Commit 3e58b498 authored by xjm's avatar xjm
Browse files

Issue #2572553 by larowlan, LoMo, znerol, Upchuk, fil00dl, Truptti,...

Issue #2572553 by larowlan, LoMo, znerol, Upchuk, fil00dl, Truptti, maartendeblock, andypost, tim.plunkett, keesje, catch: Incomprehensible validation message when anonymous tries to submit comment with an existing username
parent 4318d98e
......@@ -110,12 +110,13 @@ protected function checkFieldAccess($operation, FieldDefinitionInterface $field_
// access.
return AccessResult::forbidden();
}
$is_name = $field_definition->getName() === 'name';
/** @var \Drupal\comment\CommentInterface $entity */
$entity = $items->getEntity();
$commented_entity = $entity->getCommentedEntity();
$anonymous_contact = $commented_entity->get($entity->getFieldName())->getFieldDefinition()->getSetting('anonymous');
$admin_access = AccessResult::allowedIfHasPermission($account, 'administer comments');
$anonymous_access = AccessResult::allowedIf($entity->isNew() && $account->isAnonymous() && $anonymous_contact != COMMENT_ANONYMOUS_MAYNOT_CONTACT && $account->hasPermission('post comments'))
$anonymous_access = AccessResult::allowedIf($entity->isNew() && $account->isAnonymous() && ($anonymous_contact != COMMENT_ANONYMOUS_MAYNOT_CONTACT || $is_name) && $account->hasPermission('post comments'))
->cachePerPermissions()
->addCacheableDependency($entity)
->addCacheableDependency($field_definition->getConfig($commented_entity->bundle()))
......
......@@ -65,6 +65,16 @@ function testAnonymous() {
$anonymous_comment1 = $this->postComment($this->node, $this->randomMachineName(), $this->randomMachineName());
$this->assertTrue($this->commentExists($anonymous_comment1), 'Anonymous comment without contact info found.');
// Ensure anonymous users cannot post in the name of registered users.
$edit = array(
'name' => $this->adminUser->getUsername(),
'comment_body[0][value]' => $this->randomMachineName(),
);
$this->drupalPostForm('comment/reply/node/' . $this->node->id() . '/comment', $edit, t('Save'));
$this->assertRaw(t('The name you used (%name) belongs to a registered user.', [
'%name' => $this->adminUser->getUsername(),
]));
// Allow contact info.
$this->drupalLogin($this->adminUser);
$this->setCommentAnonymous(COMMENT_ANONYMOUS_MAY_CONTACT);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment