Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Let's start to convert all calls to user_access() with the new AccountInterface::hasPermission() method.
Part of #2048171: [meta] Replace user_access() calls with $account->hasPermission() wherever possible.
Change records for this issue:
Comment | File | Size | Author |
---|---|---|---|
#7 | 2062021-remove-user_access-calls-7.patch | 4.09 KB | rhm5000 |
#7 | interdiff-2062021-5-7.txt | 409 bytes | rhm5000 |
#5 | 2062021-remove-user_access-calls-5.patch | 4.09 KB | rhm5000 |
#5 | interdiff-2062021-1-5.txt | 1.74 KB | rhm5000 |
#1 | drupal-shortcut_php_replace_user_access.patch | 4.19 KB | InternetDevels |
Comments
Comment #1
InternetDevels CreditAttribution: InternetDevels commentedHere is the patch.
Comment #2
InternetDevels CreditAttribution: InternetDevels commentedComment #4
andypostUse Drupal::currentUser() service
Comment #5
rhm5000 CreditAttribution: rhm5000 commentedComment #6
andypostLooks RTBC except one nitpick
just a trailing white-space
Comment #7
rhm5000 CreditAttribution: rhm5000 commentedComment #8
andypostThanx for quick re-roll, patch is right! Usage in shortcut_set_switch_access() is right, explains bellow
That access check should happen against current user, the passed account here's for other purpose
Comment #9
webchickCommitted and pushed to 8.x. Thanks!
Comment #10
tim.plunkettManual testing is good. This issue just "updated" a broken access checker, which was being fixed in #1978952: Convert shortcut_set_add to a Controller