Commit 97dc0e10 authored by dsnopek's avatar dsnopek Committed by dsnopek

Issue #2782163 by dsnopek: [piwik] Add patches for CONTRIB-2016-043

parent 48dd8625
diff --git a/piwik.admin.inc b/piwik.admin.inc
index 8d82ca8..584a250 100644
--- a/piwik.admin.inc
+++ b/piwik.admin.inc
@@ -272,6 +272,8 @@ function piwik_admin_settings_form(&$form_state) {
'#disabled' => (module_exists('search') ? FALSE : TRUE),
);
+ $user_access_add_js_snippets = user_access('add JS snippets for piwik') ? FALSE : TRUE;
+ $user_access_add_js_snippets_permission_warning = $user_access_add_js_snippets ? ' <em>' . t('This field has been disabled because you do not have sufficient permissions to edit it.') . '</em>' : '';
$form['advanced']['codesnippet'] = array(
'#type' => 'fieldset',
'#title' => t('Custom JavaScript code'),
@@ -283,6 +285,7 @@ function piwik_admin_settings_form(&$form_state) {
'#type' => 'textarea',
'#title' => t('Code snippet (before)'),
'#default_value' => variable_get('piwik_codesnippet_before', ''),
+ '#disabled' => $user_access_add_js_snippets,
'#rows' => 5,
'#wysiwyg' => FALSE,
'#description' => t('Code in this textarea will be added <strong>before</strong> _paq.push(["trackPageView"]).')
@@ -291,6 +294,7 @@ function piwik_admin_settings_form(&$form_state) {
'#type' => 'textarea',
'#title' => t('Code snippet (after)'),
'#default_value' => variable_get('piwik_codesnippet_after', ''),
+ '#disabled' => $user_access_add_js_snippets,
'#rows' => 5,
'#wysiwyg' => FALSE,
'#description' => t('Code in this textarea will be added <strong>after</strong> _paq.push(["trackPageView"]). This is useful if you\'d like to track a site in two accounts.')
diff --git a/piwik.module b/piwik.module
index c6a0b26..797ef74 100644
--- a/piwik.module
+++ b/piwik.module
@@ -32,7 +32,7 @@ function piwik_help($path, $arg) {
* Implementation of hook_perm().
*/
function piwik_perm() {
- return array('administer piwik', 'opt-in or out of tracking', 'use PHP for tracking visibility');
+ return array('administer piwik', 'opt-in or out of tracking', 'use PHP for tracking visibility', 'add JS snippets for piwik');
}
/**
diff --git a/piwik.test b/piwik.test
index 592a433..e0ef35b 100644
--- a/piwik.test
+++ b/piwik.test
@@ -6,6 +6,13 @@
*/
class PiwikBasicTest extends DrupalWebTestCase {
+ /**
+ * User without permissions to edit snippets.
+ *
+ * @var \StdClass
+ */
+ protected $noSnippetUser;
+
public static function getInfo() {
return array(
'name' => t('Piwik basic tests'),
@@ -23,6 +30,8 @@ class PiwikBasicTest extends DrupalWebTestCase {
);
// User to set up piwik.
+ $this->noSnippetUser = $this->drupalCreateUser($permissions);
+ $permissions[] = 'add JS snippets for piwik';
$this->admin_user = $this->drupalCreateUser($permissions);
$this->drupalLogin($this->admin_user);
}
@@ -36,6 +45,22 @@ class PiwikBasicTest extends DrupalWebTestCase {
$edit['piwik_site_id'] = $this->randomName(2);
$this->drupalPost('admin/settings/piwik', $edit, 'Save configuration');
$this->assertRaw(t('A valid Piwik site ID is an integer only.'), '[testPiwikConfiguration]: Invalid Piwik site ID number validated.');
+
+ // User should have access to code snippets.
+ $this->assertFieldByName('piwik_codesnippet_before');
+ $this->assertFieldByName('piwik_codesnippet_after');
+ $this->assertNoFieldByXPath("//textarea[@name='piwik_codesnippet_before' and @disabled='disabled']", NULL, '"Code snippet (before)" is enabled.');
+ $this->assertNoFieldByXPath("//textarea[@name='piwik_codesnippet_after' and @disabled='disabled']", NULL, '"Code snippet (after)" is enabled.');
+
+ // Login as user without JS permissions.
+ $this->drupalLogin($this->noSnippetUser);
+ $this->drupalGet('admin/config/system/piwik');
+
+ // User should *not* have access to snippets, but create fields.
+ $this->assertFieldByName('piwik_codesnippet_before');
+ $this->assertFieldByName('piwik_codesnippet_after');
+ $this->assertFieldByXPath("//textarea[@name='piwik_codesnippet_before' and @disabled='disabled']", NULL, '"Code snippet (before)" is disabled.');
+ $this->assertFieldByXPath("//textarea[@name='piwik_codesnippet_after' and @disabled='disabled']", NULL, '"Code snippet (after)" is disabled.');
}
function testPiwikPageVisibility() {
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment