Comment admins cannot reply to unpublished comments (despite link)
Closes #221761
- Added provisioning for the comment administrator to allow comment
- comment reply remains unpublished.
- Added test case.
Edited by Mohit Aghera
Merge request reports
Activity
added 2221 commits
-
821a892a...b64011be - 2220 commits from branch
project:10.1.x
- 6a780825 - Merge branch '10.1.x' into 221761-comment-admins-cannot
-
821a892a...b64011be - 2220 commits from branch
added 1 commit
- 398baadf - Further test case additions from previous patches.
added 2520 commits
-
398baadf...14c0a239 - 2516 commits from branch
project:11.x
- 49544951 - Update the patch with related permissions.
- c4078933 - Add new test cases to validate that reply remains unpublished.
- 65f0b848 - Fixing test cases.
- b92c4e0f - Further test case additions from previous patches.
Toggle commit list-
398baadf...14c0a239 - 2516 commits from branch
124 118 $assert->statusCodeEquals(200); 125 119 } 126 120 121 /** 122 * Tests admins can access reply form for unpublished comments. 123 */ 124 public function testUnpublishedCommentReplyForCommentAdministrators() { changed this line in version 9 of the diff
295 295 296 296 // Load the parent comment. 297 297 $comment = $this->entityTypeManager()->getStorage('comment')->load($pid); 298 // Check if the parent comment is published and belongs to the entity. 299 $access = $access->andIf(AccessResult::allowedIf($comment && $comment->isPublished() && $comment->getCommentedEntityId() == $entity->id())); 298 // Check if the parent comment is published or user can administer 299 // comments, and parent comment belongs to the entity. - Comment on lines +298 to +299
298 // Check if the parent comment is published or user can administer 299 // comments, and parent comment belongs to the entity. 298 // Access is allowed if: 299 // - The parent comment is published or the user can administer comments. 300 // - The parent comment belongs to the entity.
295 295 296 296 // Load the parent comment. 297 297 $comment = $this->entityTypeManager()->getStorage('comment')->load($pid); 298 // Check if the parent comment is published and belongs to the entity. 299 $access = $access->andIf(AccessResult::allowedIf($comment && $comment->isPublished() && $comment->getCommentedEntityId() == $entity->id())); 298 // Check if the parent comment is published or user can administer 299 // comments, and parent comment belongs to the entity. 300 $access = $access->andIf(AccessResult::allowedIf($comment && 301 ($comment->isPublished() || $account->hasPermission('administer comments')) && 302 $comment->getCommentedEntityId() == $entity->id())); 60 53 'post comments', 61 54 'access comments', 62 55 'access content', 56 'administer comments', Generally, we should add a new test class rather than altering the permissions of an existing test so broadly. Adding a permission like this to an existing test can create false passes for other functionality. We should either create a different test class or use a different user for the new test method. I'd suggest the former.
124 118 $assert->statusCodeEquals(200); 125 119 } 126 120 121 /** 122 * Tests admins can access reply form for unpublished comments. 123 */ 124 public function testUnpublishedCommentReplyForCommentAdministrators(): void { 125 $assert = $this->assertSession(); 126 127 // Publish the node. 128 $this->unpublishedNode->setPublished()->save(); 129 $node_id = $this->unpublishedNode->id(); 130 131 // Create a comment on an published node. 124 118 $assert->statusCodeEquals(200); 125 119 } 126 120 121 /** 122 * Tests admins can access reply form for unpublished comments. 149 // Replying to an unpublished node as a user who has "administer comment" 150 // permissions. 151 $this->drupalGet($comment_url); 152 $assert->statusCodeEquals(200); 153 154 // Submit the comment and ensure that comment reply remains unpublished. 155 $edit = [ 156 'subject[0][value]' => 'Comment reply subject', 157 'comment_body[0][value]' => 'Comment body', 158 ]; 159 $this->submitForm($edit, 'Save'); 160 $reply_cid = $this->getUnapprovedComment('Comment reply subject'); 161 $reply = Comment::load($reply_cid); 162 $this->assertEquals(0, $reply->isPublished()); 163 164 // Logout and visit as an anonymous user. 173 173 $reply_loaded->save(); 174 174 $this->drupalGet('comment/reply/node/' . $this->node->id() . '/comment/' . $reply_loaded->id()); 175 175 $this->assertSession()->statusCodeEquals(403); 176 $this->assertSession()->pageTextContains(t('You are not authorized to access this page.'), 'Replying to an unpublished comment is not possible with insufficient permissions.'); Two things:
- We avoid using
t()
or any variant thereof in tests unless it's the translation system being tested. - Using assertion messages is no longer considered a best practice. If the message adds necessary information to the test, it should be converted to an inline comment.
176 $this->assertSession()->pageTextContains(t('You are not authorized to access this page.'), 'Replying to an unpublished comment is not possible with insufficient permissions.'); 176 177 // Replying to an unpublished comment is not possible with insufficient permissions. 178 $this->assertSession()->pageTextContains('You are not authorized to access this page.'); Edited by Jess- We avoid using
173 173 $reply_loaded->save(); 174 174 $this->drupalGet('comment/reply/node/' . $this->node->id() . '/comment/' . $reply_loaded->id()); 175 175 $this->assertSession()->statusCodeEquals(403); 176 $this->assertSession()->pageTextContains(t('You are not authorized to access this page.'), 'Replying to an unpublished comment is not possible with insufficient permissions.'); 177 // Attempt to reply to an unpublished comment as an administrator. 173 173 $reply_loaded->save(); 174 174 $this->drupalGet('comment/reply/node/' . $this->node->id() . '/comment/' . $reply_loaded->id()); 175 175 $this->assertSession()->statusCodeEquals(403); 176 $this->assertSession()->pageTextContains(t('You are not authorized to access this page.'), 'Replying to an unpublished comment is not possible with insufficient permissions.'); 177 // Attempt to reply to an unpublished comment as an administrator. 178 $this->drupalLogin($this->adminUser); 179 $this->drupalGet('comment/reply/node/' . $this->node->id() . '/comment/' . $reply_loaded->id()); 180 $this->assertSession()->statusCodeEquals(200); 181 $reply = $this->postComment(NULL, $this->randomMachineName(), $this->randomMachineName(), TRUE); 182 $this->assertTrue($this->commentExists($reply, TRUE), 'An administration user was able to comment to an unpublished comment.');
Please register or sign in to reply