Commit 0f17b0ec authored by catch's avatar catch

Issue #1912602 by dawehner, dagmar, tim.plunkett, bdone: Changing view access...

Issue #1912602 by dawehner, dagmar, tim.plunkett, bdone: Changing view access from 'Permission' to 'Role' causes AJAX error message re getRoles().
parent a6cdd740
......@@ -159,13 +159,11 @@ protected function applies(Route $route) {
$checks[] = $service_id;
}
}
// This means appliesTo() method was empty. Iterate through all checkers.
else {
foreach ($this->dynamicRequirementMap as $service_id) {
if ($this->checks[$service_id]->applies($route)) {
$checks[] = $service_id;
}
}
}
// Finally, see if any dynamic access checkers apply.
foreach ($this->dynamicRequirementMap as $service_id) {
if ($this->checks[$service_id]->applies($route)) {
$checks[] = $service_id;
}
}
......
......@@ -645,6 +645,9 @@ protected function drupalLogin(AccountInterface $account) {
if ($pass) {
$this->loggedInUser = $account;
$this->container->set('current_user', $account);
// @todo Temporary workaround for not being able to use synchronized
// services in non dumped container.
$this->container->get('access_subscriber')->setCurrentUser($account);
}
}
......
......@@ -42,7 +42,9 @@ public function access(AccountInterface $account) {
* {@inheritdoc}
*/
public function alterRouteDefinition(Route $route) {
$route->setRequirement('_role_id', $this->options['role']);
if ($this->options['role']) {
$route->setRequirement('_role', (string) implode(',', $this->options['role']));
}
}
public function summaryTitle() {
......@@ -74,7 +76,7 @@ public function buildOptionsForm(&$form, &$form_state) {
'#type' => 'checkboxes',
'#title' => t('Role'),
'#default_value' => $this->options['role'],
'#options' => array_map('check_plain', $this->getRoles()),
'#options' => array_map('\Drupal\Component\Utility\String::checkPlain', user_role_names()),
'#description' => t('Only the checked roles will be able to access this display. Note that users with "access all views" can see any view, regardless of role.'),
);
}
......
......@@ -8,6 +8,9 @@
namespace Drupal\user\Tests\Views;
use Drupal\user\Plugin\views\access\Role;
use Drupal\views\Views;
use Drupal\views\ViewStorageInterface;
use Symfony\Component\HttpFoundation\Request;
/**
* Tests views role access plugin.
......@@ -35,19 +38,43 @@ public static function getInfo() {
* Tests role access plugin.
*/
function testAccessRole() {
$view = views_get_view('test_access_role');
$view->setDisplay();
$view->displayHandlers->get('default')->options['access']['options']['role'] = array(
/** @var \Drupal\views\ViewStorageInterface $view */
$view = \Drupal::entityManager()->getStorageController('view')->load('test_access_role');
$display = &$view->getDisplay('default');
$display['display_options']['access']['options']['role'] = array(
$this->normalRole => $this->normalRole,
);
$view->save();
$executable = Views::executableFactory()->get($view);
$executable->setDisplay('page_1');
$access_plugin = $view->display_handler->getPlugin('access');
$access_plugin = $executable->display_handler->getPlugin('access');
$this->assertTrue($access_plugin instanceof Role, 'Make sure the right class got instantiated.');
$this->assertTrue($view->display_handler->access($this->adminUser), 'Admin-Account should be able to access the view everytime');
$this->assertFalse($view->display_handler->access($this->webUser));
$this->assertTrue($view->display_handler->access($this->normalUser));
// Test the access() method on the access plugin.
$this->assertTrue($executable->display_handler->access($this->adminUser), 'Admin-Account should be able to access the view everytime');
$this->assertFalse($executable->display_handler->access($this->webUser));
$this->assertTrue($executable->display_handler->access($this->normalUser));
// Test the actual access doing a request.
/** @var \Symfony\Component\HttpKernel\HttpKernelInterface $kernel */
$kernel = $this->container->get('http_kernel');
$this->drupalLogin($this->adminUser);
$request = Request::create('/test-role');
$response = $kernel->handle($request);
$this->assertEqual($response->getStatusCode(), 200);
$this->drupalLogin($this->webUser);
$request = Request::create('/test-role');
$response = $kernel->handle($request);
$this->assertEqual($response->getStatusCode(), 403);
$this->drupalLogin($this->normalUser);
$request = Request::create('/test-role');
$response = $kernel->handle($request);
$this->assertEqual($response->getStatusCode(), 200);
}
}
<?php
/**
* @file
* Contains \Drupal\user\Tests\Views\AccessRoleUITest.
*/
namespace Drupal\user\Tests\Views;
use Drupal\views\Tests\ViewTestData;
use Drupal\views_ui\Tests\UITestBase;
/**
* Tests views role access plugin UI.
*
* @see Drupal\user\Plugin\views\access\Role
*/
class AccessRoleUITest extends UITestBase {
/**
* Views used by this test.
*
* @var array
*/
public static $testViews = array('test_access_role');
/**
* Modules to enable.
*
* @var array
*/
public static $modules = array('user', 'user_test_views');
/**
* {@inheritdoc}
*/
public static function getInfo() {
return array(
'name' => 'User: Access role (UI)',
'description' => 'Tests views role access plugin UI.',
'group' => 'Views module integration',
);
}
/**
* {@inheritdoc}
*/
protected function setUp() {
parent::setUp();
ViewTestData::createTestViews(get_class($this), array('user_test_views'));
}
/**
* Tests the role access plugin UI.
*/
public function testAccessRoleUI() {
$entity_manager = $this->container->get('entity.manager');
$entity_manager->getStorageController('user_role')->create(array('id' => 'custom_role', 'label' => 'Custom role'))->save();
$access_url = "admin/structure/views/nojs/display/test_access_role/default/access_options";
$this->drupalPostForm($access_url, array('access_options[role][custom_role]' => 1), t('Apply'));
$this->assertResponse(200);
$this->drupalPostForm(NULL, array(), t('Save'));
$view = $entity_manager->getStorageController('view')->load('test_access_role');
$display = $view->getDisplay('default');
$this->assertEqual($display['display_options']['access']['options']['role'], array('custom_role' => 'custom_role'));
}
}
......@@ -60,6 +60,7 @@ protected function setUp() {
$this->normalRole = $this->drupalCreateRole(array());
$this->normalUser = $this->drupalCreateUser(array('views_test_data test permission'));
$this->normalUser->addRole($this->normalRole);
$this->normalUser->save();
// @todo when all the plugin information is cached make a reset function and
// call it here.
}
......
base_table: node
base_table: views_test_data
core: '8'
description: ''
status: '1'
display:
default:
display_options:
fields:
id:
id: id
field: id
table: views_test_data
plugin_id: numeric
access:
type: role
cache:
......@@ -21,6 +27,13 @@ display:
display_title: Master
id: default
position: '0'
page_1:
display_options:
path: test-role
display_plugin: page
display_title: Page
id: page_1
position: '1'
label: ''
id: test_access_role
tag: ''
......@@ -185,6 +185,10 @@ protected function getRoute($view_id, $display_id) {
$access_plugin = Views::pluginManager('access')->createInstance('none');
}
$access_plugin->alterRouteDefinition($route);
// @todo Figure out whether _access_mode ANY is the proper one. This is
// particular important for altering routes.
$route->setOption('_access_mode', 'ANY');
return $route;
}
......
......@@ -7,7 +7,7 @@
namespace Drupal\views;
use Drupal\Core\Access\StaticAccessCheckInterface;
use Drupal\Core\Access\AccessCheckInterface;
use Drupal\Core\Session\AccountInterface;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Routing\Route;
......@@ -17,13 +17,13 @@
*
* @todo We could leverage the permission one as well?
*/
class ViewsAccessCheck implements StaticAccessCheckInterface {
class ViewsAccessCheck implements AccessCheckInterface {
/**
* {@inheritdoc}
*/
public function appliesTo() {
return array('views_id');
public function applies(Route $route) {
return $route->hasDefault('view_id');
}
/**
......
......@@ -146,6 +146,37 @@ public function testSetChecks() {
$this->assertEquals($this->routeCollection->get('test_route_3')->getOption('_access_checks'), array('test_access_default'));
}
/**
* Tests setChecks with a dynamic access checker.
*/
public function testSetChecksWithDynamicAccessChecker() {
// Setup the access manager.
$this->accessManager = new AccessManager($this->routeProvider, $this->urlGenerator, $this->paramConverter, $this->account);
$this->accessManager->setContainer($this->container);
// Setup the dynamic access checker.
$access_check = $this->getMock('Drupal\Core\Access\AccessCheckInterface');
$this->container->set('test_access', $access_check);
$this->accessManager->addCheckService('test_access');
$route = new Route('/test-path', array(), array('_foo' => '1', '_bar' => '1'));
$route2 = new Route('/test-path', array(), array('_foo' => '1', '_bar' => '2'));
$collection = new RouteCollection();
$collection->add('test_route', $route);
$collection->add('test_route2', $route2);
$access_check->expects($this->exactly(2))
->method('applies')
->with($this->isInstanceOf('Symfony\Component\Routing\Route'))
->will($this->returnCallback(function (Route $route) {
return $route->getRequirement('_bar') == 2;
}));
$this->accessManager->setChecks($collection);
$this->assertEmpty($route->getOption('_access_checks'));
$this->assertEquals(array('test_access'), $route2->getOption('_access_checks'));
}
/**
* Tests \Drupal\Core\Access\AccessManager::check().
*/
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment