Commit 0d3c9679 authored by catch's avatar catch

Issue #1204658 by kbasarab, Berdir, tim.plunkett, webchick: Always use query...

Issue #1204658 by kbasarab, Berdir, tim.plunkett, webchick: Always use query metadata to specify the node access base table.
parent 5e768561
......@@ -22,10 +22,6 @@ class ForumNodeAccessTest extends WebTestBase {
*/
public static $modules = array('node', 'comment', 'forum', 'taxonomy', 'tracker', 'node_access_test', 'block');
protected $access_user;
protected $admin_user;
protected $no_access_user;
public static function getInfo() {
return array(
'name' => 'Forum private node access test',
......
......@@ -2793,9 +2793,11 @@ function node_query_node_access_alter(AlterableInterface $query) {
// more than once in the query, and could be aliased. Join each one to
// the node_access table.
$grants = node_access_grants($op, $account);
$base_table_found = FALSE;
foreach ($tables as $nalias => $tableinfo) {
$table = $tableinfo['table'];
if (!($table instanceof SelectInterface) && $table == $base_table) {
$base_table_found = TRUE;
// Set the subquery.
$subquery = db_select('node_access', 'na')
->fields('na', array('nid'));
......@@ -2838,6 +2840,12 @@ function node_query_node_access_alter(AlterableInterface $query) {
$query->exists($subquery);
}
}
// If we reached this point and did not find the defined base table, throw
// an exception.
if (!$base_table_found) {
throw new Exception(t('Query tagged for node access but the defined base_table @base_table was not found', array('@base_table' => $base_table)));
}
}
/**
......
......@@ -21,9 +21,6 @@ class TrackerNodeAccessTest extends WebTestBase {
*/
public static $modules = array('node', 'comment', 'tracker', 'node_access_test');
protected $access_user;
protected $no_access_user;
public static function getInfo() {
return array(
'name' => 'Tracker Node Access Tests',
......@@ -43,32 +40,38 @@ public function setUp() {
*/
function testTrackerNodeAccess() {
// Create user with node test view permission.
$access_user = $this->drupalCreateUser(array('node test view'));
$access_user = $this->drupalCreateUser(array('node test view', 'access user profiles'));
// Create user without node test view permission.
$no_access_user = $this->drupalCreateuser();
$no_access_user = $this->drupalCreateuser(array('access user profiles'));
$this->drupalLogin($access_user);
// Create some nodes.
$private_node = $this->drupalCreateNode(array(
'title' => t('Private node test'),
'private'=> TRUE,
'private' => TRUE,
));
$public_node = $this->drupalCreateNode(array(
'title' => t('Public node test'),
'private'=>FALSE,
'private' => FALSE,
));
// User with access should see both nodes created.
$this->drupalGet('tracker');
$this->assertText($private_node->title, 'Private node is visible to user with private access.');
$this->assertText($public_node->title, 'Public node is visible to user with private access.');
$this->drupalGet('user/' . $access_user->uid . '/track');
$this->assertText($private_node->title, 'Private node is visible to user with private access.');
$this->assertText($public_node->title, 'Public node is visible to user with private access.');
// User without access should not see private node.
$this->drupalLogin($no_access_user);
$this->drupalGet('tracker');
$this->assertNoText($private_node->title, 'Private node is not visible to user without private access.');
$this->assertText($public_node->title, 'Public node is visible to user without private access.');
$this->drupalGet('user/' . $access_user->uid . '/track');
$this->assertNoText($private_node->title, 'Private node is not visible to user without private access.');
$this->assertText($public_node->title, 'Public node is visible to user without private access.');
}
}
......@@ -20,8 +20,9 @@
function tracker_page($account = NULL, $set_title = FALSE) {
if ($account) {
$query = db_select('tracker_user', 't')
->extend('Drupal\Core\Database\Query\PagerSelectExtender');
$query->condition('t.uid', $account->uid);
->extend('Drupal\Core\Database\Query\PagerSelectExtender')
->addMetaData('base_table', 'tracker_user')
->condition('t.uid', $account->uid);
if ($set_title) {
// When viewed from user/%user/track, display the name of the user
......@@ -32,14 +33,14 @@ function tracker_page($account = NULL, $set_title = FALSE) {
}
else {
$query = db_select('tracker_node', 't', array('target' => 'slave'))
->extend('Drupal\Core\Database\Query\PagerSelectExtender');
->extend('Drupal\Core\Database\Query\PagerSelectExtender')
->addMetaData('base_table', 'tracker_node');
}
// This array acts as a placeholder for the data selected later
// while keeping the correct order.
$tracker_data = $query
->addTag('node_access')
->addMetaData('base_table', 'tracker_node')
->fields('t', array('nid', 'changed'))
->condition('t.published', 1)
->orderBy('t.changed', 'DESC')
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment