From 6758f115604d77c4cc2cb101963ccaef96f178da Mon Sep 17 00:00:00 2001
From: Nathaniel Catchpole <catch@35733.no-reply.drupal.org>
Date: Wed, 20 May 2015 10:40:58 +0100
Subject: [PATCH] Issue #2475263 by LKS90, Berdir: Remove Role::postSave()
method
---
core/modules/comment/comment.routing.yml | 2 +-
.../src/Controller/CommentController.php | 84 +++++++++++--------
.../CommentDefaultFormatter.php | 2 +-
.../src/Tests/CommentAnonymousTest.php | 13 +--
.../src/Tests/CommentInterfaceTest.php | 6 +-
.../comment/src/Tests/CommentNonNodeTest.php | 4 +-
core/modules/user/src/Entity/Role.php | 10 ---
7 files changed, 62 insertions(+), 59 deletions(-)
diff --git a/core/modules/comment/comment.routing.yml b/core/modules/comment/comment.routing.yml
index fea8cc1e2c01..967cb3f087f0 100644
--- a/core/modules/comment/comment.routing.yml
+++ b/core/modules/comment/comment.routing.yml
@@ -57,7 +57,7 @@ comment.reply:
_title: 'Add new comment'
pid: ~
requirements:
- _access: 'TRUE'
+ _custom_access: '\Drupal\comment\Controller\CommentController::replyFormAccess'
options:
parameters:
entity:
diff --git a/core/modules/comment/src/Controller/CommentController.php b/core/modules/comment/src/Controller/CommentController.php
index e1451255b5d7..add53333117a 100644
--- a/core/modules/comment/src/Controller/CommentController.php
+++ b/core/modules/comment/src/Controller/CommentController.php
@@ -10,6 +10,7 @@
use Drupal\comment\CommentInterface;
use Drupal\comment\CommentManagerInterface;
use Drupal\comment\Plugin\Field\FieldType\CommentItemInterface;
+use Drupal\Core\Access\AccessResult;
use Drupal\Core\Controller\ControllerBase;
use Drupal\Core\Entity\EntityInterface;
use Drupal\Core\Entity\EntityManagerInterface;
@@ -185,9 +186,6 @@ public function redirectNode(EntityInterface $node) {
* There are several cases that have to be handled, including:
* - replies to comments
* - replies to entities
- * - attempts to reply to entities that can no longer accept comments
- * - respecting access permissions ('access comments', 'post comments',
- * etc.)
*
* @param \Symfony\Component\HttpFoundation\Request $request
* The current request object.
@@ -201,57 +199,24 @@ public function redirectNode(EntityInterface $node) {
*
* @throws \Symfony\Component\HttpKernel\Exception\NotFoundHttpException
* @return array|\Symfony\Component\HttpFoundation\RedirectResponse
- * One of the following:
* An associative array containing:
* - An array for rendering the entity or parent comment.
* - comment_entity: If the comment is a reply to the entity.
* - comment_parent: If the comment is a reply to another comment.
* - comment_form: The comment form as a renderable array.
- * - A redirect response to current node:
- * - If user is not authorized to post comments.
- * - If parent comment doesn't belong to current entity.
- * - If user is not authorized to view comments.
- * - If current entity comments are disable.
*/
public function getReplyForm(Request $request, EntityInterface $entity, $field_name, $pid = NULL) {
- // Check if entity and field exists.
- $fields = $this->commentManager->getFields($entity->getEntityTypeId());
- if (empty($fields[$field_name])) {
- throw new NotFoundHttpException();
- }
-
$account = $this->currentUser();
$uri = $entity->urlInfo()->setAbsolute();
$build = array();
- // Check if the user has the proper permissions.
- if (!$account->hasPermission('post comments')) {
- drupal_set_message($this->t('You are not authorized to post comments.'), 'error');
- return new RedirectResponse($uri->toString());
- }
-
// The user is not just previewing a comment.
if ($request->request->get('op') != $this->t('Preview')) {
- $status = $entity->{$field_name}->status;
- if ($status != CommentItemInterface::OPEN) {
- drupal_set_message($this->t("This discussion is closed: you can't post new comments."), 'error');
- return new RedirectResponse($uri->toString());
- }
// $pid indicates that this is a reply to a comment.
if ($pid) {
- // Check if the user has the proper permissions.
- if (!$account->hasPermission('access comments')) {
- drupal_set_message($this->t('You are not authorized to view comments.'), 'error');
- return new RedirectResponse($uri->toString());
- }
// Load the parent comment.
$comment = $this->entityManager()->getStorage('comment')->load($pid);
- // Check if the parent comment is published and belongs to the entity.
- if (!$comment->isPublished() || ($comment->getCommentedEntityId() != $entity->id())) {
- drupal_set_message($this->t('The comment you are replying to does not exist.'), 'error');
- return new RedirectResponse($uri->toString());
- }
// Display the parent comment.
$build['comment_parent'] = $this->entityManager()->getViewBuilder('comment')->view($comment);
}
@@ -283,6 +248,53 @@ public function getReplyForm(Request $request, EntityInterface $entity, $field_n
return $build;
}
+ /**
+ * Access check for the reply form.
+ *
+ * @param \Drupal\Core\Entity\EntityInterface $entity
+ * The entity this comment belongs to.
+ * @param string $field_name
+ * The field_name to which the comment belongs.
+ * @param int $pid
+ * (optional) Some comments are replies to other comments. In those cases,
+ * $pid is the parent comment's comment ID. Defaults to NULL.
+ *
+ * @throws \Symfony\Component\HttpKernel\Exception\NotFoundHttpException
+ * @return \Drupal\Core\Access\AccessResultInterface
+ * An access result
+ */
+ public function replyFormAccess(EntityInterface $entity, $field_name, $pid = NULL) {
+ // Check if entity and field exists.
+ $fields = $this->commentManager->getFields($entity->getEntityTypeId());
+ if (empty($fields[$field_name])) {
+ throw new NotFoundHttpException();
+ }
+
+ $account = $this->currentUser();
+
+ // Check if the user has the proper permissions.
+ $access = AccessResult::allowedIfHasPermission($account, 'post comments');
+
+ $status = $entity->{$field_name}->status;
+ $access = $access->andIf(AccessResult::allowedIf($status == CommentItemInterface::OPEN)
+ ->cacheUntilEntityChanges($entity));
+
+ // $pid indicates that this is a reply to a comment.
+ if ($pid) {
+ // Check if the user has the proper permissions.
+ $access = $access->andIf(AccessResult::allowedIfHasPermission($account, 'access comments'));
+
+ /// Load the parent comment.
+ $comment = $this->entityManager()->getStorage('comment')->load($pid);
+ // Check if the parent comment is published and belongs to the entity.
+ $access = $access->andIf(AccessResult::allowedIf($comment && $comment->isPublished() && $comment->getCommentedEntityId() == $entity->id()));
+ if ($comment) {
+ $access->cacheUntilEntityChanges($comment);
+ }
+ }
+ return $access;
+ }
+
/**
* Returns a set of nodes' last read timestamps.
*
diff --git a/core/modules/comment/src/Plugin/Field/FieldFormatter/CommentDefaultFormatter.php b/core/modules/comment/src/Plugin/Field/FieldFormatter/CommentDefaultFormatter.php
index 1bb8134c4162..fbca55b2a603 100644
--- a/core/modules/comment/src/Plugin/Field/FieldFormatter/CommentDefaultFormatter.php
+++ b/core/modules/comment/src/Plugin/Field/FieldFormatter/CommentDefaultFormatter.php
@@ -157,7 +157,7 @@ public function viewElements(FieldItemListInterface $items) {
// Unpublished comments are not included in
// $entity->get($field_name)->comment_count, but unpublished comments
// should display if the user is an administrator.
- $elements['#cache']['contexts'][] = 'user.roles';
+ $elements['#cache']['contexts'][] = 'user.permissions';
if ($this->currentUser->hasPermission('access comments') || $this->currentUser->hasPermission('administer comments')) {
// This is a listing of Comment entities, so associate its list cache
// tag for correct invalidation.
diff --git a/core/modules/comment/src/Tests/CommentAnonymousTest.php b/core/modules/comment/src/Tests/CommentAnonymousTest.php
index 49ad78c705dd..ca12dde0e9a3 100644
--- a/core/modules/comment/src/Tests/CommentAnonymousTest.php
+++ b/core/modules/comment/src/Tests/CommentAnonymousTest.php
@@ -122,6 +122,10 @@ function testAnonymous() {
$this->assertNoRaw('comments[' . $anonymous_comment3->id() . ']', 'Comment was deleted.');
$this->drupalLogout();
+ // Comment 3 was deleted.
+ $this->drupalGet('comment/reply/node/' . $this->node->id() . '/comment/' . $anonymous_comment3->id());
+ $this->assertResponse(403);
+
// Reset.
user_role_change_permissions(RoleInterface::ANONYMOUS_ID, array(
'access comments' => FALSE,
@@ -138,9 +142,7 @@ function testAnonymous() {
// Attempt to view node-comment form while disallowed.
$this->drupalGet('comment/reply/node/' . $this->node->id() . '/comment');
- $this->assertText('You are not authorized to post comments', 'Error attempting to post comment.');
- $this->assertNoFieldByName('subject[0][value]', '', 'Subject field not found.');
- $this->assertNoFieldByName('comment_body[0][value]', '', 'Comment field not found.');
+ $this->assertResponse(403);
user_role_change_permissions(RoleInterface::ANONYMOUS_ID, array(
'access comments' => TRUE,
@@ -162,8 +164,7 @@ function testAnonymous() {
$this->assertFieldByName('subject[0][value]', '', 'Subject field found.');
$this->assertFieldByName('comment_body[0][value]', '', 'Comment field found.');
- $this->drupalGet('comment/reply/node/' . $this->node->id() . '/comment/' . $anonymous_comment3->id());
- $this->assertText('You are not authorized to view comments', 'Error attempting to post reply.');
- $this->assertNoText($author_name, 'Comment not displayed.');
+ $this->drupalGet('comment/reply/node/' . $this->node->id() . '/comment/' . $anonymous_comment2->id());
+ $this->assertResponse(403);
}
}
diff --git a/core/modules/comment/src/Tests/CommentInterfaceTest.php b/core/modules/comment/src/Tests/CommentInterfaceTest.php
index 85e2c257c265..6e97e6efb7a8 100644
--- a/core/modules/comment/src/Tests/CommentInterfaceTest.php
+++ b/core/modules/comment/src/Tests/CommentInterfaceTest.php
@@ -155,20 +155,20 @@ public function testCommentInterface() {
$reply_loaded->setPublished(FALSE);
$reply_loaded->save();
$this->drupalGet('comment/reply/node/' . $this->node->id() . '/comment/' . $reply_loaded->id());
- $this->assertText(t('The comment you are replying to does not exist.'), 'Replying to an unpublished comment');
+ $this->assertResponse(403);
// Attempt to post to node with comments disabled.
$this->node = $this->drupalCreateNode(array('type' => 'article', 'promote' => 1, 'comment' => array(array('status' => CommentItemInterface::HIDDEN))));
$this->assertTrue($this->node, 'Article node created.');
$this->drupalGet('comment/reply/node/' . $this->node->id() . '/comment');
- $this->assertText('This discussion is closed', 'Posting to node with comments disabled');
+ $this->assertResponse(403);
$this->assertNoField('edit-comment', 'Comment body field found.');
// Attempt to post to node with read-only comments.
$this->node = $this->drupalCreateNode(array('type' => 'article', 'promote' => 1, 'comment' => array(array('status' => CommentItemInterface::CLOSED))));
$this->assertTrue($this->node, 'Article node created.');
$this->drupalGet('comment/reply/node/' . $this->node->id() . '/comment');
- $this->assertText('This discussion is closed', 'Posting to node with comments read-only');
+ $this->assertResponse(403);
$this->assertNoField('edit-comment', 'Comment body field found.');
// Attempt to post to node with comments enabled (check field names etc).
diff --git a/core/modules/comment/src/Tests/CommentNonNodeTest.php b/core/modules/comment/src/Tests/CommentNonNodeTest.php
index d3cd0896b457..a7f7918de27f 100644
--- a/core/modules/comment/src/Tests/CommentNonNodeTest.php
+++ b/core/modules/comment/src/Tests/CommentNonNodeTest.php
@@ -344,7 +344,7 @@ function testCommentFunctionality() {
// Attempt to view test entity comment form while disallowed.
$this->drupalGet('comment/reply/entity_test/' . $this->entity->id() . '/comment');
- $this->assertText('You are not authorized to post comments', 'Error attempting to post comment.');
+ $this->assertResponse(403);
$this->assertNoFieldByName('subject[0][value]', '', 'Subject field not found.');
$this->assertNoFieldByName('comment_body[0][value]', '', 'Comment field not found.');
@@ -376,7 +376,7 @@ function testCommentFunctionality() {
$this->assertFieldByName('comment_body[0][value]', '', 'Comment field found.');
$this->drupalGet('comment/reply/entity_test/' . $this->entity->id() . '/comment/' . $comment1->id());
- $this->assertText('You are not authorized to view comments');
+ $this->assertResponse(403);
$this->assertNoText($comment1->getSubject(), 'Comment not displayed.');
// Test comment field widget changes.
diff --git a/core/modules/user/src/Entity/Role.php b/core/modules/user/src/Entity/Role.php
index b997e69b83bc..930c04a5be50 100644
--- a/core/modules/user/src/Entity/Role.php
+++ b/core/modules/user/src/Entity/Role.php
@@ -186,14 +186,4 @@ public function preSave(EntityStorageInterface $storage) {
}
}
- /**
- * {@inheritdoc}
- */
- public function postSave(EntityStorageInterface $storage, $update = TRUE) {
- parent::postSave($storage, $update);
-
- // Clear render cache.
- entity_render_cache_clear();
- }
-
}
--
GitLab