Skip to content
Snippets Groups Projects

Issue #2878513: Forbid view/edit/delete in ContactMessageAccessControlHandler

Issue #2878513: Forbid view/edit/delete in ContactMessageAccessControlHandler
issue/drupal-2878513:2878513-forbid-vieweditdelete-in into 9.3.x
3 open threads
Closed
Matthew Radclifferequested to merge
issue/drupal-2878513:2878513-forbid-vieweditdelete-in into 9.3.x
3 open threads

Merge request reports

Loading
Loading

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
core/modules/contact/tests/src/Functional/Hal/MessageHalJsonAnonTest.php
47 52 ];
48 53 }
49 54
55 /**
56 * {@inheritdoc}
57 */
58 protected function getExpectedUnauthorizedAccessMessage($method) {
59 if ($method === 'POST') {
60 return "Message entities are not stored.";
61 }
62 return parent::getExpectedUnauthorizedAccessMessage($method);
63 }
64
65 /**
66 * Overrinding from EntityResourceTestBase base class.
  • James Shields added 1 commit

    added 1 commit

    • 764e0257 - Changed 'Overriding' to 'Overrides' to satisfy CSpell.

    Compare with previous version

  • James Shields added 1 commit

    added 1 commit

    • 6f837f53 - Moved overridden methods from MessageHalJsonAnonTest class to...

    Compare with previous version

  • Lee Rowlands
    Lee Rowlands @larowlan started a thread on an old version of the diff
    • core/modules/contact/tests/src/Kernel/MessageEntityTest.php
    63 63 $admin = $this->createUser(['uid' => 4], ['administer contact forms']);
    64 64
    65 65 $this->assertFalse(\Drupal::entityTypeManager()->getAccessControlHandler('contact_message')->createAccess(NULL, $no_access_user));
    66 $this->assertTrue(\Drupal::entityTypeManager()->getAccessControlHandler('contact_message')->createAccess(NULL, $access_user));
    66 // Issue 2878513 - asserting false as always rejects requests.
  • Lee Rowlands
    Lee Rowlands @larowlan started a thread on an old version of the diff
    • core/modules/contact/tests/src/Functional/Rest/MessageResourceTestBase.php
    225
    226 $request_options[RequestOptions::BODY] = $unparseable_request_body;
    227
    228 // DX: 403 when unparseable request body.
    229 $response = $this->request('POST', $url, $request_options);
    230 $this->assertResourceErrorResponse(403, $forbiddenAccessMessage, $response);
    231
    232 $request_options[RequestOptions::HEADERS]['Content-Type'] = static::$mimeType;
    233
    234 // 403 for well-formed request. Would normally return 200 for well formed
    235 // request, but request forbidden so returns 403.
    236 $response = $this->request('POST', $url, $request_options);
    237 $this->assertResourceErrorResponse(403, $forbiddenAccessMessage, $response);
    238
    239 // Would normally check for correct response, but all responses forbidden,
    240 // so nothing more to do.
  • James Shields added 1 commit

    added 1 commit

    • 2dd36499 - Fixes to MessageTest class to expect 403.

    Compare with previous version

  • James Shields added 1 commit

    added 1 commit

    • 0d2a9bb3 - Removed issue ID from comment.

    Compare with previous version

  • James Shields added 1 commit

    added 1 commit

    • 08ca5bb8 - Removed redundant use statement.

    Compare with previous version

  • James Shields added 1 commit

    added 1 commit

    Compare with previous version

  • Jess closed

    closed

    • Please register or sign in to reply