Mercurial > hg > cmmr2012-drupal-site

diff core/modules/user/src/UserAccessControlHandler.php @ 5:12f9dff5fda9 tip
Update to Drupal core 8.7.1
author: Chris Cannam
date: Thu, 09 May 2019 15:34:47 +0100
parents: a9cd425dd02b
--- a/core/modules/user/src/UserAccessControlHandler.php	Thu Feb 28 13:11:55 2019 +0000
+++ b/core/modules/user/src/UserAccessControlHandler.php	Thu May 09 15:34:47 2019 +0100
@@ -99,11 +99,9 @@
     $is_own_account = $items ? $items->getEntity()->id() == $account->id() : FALSE;
     switch ($field_definition->getName()) {
       case 'name':
-        // Allow view access to anyone with access to the entity. Anonymous
-        // users should be able to access the username field during the
-        // registration process, otherwise the username and email constraints
-        // are not checked.
-        if ($operation == 'view' || ($items && $account->isAnonymous() && $items->getEntity()->isAnonymous())) {
+        // Allow view access to anyone with access to the entity.
+        // The username field is editable during the registration process.
+        if ($operation == 'view' || ($items && $items->getEntity()->isAnonymous())) {
           return AccessResult::allowed()->cachePerPermissions();
         }
         // Allow edit access for the own user name if the permission is
@@ -122,7 +120,7 @@
         // Allow view access to own mail address and other personalization
         // settings.
         if ($operation == 'view') {
-          return $is_own_account ? AccessResult::allowed()->cachePerUser() : AccessResult::neutral();
+          return AccessResult::allowedIf($is_own_account)->cachePerUser();
         }
         // Anyone that can edit the user can also edit this field.
         return AccessResult::allowed()->cachePerPermissions();
author	Chris Cannam
date	Thu, 09 May 2019 15:34:47 +0100
parents	a9cd425dd02b
children