Updated: Comment 0

Problem/Motivation

Views still calls user_access() all over the place even we could just inject the account if possible.
This adds a lot of unit testability aka. is kind of considered major for views.

Proposed resolution

Remaining tasks

User interface changes

API changes

CommentFileSizeAuthor
#36 interdiff-2109433-34-36.txt747 bytesherom
#36 vdc-2109433-36.patch29.28 KBherom
#34 vdc-2109433-34.patch29.3 KBherom
#33 interdiff-2109433-31-33.txt537 bytesherom
#33 vdc-2109433-33.patch29.41 KBherom
#32 vdc-2109433-31.patch29.15 KBherom
#31 interdiff-2109433-29-31.txt598 bytesherom
#31 vdc-2109433-31.txt29.15 KBherom
#29 interdiff-2109433-25-29.txt3.2 KBherom
#29 vdc-2109433-29.patch29.12 KBherom
#25 interdiff-2109433-21-25.txt3.83 KBherom
#25 vdc-2109433-25.patch28.68 KBherom
#21 interdiff.txt6.86 KBdawehner
#21 vdc-2109433.patch24.85 KBdawehner
#16 2109433-16.patch22.81 KBherom
#13 2109433-13.patch23.79 KBherom
#13 interdiff-2109433-11-13.txt1.31 KBherom
#11 2109433-11.patch24.25 KBdamiankloip
#7 vdc-2109433-7.patch24.57 KBdawehner
#7 interdiff.txt942 bytesdawehner
#5 interdiff.txt816 bytesdawehner
#5 vdc-2109433-5.patch24.39 KBdawehner
#3 vdc-2109433-3.patch23.86 KBdawehner
#3 interdiff.txt1.57 KBdawehner
#1 user_access-2109433-1.patch22.56 KBdawehner

Comments

dawehner’s picture

dawehner
Primary language German
commented
Status: Active » Needs review
StatusFileSize
new user_access-2109433-1.patch22.56 KB

There we go.

Status: Needs review » Needs work

The last submitted patch, user_access-2109433-1.patch, failed testing.

dawehner’s picture

dawehner
Primary language German
commented
Status: Needs work » Needs review
StatusFileSize
new interdiff.txt1.57 KB
new vdc-2109433-3.patch23.86 KB

What a destroying feature.

Status: Needs review » Needs work

The last submitted patch, vdc-2109433-3.patch, failed testing.

dawehner’s picture

dawehner
Primary language German
commented
Status: Needs work » Needs review
StatusFileSize
new vdc-2109433-5.patch24.39 KB
new interdiff.txt816 bytes

Ha.

Status: Needs review » Needs work

The last submitted patch, vdc-2109433-5.patch, failed testing.

dawehner’s picture

dawehner
Primary language German
commented
Status: Needs work » Needs review
StatusFileSize
new interdiff.txt942 bytes
new vdc-2109433-7.patch24.57 KB

Status: Needs review » Needs work
Issue tags: -PHPUnit, -VDC

The last submitted patch, vdc-2109433-7.patch, failed testing.

dawehner’s picture

dawehner
Primary language German
commented
Status: Needs work » Needs review

#7: vdc-2109433-7.patch queued for re-testing.

Status: Needs review » Needs work
Issue tags: +PHPUnit, +VDC

The last submitted patch, vdc-2109433-7.patch, failed testing.

damiankloip’s picture

damiankloip commented
Status: Needs work » Needs review
StatusFileSize
new 2109433-11.patch24.25 KB

Rerolled, plus don't believe all of those failures.

Status: Needs review » Needs work

The last submitted patch, 2109433-11.patch, failed testing.

herom’s picture

herom commented
Status: Needs work » Needs review
StatusFileSize
new interdiff-2109433-11-13.txt1.31 KB
new 2109433-13.patch23.79 KB

reroll + small nitpicks.
also, I didn't see the errors locally too.

EDIT: tests also pass on simplytest.me (including this patch).

The last submitted patch, 2109433-13.patch, failed testing.

damiankloip’s picture

damiankloip commented
Status: Needs review » Needs work

I guess you are running this in the UI only? If you run this from the command line, you should see these failures (I think).

herom’s picture

herom commented
Issue summary: View changes
Status: Needs work » Needs review
StatusFileSize
new 2109433-16.patch22.81 KB

reroll.
if this comes back with less fails, then I'd say this helped: #2073531: Use current user service instead of _account, remove _account from the request object (see #32, #37.1)

Status: Needs review » Needs work

The last submitted patch, 16: 2109433-16.patch, failed testing.

herom’s picture

herom commented
Status: Needs work » Needs review

16: 2109433-16.patch queued for re-testing.

Status: Needs review » Needs work

The last submitted patch, 16: 2109433-16.patch, failed testing.

herom’s picture

herom commented

well, it has come down to this error:

PHP Fatal error: Call to a member function setDisplay() on a non-object in /var/lib/drupaltestbot/sites/default/files/checkout/core/modules/views/lib/Drupal/views/Routing/ViewPageController.php on line 72

and its stack trace in the drupal code is:

Drupal\views\Routing\ViewPageController->handle() /var/www/menu-links/core/modules/views/tests/Drupal/views/Tests/Routing/ViewPageControllerTest.php:99

I hope this helps others to fix it.

dawehner’s picture

dawehner
Primary language German
commented
Status: Needs work » Needs review
StatusFileSize
new vdc-2109433.patch24.85 KB
new interdiff.txt6.86 KB

Fixed the test failures and added some docs thingies.

damiankloip’s picture

damiankloip commented 
  1. +++ b/core/modules/views/lib/Drupal/views/Tests/ViewExecutableTest.php
@@ -361,8 +361,9 @@ public function testDestroy() {
+    unset($defaults['user']);

    Nice 

  2. +++ b/core/modules/views/lib/Drupal/views/ViewExecutable.php
@@ -418,11 +426,14 @@ class ViewExecutable {
+  public function __construct(ViewStorageInterface $storage, AccountInterface $user) {
...
+    $this->user = $user;

    We are calling this account when it's passed to access checks but user here. I think it should be called account everywhere? Just putting this out there. If there's a reason for this. Let me have it.

xano’s picture

xano
he/they
Primary language English
Location Southampton
commented

Access checks just need any account, but in most cases the account we pass on is the current user, which is more than just an account.

tim.plunkett’s picture

tim.plunkett
he/him
Primary language English
Location Philadelphia
commented

$ grep -lr user_access * | grep "Plugin/views"

core/modules/node/lib/Drupal/node/Plugin/views/filter/Access.php
core/modules/user/lib/Drupal/user/Plugin/views/access/Permission.php
core/modules/user/lib/Drupal/user/Plugin/views/access/Role.php
core/modules/user/lib/Drupal/user/Plugin/views/field/Language.php
core/modules/user/lib/Drupal/user/Plugin/views/field/User.php

herom’s picture

herom commented
StatusFileSize
new vdc-2109433-25.patch28.68 KB
new interdiff-2109433-21-25.txt3.83 KB

replacing cases mentioned in #24.

The last submitted patch, 25: vdc-2109433-25.patch, failed testing.

herom’s picture

herom commented

25: vdc-2109433-25.patch queued for re-testing.

The last submitted patch, 25: vdc-2109433-25.patch, failed testing.

herom’s picture

herom commented
StatusFileSize
new vdc-2109433-29.patch29.12 KB
new interdiff-2109433-25-29.txt3.2 KB

this should pass. the docblock on the getUser() function probably needs review though. I'm bad at writing :D

just a note (that might be unrelated here) that the previous failing test in Drupal\user\Tests\Views\HandlerFilterUserNameTest is a bit fragile.
I became curious when the test was failing on 2 of 3 identical asserts in a loop. turned out the test is checking for simple numbers (2, 3, 4), which might be already present on the page, from the test header, etc.
the test might have passed just as well. and actually, it did pass locally for me, because I had error reporting on, and stack traces do contain a lot of numbers.
so, is this a separate issue? works as designed? should be fixed here? or else?

dawehner’s picture

dawehner
Primary language German
commented 
+++ b/core/modules/views/lib/Drupal/views/ViewExecutable.php
@@ -1711,6 +1711,17 @@ public function getPath() {
+   * View plugins can use this to check for certain permissions.
...
+   *

Maybe just: views plugins can recieve the current user in order to not need dependency injection.

herom’s picture

herom commented
StatusFileSize
new vdc-2109433-31.txt29.15 KB
new interdiff-2109433-29-31.txt598 bytes

adding #30.

herom’s picture

herom commented
StatusFileSize
new vdc-2109433-31.patch29.15 KB

oops. patch was uploaded with wrong extension.

herom’s picture

herom commented
StatusFileSize
new vdc-2109433-33.patch29.41 KB
new interdiff-2109433-31-33.txt537 bytes

another case to use the injected $user in ViewExecutable.

herom’s picture

herom commented
StatusFileSize
new vdc-2109433-34.patch29.3 KB

reroll.

dawehner’s picture

dawehner
Primary language German
commented

This looks really great!

+++ b/core/modules/field/lib/Drupal/field/Plugin/views/field/Field.php
@@ -169,13 +170,14 @@ public function init(ViewExecutable $view, DisplayPluginBase $display, array &$o
   /**
    * Check whether current user has access to this handler.
    *
+   * @param AccountInterface $account
    * @return bool
    *   Return TRUE if the user has access to view this field.
    */
-  public function access() {
+  public function access(AccountInterface $account) {

I guess we should just use @inheritdoc here as well.

herom’s picture

herom commented
StatusFileSize
new vdc-2109433-36.patch29.28 KB
new interdiff-2109433-34-36.txt747 bytes

including #35.

dawehner’s picture

dawehner
Primary language German
commented
Status: Needs review » Reviewed & tested by the community

Thank you!

webchick’s picture

webchick
she/they
Primary language English
Location Vancouver 🇨🇦
commented
Status: Reviewed & tested by the community » Fixed
Issue tags: +Approved API change

Committed and pushed to 8.x. Thanks!

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.