Security update for Core, with self-updated composer

[yaffs-website] / web / core / modules / node / src / Plugin / Action / DemoteNode.php

diff --git a/web/core/modules/node/src/Plugin/Action/DemoteNode.php b/web/core/modules/node/src/Plugin/Action/DemoteNode.php
index 04644a90246640353a142378d6921076a41d86c0..efacdb420e950afe099f4f6a2fb20fddb7f0d569 100644 (file)
--- a/web/core/modules/node/src/Plugin/Action/DemoteNode.php
+++ b/web/core/modules/node/src/Plugin/Action/DemoteNode.php
@@ -2,8 +2,8 @@
 
 namespace Drupal\node\Plugin\Action;
 
-use Drupal\Core\Action\ActionBase;
-use Drupal\Core\Session\AccountInterface;
+use Drupal\Core\Field\FieldUpdateActionBase;
+use Drupal\node\NodeInterface;
 
 /**
  * Demotes a node.
@@ -14,25 +14,13 @@ use Drupal\Core\Session\AccountInterface;
  *   type = "node"
  * )
  */
-class DemoteNode extends ActionBase {
+class DemoteNode extends FieldUpdateActionBase {
 
   /**
    * {@inheritdoc}
    */
-  public function execute($entity = NULL) {
-    $entity->setPromoted(FALSE);
-    $entity->save();
-  }
-
-  /**
-   * {@inheritdoc}
-   */
-  public function access($object, AccountInterface $account = NULL, $return_as_object = FALSE) {
-    /** @var \Drupal\node\NodeInterface $object */
-    $result = $object->access('update', $account, TRUE)
-      ->andIf($object->promote->access('edit', $account, TRUE));
-
-    return $return_as_object ? $result : $result->isAllowed();
+  protected function getFieldsToUpdate() {
+    return ['promote' => NodeInterface::NOT_PROMOTED];
   }
 
 }