SA-CONTRIB-2016-043.patch 4.18 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92
diff --git a/piwik.admin.inc b/piwik.admin.inc
index 8d82ca8..584a250 100644
--- a/piwik.admin.inc
+++ b/piwik.admin.inc
@@ -272,6 +272,8 @@ function piwik_admin_settings_form(&$form_state) {
     '#disabled' => (module_exists('search') ? FALSE : TRUE),
   );
 
+  $user_access_add_js_snippets = user_access('add JS snippets for piwik') ? FALSE : TRUE;
+  $user_access_add_js_snippets_permission_warning = $user_access_add_js_snippets ? ' <em>' . t('This field has been disabled because you do not have sufficient permissions to edit it.') . '</em>' : '';
   $form['advanced']['codesnippet'] = array(
     '#type' => 'fieldset',
     '#title' => t('Custom JavaScript code'),
@@ -283,6 +285,7 @@ function piwik_admin_settings_form(&$form_state) {
     '#type' => 'textarea',
     '#title' => t('Code snippet (before)'),
     '#default_value' => variable_get('piwik_codesnippet_before', ''),
+    '#disabled' => $user_access_add_js_snippets,
     '#rows' => 5,
     '#wysiwyg' => FALSE,
     '#description' => t('Code in this textarea will be added <strong>before</strong> _paq.push(["trackPageView"]).')
@@ -291,6 +294,7 @@ function piwik_admin_settings_form(&$form_state) {
     '#type' => 'textarea',
     '#title' => t('Code snippet (after)'),
     '#default_value' => variable_get('piwik_codesnippet_after', ''),
+    '#disabled' => $user_access_add_js_snippets,
     '#rows' => 5,
     '#wysiwyg' => FALSE,
     '#description' => t('Code in this textarea will be added <strong>after</strong> _paq.push(["trackPageView"]). This is useful if you\'d like to track a site in two accounts.')
diff --git a/piwik.module b/piwik.module
index c6a0b26..797ef74 100644
--- a/piwik.module
+++ b/piwik.module
@@ -32,7 +32,7 @@ function piwik_help($path, $arg) {
  * Implementation of hook_perm().
  */
 function piwik_perm() {
-  return array('administer piwik', 'opt-in or out of tracking', 'use PHP for tracking visibility');
+  return array('administer piwik', 'opt-in or out of tracking', 'use PHP for tracking visibility', 'add JS snippets for piwik');
 }
 
 /**
diff --git a/piwik.test b/piwik.test
index 592a433..e0ef35b 100644
--- a/piwik.test
+++ b/piwik.test
@@ -6,6 +6,13 @@
  */
 class PiwikBasicTest extends DrupalWebTestCase {
 
+  /**
+   * User without permissions to edit snippets.
+   *
+   * @var \StdClass
+   */
+  protected $noSnippetUser;
+
   public static function getInfo() {
     return array(
       'name' => t('Piwik basic tests'),
@@ -23,6 +30,8 @@ class PiwikBasicTest extends DrupalWebTestCase {
     );
 
     // User to set up piwik.
+    $this->noSnippetUser = $this->drupalCreateUser($permissions);
+    $permissions[] = 'add JS snippets for piwik';
     $this->admin_user = $this->drupalCreateUser($permissions);
     $this->drupalLogin($this->admin_user);
   }
@@ -36,6 +45,22 @@ class PiwikBasicTest extends DrupalWebTestCase {
     $edit['piwik_site_id'] = $this->randomName(2);
     $this->drupalPost('admin/settings/piwik', $edit, 'Save configuration');
     $this->assertRaw(t('A valid Piwik site ID is an integer only.'), '[testPiwikConfiguration]: Invalid Piwik site ID number validated.');
+
+    // User should have access to code snippets.
+    $this->assertFieldByName('piwik_codesnippet_before');
+    $this->assertFieldByName('piwik_codesnippet_after');
+    $this->assertNoFieldByXPath("//textarea[@name='piwik_codesnippet_before' and @disabled='disabled']", NULL, '"Code snippet (before)" is enabled.');
+    $this->assertNoFieldByXPath("//textarea[@name='piwik_codesnippet_after' and @disabled='disabled']", NULL, '"Code snippet (after)" is enabled.');
+
+    // Login as user without JS permissions.
+    $this->drupalLogin($this->noSnippetUser);
+    $this->drupalGet('admin/config/system/piwik');
+
+    // User should *not* have access to snippets, but create fields.
+    $this->assertFieldByName('piwik_codesnippet_before');
+    $this->assertFieldByName('piwik_codesnippet_after');
+    $this->assertFieldByXPath("//textarea[@name='piwik_codesnippet_before' and @disabled='disabled']", NULL, '"Code snippet (before)" is disabled.');
+    $this->assertFieldByXPath("//textarea[@name='piwik_codesnippet_after' and @disabled='disabled']", NULL, '"Code snippet (after)" is disabled.');
   }
 
   function testPiwikPageVisibility() {