From 8ddea884f97975c9349f1a57f7ec26f674491a34 Mon Sep 17 00:00:00 2001
From: Pierre Rudloff <47351-prudloff@users.noreply.drupalcode.org>
Date: Tue, 28 Jan 2025 14:51:04 +0000
Subject: [PATCH 1/3] Edit update.services.yml
---
core/modules/update/update.services.yml | 2 ++
1 file changed, 2 insertions(+)
diff --git a/core/modules/update/update.services.yml b/core/modules/update/update.services.yml
index 53e45b11a95c..4d5e87e877cc 100644
--- a/core/modules/update/update.services.yml
+++ b/core/modules/update/update.services.yml
@@ -25,3 +25,5 @@ services:
update.route_subscriber:
class: Drupal\update\Routing\UpdateRouteSubscriber
arguments: ['@settings']
+ tags:
+ - { name: event_subscriber }
--
GitLab
From 7c6b0fad0c81d8a5394097fc6a09aeecde272951 Mon Sep 17 00:00:00 2001
From: Benji Fisher <benji@FisherFam.org>
Date: Mon, 3 Feb 2025 01:21:49 -0500
Subject: [PATCH 2/3] Add a test - but it does not work, yet
---
.../UpdateAuthorizeOperationsTest.php | 77 +++++++++++++++++++
1 file changed, 77 insertions(+)
create mode 100644 core/modules/update/tests/src/Functional/UpdateAuthorizeOperationsTest.php
diff --git a/core/modules/update/tests/src/Functional/UpdateAuthorizeOperationsTest.php b/core/modules/update/tests/src/Functional/UpdateAuthorizeOperationsTest.php
new file mode 100644
index 000000000000..6ce64dab451b
--- /dev/null
+++ b/core/modules/update/tests/src/Functional/UpdateAuthorizeOperationsTest.php
@@ -0,0 +1,77 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Drupal\Tests\update\Functional;
+
+use Drupal\Core\Site\Settings;
+use Drupal\Tests\BrowserTestBase;
+
+/**
+ * Tests allow_authorize_operations in settings.php.
+ *
+ * @group update
+ */
+class UpdateAuthorizeOperationsTest extends BrowserTestBase {
+
+ /**
+ * {@inheritdoc}
+ */
+ protected static $modules = ['update'];
+
+ /**
+ * {@inheritdoc}
+ */
+ protected $defaultTheme = 'stark';
+
+ /**
+ * Paths affected by the allow_authorize_operations setting.
+ *
+ * @var string[]
+ */
+ protected static $protectedPaths = [
+ '/admin/reports/updates/install',
+ '/admin/reports/updates/update',
+ '/admin/modules/install',
+ '/admin/modules/update',
+ '/admin/theme/install',
+ '/admin/appearance/update',
+ '/admin/update/ready',
+ ];
+
+ /**
+ * Test that access to protected routes is controlled by the setting.
+ */
+ public function testProtectedRoutes(): void {
+ $account = $this->createUser(['administer software updates']);
+ $admin_account = $this->createUser([], NULL, TRUE);
+
+ // By default, the test user can access all the protected paths.
+ $this->drupalLogin($account);
+ foreach (static::$protectedPaths as $path) {
+ $this->drupalGet($path);
+ $this->assertSession()->statusCodeEquals(200);
+ }
+
+ // If the setting is false, not even an admin user can access these paths.
+ $settings = Settings::getAll();
+ $settings['allow_authorize_operations'] = FALSE;
+ new Settings($settings);
+ $this->drupalLogin($admin_account);
+ foreach (static::$protectedPaths as $path) {
+ $this->drupalGet($path);
+ $this->assertSession()->statusCodeEquals(403);
+ }
+
+ // If the setting is true, the test user can access all the protected paths.
+ $settings = Settings::getAll();
+ $settings['allow_authorize_operations'] = TRUE;
+ new Settings($settings);
+ $this->drupalLogin($account);
+ foreach (static::$protectedPaths as $path) {
+ $this->drupalGet($path);
+ $this->assertSession()->statusCodeEquals(200);
+ }
+ }
+
+}
--
GitLab
From f5aca3a0e12556f75196cbdb67239e6a60b896c6 Mon Sep 17 00:00:00 2001
From: Benji Fisher <benji@FisherFam.org>
Date: Wed, 5 Feb 2025 22:57:43 -0500
Subject: [PATCH 3/3] Revert "Add a test - but it does not work, yet"
This reverts commit 7c6b0fad0c81d8a5394097fc6a09aeecde272951.
---
.../UpdateAuthorizeOperationsTest.php | 77 -------------------
1 file changed, 77 deletions(-)
delete mode 100644 core/modules/update/tests/src/Functional/UpdateAuthorizeOperationsTest.php
diff --git a/core/modules/update/tests/src/Functional/UpdateAuthorizeOperationsTest.php b/core/modules/update/tests/src/Functional/UpdateAuthorizeOperationsTest.php
deleted file mode 100644
index 6ce64dab451b..000000000000
--- a/core/modules/update/tests/src/Functional/UpdateAuthorizeOperationsTest.php
+++ /dev/null
@@ -1,77 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-namespace Drupal\Tests\update\Functional;
-
-use Drupal\Core\Site\Settings;
-use Drupal\Tests\BrowserTestBase;
-
-/**
- * Tests allow_authorize_operations in settings.php.
- *
- * @group update
- */
-class UpdateAuthorizeOperationsTest extends BrowserTestBase {
-
- /**
- * {@inheritdoc}
- */
- protected static $modules = ['update'];
-
- /**
- * {@inheritdoc}
- */
- protected $defaultTheme = 'stark';
-
- /**
- * Paths affected by the allow_authorize_operations setting.
- *
- * @var string[]
- */
- protected static $protectedPaths = [
- '/admin/reports/updates/install',
- '/admin/reports/updates/update',
- '/admin/modules/install',
- '/admin/modules/update',
- '/admin/theme/install',
- '/admin/appearance/update',
- '/admin/update/ready',
- ];
-
- /**
- * Test that access to protected routes is controlled by the setting.
- */
- public function testProtectedRoutes(): void {
- $account = $this->createUser(['administer software updates']);
- $admin_account = $this->createUser([], NULL, TRUE);
-
- // By default, the test user can access all the protected paths.
- $this->drupalLogin($account);
- foreach (static::$protectedPaths as $path) {
- $this->drupalGet($path);
- $this->assertSession()->statusCodeEquals(200);
- }
-
- // If the setting is false, not even an admin user can access these paths.
- $settings = Settings::getAll();
- $settings['allow_authorize_operations'] = FALSE;
- new Settings($settings);
- $this->drupalLogin($admin_account);
- foreach (static::$protectedPaths as $path) {
- $this->drupalGet($path);
- $this->assertSession()->statusCodeEquals(403);
- }
-
- // If the setting is true, the test user can access all the protected paths.
- $settings = Settings::getAll();
- $settings['allow_authorize_operations'] = TRUE;
- new Settings($settings);
- $this->drupalLogin($account);
- foreach (static::$protectedPaths as $path) {
- $this->drupalGet($path);
- $this->assertSession()->statusCodeEquals(200);
- }
- }
-
-}
--
GitLab