Commit 7a78f7aa authored by Dries's avatar Dries

- Patch #791076 by Shellingfox, tobias: search displays user email address...

- Patch #791076 by Shellingfox, tobias: search displays user email address regardless of 'administer users' permission.
parent 967d8d15
......@@ -849,9 +849,10 @@ function user_search_execute($keys = NULL) {
// Replace wildcards with MySQL/PostgreSQL wildcards.
$keys = preg_replace('!\*+!', '%', $keys);
$query = db_select('users')->extend('PagerDefault');
$query->fields('users', array('name', 'uid', 'mail'));
$query->fields('users', array('name', 'uid'));
if (user_access('administer users')) {
// Administrators can also search in the otherwise private email field.
$query->fields('users', array('mail'));
$query->condition(db_or()->
condition('name', '%' . db_like($keys) . '%', 'LIKE')->
condition('mail', '%' . db_like($keys) . '%', 'LIKE'));
......@@ -862,8 +863,15 @@ function user_search_execute($keys = NULL) {
$result = $query
->limit(15)
->execute();
foreach ($result as $account) {
$find[] = array('title' => $account->name . ' (' . $account->mail . ')', 'link' => url('user/' . $account->uid, array('absolute' => TRUE)));
if (user_access('administer users')) {
foreach ($result as $account) {
$find[] = array('title' => $account->name . ' (' . $account->mail . ')', 'link' => url('user/' . $account->uid, array('absolute' => TRUE)));
}
}
else {
foreach ($result as $account) {
$find[] = array('title' => $account->name, 'link' => url('user/' . $account->uid, array('absolute' => TRUE)));
}
}
return $find;
}
......
......@@ -1585,3 +1585,36 @@ class UserTokenReplaceTestCase extends DrupalWebTestCase {
}
}
}
/**
* Test user search.
*/
class UserUserSearchTestCase extends DrupalWebTestCase {
public static function getInfo() {
return array(
'name' => 'User search',
'description' => 'Testing that only user with the right permission can see the email address in the user search.',
'group' => 'User',
);
}
function testUserSearch() {
$user1 = $this->drupalCreateUser(array('access user profiles', 'search content', 'use advanced search'));
$this->drupalLogin($user1);
$keys = $user1->mail;
$edit = array('keys' => $keys);
$this->drupalPost('search/user/', $edit, t('Search'));
$this->assertNoText($keys);
$this->drupalLogout();
$user2 = $this->drupalCreateUser(array('administer users', 'access user profiles', 'search content', 'use advanced search'));
$this->drupalLogin($user2);
$keys = $user2->mail;
$edit = array('keys' => $keys);
$this->drupalPost('search/user/', $edit, t('Search'));
$this->assertText($keys);
$this->drupalLogout();
}
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment