EZP-30934: Removed usage of deprecated getCurrentUser method

src/bundle/Resources/config/services.yml

@@ -213,6 +213,7 @@ services:
             - "@ezpublish.api.service.location"
             - "@ezpublish.api.service.section"
             - "@ezpublish.api.repository"
+            - '@eZ\Publish\API\Repository\PermissionResolver'
         tags: [controller.service_arguments]
 
     ezpublish_rest.controller.url_wildcard:
@@ -243,6 +244,8 @@ services:
         arguments:
             - "@ezpublish_rest.session_authenticator"
             - "%ezpublish_rest.csrf_token_intention%"
+            - '@eZ\Publish\API\Repository\PermissionResolver'
+            - '@ezpublish.api.service.user'
             - "@?ezpublish_rest.security.csrf.token_manager"
         tags: [controller.service_arguments]
 

src/lib/Server/Controller/SessionController.php

@@ -6,6 +6,8 @@
  */
 namespace EzSystems\EzPlatformRest\Server\Controller;
 
+use eZ\Publish\API\Repository\PermissionResolver;
+use eZ\Publish\API\Repository\UserService;
 use eZ\Publish\Core\Base\Exceptions\UnauthorizedException;
 use eZ\Publish\Core\MVC\Symfony\Security\Authentication\AuthenticatorInterface;
 use EzSystems\EzPlatformRest\Exceptions\NotFoundException;
@@ -22,30 +24,38 @@
 
 class SessionController extends Controller
 {
-    /**
-     * @var \eZ\Publish\Core\MVC\Symfony\Security\Authentication\AuthenticatorInterface
-     */
+    /** @var \eZ\Publish\Core\MVC\Symfony\Security\Authentication\AuthenticatorInterface */
     private $authenticator;
 
-    /**
-     * @var \EzSystems\EzPlatformRest\Server\Security\CsrfTokenManager
-     */
+    /** @var \EzSystems\EzPlatformRest\Server\Security\CsrfTokenManager */
     private $csrfTokenManager;
 
-    /**
-     * @var string
-     */
+    /** @var string */
     private $csrfTokenIntention;
 
+    /** @var \eZ\Publish\API\Repository\PermissionResolver */
+    private $permissionResolver;
+
+    /** @var \eZ\Publish\API\Repository\UserService */
+    private $userService;
+
+    /** @var \Symfony\Component\Security\Csrf\TokenStorage\TokenStorageInterface */
+    private $csrfTokenStorage;
+
     public function __construct(
         AuthenticatorInterface $authenticator,
         $tokenIntention,
+        PermissionResolver $permissionResolver,
+        UserService $userService,
         CsrfTokenManager $csrfTokenManager = null,
         TokenStorageInterface $csrfTokenStorage = null
     ) {
         $this->authenticator = $authenticator;
         $this->csrfTokenIntention = $tokenIntention;
         $this->csrfTokenManager = $csrfTokenManager;
+        $this->permissionResolver = $permissionResolver;
+        $this->userService = $userService;
+        $this->csrfTokenStorage = $csrfTokenStorage;
     }
 
     /**
@@ -116,9 +126,12 @@ public function refreshSessionAction($sessionId, Request $request)
         }
 
         $this->checkCsrfToken($request);
+        $currentUser = $this->userService->loadUser(
+            $this->permissionResolver->getCurrentUserReference()->getUserId()
+        );
 
         return new Values\UserSession(
-            $this->repository->getCurrentUser(),
+            $currentUser,
             $session->getName(),
             $session->getId(),
             $request->headers->get('X-CSRF-Token'),

src/lib/Server/Controller/User.php

@@ -6,6 +6,7 @@
  */
 namespace EzSystems\EzPlatformRest\Server\Controller;
 
+use eZ\Publish\API\Repository\PermissionResolver;
 use eZ\Publish\API\Repository\Values\Content\Language;
 use EzSystems\EzPlatformRest\Message;
 use EzSystems\EzPlatformRest\Server\Values;
@@ -96,24 +97,18 @@ class User extends RestController
      */
     private $sessionController;
 
-    /**
-     * Construct controller.
-     *
-     * @param \eZ\Publish\API\Repository\UserService $userService
-     * @param \eZ\Publish\API\Repository\RoleService $roleService
-     * @param \eZ\Publish\API\Repository\ContentService $contentService
-     * @param \eZ\Publish\API\Repository\LocationService $locationService
-     * @param \eZ\Publish\API\Repository\SectionService $sectionService
-     * @param \eZ\Publish\API\Repository\Repository $repository
-     */
+    /** @var \eZ\Publish\API\Repository\PermissionResolver */
+    private $permissionResolver;
+
     public function __construct(
         UserService $userService,
         RoleService $roleService,
         ContentService $contentService,
         ContentTypeService $contentTypeService,
         LocationService $locationService,
         SectionService $sectionService,
-        Repository $repository
+        Repository $repository,
+        PermissionResolver $permissionResolver
     ) {
         $this->userService = $userService;
         $this->roleService = $roleService;
@@ -122,6 +117,7 @@ public function __construct(
         $this->locationService = $locationService;
         $this->sectionService = $sectionService;
         $this->repository = $repository;
+        $this->permissionResolver = $permissionResolver;
     }
 
     /**
@@ -194,7 +190,7 @@ public function loadUser($userId)
             $relations = $this->contentService->loadRelations($user->getVersionInfo());
         } catch (UnauthorizedException $e) {
             // TODO: Hack for special case to allow current logged in user to load him/here self (but not relations)
-            if ($user->id == $this->repository->getCurrentUser()->id) {
+            if ($user->id == $this->permissionResolver->getCurrentUserReference()->getUserId()) {
                 $userMainLocation = $this->repository->sudo(
                     function () use ($userContentInfo) {
                         return $this->locationService->loadLocation($userContentInfo->mainLocationId);
@@ -447,7 +443,7 @@ public function deleteUser($userId)
     {
         $user = $this->userService->loadUser($userId);
 
-        if ($user->id == $this->repository->getCurrentUser()->id) {
+        if ($user->id == $this->permissionResolver->getCurrentUserReference()->getUserId()) {
             throw new Exceptions\ForbiddenException('Currently authenticated user cannot be deleted');
         }