Early Bird Registration for DrupalCon Portland 2024 is open! Register by 23:59 PST on 31 March 2024, to get $100 off your ticket.
Let's start to convert all calls to user_access() with the new AccountInterface::hasPermission() method.
Part of #2048171: [meta] Replace user_access() calls with $account->hasPermission() wherever possible.
Change records for this issue:
Comment | File | Size | Author |
---|---|---|---|
#7 | 2062021-remove-user_access-calls-7.patch | 4.09 KB | rhm5000 |
#7 | interdiff-2062021-5-7.txt | 409 bytes | rhm5000 |
#5 | 2062021-remove-user_access-calls-5.patch | 4.09 KB | rhm5000 |
#5 | interdiff-2062021-1-5.txt | 1.74 KB | rhm5000 |
#1 | drupal-shortcut_php_replace_user_access.patch | 4.19 KB | InternetDevels |
Comments
Comment #1
InternetDevels CreditAttribution: InternetDevels commentedHere is the patch.
Comment #2
InternetDevels CreditAttribution: InternetDevels commentedComment #4
andypostUse Drupal::currentUser() service
Comment #5
rhm5000 CreditAttribution: rhm5000 commentedComment #6
andypostLooks RTBC except one nitpick
just a trailing white-space
Comment #7
rhm5000 CreditAttribution: rhm5000 commentedComment #8
andypostThanx for quick re-roll, patch is right! Usage in shortcut_set_switch_access() is right, explains bellow
That access check should happen against current user, the passed account here's for other purpose
Comment #9
webchickCommitted and pushed to 8.x. Thanks!
Comment #10
tim.plunkettManual testing is good. This issue just "updated" a broken access checker, which was being fixed in #1978952: Convert shortcut_set_add to a Controller