Skip to content
Snippets Groups Projects
Unverified Commit 0348fc51 authored by Alex Pott's avatar Alex Pott
Browse files

Issue #3358586 by godotislate, kala4ek, jaswinsingh, benjifisher, creact,... 

Issue #3358586 by godotislate, kala4ek, jaswinsingh, benjifisher, creact, catch, simohell, alexpott, alfthecat, aaronbauman, rupertj, poker10: RuntimeException: Adding non-existent permissions to a role is not allowed
parent ee894196
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
core/modules/user/src/Entity/Role.php
+ 7
2
View file @ 0348fc51
...@@ -211,10 +211,15 @@ public function calculateDependencies() { ...@@ -211,10 +211,15 @@ public function calculateDependencies() {
$valid_permissions = array_intersect($this->permissions, array_keys($permission_definitions)); $valid_permissions = array_intersect($this->permissions, array_keys($permission_definitions));
$invalid_permissions = array_diff($this->permissions, $valid_permissions); $invalid_permissions = array_diff($this->permissions, $valid_permissions);
if (!empty($invalid_permissions)) { if (!empty($invalid_permissions)) {
throw new \RuntimeException('Adding non-existent permissions to a role is not allowed. The incorrect permissions are "' . implode('", "', $invalid_permissions) . '".'); \Drupal::logger('user')->error('Non-existent permission(s) assigned to role "@label" (@id) were removed. Invalid permission(s): @permissions.', [
'@label' => $this->label(),
'@id' => $this->id(),
'@permissions' => implode(', ', $invalid_permissions),
]);
$this->permissions = $valid_permissions;
} }
foreach ($valid_permissions as $permission) { foreach ($valid_permissions as $permission) {
// Depend on the module that is providing this permissions. // Depend on the module that is providing this permission.
$this->addDependency('module', $permission_definitions[$permission]['provider']); $this->addDependency('module', $permission_definitions[$permission]['provider']);
// Depend on any other dependencies defined by permissions granted to // Depend on any other dependencies defined by permissions granted to
// this role. // this role.
......
core/modules/user/tests/src/Kernel/UserRoleEntityTest.php
+ 28
5
View file @ 0348fc51
...@@ -4,8 +4,11 @@ ...@@ -4,8 +4,11 @@
namespace Drupal\Tests\user\Kernel; namespace Drupal\Tests\user\Kernel;
use Drupal\Core\DependencyInjection\ContainerBuilder;
use Drupal\Core\Logger\RfcLogLevel;
use Drupal\KernelTests\KernelTestBase; use Drupal\KernelTests\KernelTestBase;
use Drupal\user\Entity\Role; use Drupal\user\Entity\Role;
use Symfony\Component\ErrorHandler\BufferingLogger;
/** /**
* @group user * @group user
...@@ -18,6 +21,16 @@ class UserRoleEntityTest extends KernelTestBase { ...@@ -18,6 +21,16 @@ class UserRoleEntityTest extends KernelTestBase {
*/ */
protected static $modules = ['system', 'user', 'user_permissions_test']; protected static $modules = ['system', 'user', 'user_permissions_test'];
/**
* {@inheritdoc}
*/
public function register(ContainerBuilder $container): void {
parent::register($container);
$container
->register(BufferingLogger::class)
->addTag('logger');
}
public function testOrderOfPermissions(): void { public function testOrderOfPermissions(): void {
$role = Role::create(['id' => 'test_role', 'label' => 'Test role']); $role = Role::create(['id' => 'test_role', 'label' => 'Test role']);
$role->grantPermission('b') $role->grantPermission('b')
...@@ -37,17 +50,27 @@ public function testGrantingNonExistentPermission(): void { ...@@ -37,17 +50,27 @@ public function testGrantingNonExistentPermission(): void {
$role = Role::create(['id' => 'test_role', 'label' => 'Test role']); $role = Role::create(['id' => 'test_role', 'label' => 'Test role']);
// A single permission that does not exist. // A single permission that does not exist.
$this->expectException(\RuntimeException::class);
$this->expectExceptionMessage('Adding non-existent permissions to a role is not allowed. The incorrect permissions are "does not exist".');
$role->grantPermission('does not exist') $role->grantPermission('does not exist')
->save(); ->save();
$log_message = \Drupal::service(BufferingLogger::class)->cleanLogs()[0];
$this->assertSame(RfcLogLevel::ERROR, $log_message[0]);
$this->assertSame('Non-existent permission(s) assigned to role "@label" (@id) were removed. Invalid permission(s): @permissions.', $log_message[1]);
$this->assertSame('Test role', $log_message[2]['@label']);
$this->assertSame('test_role', $log_message[2]['@id']);
$this->assertSame('does not exist', $log_message[2]['@permissions']);
// A multiple permissions that do not exist. // Multiple permissions that do not exist.
$this->expectException(\RuntimeException::class);
$this->expectExceptionMessage('Adding non-existent permissions to a role is not allowed. The incorrect permissions are "does not exist, also does not exist".');
$role->grantPermission('does not exist') $role->grantPermission('does not exist')
->grantPermission('also does not exist') ->grantPermission('also does not exist')
->save(); ->save();
$log_message = \Drupal::service(BufferingLogger::class)->cleanLogs()[0];
$this->assertSame(RfcLogLevel::ERROR, $log_message[0]);
$this->assertSame('Non-existent permission(s) assigned to role "@label" (@id) were removed. Invalid permission(s): @permissions.', $log_message[1]);
$this->assertSame('Test role', $log_message[2]['@label']);
$this->assertSame('test_role', $log_message[2]['@id']);
$this->assertSame('does not exist, also does not exist', $log_message[2]['@permissions']);
$permissions = $role->getPermissions();
$this->assertEmpty(array_intersect(['does not exist', 'also does not exist'], $permissions));
} }
public function testPermissionRevokeAndConfigSync(): void { public function testPermissionRevokeAndConfigSync(): void {
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment