Following https://drupal.org/node/2032447 it is possible to remove (nearly) all calls to the deprecated global user object and replace them a variable from the request object.
Plan
Resolve #2062151: Create a current user service to ensure that current account is always available
This task can be completed with the following steps:
Create META issueCreate sample child issue
Sample issue for tracker module: #2047935: Remove references to global user variable in tracker moduleGet feedback on child issue
Given that this META issue spans much of the code base and would require numerous child issues, it's best to get community input and an indication that these changes are commit-worthy before creating all other child issues.Create all child issues
Below is the results of a grep for all global user calls. Child issues should be created for each module and each file in /includes, /lib and /scripts. Issues should be added as they are created to the list of links on this META issue.Add patches to all child issues- Review patches for all child issues
- Commit patches for all child issues
Remaining child issues (not tests)
Module | Issue |
---|---|
AuthenticationManager | #2061953: Remove calls to deprecated global $user in core/lib/Drupal/Core/Authentication/AuthenticationManager.php Needs to happen last! |
bootstrap.inc | #2062069: Remove calls to deprecated global $user in core/includes/bootstrap.inc |
SessionManager | #2062771: #2062771: Remove calls to deprecated global $user in \Drupal\Core\Session\SessionManager |
User module | #2328645: Remove remaining global $user |
Child issues (tests)
Due to simpletests & install needing global $user
/$GLOBALS['user']
Here is separate issues for those: @see Change Record
"NOTE: The global $user variable still exists as it is necessary for certain portions of the installer and simpletest..."
Module | Issue |
---|---|
DateTimeTest | #2328645: Remove remaining global $user |
Replacement instructions
From the change notice instructions:
Drupal 7:
public function behave() {
global $user;
if ($user->uid == 1) {
return "Hiya, boss!";
}
else {
return "You are not the site administrator.";
}
}
Drupal 8:
public function behave() {
$account = \Drupal::currentUser();
if ($account->id() == 1) {
return "Hiya, boss!";
}
else {
return "You are not the site administrator.";
}
}
All references to global user variable
grep -R -e "GLOBALS\['user'\]" -e "global .*\$user" *
core/scripts/generate-d7-content.sh: $original_user = $GLOBALS['user'];
core/scripts/generate-d7-content.sh: $GLOBALS['user'] = drupal_anonymous_user();// We should have already allowed anon to vote.
core/includes/bootstrap.inc: global $user;
core/lib/Drupal/Core/Routing/Enhancer/AuthenticationEnhancer.php: // The global $user object is included for backward compatibility only
core/lib/Drupal/Core/Routing/Enhancer/AuthenticationEnhancer.php: // @todo Remove this line once global $user is no longer used.
core/lib/Drupal/Core/Routing/Enhancer/AuthenticationEnhancer.php: $GLOBALS['user'] = $anonymous_user;
core/lib/Drupal/Core/Session/SessionHandler.php: global $user;
core/lib/Drupal/Core/Session/SessionHandler.php: global $user;
core/lib/Drupal/Core/Session/SessionHandler.php: global $user;
core/lib/Drupal/Core/Session/SessionManagerInterface.php: * dangerous operations, such as manipulating the global $user object.
core/lib/Drupal/Core/Session/SessionManager.php: global $user;
core/lib/Drupal/Core/Session/SessionManager.php: global $user;
core/lib/Drupal/Core/Session/SessionManager.php: global $user;
core/lib/Drupal/Core/Authentication/Provider/Cookie.php: global $user;
core/lib/Drupal/Core/Authentication/AuthenticationManager.php: global $user;
core/lib/Drupal/Core/Authentication/AuthenticationManager.php: // The global $user object is included for backward compatibility only and
core/lib/Drupal/Core/Authentication/AuthenticationManager.php: // @todo Remove this line once global $user is no longer used.
core/modules/basic_auth/src/Authentication/Provider/BasicAuth.php: if ($GLOBALS['user']->isAnonymous() && $exception instanceof AccessDeniedHttpException) {
core/modules/system/src/Tests/Datetime/DrupalDateTimeTest.php: global $user;
core/modules/system/src/Tests/Datetime/DrupalDateTimeTest.php: // Disable session saving as we are about to modify the global $user.
core/modules/user/user.module: * Drupal has a global $user object, which represents the currently-logged-in
core/modules/user/user.module: * user. So to avoid confusion and to avoid clobbering the global $user object,
core/modules/user/user.module: * The global $user object is replaced with the passed in account.
core/modules/user/user.module: global $user;
core/modules/user/user.module: global $user;
Comments
Comment #0.0
stevectorCorrecting change notice link
Comment #1
pwolanin CreditAttribution: pwolanin commentedMaybe need to resolve this 1st:
#2043781: Drupal::request()->attributes->get('account') may conflict with an account object loaded from the path
Comment #1.0
pwolanin CreditAttribution: pwolanin commentedsingular/plural fix
Comment #2
andypostNice issue for code sprint
Comment #3
andypostRelated issues
#2040065: Remove _account from request and use the current user service instead.
#2057607: The request does not contain the _account on exception pages (403/404)
Comment #4
merdekiti CreditAttribution: merdekiti commentedAnother similar issue #2048171: [meta] Replace user_access() calls with $account->hasPermission() wherever possible.
Comment #5
andypostTaken for #2058057: [meta] Drupal CIS codesprint
Comment #5.0
andypost_account
Comment #6
orb CreditAttribution: orb commentedcore/modules/filter/filter.module: global $user; #2061885: Remove calls to deprecated global $user in filter module
core/modules/toolbar/toolbar.module: global $user; #2061897: Remove calls to deprecated global $user in toolbar module
Comment #6.0
orb CreditAttribution: orb commentedProcedural code implementation clean-up
Comment #6.1
alphawebgroupAdded issues list.
Comment #6.2
victor-shelepen CreditAttribution: victor-shelepen commentedIssues have been added.
Comment #6.3
danylevskyiAdded one more issue.
Comment #6.4
alphawebgroupadded assigned tasks
Comment #6.5
sergeypavlenko CreditAttribution: sergeypavlenko commentedAdd child issue
Comment #7
sergeypavlenko CreditAttribution: sergeypavlenko commented#2061895: Remove calls to deprecated global $user in file module:
core/modules/file/file.module: global $user;
core/modules/file/file.module: global $user;
core/modules/file/file.module: global $user;
core/modules/file/lib/Drupal/file/Tests/ValidatorTest.php: global $user;
#2061903: Remove calls to deprecated global $user in contact module
core/modules/contact/contact.module: global $user;
core/modules/contact/contact.pages.inc: global $user;
core/modules/contact/lib/Drupal/contact/MessageFormController.php: global $user;
core/modules/contact/lib/Drupal/contact/MessageFormController.php: global $user;
#2062097: Remove calls to deprecated global $user in theme.inc
core/includes/theme.inc: global $user;
#2062353: Remove calls to deprecated global $user in translation module
core/modules/translation/translation.module: $account = $GLOBALS['user'];
#2062363: Remove calls to deprecated global $user in core/modules/system/tests/modules/form_test/form_test.module
core/modules/system/tests/modules/form_test/form_test.module: global $user;
#2062501: Remove calls to deprecated global $user in field module
core/modules/field/field.module: global $user;
Comment #8
alphawebgroupviews module
#2061921: Remove calls to deprecated global $user in views module
#2062169: Remove calls to deprecated global $user in views plugin CachePluginBase.php of views module Assigned to: alphawebgroup
core/modules/views/lib/Drupal/views/Plugin/views/cache/CachePluginBase.php: global $user;
core/modules/views/lib/Drupal/views/Plugin/views/cache/CachePluginBase.php: global $user;
#2062227: Remove calls to deprecated global $user in views plugin DisplayPluginBase.php of views module Assigned to: alphawebgroup
core/modules/views/lib/Drupal/views/Plugin/views/display/DisplayPluginBase.php: global $user;
#2062261: Remove calls to deprecated global $user in views plugin FilterPluginBase.php of views module Assigned to: alphawebgroup
core/modules/views/lib/Drupal/views/Plugin/views/filter/FilterPluginBase.php: global $user;
#2062421: Remove calls to deprecated global $user in ViewExecutable.php of views module Assigned to: alphawebgroup
core/modules/views/lib/Drupal/views/ViewExecutable.php: $account = $GLOBALS['user'];
views_ui module
#2061925: Remove calls to deprecated global $user in views_ui module Assigned to: alphawebgroup
core/modules/views_ui/lib/Drupal/views_ui/ViewUI.php: return is_object($this->lock) && ($this->lock->owner != $GLOBALS['user']->id());
Comment #9
andypostAnother bug found #2062051: The request does not contain the _account on comment permalink pages
Comment #9.0
andypostadded issue https://drupal.org/node/2061967
Comment #9.1
orb CreditAttribution: orb commentedUpdated issue summary.
Comment #9.2
anpolimusadded link to 2061953 task
Comment #9.3
dstorozhukAdde link to https://drupal.org/node/2062069 issue.
Comment #9.4
sergeypavlenko CreditAttribution: sergeypavlenko commentedAdd child issue
Comment #9.5
dstorozhukChanged module name column value for #2062069: Remove calls to deprecated global $user in core/includes/bootstrap.inc
Comment #9.6
m1r1k CreditAttribution: m1r1k commentedUpdated issue summary.
Comment #10
Garbar CreditAttribution: Garbar commented#2061949: Remove calls to deprecated global $user in update.php
core/update.php: global $user;
Comment #10.0
alphawebgroupAdded link to: #2062117: Remove calls to deprecated $account = $GLOBALS['user'] in core/modules/node/lib/Drupal/node/Access/NodeRevisionAccessCheck.php
Comment #10.1
alphawebgroupadded issue https://drupal.org/node/2062211
Comment #10.2
sergeypavlenko CreditAttribution: sergeypavlenko commentedadded issue https://drupal.org/node/2062243
Comment #10.3
sergeypavlenko CreditAttribution: sergeypavlenko commentedUpdated issue summary.
Comment #11
alphawebgroup#2062129: Remove calls to deprecated global $user in php module
core/modules/php/lib/Drupal/php/Plugin/Filter/Php.php: global $user;
Comment #12
tim.plunkett#2012312: Remove legacy code from filter.module covers filter module, thanks
Comment #12.0
sergeypavlenko CreditAttribution: sergeypavlenko commentedUpdated issue summary.
Comment #12.1
sergeypavlenko CreditAttribution: sergeypavlenko commentedUpdated issue summary.
Comment #12.2
sergeypavlenko CreditAttribution: sergeypavlenko commentedadded meta
Comment #12.3
jlindsey15 CreditAttribution: jlindsey15 commentedAdded link to child issue #2062097
Comment #13
larowlanNote #2062805: Add a \Drupal::userAccess() to replace user_access instead of \Drupal::request()->attributes->get('_account')->hasPermission()
Comment #14
larowlanPostponed based on #2062805-11: Add a \Drupal::userAccess() to replace user_access instead of \Drupal::request()->attributes->get('_account')->hasPermission()
Comment #15
larowlanBack to active, Drupal::currentUser()->hasPermission() should replace user_access()
Comment #15.0
larowlanAdded child issue
Comment #15.1
m1r1k CreditAttribution: m1r1k commentedAdd some new related subissues for (REST and Serialization modules)
Comment #16
andypostThis one should fix access checkers #2048223: Add $account argument to AccessCheckInterface::access() method and use the current_user service
Comment #16.0
andypostAdd subissue for Editor module
Comment #16.1
stevectorWrapping completed list items in the del tag
Comment #16.2
joelpittetUpdated issue summary.
Comment #16.3
joelpittetupdated from change request
Comment #16.4
joelpittetUpdated d8 exampl with namespace \Drupal
Comment #16.5
joelpittetUpdated issue summary.
Comment #16.6
joelpittetUpdated issue summary.
Comment #16.7
joelpittetUpdated issue summary.
Comment #16.8
joelpittetUpdated issue summary.
Comment #16.9
joelpittetUpdated issue summary.
Comment #16.10
joelpittetUpdated issue summary.
Comment #16.11
joelpittetUpdated issue summary.
Comment #17
joelpittetPretty sure most or maybe half of the remaining needs work issues are blocked by #1858196: [meta] Leverage Symfony Session components
Comment #17.0
joelpittetUpdated issue summary.
Comment #17.1
joelpittetUpdated issue summary.
Comment #17.2
joelpittetUpdated issue summary.
Comment #17.3
joelpittetUpdated issue summary.
Comment #18
andypostThe only one critical holds the rest
Comment #19
alphawebgroup#2061925: Remove calls to deprecated global $user in views_ui module is RTBC and ready to go to core
Comment #20
joelpittetthe grep doesn't find the sneaky ones.
global $theme, $user, $theme_key;
Try this instead:
grep -R -e "GLOBALS\['user'\]" -e "global .*\$user" *
Comment #21
joelpittetComment #22
joelpittetComment #23
YesCT CreditAttribution: YesCT commentedadding header, missed the separate table for tests at first.
Comment #24
joelpittetComment #25
joelpittetComment #26
joelpittetAdded system tests and history tests to it's own table.
Comment #27
joelpittetAdded contact module issue to issue summary table.
Comment #28
joelpittetComment #29
joelpittetUpdated issue summary Grep to be a bit more accurate and the current results... we probably need a few more child issues created for the little bits.
Comment #30
joelpittetComment #31
joelpittetComment #32
joelpittetComment #33
joelpittetThinking the following may still need sub-issues created?
Needs Sub Issue?
Needs Sub Issue?
Needs Sub Issue?
Needs Sub Issue?
Needs Sub Issue?
Needs Sub Issue?
Needs Sub Issue?
Needs Sub Issue?
Comment #34
joelpittetComment #35
XanoAdded #2151249: Remove calls to global $user from EntityAccessController.
Comment #36
joelpittetshuffling
Comment #37
joelpittetComment #38
joelpittetComment #39
joelpittetComment #40
xjmThanks for your work on this so far!
Rather than doing these in a zillion tiny patches, let's please remove as much as possible in one patch. Patches of less than 1K for the same change over and over again are more work for everyone, especially core maintainers. Only 40 references remain to
global $user;
(plus a bunch in comments) and the patch can easily be reviewed withgit diff --color-words
. We only need to worry about splitting up problems into sub-issues when the patch requires component-specific knowledge or when the patch that's going to be produced will be longer than a "one sitting" review (say more than 60-100K).Comment #41
xjmSo I closed a bunch as duplicates. We should have one patch that removes almost all references in #2163203: Remove calls to deprecated global $user wherever possible (outside bootstrap and authentication), possibly a separate one for changing TestBase's use, and then issues for authentication and session handling itself last.
Comment #42
xjmComment #43
xjmComment #44
joelpittet@xjm there is a bit more with this grep:
grep -R -e "GLOBALS\['user'\]" -e "global .*\$user" *
Keep in mind some are written like:
global $theme, $user, $theme_key;
Comment #45
joelpittetComment #46
cosmicdreams CreditAttribution: cosmicdreams commentedIn reading the above an a handful of relative issues I couldn't find any reference to removing
global $user
from the user module. Has anyone tried that?Looks like some of the same solutions done in the #2213899: Remove global $user wherever possible (outside bootstrap and authentication) Round 2 patch could be reused to remove the globals from user.
Comment #47
andypost@cosmicdreams yes, and also some other files still needs issue or "part 3"
git grep -e "\$GLOBALS\['user'\]" -e 'global' --and -e '\$user'
Comment #48
andypostFiled #2328645: Remove remaining global $user
Comment #49
skipyT CreditAttribution: skipyT commentedComment #50
skipyT CreditAttribution: skipyT commentedComment #51
skipyT CreditAttribution: skipyT commentedComment #52
skipyT CreditAttribution: skipyT commentedI updated the issue summary. Updated the child issues also.
We have still 3 places where the global user variable needs to be replaced: authentication manager, session and user module.
Also one remaining test.
Comment #53
BerdirAnd all those places overlap and can not be changed separately. I started working on #2328645: Remove remaining global $user and closed all other remaining issues as duplicate of that.
Comment #54
BerdirActually, closing this one as a duplicate of that issue as well, there is nothing else left here.
I changed that one to a child issue of #2371629: [meta] Finalize Session and User Authentication API instead.
Comment #55
skipyT CreditAttribution: skipyT commented@Berdir: and what about this issue: [2328645]. This was created for the remaining global $user in the other modules.
Comment #56
Berdir@skipyT: That *is* the issue that I repurposed to deal with (almost) all remaining calls, see #53.