diff --git a/core/modules/user/src/PermissionHandler.php b/core/modules/user/src/PermissionHandler.php index 0ec4eeeee5dd062d9716368e6868c15b8b803de3..d41b05ef5107a468a3c1dd348b31919fa78d7263 100644 --- a/core/modules/user/src/PermissionHandler.php +++ b/core/modules/user/src/PermissionHandler.php @@ -19,10 +19,10 @@ * To define permissions you can use a $module.permissions.yml file: * * @code - * access all views: - * title: 'Bypass views access control' - * description: 'Bypass access control when accessing views.' + * administer permissions: + * title: Administer permissions * restrict access: true + * description: some description * @endcode */ class PermissionHandler implements PermissionHandlerInterface { diff --git a/core/modules/user/src/Plugin/views/access/Permission.php b/core/modules/user/src/Plugin/views/access/Permission.php index 47bbd09c8af42c942341c2e814a8edc33f71913d..e7c46917ca825dd8a20ab2bf4021d0a1a03b64c3 100644 --- a/core/modules/user/src/Plugin/views/access/Permission.php +++ b/core/modules/user/src/Plugin/views/access/Permission.php @@ -73,7 +73,7 @@ public static function create(ContainerInterface $container, array $configuratio * {@inheritdoc} */ public function access(AccountInterface $account) { - return $account->hasPermission($this->options['perm']) || $account->hasPermission('access all views'); + return $account->hasPermission($this->options['perm']); } /** @@ -118,7 +118,7 @@ public function buildOptionsForm(&$form, FormStateInterface $form_state) { '#options' => $perms, '#title' => $this->t('Permission'), '#default_value' => $this->options['perm'], - '#description' => $this->t('Only users with the selected permission flag will be able to access this display. Note that users with "access all views" can see any view, regardless of other permissions.'), + '#description' => $this->t('Only users with the selected permission flag will be able to access this display.'), ); } diff --git a/core/modules/user/src/Plugin/views/access/Role.php b/core/modules/user/src/Plugin/views/access/Role.php index a32cd65028625bcff93ad68f0154174f4332883b..d821b110512b0eaca8163ba33e0c485505cebf2a 100644 --- a/core/modules/user/src/Plugin/views/access/Role.php +++ b/core/modules/user/src/Plugin/views/access/Role.php @@ -35,7 +35,7 @@ class Role extends AccessPluginBase { * {@inheritdoc} */ public function access(AccountInterface $account) { - return $account->hasPermission('access all views') || array_intersect(array_filter($this->options['role']), $account->getRoles()); + return array_intersect(array_filter($this->options['role']), $account->getRoles()); } /** @@ -77,7 +77,7 @@ public function buildOptionsForm(&$form, FormStateInterface $form_state) { '#title' => $this->t('Role'), '#default_value' => $this->options['role'], '#options' => array_map('\Drupal\Component\Utility\String::checkPlain', user_role_names()), - '#description' => $this->t('Only the checked roles will be able to access this display. Note that users with "access all views" can see any view, regardless of role.'), + '#description' => $this->t('Only the checked roles will be able to access this display.'), ); } diff --git a/core/modules/user/src/Tests/Views/AccessPermissionTest.php b/core/modules/user/src/Tests/Views/AccessPermissionTest.php index da8c911f8473fbdd80d50e9507e6e3af5062de3a..aaa1dafc610a2ff21d1eed0d7b71799af4cbc145 100644 --- a/core/modules/user/src/Tests/Views/AccessPermissionTest.php +++ b/core/modules/user/src/Tests/Views/AccessPermissionTest.php @@ -36,7 +36,6 @@ function testAccessPerm() { $this->assertTrue($access_plugin instanceof Permission, 'Make sure the right class got instantiated.'); $this->assertEqual($access_plugin->pluginTitle(), t('Permission')); - $this->assertTrue($view->display_handler->access($this->adminUser), 'Admin-Account should be able to access the view everytime'); $this->assertFalse($view->display_handler->access($this->webUser)); $this->assertTrue($view->display_handler->access($this->normalUser)); } diff --git a/core/modules/user/src/Tests/Views/AccessRoleTest.php b/core/modules/user/src/Tests/Views/AccessRoleTest.php index 0f06ae2c02c1b4ce0aa4b4dbb8c19b00a9e38194..b4086bdf9575a017ecbbd45e2fafbce340233d6b 100644 --- a/core/modules/user/src/Tests/Views/AccessRoleTest.php +++ b/core/modules/user/src/Tests/Views/AccessRoleTest.php @@ -46,14 +46,9 @@ function testAccessRole() { $this->assertTrue($access_plugin instanceof Role, 'Make sure the right class got instantiated.'); // Test the access() method on the access plugin. - $this->assertTrue($executable->display_handler->access($this->adminUser), 'Admin-Account should be able to access the view everytime'); $this->assertFalse($executable->display_handler->access($this->webUser)); $this->assertTrue($executable->display_handler->access($this->normalUser)); - $this->drupalLogin($this->adminUser); - $this->drupalGet('test-role'); - $this->assertResponse(200); - $this->drupalLogin($this->webUser); $this->drupalGet('test-role'); $this->assertResponse(403); diff --git a/core/modules/user/src/Tests/Views/AccessTestBase.php b/core/modules/user/src/Tests/Views/AccessTestBase.php index 5fac787d6884b31a9c5bc5f0d8e01e6a6afe8881..7777b13936875f9913c12c39d60fed1a16ed7247 100644 --- a/core/modules/user/src/Tests/Views/AccessTestBase.php +++ b/core/modules/user/src/Tests/Views/AccessTestBase.php @@ -12,13 +12,6 @@ */ abstract class AccessTestBase extends UserTestBase { - /** - * Contains a user object that can access all views. - * - * @var \Drupal\user\UserInterface - */ - protected $adminUser; - /** * Contains a user object that has no special permissions. * @@ -52,7 +45,6 @@ protected function setUp() { $this->enableViewsTestModule(); - $this->adminUser = $this->drupalCreateUser(array('access all views')); $this->webUser = $this->drupalCreateUser(); $roles = $this->webUser->getRoles(); $this->webRole = $roles[0]; diff --git a/core/modules/views/src/Plugin/views/display/DisplayPluginBase.php b/core/modules/views/src/Plugin/views/display/DisplayPluginBase.php index 04b3b78dacac190f9abb4b601913cc33383787bc..7386c00b0a9e57fef002ef0494932a4552d62684 100644 --- a/core/modules/views/src/Plugin/views/display/DisplayPluginBase.php +++ b/core/modules/views/src/Plugin/views/display/DisplayPluginBase.php @@ -2251,11 +2251,6 @@ public function access(AccountInterface $account = NULL) { $account = \Drupal::currentUser(); } - // Full override. - if ($account->hasPermission('access all views')) { - return TRUE; - } - $plugin = $this->getPlugin('access'); /** @var \Drupal\views\Plugin\views\access\AccessPluginBase $plugin */ if ($plugin) { diff --git a/core/modules/views/src/Plugin/views/display/PathPluginBase.php b/core/modules/views/src/Plugin/views/display/PathPluginBase.php index 2d7e550f8fe62d5f4f93088452e29953699d2e07..fd93c3ca50aa2cd535c1c766e17d447b28389319 100644 --- a/core/modules/views/src/Plugin/views/display/PathPluginBase.php +++ b/core/modules/views/src/Plugin/views/display/PathPluginBase.php @@ -200,9 +200,6 @@ protected function getRoute($view_id, $display_id) { $access_plugin = Views::pluginManager('access')->createInstance('none'); } $access_plugin->alterRouteDefinition($route); - // @todo Figure out whether _access_mode ANY is the proper one. This is - // particular important for altering routes. - $route->setOption('_access_mode', AccessManagerInterface::ACCESS_MODE_ANY); // Set the argument map, in order to support named parameters. $route->setOption('_view_argument_map', $argument_map); diff --git a/core/modules/views/src/Tests/Plugin/AccessTest.php b/core/modules/views/src/Tests/Plugin/AccessTest.php index 9f5f59e48949a28ebe75c63fd99f57668c070975..0bdec9ee0119017d5a9c53ee6ed9da67f6b05efa 100644 --- a/core/modules/views/src/Tests/Plugin/AccessTest.php +++ b/core/modules/views/src/Tests/Plugin/AccessTest.php @@ -40,7 +40,6 @@ protected function setUp() { ViewTestData::createTestViews(get_class($this), array('views_test_data')); - $this->admin_user = $this->drupalCreateUser(array('access all views')); $this->web_user = $this->drupalCreateUser(); $roles = $this->web_user->getRoles(); $this->web_role = $roles[0]; @@ -59,7 +58,6 @@ function testAccessNone() { $view = Views::getView('test_access_none'); $view->setDisplay(); - $this->assertTrue($view->display_handler->access($this->admin_user), 'Admin-Account should be able to access the view everytime'); $this->assertTrue($view->display_handler->access($this->web_user)); $this->assertTrue($view->display_handler->access($this->normal_user)); } diff --git a/core/modules/views/src/ViewsAccessCheck.php b/core/modules/views/src/ViewsAccessCheck.php deleted file mode 100644 index 62f68a68ac0071ffc97ed550f400eaf2c9c80725..0000000000000000000000000000000000000000 --- a/core/modules/views/src/ViewsAccessCheck.php +++ /dev/null @@ -1,42 +0,0 @@ -hasDefault('view_id'); - } - - /** - * Checks access. - * - * @param \Drupal\Core\Session\AccountInterface $account - * The currently logged in account. - * - * @return \Drupal\Core\Access\AccessResultInterface - * The access result. - */ - public function access(AccountInterface $account) { - return AccessResult::allowedIfHasPermission($account, 'access all views'); - } - -} diff --git a/core/modules/views/views.permissions.yml b/core/modules/views/views.permissions.yml deleted file mode 100644 index 7eb1a08be3c0e57d5fd5ddf8dd8d3e32d24a5ca9..0000000000000000000000000000000000000000 --- a/core/modules/views/views.permissions.yml +++ /dev/null @@ -1,4 +0,0 @@ -access all views: - title: 'Bypass views access control' - description: 'Bypass access control when accessing views.' - restrict access: true diff --git a/core/modules/views/views.services.yml b/core/modules/views/views.services.yml index b66568f0ffd0f8b75882dee23a6891de9aa7960c..343e0b329faf90f80607c93d26306a35909953a4 100644 --- a/core/modules/views/views.services.yml +++ b/core/modules/views/views.services.yml @@ -73,9 +73,5 @@ services: arguments: ['@entity.manager', '@state'] tags: - { name: 'event_subscriber' } - views.route_access_check: - class: Drupal\views\ViewsAccessCheck - tags: - - { name: 'access_check' } views.exposed_form_cache: class: Drupal\views\ExposedFormCache