cmmr2012-drupal-site: core/modules/user/src/UserAccessControlHandler.php comparison

Update to Drupal core 8.7.1

comparison

equal deleted inserted replaced

-:a9cd425dd02b
+:12f9dff5fda9
 // Flag to indicate if this user entity is the own user account.
 $is_own_account = $items ? $items->getEntity()->id() == $account->id() : FALSE;
 switch ($field_definition->getName()) {
 case 'name':
-// Allow view access to anyone with access to the entity. Anonymous
+// Allow view access to anyone with access to the entity.
-// users should be able to access the username field during the
+// The username field is editable during the registration process.
-// registration process, otherwise the username and email constraints
+if ($operation == 'view' || ($items && $items->getEntity()->isAnonymous())) {
-// are not checked.
-if ($operation == 'view' || ($items && $account->isAnonymous() && $items->getEntity()->isAnonymous())) {
 return AccessResult::allowed()->cachePerPermissions();
 }
 // Allow edit access for the own user name if the permission is
 // satisfied.
 if ($is_own_account && $account->hasPermission('change own username')) {
 case 'timezone':
 case 'mail':
 // Allow view access to own mail address and other personalization
 // settings.
 if ($operation == 'view') {
-return $is_own_account ? AccessResult::allowed()->cachePerUser() : AccessResult::neutral();
+return AccessResult::allowedIf($is_own_account)->cachePerUser();
 }
 // Anyone that can edit the user can also edit this field.
 return AccessResult::allowed()->cachePerPermissions();
 case 'pass':

Mercurial > hg > cmmr2012-drupal-site