Commit 4741f770 authored by webchick's avatar webchick

Issue #1890748 by mark.lindsey, hefox, pwolanin, David_Rothstein, klausi:...

Issue #1890748 by mark.lindsey, hefox, pwolanin, David_Rothstein, klausi: Fixed Printer Friendly Version of Book Does Not Take Into Account Node Access.
parent d3f88a87
......@@ -166,10 +166,11 @@ function book_menu() {
'type' => MENU_SUGGESTED_ITEM,
'file' => 'book.pages.inc',
);
$items['book/export/%/%'] = array(
$items['book/export/%/%node'] = array(
'page callback' => 'book_export',
'page arguments' => array(2, 3),
'access arguments' => array('access printer-friendly version'),
'access callback' => 'book_export_access',
'access arguments' => array(3),
'type' => MENU_CALLBACK,
'file' => 'book.pages.inc',
);
......@@ -195,6 +196,16 @@ function book_menu() {
return $items;
}
/**
* Access callback: Determines if the book export page is accessible.
*
* @param \Drupal\node\Plugin\Core\Entity\Node $node
* The node whose export page is to be viewed.
*/
function book_export_access(Node $node) {
return user_access('access printer-friendly version') && node_access('view', $node);
}
/**
* Access callback: Determines if the outline tab is accessible.
*
......
......@@ -39,8 +39,8 @@ function book_render() {
* currently supported in book module:
* - html: Printer-friendly HTML.
* Other types may be supported in contributed modules.
* @param $nid
* An integer representing the node id (nid) of the node to export
* @param \Drupal\node\Plugin\Core\Entity\Node $node
* The node to export.
*
* @return
* A string representing the node and its children in the book hierarchy in a
......@@ -50,13 +50,13 @@ function book_render() {
*
* @see book_menu()
*/
function book_export($type, $nid) {
function book_export($type, Node $node) {
$type = drupal_strtolower($type);
$export_function = 'book_export_' . $type;
if (function_exists($export_function)) {
print call_user_func($export_function, $nid);
print call_user_func($export_function, $node);
}
else {
drupal_set_message(t('Unknown export format.'));
......@@ -74,8 +74,8 @@ function book_export($type, $nid) {
* look like level 3 sections, no matter their depth relative to the node
* selected to be exported as printer-friendly HTML.
*
* @param $nid
* An integer representing the node id (nid) of the node to export.
* @param \Drupal\node\Plugin\Core\Entity\Node
* The node to export.
*
* @return
* A string containing HTML representing the node and its children in
......@@ -84,9 +84,8 @@ function book_export($type, $nid) {
* @throws \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException
* @throws \Symfony\Component\HttpKernel\Exception\NotFoundHttpException
*/
function book_export_html($nid) {
function book_export_html(Node $node) {
if (user_access('access printer-friendly version')) {
$node = node_load($nid);
if (isset($node->book)) {
$tree = book_menu_subtree_data($node->book);
$contents = book_export_traverse($tree, 'book_node_export');
......
......@@ -301,6 +301,13 @@ function testBookExport() {
// Try getting the URL directly, and verify it fails.
$this->drupalGet('book/export/html/' . $this->book->nid);
$this->assertResponse('403', 'Anonymous user properly forbidden.');
// Now grant anonymous users permission to view the printer-friendly
// version and verify that node access restrictions still prevent them from
// seeing it.
user_role_grant_permissions(DRUPAL_ANONYMOUS_RID, array('access printer-friendly version'));
$this->drupalGet('book/export/html/' . $this->book->nid);
$this->assertResponse('403', 'Anonymous user properly forbidden from seeing the printer-friendly version when denied by node access.');
}
/**
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment