Commit f067cd5a authored by alexpott's avatar alexpott

Issue #2225597 by tibbsa, larowlan, akozma: contact.module allows you to send...

Issue #2225597 by tibbsa, larowlan, akozma: contact.module allows you to send emails to users with no email address - producing an error
parent 146069d4
......@@ -7,6 +7,7 @@
use Drupal\Core\Form\FormStateInterface;
use Drupal\Core\Routing\RouteMatchInterface;
use Drupal\user\Entity\User;
/**
* Implements hook_help().
......@@ -84,6 +85,26 @@ function contact_entity_extra_field_info() {
return $fields;
}
/**
* Implements hook_menu_local_tasks_alter().
*
* Hides the 'Contact' tab on the user profile if the user does not have an
* email address configured.
*/
function contact_menu_local_tasks_alter(&$data, $route_name) {
if ($route_name == 'entity.user.canonical') {
foreach ($data['tabs'][0] as $href => $tab_data) {
if ($href == 'entity.user.contact_form') {
$link_params = $tab_data['#link']['url']->getRouteParameters();
$account = User::load($link_params['user']);
if (!$account->getEmail()) {
unset($data['tabs'][0]['entity.user.contact_form']);
}
}
}
}
}
/**
* Implements hook_mail().
*/
......
......@@ -115,8 +115,17 @@ public function contactSitePage(ContactFormInterface $contact_form = NULL) {
*
* @return array
* The personal contact form as render array as expected by drupal_render().
*
* @throws \Symfony\Component\HttpKernel\Exception\NotFoundHttpException
* Exception is thrown when user tries to access a contact form for a
* user who does not have an e-mail address configured.
*/
public function contactPersonalPage(UserInterface $user) {
// Do not continue if the user does not have an e-mail address configured.
if (!$user->getEmail()) {
throw new NotFoundHttpException();
}
// Check if flood control has been activated for sending emails.
if (!$this->currentUser()->hasPermission('administer contact forms') && !$this->currentUser()->hasPermission('administer users')) {
$this->contactFloodControl();
......
......@@ -33,7 +33,7 @@ class ContactPersonalTest extends WebTestBase {
private $adminUser;
/**
* A user with 'access user contact forms' permission.
* A user with permission to view profiles and access user contact forms.
*
* @var \Drupal\user\UserInterface
*/
......@@ -54,7 +54,7 @@ protected function setUp() {
// Create some normal users with their contact forms enabled by default.
$this->config('contact.settings')->set('user_default_enabled', TRUE)->save();
$this->webUser = $this->drupalCreateUser(array('access user contact forms'));
$this->webUser = $this->drupalCreateUser(array('access user profiles', 'access user contact forms'));
$this->contactUser = $this->drupalCreateUser();
}
......@@ -117,6 +117,23 @@ function testPersonalContactAccess() {
$this->drupalGet('user/' . $this->contactUser->id() . '/contact');
$this->assertResponse(200);
// Test that there is no access to personal contact forms for users
// without an email address configured.
$original_email = $this->contactUser->getEmail();
$this->contactUser->setEmail(FALSE)->save();
$this->drupalGet('user/' . $this->contactUser->id() . '/contact');
$this->assertResponse(404, 'Not found (404) returned when visiting a personal contact form for a user with no email address');
// Test that the 'contact tab' does not appear on the user profiles
// for users without an email address configured.
$this->drupalGet('user/' . $this->contactUser->id());
$contact_link = '/user/' . $this->contactUser->id() . '/contact';
$this->assertResponse(200);
$this->assertNoLinkByHref ($contact_link, 'The "contact" tab is hidden on profiles for users with no email address');
// Restore original email address.
$this->contactUser->setEmail($original_email)->save();
// Test denied access to the user's own contact form.
$this->drupalGet('user/' . $this->webUser->id() . '/contact');
$this->assertResponse(403);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment