional) The account for which view access should be checked. Defaults
+   *   to the current user.
+   */
+  public function __construct(array $configuration, $plugin_id, array $plugin_definition, AccountInterface $account = NULL) {
+    parent::__construct($configuration, $plugin_id, $plugin_definition);
+
+    $this->account = $account;
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  public static function create(ContainerInterface $container, array $configuration, $plugin_id, array $plugin_definition) {
+    return new static(
+      $configuration,
+      $plugin_id,
+      $plugin_definition,
+      $container->get('current_user')

    All of this will be handled by #1951386: Extend BlockPluginInterface::access to allow passing in an account 

  3. +++ b/core/modules/block/custom_block/lib/Drupal/custom_block/Plugin/Block/CustomBlockBlock.php
@@ -132,7 +145,7 @@ public function build() {
+        '#access' => !empty($this->account) && $this->account->hasPermission('administer blocks')

+++ b/core/modules/block/tests/modules/block_test/lib/Drupal/block_test/Plugin/Block/TestBlockInstantiation.php
@@ -34,7 +74,7 @@ public function defaultConfiguration() {
+    return !empty($this->account) && $this->account->hasPermission('access content');

    When would this be empty?

herom’s picture

herom CreditAttribution: herom commented
Assigned: naveenvalecha » Unassigned
Status: Needs work » Needs review
Issue tags: -Needs reroll
FileSize
interdiff-2061971-13-17.txt737 bytes
drupal-block_replace_user_access_2061971-17.patch4.77 KB

rerolled + removed the !empty($this->account) condition (#16.3)
1. and 2. both got in, so the patch size is pretty smaller.

benjy’s picture

benjy CreditAttribution: benjy commented 
+++ b/core/modules/block/custom_block/lib/Drupal/custom_block/Plugin/Block/CustomBlockBlock.php
@@ -53,12 +61,16 @@ class CustomBlockBlock extends BlockBase implements ContainerFactoryPluginInterf
+  public function __construct(array $configuration, $plugin_id, array $plugin_definition, BlockManager $block_manager, ModuleHandlerInterface $module_handler, AccountInterface $account = NULL) {

Does $account need a default of null?

herom’s picture

herom CreditAttribution: herom commented
Issue summary: View changes
FileSize
drupal-block_replace_user_access_2061971-19.patch4.72 KB
interdiff-2061971-17-19.txt1.31 KB

probably not. The added doc mentions the parameter as "optional", but the code doesn't seem to provide a default, and it doesn't seem necessary.

benjy’s picture

benjy CreditAttribution: benjy commented
Status: Needs review » Reviewed & tested by the community

Looks good to me.

Xano’s picture

Xano
he/they
Primary language English
Location Southampton
CreditAttribution: Xano commented

19: drupal-block_replace_user_access_2061971-19.patch queued for re-testing.

Xano’s picture

Xano
he/they
Primary language English
Location Southampton
CreditAttribution: Xano commented

19: drupal-block_replace_user_access_2061971-19.patch queued for re-testing.

catch’s picture

catch
he/him
Primary language English
CreditAttribution: catch commented

19: drupal-block_replace_user_access_2061971-19.patch queued for re-testing.

The last submitted patch, 19: drupal-block_replace_user_access_2061971-19.patch, failed testing.

herom’s picture

herom CreditAttribution: herom commented
FileSize
drupal-block_replace_user_access_2061971-24.patch4.74 KB

reroll (auto-merged).
the changes are minimal, so keeping the rtbc status.
strange though that the failed test didn't move it back to "needs work". it's gonna take some time to tame the d.o horse again.

herom’s picture

herom CreditAttribution: herom commented
Status: Reviewed & tested by the community » Needs review

let's "needs review" this. maybe it will start testing.

andypost’s picture

andypost
he/him
Primary language Russian
CreditAttribution: andypost commented
Status: Needs review » Reviewed & tested by the community
Parent issue: » #2048171: [meta] Replace user_access() calls with $account->hasPermission() wherever possible.

back to rtbc

webchick’s picture

webchick
she/they
Primary language English
Location Vancouver 🇨🇦
CreditAttribution: webchick commented
Status: Reviewed & tested by the community » Fixed

Committed and pushed to 8.x. Thanks!

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.