diff --git a/core/modules/user/src/AccountForm.php b/core/modules/user/src/AccountForm.php index bd8427ecc8546e77d9aa23b4b4dc4eb2cc5b1193..772f1912eeb129f11fde8a065c9155bd95cf35f9 100644 --- a/core/modules/user/src/AccountForm.php +++ b/core/modules/user/src/AccountForm.php @@ -188,20 +188,23 @@ public function form(array $form, FormStateInterface $form_state) { } } - if (!$self_register) { - $status = $account->get('status')->value; - } - else { - $status = $config->get('register') == UserInterface::REGISTER_VISITORS ? 1 : 0; - } + // Hides field to avoid self-blocking when user editing its own profile + if ($user->id() !== $account->id()) { + if (!$self_register) { + $status = $account->get('status')->value; + } + else { + $status = $config->get('register') == UserInterface::REGISTER_VISITORS ? 1 : 0; + } - $form['account']['status'] = [ - '#type' => 'radios', - '#title' => $this->t('Status'), - '#default_value' => $status, - '#options' => [$this->t('Blocked'), $this->t('Active')], - '#access' => $account->status->access('edit'), - ]; + $form['account']['status'] = [ + '#type' => 'radios', + '#title' => $this->t('Status'), + '#default_value' => $status, + '#options' => [$this->t('Blocked'), $this->t('Active')], + '#access' => $account->status->access('edit'), + ]; + } $roles = Role::loadMultiple(); unset($roles[RoleInterface::ANONYMOUS_ID]); diff --git a/core/modules/user/tests/src/Functional/UserEditTest.php b/core/modules/user/tests/src/Functional/UserEditTest.php index 295bc01f26e9ca3a6cdede1cebabdce5f2b789c1..0d06ac17551a03b9cbe2f162a104dbc3c5f9242b 100644 --- a/core/modules/user/tests/src/Functional/UserEditTest.php +++ b/core/modules/user/tests/src/Functional/UserEditTest.php @@ -259,4 +259,23 @@ public function testUserMailFieldAccess(): void { $this->assertFalse($this->getSession()->getPage()->hasField('mail')); } + /** + * Tests that a user is not able to self-block when editing its own profile. + */ + public function testAdminSelfBlocking(): void { + $admin = $this->drupalCreateUser(['administer users']); + $user = $this->drupalCreateUser(); + + $this->drupalLogin($admin); + $this->drupalGet("user/" . $admin->id() . "/edit"); + // The status field must not be rendered when the user is editing itself. + // Therefore, radio buttons must not be present in order to prevent self-blocking. + $this->assertSession()->fieldNotExists("edit-status-0"); + + // Status field must be rendered only when editing other users, radio buttons must be present + $this->drupalGet("user/" . $user->id() . "/edit"); + $this->assertTrue($this->getSession()->getPage()->hasField('edit-status-0')); + $this->assertTrue($this->getSession()->getPage()->hasField('edit-status-1')); + } + }