From 5b001b81da9d265406f65d5b5ce93a31c840f2bb Mon Sep 17 00:00:00 2001
From: webchick <webchick@24967.no-reply.drupal.org>
Date: Mon, 19 Aug 2013 08:45:11 -0700
Subject: [PATCH] Issue #2031385 by Wim Leers, Thomas Brekelmans: Fixed
 Editor's in-place editing AJAX endpoint broken because of #1043198 and
 routing system bug.

---
 .../lib/Drupal/edit/Tests/EditLoadingTest.php |   1 +
 core/modules/editor/editor.routing.yml        |   2 +
 .../Tests/EditIntegrationLoadingTest.php      | 165 ++++++++++++++++++
 .../editor/Tests/EditIntegrationTest.php      |   2 +-
 4 files changed, 169 insertions(+), 1 deletion(-)
 create mode 100644 core/modules/editor/lib/Drupal/editor/Tests/EditIntegrationLoadingTest.php

diff --git a/core/modules/edit/lib/Drupal/edit/Tests/EditLoadingTest.php b/core/modules/edit/lib/Drupal/edit/Tests/EditLoadingTest.php
index 4807d4e9e910..e7e2571c5452 100644
--- a/core/modules/edit/lib/Drupal/edit/Tests/EditLoadingTest.php
+++ b/core/modules/edit/lib/Drupal/edit/Tests/EditLoadingTest.php
@@ -373,4 +373,5 @@ protected function getAjaxPageStatePostData() {
     }
     return $extra_post;
   }
+
 }
diff --git a/core/modules/editor/editor.routing.yml b/core/modules/editor/editor.routing.yml
index 26aa16c3b42a..f9056341bc11 100644
--- a/core/modules/editor/editor.routing.yml
+++ b/core/modules/editor/editor.routing.yml
@@ -2,6 +2,8 @@ editor_field_untransformed_text:
   pattern: '/editor/{entity_type}/{entity}/{field_name}/{langcode}/{view_mode_id}'
   defaults:
     _controller: '\Drupal\editor\EditorController::getUntransformedText'
+  options:
+    _access_mode: 'ALL'
   requirements:
     _permission: 'access in-place editing'
     _access_edit_entity_field: 'TRUE'
diff --git a/core/modules/editor/lib/Drupal/editor/Tests/EditIntegrationLoadingTest.php b/core/modules/editor/lib/Drupal/editor/Tests/EditIntegrationLoadingTest.php
new file mode 100644
index 000000000000..247678e45deb
--- /dev/null
+++ b/core/modules/editor/lib/Drupal/editor/Tests/EditIntegrationLoadingTest.php
@@ -0,0 +1,165 @@
+<?php
+
+/**
+ * @file
+ * Definition of \Drupal\editor\Tests\EditIntegrationLoadingTest.
+ */
+
+namespace Drupal\editor\Tests;
+
+use Drupal\simpletest\WebTestBase;
+
+/**
+ * Tests Edit module integration endpoints.
+ */
+class EditIntegrationLoadingTest extends WebTestBase {
+
+  /**
+   * Modules to enable.
+   *
+   * @var array
+   */
+  public static $modules = array('edit', 'filter', 'node', 'editor');
+
+  /**
+   * The basic permissions necessary to view content and use in-place editing.
+   *
+   * @var array
+   */
+  protected static $basic_permissions = array('access content', 'create article content', 'use text format filtered_html', 'access contextual links');
+
+  public static function getInfo() {
+    return array(
+      'name' => 'In-place text editor loading',
+      'description' => 'Tests Edit module integration endpoints.',
+      'group' => 'Text Editor',
+    );
+  }
+
+  function setUp() {
+    parent::setUp();
+
+    // Create a text format.
+    $filtered_html_format = entity_create('filter_format', array(
+      'format' => 'filtered_html',
+      'name' => 'Filtered HTML',
+      'weight' => 0,
+      'filters' => array(
+        'filter_caption' => array(
+          'status' => 1,
+        ),
+      ),
+    ));
+    $filtered_html_format->save();
+
+    // Create a node type.
+    $this->drupalCreateContentType(array(
+      'type' => 'article',
+      'name' => 'Article',
+    ));
+
+    // Create one node of the above node type using the above text format.
+    $this->drupalCreateNode(array(
+      'type' => 'article',
+      'body' => array(
+        0 => array(
+          'value' => '<p>Do you also love Drupal?</p><img src="druplicon.png" data-caption="Druplicon" />',
+          'format' => 'filtered_html',
+        )
+      )
+    ));
+  }
+
+  /**
+   * Test loading of untransformed text when a user doesn't have access to it.
+   */
+  function testUsersWithoutPermission() {
+    // Create 3 users, each with insufficient permissions, i.e. without either
+    // or both of the following permissions:
+    // - the 'access in-place editing' permission
+    // - the 'edit any article content' permission (necessary to edit node 1)
+    $users = array(
+      $this->drupalCreateUser(static::$basic_permissions),
+      $this->drupalCreateUser(array_merge(static::$basic_permissions, array('edit any article content'))),
+      $this->drupalCreateUser(array_merge(static::$basic_permissions, array('access in-place editing')))
+    );
+
+    // Now test with each of the 3 users with insufficient permissions.
+    foreach ($users as $user) {
+      $this->drupalLogin($user);
+      $this->drupalGet('node/1');
+
+      // Ensure the text is transformed.
+      $this->assertRaw('<p>Do you also love Drupal?</p><figure class="caption caption-img"><img src="druplicon.png" /><figcaption>Druplicon</figcaption></figure>');
+
+      // Retrieving the untransformed text should result in an empty 403 response.
+      $response = $this->retrieveUntransformedText('node/1/body/und/full');
+      $this->assertResponse(403);
+      // @todo Uncomment the below once https://drupal.org/node/2063303 is fixed.
+      // $this->assertIdentical('[]', $response);
+    }
+  }
+
+  /**
+   * Test loading of untransformed text when a user does have access to it.
+   */
+  function testUserWithPermission() {
+    $user = $this->drupalCreateUser(array_merge(static::$basic_permissions, array('edit any article content', 'access in-place editing')));
+    $this->drupalLogin($user);
+    $this->drupalGet('node/1');
+
+    // Ensure the text is transformed.
+    $this->assertRaw('<p>Do you also love Drupal?</p><figure class="caption caption-img"><img src="druplicon.png" /><figcaption>Druplicon</figcaption></figure>');
+
+    $response = $this->retrieveUntransformedText('node/1/body/und/full');
+    $this->assertResponse(200);
+    $ajax_commands = drupal_json_decode($response);
+    $this->assertIdentical(1, count($ajax_commands), 'The untransformed text POST request results in one AJAX command.');
+    $this->assertIdentical('editorGetUntransformedText', $ajax_commands[0]['command'], 'The first AJAX command is an editorGetUntransformedText command.');
+    $this->assertIdentical('<p>Do you also love Drupal?</p><img src="druplicon.png" data-caption="Druplicon" />', $ajax_commands[0]['data'], 'The editorGetUntransformedText command contains the expected data.');
+  }
+
+  /**
+   * Retrieve untransformed text from the server.
+   *
+   * @param string $field_id
+   *   An Edit field ID.
+   *
+   * @return string
+   *   The response body.
+   */
+  protected function retrieveUntransformedText($field_id) {
+    return $this->curlExec(array(
+      CURLOPT_URL => url('editor/' . $field_id, array('absolute' => TRUE)),
+      CURLOPT_POST => TRUE,
+      CURLOPT_POSTFIELDS => $this->getAjaxPageStatePostData(),
+      CURLOPT_HTTPHEADER => array(
+        'Accept: application/vnd.drupal-ajax',
+        'Content-Type: application/x-www-form-urlencoded',
+      ),
+    ));
+  }
+
+  /**
+   * Get extra information to the POST data as ajax.js does.
+   *
+   * @return string
+   *   Additional post data.
+   */
+  protected function getAjaxPageStatePostData() {
+    $extra_post = '';
+    $drupal_settings = $this->drupalSettings;
+    if (isset($drupal_settings['ajaxPageState'])) {
+      $extra_post .= '&' . urlencode('ajax_page_state[theme]') . '=' . urlencode($drupal_settings['ajaxPageState']['theme']);
+      $extra_post .= '&' . urlencode('ajax_page_state[theme_token]') . '=' . urlencode($drupal_settings['ajaxPageState']['theme_token']);
+      foreach ($drupal_settings['ajaxPageState']['css'] as $key => $value) {
+        $extra_post .= '&' . urlencode("ajax_page_state[css][$key]") . '=1';
+      }
+      foreach ($drupal_settings['ajaxPageState']['js'] as $key => $value) {
+        $extra_post .= '&' . urlencode("ajax_page_state[js][$key]") . '=1';
+      }
+    }
+    return $extra_post;
+  }
+
+}
diff --git a/core/modules/editor/lib/Drupal/editor/Tests/EditIntegrationTest.php b/core/modules/editor/lib/Drupal/editor/Tests/EditIntegrationTest.php
index 463964c16171..6be87d099d0f 100644
--- a/core/modules/editor/lib/Drupal/editor/Tests/EditIntegrationTest.php
+++ b/core/modules/editor/lib/Drupal/editor/Tests/EditIntegrationTest.php
@@ -2,7 +2,7 @@
 
 /**
  * @file
- * Contains \Drupal\editor\Tests\EditorIntegrationTest.
+ * Contains \Drupal\editor\Tests\EditIntegrationTest.
  */
 
 namespace Drupal\editor\Tests;
-- 
GitLab