Let's start to convert all calls to user_access() with the new AccountInterface::hasPermission() method.

Part of #2048171: [meta] Replace user_access() calls with $account->hasPermission() wherever possible.

Change records for this issue:

#3 drupal-menu_replace_user_access_2062005-3.patch569 bytesInternetDevels
PASSED: [[SimpleTest]]: [MySQL] 58,529 pass(es). View
#1 drupal-menu_replace_user_access_2062005.patch2.73 KBInternetDevels
PASSED: [[SimpleTest]]: [MySQL] 57,822 pass(es). View
Members fund testing for the Drupal project. Drupal Association Learn more


InternetDevels’s picture

Status: Active » Needs review
2.73 KB
PASSED: [[SimpleTest]]: [MySQL] 57,822 pass(es). View

In some cases $request does not contain information about account. I've used $request instead, but looks like this issue requires more deep investigation.

andypost’s picture

Component: user system » menu.module
Status: Needs review » Needs work
  1. +++ b/core/modules/menu/lib/Drupal/menu/Access/DeleteLinkAccessCheck.php
    @@ -27,7 +27,8 @@ public function appliesTo() {
    +    $account = \Drupal::request()->attributes->get('_account');

    Depends on #2048223: Add $account argument to AccessCheckInterface::access() method and use the current_user service

  2. +++ b/core/modules/menu/menu.module
    @@ -529,6 +529,7 @@ function menu_form_node_form_alter(&$form, $form_state) {
    +  $account = Drupal::request()->attributes->get('_account');

    Use Drupal::currentUser() service https://drupal.org/node/2032447

InternetDevels’s picture

Status: Needs work » Needs review
569 bytes
PASSED: [[SimpleTest]]: [MySQL] 58,529 pass(es). View

Only one change left after re-rolling.

andypost’s picture

Status: Needs review » Reviewed & tested by the community


catch’s picture

Status: Reviewed & tested by the community » Fixed

Committed/pushed to 8.x, thanks!

Automatically closed -- issue fixed for 2 weeks with no activity.