Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
The access checker for /tracker/{user} is declared as a service, but will only ever be used once.
Now that #2107137: Fix the DX for declaring custom access checkers is in, it can be moved.
Comment | File | Size | Author |
---|---|---|---|
#16 | interdiff-2117251-11-16.txt | 740 bytes | markdorison |
#16 | convert-2117251-16.patch | 3.18 KB | markdorison |
#11 | interdiff.txt | 900 bytes | tim.plunkett |
#11 | 2117251-tracker-11.patch | 3.22 KB | tim.plunkett |
#7 | 2117251-tracker-6.patch | 3.31 KB | tim.plunkett |
Comments
Comment #1
dawehnerCan't we rename that to: _access_own_user or something like that and make it usuable in other places?
At least for views I would love to have exactly that functionality on an access plugin.
Comment #3
markdorisonI believe this issue is outdated since the ViewOwnTrackerAccessCheck class no longer exists. Feel free to re-open if I am incorrect.
Comment #4
tim.plunkettIt's at core/modules/tracker/src/Access/ViewOwnTrackerAccessCheck.php, the directory structure changed in May 2014
Comment #5
markdorisonRe-rolled patch.
Comment #6
dawehnerYou could probably use
$this->currentUser()
Comment #7
tim.plunkettFixed the @todo and also the error (can't return a Boolean anymore)
Comment #8
tim.plunkett\Drupal\Core\Access\AccessArgumentsResolverFactory::getArgumentsResolver() allows you to ask for the route, route match, or current account and will provide it to you.
Comment #10
dawehnerWhat about using
$result = AccessResult::allowedIf($user && ...); return $result->cachePermissions() ...
Comment #11
tim.plunkettAha! Much better.
Comment #13
dawehnerSorry for another round of annoying questions.
One question: how could $user be false, even if it is passed in as argument? Wouldn't the access resolver stop if the user wasn't passed in, in the first place?
Do you know the reason why
cachdPermissions()
was there? At least for me its not obvious why this condition varies by permissions of users.Comment #14
tim.plunkett1) It's probably left over from the conversion from $GLOBALS['user']
2) I'm assuming it was to address the ->isAuthenticated() check. I guess ->cachePerUser() is enough?
Comment #15
dawehnerDo you think we can clean this up?
Yeah, the cachePerUser is sort of a superset of cache by permission.
Comment #16
markdorisonAddressed issues identified in #13/#14/#15.
Comment #17
dawehnerThank you @markdorison
Comment #19
catchCommitted/pushed to 8.3.x, thanks!