Updated: Comment #N
Problem/Motivation
We are using drupal_anonymous_user() is quite a few places. Procedural and OO code. If we were creating a user session, we would use new UserSession(). Which drupal_anonymous_user is just a wrapper around. Also, the default values passed in are mostly not needed (exception hostname).
Proposed resolution
Introduce an AnonymousUserSession class, and use that instead of calling drupal_anonymous_user(). Set the hostname in the constructor, as well as not allowing any values to be passed in like UserSession. The anonymous user object should not change.
Remaining tasks
Patch, reviews, agreement
User interface changes
None
API changes
Removal of drupal_anonymous_user(). Although if we *have to*, we could keep the drupal_anonymous_user() to preserve any BC.
Comment | File | Size | Author |
---|---|---|---|
#64 | 2178581-64.patch | 17.08 KB | damiankloip |
Comments
Comment #1
damiankloip CreditAttribution: damiankloip commentedForgot to return anything here, will wait for the bot and add into next patch.
Comment #2
dawehnerIs it just me that I am not convinced with this solution? Why do we have to rely on \Drupal and cannot ask the container to give us a proper anonymous user.
Does that mean that creating a session without a request makes sense? It seems to be (and has been part of the old code), though it just feels dirty.
Comment #3
dawehnerThe comment module already uses the request object directly:
$this->hostname->value = \Drupal::request()->getClientIP();
so I really wonder whether we have to keep this functionality on the anonymous object.
Comment #4
damiankloip CreditAttribution: damiankloip commentedOK, we spoke about this on IRC, Lets keep the hostname functionality for now, as if we remove it, it needs to go from regular UserSession, session.inc code, and session schema.
Added a quick test for the AnonymousUserSession class.
Comment #5
dawehnerWOW!
Comment #6
damiankloip CreditAttribution: damiankloip commentedRerolled and brought back drupal_anonymous_user() but marked as deprecated, as per direction of alexpott.
Comment #7
dawehnerre-RTBC
Comment #8
penyaskitoWhile we are here, let's move the comment according to standards.
Leaving as RTBC.
Comment #9
ianthomas_ukThe @deprecated needs to be more explict about when it was deprecated and when it will be removed, see #2183187: [META] Remove or document all obsolete APIs before beta, maybe
However, this is a fairly simple patch. Why not just replace all the calls in core with
new AnonymousUserSession();
and remove the function?Comment #10
damiankloip CreditAttribution: damiankloip commented@ianthomas_uk, see #6. alexpott requested that we keep this for now and just mark as deprecated.
Comment #11
ianthomas_ukDo you know his reasoning? I'm collating lots of patches like this that remove use of the old functions and need to know if they should remove the functions themselves or not.
Comment #12
BerdirI *think* those scripts are supposed to run on a 7.x site, as that's what they generate content for :)
So we shouldn't make changes to them.
That said...
a) The are very likely already completely broken
b) Somewhat useless after https://drupal.org/node/2168011?
c) I also never really understood why the scripts to genreate 6.x and 7.x content are in the 8.x branch...
Comment #13
damiankloip CreditAttribution: damiankloip commentedOk opened #2185315: Remove deprecated drupal_anonymous_user() function and added that to the deprecated doc.
Reverted the change to generate-d7-content.sh, sorry penyaskito :)
Comment #16
damiankloip CreditAttribution: damiankloip commentedNeeded another reroll, due to #2164827: Rename the entityInfo() and entityType() methods on EntityInterface and EntityStorageControllerInterface just getting in.
Comment #17
damiankloip CreditAttribution: damiankloip commentedComment #18
dawehnerMaybe we could document the purpose of this class.
Comment #19
damiankloip CreditAttribution: damiankloip commentedGood spot. There we go.
Comment #20
dawehnerthank you!
Comment #21
alexpott2178581-19.patch no longer applies.
Comment #22
damiankloip CreditAttribution: damiankloip commentedRerolled
Comment #23
xjmComment #24
damiankloip CreditAttribution: damiankloip commentedThat was a pure git reroll - back to RTBC.
Comment #25
damiankloip CreditAttribution: damiankloip commented22: 2178581-22.patch queued for re-testing.
Comment #28
damiankloip CreditAttribution: damiankloip commented22: 2178581-22.patch queued for re-testing.
Comment #29
damiankloip CreditAttribution: damiankloip commentedAnd the same again.
Comment #30
xjmDraft change records are now required before commit, so this issue needs one before it can be considered RTBC. The new change record should include an issue reference to #1634280: drupal_anonymous_user() should return a User entity as well as this one -- https://drupal.org/node/1941676 is obsoleted by this change and can be unpublished in favor of the new change record upon commit.
Comment #31
damiankloip CreditAttribution: damiankloip commentedDraft notice here: https://drupal.org/node/2195987
Comment #32
xjmThanks @damiankloip!
NB: Just re-TBCing; I did not review this patch.
Comment #33
alexpottMaybe
try... catch...
no longer necessary. We can use \Drupal::has(), no?Really? So this is not useful for logged in users? The function doc says "returns hostname for session" - I think this should behave correctly for logged in users - no?
Comment #34
damiankloip CreditAttribution: damiankloip commentedafaik, No. This is a synthetic service so hasService() will return true. So then trying to actually get that service will fail. So I think we still need the try/catch.
We can add the same functionality as exists in the user session classes, like this?
Comment #35
damiankloip CreditAttribution: damiankloip commentedAfter speaking to @alexpott in IRC; hasRequest() was added in #2194111: Error handler throws exception when service container is not (fully) available yet, so we can now just use that. It already takes into account the has() and synthetic service stuff for us.
Comment #36
damiankloip CreditAttribution: damiankloip commentedrerolled
Comment #37
dawehnerNote: we could adapt the @covers statements in the test class and us coversDefaultClass, but this is not a blocker for a commit.
Comment #38
damiankloip CreditAttribution: damiankloip commentedLet's just do it now! :)
Comment #39
dawehner+1
Comment #40
alexpott2178581-38.patch no longer applies.
Comment #41
damiankloip CreditAttribution: damiankloip commentedRerolled.
Comment #42
damiankloip CreditAttribution: damiankloip commentedGit resolved all the context issues.
Comment #43
alexpott2178581-41.patch no longer applies.
Comment #44
damiankloip CreditAttribution: damiankloip commentedRerolling...
Comment #45
Solthun CreditAttribution: Solthun commentedComment #46
Solthun CreditAttribution: Solthun commentedRerolled @topdays, hope you don't mind :)
Comment #47
damiankloip CreditAttribution: damiankloip commentedLooks good again, thanks.
Comment #48
alexpottWe still have a usage in
Drupal\simpletest\WebTestBase::drupalCreateNode()
Comment #49
damiankloip CreditAttribution: damiankloip commentedAh yes, looks like that was just added in #2163203: Remove calls to deprecated global $user wherever possible (outside bootstrap and authentication) :)
Comment #50
damiankloip CreditAttribution: damiankloip commentedAnother reroll.
Comment #51
dawehnerIf we remove all instances why don't we just drop it everywhere? This does not seem to be a major API for contrib.
Comment #52
damiankloip CreditAttribution: damiankloip commented@alexpott requested to keep drupal_anonymous_user, and remove it in a separate follow-up issue.
RTBC? :)
Comment #53
dawehnerOkay, this seems to be the new way.
Comment #55
damiankloip CreditAttribution: damiankloip commented50: 2178581-50.patch queued for re-testing.
Comment #56
aspilicious CreditAttribution: aspilicious commentedComment #57
ParisLiakos CreditAttribution: ParisLiakos commentedNo longer needed, should be removed
shouldn't this return the hostname too?
Comment #58
damiankloip CreditAttribution: damiankloip commented1. Remove the use statement. Good spot.
2. This is in line with how it is done when stuff is written for a session, see _drupal_session_write().
Comment #59
damiankloip CreditAttribution: damiankloip commentedoops, Paris is right. Misread his comment. We need to actually return something from there.
Comment #60
ParisLiakos CreditAttribution: ParisLiakos commentedthis addressed my concerns!
+1 for registering the property
Comment #61
dawehnerAwesome!
Comment #62
damiankloip CreditAttribution: damiankloip commentedComment #63
alexpott2178581-59_0.patch no longer applies.
Comment #64
damiankloip CreditAttribution: damiankloip commentedRerolled, again...
Comment #65
ParisLiakos CreditAttribution: ParisLiakos commentedComment #67
catchCommitted/pushed to 8.x, thanks!