Commit 8a17309e authored by Dries's avatar Dries

Issue #1658846 by penyaskito, Schnitzel, xjm, agentrickard, effulgentsia,...

Issue #1658846 by penyaskito, Schnitzel, xjm, agentrickard, effulgentsia, kalman.hosszu, vijaycs85, Gábor Hojtsy, disasm, YesCT: Add language support to node access grants and records.
parent 575b5049
......@@ -84,7 +84,10 @@ public function setValue($values) {
else {
$this->properties['entity']->setValue(NULL);
}
unset($values['entity'], $values['fid'], $values['display'], $values['description']);
unset($values['entity'], $values['fid']);
// @todo These properties are sometimes set due to being present in form
// values. Needs to be cleaned up somewhere.
unset($values['display'], $values['description'], $values['upload']);
if ($values) {
throw new \InvalidArgumentException('Property ' . key($values) . ' is unknown.');
}
......
......@@ -109,11 +109,19 @@ protected function accessGrants(EntityInterface $node, $operation, $langcode = L
// Check the database for potential access grants.
$query = db_select('node_access');
$query->addExpression('1');
// Only interested for granting in the current operation.
$query->condition('grant_' . $operation, 1, '>=');
$nids = db_or()->condition('nid', $node->id());
// Check for grants for this node and the correct langcode.
$nids = db_and()
->condition('nid', $node->nid)
->condition('langcode', $langcode);
// If the node is published, also take the default grant into account. The
// default is saved with a node ID of 0.
$status = $node instanceof EntityNG ? $node->status : $node->get('status', $langcode)->value;
if ($status) {
$nids->condition('nid', 0);
$nids = db_or()
->condition($nids)
->condition('nid', 0);
}
$query->condition($nids);
$query->range(0, 1);
......
<?php
/**
* @file
* Contains \Drupal\node\Tests\NodeAccessLanguageAwareCombinationTest.
*/
namespace Drupal\node\Tests;
use Drupal\Core\Language\Language;
/**
* Tests node access with multiple languages and access control modules.
*/
class NodeAccessLanguageAwareCombinationTest extends NodeTestBase {
/**
* Enable language and two node access modules.
*
* @var array
*/
public static $modules = array('language', 'node_access_test_language', 'node_access_test');
/**
* A set of nodes to use in testing.
*
* @var array
*/
protected $nodes = array();
/**
* A normal authenticated user.
*
* @var \Drupal\user\Plugin\Core\Entity\User.
*/
protected $web_user;
public static function getInfo() {
return array(
'name' => 'Node access language-aware combination',
'description' => 'Tests node access functionality with multiple languages and two node access modules.',
'group' => 'Node',
);
}
public function setUp() {
parent::setUp();
// After enabling a node access module, the access table has to be rebuild.
node_access_rebuild();
// Add Hungarian and Catalan.
$language = new Language(array(
'langcode' => 'hu',
));
language_save($language);
$language = new Language(array(
'langcode' => 'ca',
));
language_save($language);
// Create a normal authenticated user.
$this->web_user = $this->drupalCreateUser(array('access content'));
// Load the user 1 user for later use as an admin user with permission to
// see everything.
$this->admin_user = user_load(1);
// The node_access_test_language module allows individual translations of a
// node to be marked private (not viewable by normal users), and the
// node_access_test module allows whole nodes to be marked private. (In a
// real-world implementation, hook_node_access_records_alter() might be
// implemented by one or both modules to enforce that private nodes or
// translations are always private, but we want to test the default,
// additive behavior of node access).
// Create six Hungarian nodes with Catalan translations:
// 1. One public with neither language marked as private.
// 2. One private with neither language marked as private.
// 3. One public with only the Hungarian translation private.
// 4. One public with only the Catalan translation private.
// 5. One public with both the Hungarian and Catalan translations private.
// 6. One private with both the Hungarian and Catalan translations private.
$this->nodes['public_both_public'] = $node = $this->drupalCreateNode(array(
'body' => array(array()),
'langcode' => 'hu',
'field_private' => array(array('value' => 0)),
'private' => FALSE,
));
$translation = $node->getTranslation('ca');
$translation->field_private[0]->value = 0;
$node->save();
$this->nodes['private_both_public'] = $node = $this->drupalCreateNode(array(
'body' => array(array()),
'langcode' => 'hu',
'field_private' => array(array('value' => 0)),
'private' => TRUE,
));
$translation = $node->getTranslation('ca');
$translation->field_private[0]->value = 0;
$node->save();
$this->nodes['public_hu_private'] = $node = $this->drupalCreateNode(array(
'body' => array(array()),
'langcode' => 'hu',
'field_private' => array(array('value' => 1)),
'private' => FALSE,
));
$translation = $node->getTranslation('ca');
$translation->field_private[0]->value = 0;
$node->save();
$this->nodes['public_ca_private'] = $node = $this->drupalCreateNode(array(
'body' => array(array()),
'langcode' => 'hu',
'field_private' => array(array('value' => 0)),
'private' => FALSE,
));
$translation = $node->getTranslation('ca');
$translation->field_private[0]->value = 1;
$node->save();
$this->nodes['public_both_private'] = $node = $this->drupalCreateNode(array(
'body' => array(array()),
'langcode' => 'hu',
'field_private' => array(array('value' => 1)),
'private' => FALSE,
));
$translation = $node->getTranslation('ca');
$translation->field_private[0]->value = 1;
$node->save();
$this->nodes['private_both_private'] = $node = $this->drupalCreateNode(array(
'body' => array(array()),
'langcode' => 'hu',
'field_private' => array(array('value' => 1)),
'private' => TRUE,
));
$translation = $node->getTranslation('ca');
$translation->field_private[0]->value = 1;
$node->save();
$this->nodes['public_no_language_private'] = $this->drupalCreateNode(array(
'field_private' => array(array('value' => 1)),
'private' => FALSE,
));
$this->nodes['public_no_language_public'] = $this->drupalCreateNode(array(
'field_private' => array(array('value' => 0)),
'private' => FALSE,
));
$this->nodes['private_no_language_private'] = $this->drupalCreateNode(array(
'field_private' => array(array('value' => 1)),
'private' => TRUE,
));
$this->nodes['private_no_language_public'] = $this->drupalCreateNode(array(
'field_private' => array(array('value' => 1)),
'private' => TRUE,
));
}
/**
* Tests node_access() and node access queries with multiple node languages.
*/
function testNodeAccessLanguageAwareCombination() {
$expected_node_access = array('view' => TRUE, 'update' => FALSE, 'delete' => FALSE);
$expected_node_access_no_access = array('view' => FALSE, 'update' => FALSE, 'delete' => FALSE);
// When the node and both translations are public, access should only be
// denied when a translation that does not exist is requested.
$this->assertNodeAccess($expected_node_access, $this->nodes['public_both_public'], $this->web_user);
$this->assertNodeAccess($expected_node_access, $this->nodes['public_both_public'], $this->web_user, 'hu');
$this->assertNodeAccess($expected_node_access, $this->nodes['public_both_public'], $this->web_user, 'ca');
$this->assertNodeAccess($expected_node_access_no_access, $this->nodes['public_both_public'], $this->web_user, 'en');
// If the node is marked private but both existing translations are not,
// access should still be granted, because the grants are additive.
$this->assertNodeAccess($expected_node_access, $this->nodes['private_both_public'], $this->web_user);
$this->assertNodeAccess($expected_node_access, $this->nodes['private_both_public'], $this->web_user, 'hu');
$this->assertNodeAccess($expected_node_access, $this->nodes['private_both_public'], $this->web_user, 'ca');
$this->assertNodeAccess($expected_node_access_no_access, $this->nodes['private_both_public'], $this->web_user, 'en');
// If the node is marked private, but a existing translation is public,
// access should only be granted for the public translation. For a
// translation that does not exist yet (English translation), the access is
// denied. With the Hungarian translation marked as private, but the Catalan
// translation public, the access is granted.
$this->assertNodeAccess($expected_node_access_no_access, $this->nodes['public_hu_private'], $this->web_user);
$this->assertNodeAccess($expected_node_access_no_access, $this->nodes['public_hu_private'], $this->web_user, 'hu');
$this->assertNodeAccess($expected_node_access, $this->nodes['public_hu_private'], $this->web_user, 'ca');
$this->assertNodeAccess($expected_node_access_no_access, $this->nodes['public_hu_private'], $this->web_user, 'en');
// With the Catalan translation marked as private, but the node public,
// access is granted for the existing Hungarian translation, but not for the
// Catalan nor the English ones.
$this->assertNodeAccess($expected_node_access, $this->nodes['public_ca_private'], $this->web_user);
$this->assertNodeAccess($expected_node_access, $this->nodes['public_ca_private'], $this->web_user, 'hu');
$this->assertNodeAccess($expected_node_access_no_access, $this->nodes['public_ca_private'], $this->web_user, 'ca');
$this->assertNodeAccess($expected_node_access_no_access, $this->nodes['public_ca_private'], $this->web_user, 'en');
// With both translations marked as private, but the node public, access
// should be denied in all cases.
$this->assertNodeAccess($expected_node_access_no_access, $this->nodes['public_both_private'], $this->web_user);
$this->assertNodeAccess($expected_node_access_no_access, $this->nodes['public_both_private'], $this->web_user, 'hu');
$this->assertNodeAccess($expected_node_access_no_access, $this->nodes['public_both_private'], $this->web_user, 'ca');
$this->assertNodeAccess($expected_node_access_no_access, $this->nodes['public_both_private'], $this->web_user, 'en');
// If the node and both its existing translations are private, access should
// be denied in all cases.
$this->assertNodeAccess($expected_node_access_no_access, $this->nodes['private_both_private'], $this->web_user);
$this->assertNodeAccess($expected_node_access_no_access, $this->nodes['private_both_private'], $this->web_user, 'hu');
$this->assertNodeAccess($expected_node_access_no_access, $this->nodes['private_both_private'], $this->web_user, 'ca');
$this->assertNodeAccess($expected_node_access_no_access, $this->nodes['private_both_private'], $this->web_user, 'en');
// No access for all languages as the language aware node access module
// denies access.
$this->assertNodeAccess($expected_node_access_no_access, $this->nodes['public_no_language_private'], $this->web_user);
$this->assertNodeAccess($expected_node_access_no_access, $this->nodes['public_no_language_private'], $this->web_user, 'hu');
$this->assertNodeAccess($expected_node_access_no_access, $this->nodes['public_no_language_private'], $this->web_user, 'ca');
$this->assertNodeAccess($expected_node_access_no_access, $this->nodes['public_no_language_private'], $this->web_user, 'en');
// Access only for request with no language defined.
$this->assertNodeAccess($expected_node_access, $this->nodes['public_no_language_public'], $this->web_user);
$this->assertNodeAccess($expected_node_access_no_access, $this->nodes['public_no_language_public'], $this->web_user, 'hu');
$this->assertNodeAccess($expected_node_access_no_access, $this->nodes['public_no_language_public'], $this->web_user, 'ca');
$this->assertNodeAccess($expected_node_access_no_access, $this->nodes['public_no_language_public'], $this->web_user, 'en');
// No access for all languages as both node access modules deny access.
$this->assertNodeAccess($expected_node_access_no_access, $this->nodes['private_no_language_private'], $this->web_user);
$this->assertNodeAccess($expected_node_access_no_access, $this->nodes['private_no_language_private'], $this->web_user, 'hu');
$this->assertNodeAccess($expected_node_access_no_access, $this->nodes['private_no_language_private'], $this->web_user, 'ca');
$this->assertNodeAccess($expected_node_access_no_access, $this->nodes['private_no_language_private'], $this->web_user, 'en');
// No access for all languages as the non language aware node access module
// denies access.
$this->assertNodeAccess($expected_node_access_no_access, $this->nodes['private_no_language_public'], $this->web_user);
$this->assertNodeAccess($expected_node_access_no_access, $this->nodes['private_no_language_public'], $this->web_user, 'hu');
$this->assertNodeAccess($expected_node_access_no_access, $this->nodes['private_no_language_public'], $this->web_user, 'ca');
$this->assertNodeAccess($expected_node_access_no_access, $this->nodes['private_no_language_public'], $this->web_user, 'en');
// Query the node table with the node access tag in several languages.
// Query with no language specified. The fallback (hu or und) will be used.
$select = db_select('node', 'n')
->fields('n', array('nid'))
->addMetaData('account', $this->web_user)
->addTag('node_access');
$nids = $select->execute()->fetchAllAssoc('nid');
// Four nodes should be returned with public Hungarian translations or the
// no language public node.
$this->assertEqual(count($nids), 4, 'db_select() returns 4 nodes when no langcode is specified.');
$this->assertTrue(array_key_exists($this->nodes['public_both_public']->nid, $nids), 'Returned node ID is full public node.');
$this->assertTrue(array_key_exists($this->nodes['public_ca_private']->nid, $nids), 'Returned node ID is Hungarian public only node.');
$this->assertTrue(array_key_exists($this->nodes['private_both_public']->nid, $nids), 'Returned node ID is both public non-language-aware private only node.');
$this->assertTrue(array_key_exists($this->nodes['public_no_language_public']->nid, $nids), 'Returned node ID is no language public node.');
// Query with Hungarian (hu) specified.
$select = db_select('node', 'n')
->fields('n', array('nid'))
->addMetaData('account', $this->web_user)
->addMetaData('langcode', 'hu')
->addTag('node_access');
$nids = $select->execute()->fetchAllAssoc('nid');
// Three nodes should be returned (with public Hungarian translations).
$this->assertEqual(count($nids), 3, 'db_select() returns 3 nodes.');
$this->assertTrue(array_key_exists($this->nodes['public_both_public']->nid, $nids), 'Returned node ID is both public node.');
$this->assertTrue(array_key_exists($this->nodes['public_ca_private']->nid, $nids), 'Returned node ID is Hungarian public only node.');
$this->assertTrue(array_key_exists($this->nodes['private_both_public']->nid, $nids), 'Returned node ID is both public non-language-aware private only node.');
// Query with Catalan (ca) specified.
$select = db_select('node', 'n')
->fields('n', array('nid'))
->addMetaData('account', $this->web_user)
->addMetaData('langcode', 'ca')
->addTag('node_access');
$nids = $select->execute()->fetchAllAssoc('nid');
// Three nodes should be returned (with public Catalan translations).
$this->assertEqual(count($nids), 3, 'db_select() returns 3 nodes.');
$this->assertTrue(array_key_exists($this->nodes['public_both_public']->nid, $nids), 'Returned node ID is both public node.');
$this->assertTrue(array_key_exists($this->nodes['public_hu_private']->nid, $nids), 'Returned node ID is Catalan public only node.');
$this->assertTrue(array_key_exists($this->nodes['private_both_public']->nid, $nids), 'Returned node ID is both public non-language-aware private only node.');
// Query with German (de) specified.
$select = db_select('node', 'n')
->fields('n', array('nid'))
->addMetaData('account', $this->web_user)
->addMetaData('langcode', 'de')
->addTag('node_access');
$nids = $select->execute()->fetchAllAssoc('nid');
// There are no nodes with German translations, so no results are returned.
$this->assertTrue(empty($nids), 'db_select() returns an empty result.');
// Query the nodes table as admin user (full access) with the node access
// tag and no specific langcode.
$select = db_select('node', 'n')
->fields('n', array('nid'))
->addMetaData('account', $this->admin_user)
->addTag('node_access');
$nids = $select->execute()->fetchAllAssoc('nid');
// All nodes are returned.
$this->assertEqual(count($nids), 10, 'db_select() returns all nodes.');
// Query the nodes table as admin user (full access) with the node access
// tag and langcode de.
$select = db_select('node', 'n')
->fields('n', array('nid'))
->addMetaData('account', $this->admin_user)
->addMetaData('langcode', 'de')
->addTag('node_access');
$nids = $select->execute()->fetchAllAssoc('nid');
// Even though there is no German translation, all nodes are returned
// because node access filtering does not occur when the user is user 1.
$this->assertEqual(count($nids), 10, 'db_select() returns all nodes.');
}
}
<?php
/**
* @file
* Contains \Drupal\node\Tests\NodeAccessLanguageAwareTest.
*/
namespace Drupal\node\Tests;
use Drupal\Core\Language\Language;
/**
* Tests node access functionality for multiple languages.
*/
class NodeAccessLanguageAwareTest extends NodeTestBase {
/**
* Enable language and a language-aware node access module.
*
* @var array
*/
public static $modules = array('language', 'node_access_test_language');
/**
* A set of nodes to use in testing.
*
* @var array
*/
protected $nodes = array();
/**
* A normal authenticated user.
*
* @var \Drupal\user\Plugin\Core\Entity\User.
*/
protected $web_user;
public static function getInfo() {
return array(
'name' => 'Node access language-aware',
'description' => 'Test node_access and db_select() with node_access tag functionality with multiple languages with node_access_test_language which is language-aware.',
'group' => 'Node',
);
}
public function setUp() {
parent::setUp();
// After enabling a node access module, the access table has to be rebuild.
node_access_rebuild();
// Create a normal authenticated user.
$this->web_user = $this->drupalCreateUser(array('access content'));
// Load the user 1 user for later use as an admin user with permission to
// see everything.
$this->admin_user = user_load(1);
// Add Hungarian and Catalan.
$language = new Language(array(
'langcode' => 'hu',
));
language_save($language);
$language = new Language(array(
'langcode' => 'ca',
));
language_save($language);
// The node_access_test_language module allows individual translations of a
// node to be marked private (not viewable by normal users).
// Create six nodes:
// 1. Four Hungarian nodes with Catalan translations
// - One with neither language marked as private.
// - One with only the Hungarian translation private.
// - One with only the Catalan translation private.
// - One with both the Hungarian and Catalan translations private.
// 2. Two nodes with no language specified.
// - One public.
// - One private.
$this->nodes['both_public'] = $node = $this->drupalCreateNode(array(
'body' => array(array()),
'langcode' => 'hu',
'field_private' => array(array('value' => 0)),
));
$translation = $node->getTranslation('ca');
$translation->field_private[0]->value = 0;
$node->save();
$this->nodes['ca_private'] = $node = $this->drupalCreateNode(array(
'body' => array(array()),
'langcode' => 'hu',
'field_private' => array(array('value' => 0)),
));
$translation = $node->getTranslation('ca');
$translation->field_private[0]->value = 1;
$node->save();
$this->nodes['hu_private'] = $node = $this->drupalCreateNode(array(
'body' => array(array()),
'langcode' => 'hu',
'field_private' => array(array('value' => 1)),
));
$translation = $node->getTranslation('ca');
$translation->field_private[0]->value = 0;
$node->save();
$this->nodes['both_private'] = $node = $this->drupalCreateNode(array(
'body' => array(array()),
'langcode' => 'hu',
'field_private' => array(array('value' => 1)),
));
$translation = $node->getTranslation('ca');
$translation->field_private[0]->value = 1;
$node->save();
$this->nodes['no_language_public'] = $this->drupalCreateNode(array(
'field_private' => array(array('value' => 0)),
));
$this->nodes['no_language_private'] = $this->drupalCreateNode(array(
'field_private' => array(array('value' => 1)),
));
}
/**
* Tests node_access() and node access queries with multiple node languages.
*/
function testNodeAccessLanguageAware() {
// The node_access_test_language module only grants view access.
$expected_node_access = array('view' => TRUE, 'update' => FALSE, 'delete' => FALSE);
$expected_node_access_no_access = array('view' => FALSE, 'update' => FALSE, 'delete' => FALSE);
// When both Hungarian and Catalan are marked as public, access to the
// Hungarian translation should be granted when no language is specified or
// when the Hungarian translation is specified explicitly.
$this->assertNodeAccess($expected_node_access, $this->nodes['both_public'], $this->web_user);
$this->assertNodeAccess($expected_node_access, $this->nodes['both_public'], $this->web_user, 'hu');
// Access to the Catalan translation should also be granted.
$this->assertNodeAccess($expected_node_access, $this->nodes['both_public'], $this->web_user, 'ca');
// There is no English translation, so a request to access the English
// translation is denied.
$this->assertNodeAccess($expected_node_access_no_access, $this->nodes['both_public'], $this->web_user, 'en');
// When Hungarian is marked as private, access to the Hungarian translation
// should be denied when no language is specified or when the Hungarian
// translation is specified explicitly.
$this->assertNodeAccess($expected_node_access_no_access, $this->nodes['hu_private'], $this->web_user);
$this->assertNodeAccess($expected_node_access_no_access, $this->nodes['hu_private'], $this->web_user, 'hu');
// Access to the Catalan translation should be granted.
$this->assertNodeAccess($expected_node_access, $this->nodes['hu_private'], $this->web_user, 'ca');
// There is no English translation, so a request to access the English
// translation is denied.
$this->assertNodeAccess($expected_node_access_no_access, $this->nodes['hu_private'], $this->web_user, 'en');
// When Catalan is marked as private, access to the Hungarian translation
// should be granted when no language is specified or when the Hungarian
// translation is specified explicitly.
$this->assertNodeAccess($expected_node_access, $this->nodes['ca_private'], $this->web_user);
$this->assertNodeAccess($expected_node_access, $this->nodes['ca_private'], $this->web_user, 'hu');
// Access to the Catalan translation should be granted.
$this->assertNodeAccess($expected_node_access_no_access, $this->nodes['ca_private'], $this->web_user, 'ca');
// There is no English translation, so a request to access the English
// translation is denied.
$this->assertNodeAccess($expected_node_access_no_access, $this->nodes['ca_private'], $this->web_user, 'en');
// When both translations are marked as private, access should be denied
// regardless of the language specified.
$this->assertNodeAccess($expected_node_access_no_access, $this->nodes['both_private'], $this->web_user);
$this->assertNodeAccess($expected_node_access_no_access, $this->nodes['both_private'], $this->web_user, 'hu');
$this->assertNodeAccess($expected_node_access_no_access, $this->nodes['both_private'], $this->web_user, 'ca');
$this->assertNodeAccess($expected_node_access_no_access, $this->nodes['both_private'], $this->web_user, 'en');
// When no language is specified for a private node, access to every
// language is denied.
$this->assertNodeAccess($expected_node_access_no_access, $this->nodes['no_language_private'], $this->web_user);
$this->assertNodeAccess($expected_node_access_no_access, $this->nodes['no_language_private'], $this->web_user, 'hu');
$this->assertNodeAccess($expected_node_access_no_access, $this->nodes['no_language_private'], $this->web_user, 'ca');
$this->assertNodeAccess($expected_node_access_no_access, $this->nodes['no_language_private'], $this->web_user, 'en');
// When no language is specified for a public node, access should be granted
// only for the existing language (not specified), so only the request with
// no language will give access, as this request will be made with the
// langcode of the node, which is "not specified".
$this->assertNodeAccess($expected_node_access, $this->nodes['no_language_public'], $this->web_user);
$this->assertNodeAccess($expected_node_access_no_access, $this->nodes['no_language_public'], $this->web_user, 'hu');
$this->assertNodeAccess($expected_node_access_no_access, $this->nodes['no_language_public'], $this->web_user, 'ca');
$this->assertNodeAccess($expected_node_access_no_access, $this->nodes['no_language_public'], $this->web_user, 'en');
// Query the node table with the node access tag in several languages.
// Query with no language specified. The fallback (hu) will be used.
$select = db_select('node', 'n')
->fields('n', array('nid'))
->addMetaData('account', $this->web_user)
->addTag('node_access');
$nids = $select->execute()->fetchAllAssoc('nid');
// Three nodes should be returned:
// - Node with both translations public.
// - Node with only the Catalan translation marked as private.