From d0337fa72b6462e786f0d680899d56fcf63ad822 Mon Sep 17 00:00:00 2001
From: catch <catch@35733.no-reply.drupal.org>
Date: Fri, 14 Jul 2023 23:26:34 +0100
Subject: [PATCH] Issue #3374253 by TwoD, smustgrave: The renderer throws away
cache metadata from access result if it is not allowed
---
core/lib/Drupal/Core/Render/Renderer.php | 10 ++++-
core/phpstan-baseline.neon | 5 ---
.../Drupal/Tests/Core/Render/RendererTest.php | 42 ++++++++++++++++---
3 files changed, 45 insertions(+), 12 deletions(-)
diff --git a/core/lib/Drupal/Core/Render/Renderer.php b/core/lib/Drupal/Core/Render/Renderer.php
index 6d08e4d81c95..942542716bc9 100644
--- a/core/lib/Drupal/Core/Render/Renderer.php
+++ b/core/lib/Drupal/Core/Render/Renderer.php
@@ -233,6 +233,14 @@ protected function doRender(&$elements, $is_root_call = FALSE) {
if ($elements['#access'] instanceof AccessResultInterface) {
$this->addCacheableDependency($elements, $elements['#access']);
if (!$elements['#access']->isAllowed()) {
+ // Abort, but bubble new cache metadata from the access result.
+ $context = $this->getCurrentRenderContext();
+ if (!isset($context)) {
+ throw new \LogicException("Render context is empty, because render() was called outside of a renderRoot() or renderPlain() call. Use renderPlain()/renderRoot() or #lazy_builder/#pre_render instead.");
+ }
+ $context->push(new BubbleableMetadata());
+ $context->update($elements);
+ $context->bubble();
return '';
}
}
@@ -592,7 +600,7 @@ public function executeInRenderContext(RenderContext $context, callable $callabl
/**
* Returns the current render context.
*
- * @return \Drupal\Core\Render\RenderContext
+ * @return \Drupal\Core\Render\RenderContext|null
* The current render context.
*/
protected function getCurrentRenderContext() {
diff --git a/core/phpstan-baseline.neon b/core/phpstan-baseline.neon
index 5b40932acc96..b4aabda84ad4 100644
--- a/core/phpstan-baseline.neon
+++ b/core/phpstan-baseline.neon
@@ -625,11 +625,6 @@ parameters:
count: 1
path: lib/Drupal/Core/Render/MainContent/HtmlRenderer.php
- -
- message: "#^Variable \\$context in isset\\(\\) always exists and is not nullable\\.$#"
- count: 1
- path: lib/Drupal/Core/Render/Renderer.php
-
-
message: "#^Variable \\$transaction in isset\\(\\) always exists and is not nullable\\.$#"
count: 1
diff --git a/core/tests/Drupal/Tests/Core/Render/RendererTest.php b/core/tests/Drupal/Tests/Core/Render/RendererTest.php
index c94caa1a2caf..7849c2316653 100644
--- a/core/tests/Drupal/Tests/Core/Render/RendererTest.php
+++ b/core/tests/Drupal/Tests/Core/Render/RendererTest.php
@@ -791,13 +791,47 @@ public function testRenderWithThemeArguments() {
$this->assertEquals($this->renderer->renderRoot($element), $element['#foo'] . $element['#bar'], 'Passing arguments to theme functions works');
}
+ /**
+ * Provides a list of access conditions and expected cache metadata.
+ *
+ * @return array
+ */
+ public function providerRenderCache() {
+ return [
+ 'full access' => [
+ NULL,
+ [
+ 'render_cache_tag',
+ 'render_cache_tag_child:1',
+ 'render_cache_tag_child:2',
+ ],
+ ],
+ 'no child access' => [
+ AccessResult::forbidden()
+ ->addCacheTags([
+ 'render_cache_tag_child_access:1',
+ 'render_cache_tag_child_access:2',
+ ]),
+ [
+ 'render_cache_tag',
+ 'render_cache_tag_child:1',
+ 'render_cache_tag_child:2',
+ 'render_cache_tag_child_access:1',
+ 'render_cache_tag_child_access:2',
+ ],
+ ],
+ ];
+ }
+
/**
* @covers ::render
* @covers ::doRender
* @covers \Drupal\Core\Render\RenderCache::get
* @covers \Drupal\Core\Render\RenderCache::set
+ *
+ * @dataProvider providerRenderCache
*/
- public function testRenderCache() {
+ public function testRenderCache($child_access, $expected_tags) {
$this->setUpRequest();
$this->setupMemoryCache();
@@ -809,6 +843,7 @@ public function testRenderCache() {
],
'#markup' => '',
'child' => [
+ '#access' => $child_access,
'#cache' => [
'keys' => ['render_cache_test_child'],
'tags' => ['render_cache_tag_child:1', 'render_cache_tag_child:2'],
@@ -831,11 +866,6 @@ public function testRenderCache() {
// Test that cache tags are correctly collected from the render element,
// including the ones from its subchild.
- $expected_tags = [
- 'render_cache_tag',
- 'render_cache_tag_child:1',
- 'render_cache_tag_child:2',
- ];
$this->assertEquals($expected_tags, $element['#cache']['tags'], 'Cache tags were collected from the element and its subchild.');
// The cache item also has a 'rendered' cache tag.
--
GitLab