Let's start to convert all calls to user_access() with the new AccountInterface::hasPermission() method.

Part of #2048171: [meta] Replace user_access() calls with $account->hasPermission() wherever possible.

Change records for this issue:

CommentFileSizeAuthor
#3 drupal-menu_replace_user_access_2062005-3.patch569 bytesinternetdevels
#1 drupal-menu_replace_user_access_2062005.patch2.73 KBinternetdevels

Comments

internetdevels’s picture

internetdevels commented
Status: Active » Needs review
StatusFileSize
new drupal-menu_replace_user_access_2062005.patch2.73 KB

In some cases $request does not contain information about account. I've used $request instead, but looks like this issue requires more deep investigation.

andypost’s picture

andypost
he/him
Primary language Russian
commented
Component: user system » menu.module
Status: Needs review » Needs work 
  1. +++ b/core/modules/menu/lib/Drupal/menu/Access/DeleteLinkAccessCheck.php
@@ -27,7 +27,8 @@ public function appliesTo() {
+    $account = \Drupal::request()->attributes->get('_account');

    Depends on #2048223: Add $account argument to AccessCheckInterface::access() method and use the current_user service 

  2. +++ b/core/modules/menu/menu.module
@@ -529,6 +529,7 @@ function menu_form_node_form_alter(&$form, $form_state) {
+  $account = Drupal::request()->attributes->get('_account');

    Use Drupal::currentUser() service https://drupal.org/node/2032447

internetdevels’s picture

internetdevels commented
Status: Needs work » Needs review
StatusFileSize
new drupal-menu_replace_user_access_2062005-3.patch569 bytes

Only one change left after re-rolling.

andypost’s picture

andypost
he/him
Primary language Russian
commented
Status: Needs review » Reviewed & tested by the community

great

catch’s picture

catch
he/him
Primary language English
commented
Status: Reviewed & tested by the community » Fixed

Committed/pushed to 8.x, thanks!

Automatically closed -- issue fixed for 2 weeks with no activity.