diff --git a/core/modules/tracker/tracker.module b/core/modules/tracker/tracker.module index d33a878..4517021 100644 --- a/core/modules/tracker/tracker.module +++ b/core/modules/tracker/tracker.module @@ -185,7 +185,7 @@ function _tracker_myrecent_access($account) { * @see tracker_menu() */ function _tracker_user_access($account) { - return user_view_access($account) && user_access('access content'); + return $account->access('view') && user_access('access content'); } /** diff --git a/core/modules/user/lib/Drupal/user/Plugin/Core/Entity/User.php b/core/modules/user/lib/Drupal/user/Plugin/Core/Entity/User.php index 9b68355..5a7d1c8 100644 --- a/core/modules/user/lib/Drupal/user/Plugin/Core/Entity/User.php +++ b/core/modules/user/lib/Drupal/user/Plugin/Core/Entity/User.php @@ -19,6 +19,8 @@ * label = @Translation("User"), * module = "user", * controller_class = "Drupal\user\UserStorageController", + * render_controller_class = "Drupal\user\UserRenderController", + * access_controller_class = "Drupal\user\UserAccessController", * form_controller_class = { * "profile" = "Drupal\user\ProfileFormController", * "register" = "Drupal\user\RegisterFormController" diff --git a/core/modules/user/lib/Drupal/user/Plugin/views/field/LinkCancel.php b/core/modules/user/lib/Drupal/user/Plugin/views/field/LinkCancel.php index 51fb108..4d6cd27 100644 --- a/core/modules/user/lib/Drupal/user/Plugin/views/field/LinkCancel.php +++ b/core/modules/user/lib/Drupal/user/Plugin/views/field/LinkCancel.php @@ -26,7 +26,7 @@ class LinkCancel extends Link { * Overrides \Drupal\user\Plugin\views\field\Link::render_link(). */ public function render_link(EntityInterface $entity, \stdClass $values) { - if ($entity && user_cancel_access($entity)) { + if ($entity && $entity->access('delete')) { $this->options['alter']['make_link'] = TRUE; $text = !empty($this->options['text']) ? $this->options['text'] : t('cancel'); diff --git a/core/modules/user/lib/Drupal/user/Plugin/views/field/LinkEdit.php b/core/modules/user/lib/Drupal/user/Plugin/views/field/LinkEdit.php index 27909e4..82931c9 100644 --- a/core/modules/user/lib/Drupal/user/Plugin/views/field/LinkEdit.php +++ b/core/modules/user/lib/Drupal/user/Plugin/views/field/LinkEdit.php @@ -26,7 +26,7 @@ class LinkEdit extends Link { * Overrides \Drupal\user\Plugin\views\field\Link::render_link(). */ public function render_link(EntityInterface $entity, \stdClass $values) { - if ($entity && user_edit_access($entity)) { + if ($entity && $entity->access('edit')) { $this->options['alter']['make_link'] = TRUE; $text = !empty($this->options['text']) ? $this->options['text'] : t('edit'); diff --git a/core/modules/user/lib/Drupal/user/UserAccessController.php b/core/modules/user/lib/Drupal/user/UserAccessController.php new file mode 100644 index 0000000..f0202d0 --- /dev/null +++ b/core/modules/user/lib/Drupal/user/UserAccessController.php @@ -0,0 +1,74 @@ +uid; + if (!$account) { + $account = $GLOBALS['user']; + } + + // Never allow access to view the anonymous user account. + if ($uid) { + // Admins can view all, users can view own profiles at all times. + if ($account->uid == $uid || user_access('administer users', $account)) { + return TRUE; + } + elseif (user_access('access user profiles', $account)) { + // Only allow view access if the account is active. + return $entity->status; + } + } + return FALSE; + } + + /** + * Implements EntityAccessControllerInterface::createAccess(). + */ + public function createAccess(EntityInterface $entity, $langcode = LANGUAGE_DEFAULT, User $account = NULL) { + return user_access('administer users', $account); + } + + /** + * Implements EntityAccessControllerInterface::updateAccess(). + */ + public function updateAccess(EntityInterface $entity, $langcode = LANGUAGE_DEFAULT, User $account = NULL) { + if (!$account) { + $account = $GLOBALS['user']; + } + // Users can always edit their own account. Users with the 'administer + // users' permission can edit any account except the anonymous account. + return (($account->uid == $entity->uid) || user_access('administer users', $account)) && $entity->uid > 0; + } + + /** + * Implements EntityAccessControllerInterface::deleteAccess(). + */ + public function deleteAccess(EntityInterface $entity, $langcode = LANGUAGE_DEFAULT, User $account = NULL) { + if (!$account) { + $account = $GLOBALS['user']; + } + // Users with 'cancel account' permission can cancel their own account, + // users with 'administer users' permission can cancel any account except + // the anonymous account. + return ((($account->uid == $entity->uid) && user_access('cancel account', $account)) || user_access('administer users', $account)) && $entity->uid > 0; + } + +} diff --git a/core/modules/user/user.module b/core/modules/user/user.module index 89bc6c1..0695932 100644 --- a/core/modules/user/user.module +++ b/core/modules/user/user.module @@ -9,6 +9,7 @@ use Drupal\user\UserRole; use Drupal\Core\Template\Attribute; use Symfony\Component\HttpKernel\Exception\NotFoundHttpException; +use Drupal\user\Plugin\Core\Entity\User; /** * @file @@ -837,34 +838,27 @@ function user_register_access() { /** * User view access callback. * - * @param $account - * Can either be a full user object or a $uid. + * @param \Drupal\user\Plugin\Core\Entity\User $account + * Account to check view access against. + * + * @return bool + * TRUE if permission to view given account is granted, otherwise FALSE. */ -function user_view_access($account) { - $uid = is_object($account) ? $account->uid : (int) $account; - - // Never allow access to view the anonymous user account. - if ($uid) { - // Admins can view all, users can view own profiles at all times. - if ($GLOBALS['user']->uid == $uid || user_access('administer users')) { - return TRUE; - } - elseif (user_access('access user profiles')) { - // At this point, load the complete account object. - if (!is_object($account)) { - $account = user_load($uid); - } - return (is_object($account) && $account->status); - } - } - return FALSE; +function user_view_access(User $account) { + return $account->access('view'); } /** * Access callback for user account editing. + * + * @param \Drupal\user\Plugin\Core\Entity\User $account + * Account to check edit access against. + * + * @return bool + * TRUE if permission to edit given account is granted, otherwise FALSE. */ -function user_edit_access($account) { - return (($GLOBALS['user']->uid == $account->uid) || user_access('administer users')) && $account->uid > 0; +function user_edit_access(User $account) { + return $account->access('update'); } /** @@ -872,9 +866,15 @@ function user_edit_access($account) { * * Limit access to users with the 'cancel account' permission or administrative * users, and prevent the anonymous user from cancelling the account. + * + * @param \Drupal\user\Plugin\Core\Entity\User $account + * Account to check cancel access against. + * + * @return bool + * TRUE if permission to cancel given account is granted, otherwise FALSE. */ -function user_cancel_access($account) { - return ((($GLOBALS['user']->uid == $account->uid) && user_access('cancel account')) || user_access('administer users')) && $account->uid > 0; +function user_cancel_access(User $account) { + return $account->access('delete'); } /** @@ -2679,7 +2679,7 @@ function user_rdf_mapping() { */ function user_file_download_access($field, EntityInterface $entity, File $file) { if ($entity->entityType() == 'user') { - return user_view_access($entity); + return $entity->access('view'); } }