Commit bb03b611 authored by alexpott's avatar alexpott

Issue #1541094 by c31ck, Antti J. Salminen | TravisCarden: Added 'access shortcuts' permission.

parent dbedb420
......@@ -38,7 +38,7 @@ function shortcut_help($route_name, Request $request) {
case 'shortcut.set_add':
case 'shortcut.set_edit':
$user = \Drupal::currentUser();
if ($user->hasPermission('switch shortcut sets')) {
if ($user->hasPermission('access shortcuts') && $user->hasPermission('switch shortcut sets')) {
$output = '<p>' . t('Define which shortcut set you are using on the <a href="@shortcut-link">Shortcuts tab</a> of your account page.', array('@shortcut-link' => url("user/{$user->id()}/shortcuts"))) . '</p>';
return $output;
}
......@@ -61,6 +61,9 @@ function shortcut_permission() {
'title' => t('Select any shortcut set'),
'description' => t('From all shortcut sets, select one to be own active set. Without this permission, an administrator selects shortcut sets for users.'),
),
'access shortcuts' => array(
'title' => t('Use shortcuts'),
),
);
}
......@@ -77,11 +80,17 @@ function shortcut_permission() {
*/
function shortcut_set_edit_access(ShortcutSetInterface $shortcut_set = NULL) {
$account = \Drupal::currentUser();
// Sufficiently-privileged users can edit their currently displayed shortcut
// set, but not other sets. Shortcut administrators can edit any set.
// Shortcut administrators can edit any set.
if ($account->hasPermission('administer shortcuts')) {
return TRUE;
}
// Access to shortcuts is required for non-administrators.
if (!$account->hasPermission('access shortcuts')) {
return FALSE;
}
// Sufficiently-privileged users can edit their currently displayed shortcut
// set, but not other sets.
if ($account->hasPermission('customize shortcut links')) {
return !isset($shortcut_set) || $shortcut_set == shortcut_current_displayed_set();
}
......@@ -108,6 +117,11 @@ function shortcut_set_switch_access($account = NULL) {
return TRUE;
}
if (!$user->hasPermission('access shortcuts')) {
// The user has no permission to use shortcuts.
return FALSE;
}
if (!$user->hasPermission('switch shortcut sets')) {
// The user has no permission to switch anyone's shortcut set.
return FALSE;
......@@ -397,43 +411,47 @@ function shortcut_preprocess_page(&$variables) {
* Implements hook_toolbar().
*/
function shortcut_toolbar() {
$user = \Drupal::currentUser();
$items = array();
$links = shortcut_renderable_links();
$shortcut_set = shortcut_current_displayed_set();
$configure_link = NULL;
if (shortcut_set_edit_access($shortcut_set)) {
$configure_link = array(
'#type' => 'link',
'#title' => t('Edit shortcuts'),
'#route_name' => 'shortcut.set_customize',
'#route_parameters' => array('shortcut_set' => $shortcut_set->id()),
'#options' => array('attributes' => array('class' => array('edit-shortcuts'))),
);
}
if (!empty($links) || !empty($configure_link)) {
$items['shortcuts'] = array(
'#type' => 'toolbar_item',
'tab' => array(
if ($user->hasPermission('access shortcuts')) {
$links = shortcut_renderable_links();
$shortcut_set = shortcut_current_displayed_set();
$configure_link = NULL;
if (shortcut_set_edit_access($shortcut_set)) {
$configure_link = array(
'#type' => 'link',
'#title' => t('Shortcuts'),
'#href' => 'admin/config/user-interface/shortcut',
'#attributes' => array(
'title' => t('Shortcuts'),
'class' => array('toolbar-icon', 'toolbar-icon-shortcut'),
'#title' => t('Edit shortcuts'),
'#route_name' => 'shortcut.set_customize',
'#route_parameters' => array('shortcut_set' => $shortcut_set->id()),
'#options' => array('attributes' => array('class' => array('edit-shortcuts'))),
);
}
if (!empty($links) || !empty($configure_link)) {
$items['shortcuts'] = array(
'#type' => 'toolbar_item',
'tab' => array(
'#type' => 'link',
'#title' => t('Shortcuts'),
'#href' => 'admin/config/user-interface/shortcut',
'#attributes' => array(
'title' => t('Shortcuts'),
'class' => array('toolbar-icon', 'toolbar-icon-shortcut'),
),
),
),
'tray' => array(
'#heading' => t('User-defined shortcuts'),
'shortcuts' => $links,
'configure' => $configure_link,
),
'#weight' => -10,
'#attached' => array(
'library' => array(
'shortcut/drupal.shortcut',
'tray' => array(
'#heading' => t('User-defined shortcuts'),
'shortcuts' => $links,
'configure' => $configure_link,
),
),
);
'#weight' => -10,
'#attached' => array(
'library' => array(
'shortcut/drupal.shortcut',
),
),
);
}
}
return $items;
......
......@@ -33,6 +33,11 @@ public function access(UserInterface $user, AccountInterface $account) {
return static::ALLOW;
}
if (!$account->hasPermission('access shortcuts')) {
// The user has no permission to use shortcuts.
return static::DENY;
}
if (!$account->hasPermission('switch shortcut sets')) {
// The user has no permission to switch anyone's shortcut set.
return static::DENY;
......
......@@ -25,6 +25,9 @@ protected function checkAccess(EntityInterface $entity, $operation, $langcode, A
if ($account->hasPermission('administer shortcuts')) {
return TRUE;
}
if (!$account->hasPermission('access shortcuts')) {
return FALSE;
}
if ($account->hasPermission('customize shortcut links')) {
return $entity == shortcut_current_displayed_set($account);
}
......@@ -44,7 +47,15 @@ protected function checkAccess(EntityInterface $entity, $operation, $langcode, A
* {@inheritdoc}
*/
protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) {
return $account->hasPermission('administer shortcuts') || $account->hasPermission('customize shortcut links');
if ($account->hasPermission('administer shortcuts')) {
return TRUE;
}
if (!$account->hasPermission('access shortcuts')) {
return FALSE;
}
if ($account->hasPermission('customize shortcut links')) {
return TRUE;
}
}
}
......@@ -37,6 +37,7 @@ public function setUp() {
// can verify the cache tags of cached versions of shortcuts.
$user_role = entity_load('user_role', DRUPAL_ANONYMOUS_RID);
$user_role->grantPermission('customize shortcut links');
$user_role->grantPermission('access shortcuts');
$user_role->save();
}
......
......@@ -215,4 +215,62 @@ public function testNoShortcutLink() {
$this->assertTrue(!empty($result), 'Add to shortcuts link was shown on a page the user does have access to.');
}
/**
* Tests that the 'access shortcuts' permissions works properly.
*/
public function testAccessShortcutsPermission() {
// Change to a theme that displays shortcuts.
\Drupal::service('theme_handler')->enable(array('seven'));
\Drupal::config('system.theme')
->set('default', 'seven')
->save();
// Add cron to the default shortcut set.
$this->drupalLogin($this->root_user);
$this->drupalGet('admin/config/system/cron');
$this->clickLink('Add to Default shortcuts');
// Verify that users without the 'access shortcuts' permission can't see the
// shortcuts.
$this->drupalLogin($this->drupalCreateUser(array('access toolbar')));
$this->assertNoLink('Shortcuts', 0, 'Shortcut link not found on page.');
// Verify that users with the 'access shortcuts' permission can see the
// shortcuts.
$this->drupalLogin($this->drupalCreateUser(array('access toolbar', 'access shortcuts')));
$this->clickLink('Shortcuts', 0, 'Shortcut link found on page.');
$this->assertLink('Cron', 0, 'Cron shortcut link found on page.');
$this->verifyAccessShortcutsPermissionForEditPages();
}
/**
* Tests that the 'access shortcuts' permission is required for shortcut set
* administration page access.
*/
private function verifyAccessShortcutsPermissionForEditPages() {
// Create a user with customize links and switch sets permissions but
// without the 'access shortcuts' permission.
$test_permissions = array(
'customize shortcut links',
'switch shortcut sets',
);
$noaccess_user = $this->drupalCreateUser($test_permissions);
$this->drupalLogin($noaccess_user);
// Verify that set administration pages are inaccessible without the
// 'access shortcuts' permission.
$edit_paths = array(
'admin/config/user-interface/shortcut/manage/default/customize',
'admin/config/user-interface/shortcut/manage/default',
'user/' . $noaccess_user->id() . '/shortcuts',
);
foreach ($edit_paths as $path) {
$this->drupalGet($path);
$message = format_string('Access is denied on %s', array('%s' => $path));
$this->assertResponse(403, $message);
}
}
}
......@@ -51,6 +51,9 @@ function standard_install() {
user_role_grant_permissions(DRUPAL_ANONYMOUS_RID, array('access site-wide contact form'));
user_role_grant_permissions(DRUPAL_AUTHENTICATED_RID, array('access site-wide contact form'));
// Allow authenticated users to use shortcuts.
user_role_grant_permissions(DRUPAL_AUTHENTICATED_RID, array('access shortcuts'));
// Populate the default shortcut set.
$shortcut = entity_create('shortcut', array(
'shortcut_set' => 'default',
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment