Commit 6758f115 authored by catch's avatar catch

Issue #2475263 by LKS90, Berdir: Remove Role::postSave() method

parent ce86b59e
...@@ -57,7 +57,7 @@ comment.reply: ...@@ -57,7 +57,7 @@ comment.reply:
_title: 'Add new comment' _title: 'Add new comment'
pid: ~ pid: ~
requirements: requirements:
_access: 'TRUE' _custom_access: '\Drupal\comment\Controller\CommentController::replyFormAccess'
options: options:
parameters: parameters:
entity: entity:
......
...@@ -10,6 +10,7 @@ ...@@ -10,6 +10,7 @@
use Drupal\comment\CommentInterface; use Drupal\comment\CommentInterface;
use Drupal\comment\CommentManagerInterface; use Drupal\comment\CommentManagerInterface;
use Drupal\comment\Plugin\Field\FieldType\CommentItemInterface; use Drupal\comment\Plugin\Field\FieldType\CommentItemInterface;
use Drupal\Core\Access\AccessResult;
use Drupal\Core\Controller\ControllerBase; use Drupal\Core\Controller\ControllerBase;
use Drupal\Core\Entity\EntityInterface; use Drupal\Core\Entity\EntityInterface;
use Drupal\Core\Entity\EntityManagerInterface; use Drupal\Core\Entity\EntityManagerInterface;
...@@ -185,9 +186,6 @@ public function redirectNode(EntityInterface $node) { ...@@ -185,9 +186,6 @@ public function redirectNode(EntityInterface $node) {
* There are several cases that have to be handled, including: * There are several cases that have to be handled, including:
* - replies to comments * - replies to comments
* - replies to entities * - replies to entities
* - attempts to reply to entities that can no longer accept comments
* - respecting access permissions ('access comments', 'post comments',
* etc.)
* *
* @param \Symfony\Component\HttpFoundation\Request $request * @param \Symfony\Component\HttpFoundation\Request $request
* The current request object. * The current request object.
...@@ -201,57 +199,24 @@ public function redirectNode(EntityInterface $node) { ...@@ -201,57 +199,24 @@ public function redirectNode(EntityInterface $node) {
* *
* @throws \Symfony\Component\HttpKernel\Exception\NotFoundHttpException * @throws \Symfony\Component\HttpKernel\Exception\NotFoundHttpException
* @return array|\Symfony\Component\HttpFoundation\RedirectResponse * @return array|\Symfony\Component\HttpFoundation\RedirectResponse
* One of the following:
* An associative array containing: * An associative array containing:
* - An array for rendering the entity or parent comment. * - An array for rendering the entity or parent comment.
* - comment_entity: If the comment is a reply to the entity. * - comment_entity: If the comment is a reply to the entity.
* - comment_parent: If the comment is a reply to another comment. * - comment_parent: If the comment is a reply to another comment.
* - comment_form: The comment form as a renderable array. * - comment_form: The comment form as a renderable array.
* - A redirect response to current node:
* - If user is not authorized to post comments.
* - If parent comment doesn't belong to current entity.
* - If user is not authorized to view comments.
* - If current entity comments are disable.
*/ */
public function getReplyForm(Request $request, EntityInterface $entity, $field_name, $pid = NULL) { public function getReplyForm(Request $request, EntityInterface $entity, $field_name, $pid = NULL) {
// Check if entity and field exists.
$fields = $this->commentManager->getFields($entity->getEntityTypeId());
if (empty($fields[$field_name])) {
throw new NotFoundHttpException();
}
$account = $this->currentUser(); $account = $this->currentUser();
$uri = $entity->urlInfo()->setAbsolute(); $uri = $entity->urlInfo()->setAbsolute();
$build = array(); $build = array();
// Check if the user has the proper permissions.
if (!$account->hasPermission('post comments')) {
drupal_set_message($this->t('You are not authorized to post comments.'), 'error');
return new RedirectResponse($uri->toString());
}
// The user is not just previewing a comment. // The user is not just previewing a comment.
if ($request->request->get('op') != $this->t('Preview')) { if ($request->request->get('op') != $this->t('Preview')) {
$status = $entity->{$field_name}->status;
if ($status != CommentItemInterface::OPEN) {
drupal_set_message($this->t("This discussion is closed: you can't post new comments."), 'error');
return new RedirectResponse($uri->toString());
}
// $pid indicates that this is a reply to a comment. // $pid indicates that this is a reply to a comment.
if ($pid) { if ($pid) {
// Check if the user has the proper permissions.
if (!$account->hasPermission('access comments')) {
drupal_set_message($this->t('You are not authorized to view comments.'), 'error');
return new RedirectResponse($uri->toString());
}
// Load the parent comment. // Load the parent comment.
$comment = $this->entityManager()->getStorage('comment')->load($pid); $comment = $this->entityManager()->getStorage('comment')->load($pid);
// Check if the parent comment is published and belongs to the entity.
if (!$comment->isPublished() || ($comment->getCommentedEntityId() != $entity->id())) {
drupal_set_message($this->t('The comment you are replying to does not exist.'), 'error');
return new RedirectResponse($uri->toString());
}
// Display the parent comment. // Display the parent comment.
$build['comment_parent'] = $this->entityManager()->getViewBuilder('comment')->view($comment); $build['comment_parent'] = $this->entityManager()->getViewBuilder('comment')->view($comment);
} }
...@@ -283,6 +248,53 @@ public function getReplyForm(Request $request, EntityInterface $entity, $field_n ...@@ -283,6 +248,53 @@ public function getReplyForm(Request $request, EntityInterface $entity, $field_n
return $build; return $build;
} }
/**
* Access check for the reply form.
*
* @param \Drupal\Core\Entity\EntityInterface $entity
* The entity this comment belongs to.
* @param string $field_name
* The field_name to which the comment belongs.
* @param int $pid
* (optional) Some comments are replies to other comments. In those cases,
* $pid is the parent comment's comment ID. Defaults to NULL.
*
* @throws \Symfony\Component\HttpKernel\Exception\NotFoundHttpException
* @return \Drupal\Core\Access\AccessResultInterface
* An access result
*/
public function replyFormAccess(EntityInterface $entity, $field_name, $pid = NULL) {
// Check if entity and field exists.
$fields = $this->commentManager->getFields($entity->getEntityTypeId());
if (empty($fields[$field_name])) {
throw new NotFoundHttpException();
}
$account = $this->currentUser();
// Check if the user has the proper permissions.
$access = AccessResult::allowedIfHasPermission($account, 'post comments');
$status = $entity->{$field_name}->status;
$access = $access->andIf(AccessResult::allowedIf($status == CommentItemInterface::OPEN)
->cacheUntilEntityChanges($entity));
// $pid indicates that this is a reply to a comment.
if ($pid) {
// Check if the user has the proper permissions.
$access = $access->andIf(AccessResult::allowedIfHasPermission($account, 'access comments'));
/// Load the parent comment.
$comment = $this->entityManager()->getStorage('comment')->load($pid);
// Check if the parent comment is published and belongs to the entity.
$access = $access->andIf(AccessResult::allowedIf($comment && $comment->isPublished() && $comment->getCommentedEntityId() == $entity->id()));
if ($comment) {
$access->cacheUntilEntityChanges($comment);
}
}
return $access;
}
/** /**
* Returns a set of nodes' last read timestamps. * Returns a set of nodes' last read timestamps.
* *
......
...@@ -157,7 +157,7 @@ public function viewElements(FieldItemListInterface $items) { ...@@ -157,7 +157,7 @@ public function viewElements(FieldItemListInterface $items) {
// Unpublished comments are not included in // Unpublished comments are not included in
// $entity->get($field_name)->comment_count, but unpublished comments // $entity->get($field_name)->comment_count, but unpublished comments
// should display if the user is an administrator. // should display if the user is an administrator.
$elements['#cache']['contexts'][] = 'user.roles'; $elements['#cache']['contexts'][] = 'user.permissions';
if ($this->currentUser->hasPermission('access comments') || $this->currentUser->hasPermission('administer comments')) { if ($this->currentUser->hasPermission('access comments') || $this->currentUser->hasPermission('administer comments')) {
// This is a listing of Comment entities, so associate its list cache // This is a listing of Comment entities, so associate its list cache
// tag for correct invalidation. // tag for correct invalidation.
......
...@@ -122,6 +122,10 @@ function testAnonymous() { ...@@ -122,6 +122,10 @@ function testAnonymous() {
$this->assertNoRaw('comments[' . $anonymous_comment3->id() . ']', 'Comment was deleted.'); $this->assertNoRaw('comments[' . $anonymous_comment3->id() . ']', 'Comment was deleted.');
$this->drupalLogout(); $this->drupalLogout();
// Comment 3 was deleted.
$this->drupalGet('comment/reply/node/' . $this->node->id() . '/comment/' . $anonymous_comment3->id());
$this->assertResponse(403);
// Reset. // Reset.
user_role_change_permissions(RoleInterface::ANONYMOUS_ID, array( user_role_change_permissions(RoleInterface::ANONYMOUS_ID, array(
'access comments' => FALSE, 'access comments' => FALSE,
...@@ -138,9 +142,7 @@ function testAnonymous() { ...@@ -138,9 +142,7 @@ function testAnonymous() {
// Attempt to view node-comment form while disallowed. // Attempt to view node-comment form while disallowed.
$this->drupalGet('comment/reply/node/' . $this->node->id() . '/comment'); $this->drupalGet('comment/reply/node/' . $this->node->id() . '/comment');
$this->assertText('You are not authorized to post comments', 'Error attempting to post comment.'); $this->assertResponse(403);
$this->assertNoFieldByName('subject[0][value]', '', 'Subject field not found.');
$this->assertNoFieldByName('comment_body[0][value]', '', 'Comment field not found.');
user_role_change_permissions(RoleInterface::ANONYMOUS_ID, array( user_role_change_permissions(RoleInterface::ANONYMOUS_ID, array(
'access comments' => TRUE, 'access comments' => TRUE,
...@@ -162,8 +164,7 @@ function testAnonymous() { ...@@ -162,8 +164,7 @@ function testAnonymous() {
$this->assertFieldByName('subject[0][value]', '', 'Subject field found.'); $this->assertFieldByName('subject[0][value]', '', 'Subject field found.');
$this->assertFieldByName('comment_body[0][value]', '', 'Comment field found.'); $this->assertFieldByName('comment_body[0][value]', '', 'Comment field found.');
$this->drupalGet('comment/reply/node/' . $this->node->id() . '/comment/' . $anonymous_comment3->id()); $this->drupalGet('comment/reply/node/' . $this->node->id() . '/comment/' . $anonymous_comment2->id());
$this->assertText('You are not authorized to view comments', 'Error attempting to post reply.'); $this->assertResponse(403);
$this->assertNoText($author_name, 'Comment not displayed.');
} }
} }
...@@ -155,20 +155,20 @@ public function testCommentInterface() { ...@@ -155,20 +155,20 @@ public function testCommentInterface() {
$reply_loaded->setPublished(FALSE); $reply_loaded->setPublished(FALSE);
$reply_loaded->save(); $reply_loaded->save();
$this->drupalGet('comment/reply/node/' . $this->node->id() . '/comment/' . $reply_loaded->id()); $this->drupalGet('comment/reply/node/' . $this->node->id() . '/comment/' . $reply_loaded->id());
$this->assertText(t('The comment you are replying to does not exist.'), 'Replying to an unpublished comment'); $this->assertResponse(403);
// Attempt to post to node with comments disabled. // Attempt to post to node with comments disabled.
$this->node = $this->drupalCreateNode(array('type' => 'article', 'promote' => 1, 'comment' => array(array('status' => CommentItemInterface::HIDDEN)))); $this->node = $this->drupalCreateNode(array('type' => 'article', 'promote' => 1, 'comment' => array(array('status' => CommentItemInterface::HIDDEN))));
$this->assertTrue($this->node, 'Article node created.'); $this->assertTrue($this->node, 'Article node created.');
$this->drupalGet('comment/reply/node/' . $this->node->id() . '/comment'); $this->drupalGet('comment/reply/node/' . $this->node->id() . '/comment');
$this->assertText('This discussion is closed', 'Posting to node with comments disabled'); $this->assertResponse(403);
$this->assertNoField('edit-comment', 'Comment body field found.'); $this->assertNoField('edit-comment', 'Comment body field found.');
// Attempt to post to node with read-only comments. // Attempt to post to node with read-only comments.
$this->node = $this->drupalCreateNode(array('type' => 'article', 'promote' => 1, 'comment' => array(array('status' => CommentItemInterface::CLOSED)))); $this->node = $this->drupalCreateNode(array('type' => 'article', 'promote' => 1, 'comment' => array(array('status' => CommentItemInterface::CLOSED))));
$this->assertTrue($this->node, 'Article node created.'); $this->assertTrue($this->node, 'Article node created.');
$this->drupalGet('comment/reply/node/' . $this->node->id() . '/comment'); $this->drupalGet('comment/reply/node/' . $this->node->id() . '/comment');
$this->assertText('This discussion is closed', 'Posting to node with comments read-only'); $this->assertResponse(403);
$this->assertNoField('edit-comment', 'Comment body field found.'); $this->assertNoField('edit-comment', 'Comment body field found.');
// Attempt to post to node with comments enabled (check field names etc). // Attempt to post to node with comments enabled (check field names etc).
......
...@@ -344,7 +344,7 @@ function testCommentFunctionality() { ...@@ -344,7 +344,7 @@ function testCommentFunctionality() {
// Attempt to view test entity comment form while disallowed. // Attempt to view test entity comment form while disallowed.
$this->drupalGet('comment/reply/entity_test/' . $this->entity->id() . '/comment'); $this->drupalGet('comment/reply/entity_test/' . $this->entity->id() . '/comment');
$this->assertText('You are not authorized to post comments', 'Error attempting to post comment.'); $this->assertResponse(403);
$this->assertNoFieldByName('subject[0][value]', '', 'Subject field not found.'); $this->assertNoFieldByName('subject[0][value]', '', 'Subject field not found.');
$this->assertNoFieldByName('comment_body[0][value]', '', 'Comment field not found.'); $this->assertNoFieldByName('comment_body[0][value]', '', 'Comment field not found.');
...@@ -376,7 +376,7 @@ function testCommentFunctionality() { ...@@ -376,7 +376,7 @@ function testCommentFunctionality() {
$this->assertFieldByName('comment_body[0][value]', '', 'Comment field found.'); $this->assertFieldByName('comment_body[0][value]', '', 'Comment field found.');
$this->drupalGet('comment/reply/entity_test/' . $this->entity->id() . '/comment/' . $comment1->id()); $this->drupalGet('comment/reply/entity_test/' . $this->entity->id() . '/comment/' . $comment1->id());
$this->assertText('You are not authorized to view comments'); $this->assertResponse(403);
$this->assertNoText($comment1->getSubject(), 'Comment not displayed.'); $this->assertNoText($comment1->getSubject(), 'Comment not displayed.');
// Test comment field widget changes. // Test comment field widget changes.
......
...@@ -186,14 +186,4 @@ public function preSave(EntityStorageInterface $storage) { ...@@ -186,14 +186,4 @@ public function preSave(EntityStorageInterface $storage) {
} }
} }
/**
* {@inheritdoc}
*/
public function postSave(EntityStorageInterface $storage, $update = TRUE) {
parent::postSave($storage, $update);
// Clear render cache.
entity_render_cache_clear();
}
} }
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment