Commit 28b68ad7 authored by webchick's avatar webchick

Revert "Issue #1425330 by swentel, grendzy, davereid, wojtha, c960657: Fixed...

Revert "Issue #1425330 by swentel, grendzy, davereid, wojtha, c960657: Fixed Apply Aggregator and OpenID fixes from DRUPAL-SA-CORE-2012-001."

This reverts commit c3fa160d.
parent c3fa160d
......@@ -12,8 +12,8 @@
* file is referenced, e.g., only users with access to a node should be allowed
* to download files attached to that node.
*
* @param array $file_item
* The array of information about the file to check access for.
* @param $field
* The field to which the file belongs.
* @param $entity_type
* The type of $entity; for example, 'node' or 'user'.
* @param $entity
......@@ -26,7 +26,7 @@
*
* @see hook_field_access().
*/
function hook_file_download_access($file_item, $entity_type, $entity) {
function hook_file_download_access($field, $entity_type, $entity) {
if ($entity_type == 'node') {
return node_access('view', $entity);
}
......@@ -45,8 +45,8 @@ function hook_file_download_access($file_item, $entity_type, $entity) {
* An array of grants gathered by hook_file_download_access(). The array is
* keyed by the module that defines the entity type's access control; the
* values are Boolean grant responses for each module.
* @param array $file_item
* The array of information about the file to alter access for.
* @param $field
* The field to which the file belongs.
* @param $entity_type
* The type of $entity; for example, 'node' or 'user'.
* @param $entity
......@@ -58,7 +58,7 @@ function hook_file_download_access($file_item, $entity_type, $entity) {
* module's value in addition to other grants or to overwrite the values set
* by other modules.
*/
function hook_file_download_access_alter(&$grants, $file_item, $entity_type, $entity) {
function hook_file_download_access_alter(&$grants, $field, $entity_type, $entity) {
// For our example module, we always enforce the rules set by node module.
if (isset($grants['node'])) {
$grants = array('node' => $grants['node']);
......
......@@ -164,27 +164,24 @@ function file_file_download($uri, $field_type = 'file') {
// Try to load $entity and $field.
$entity = entity_load($entity_type, array($id));
$entity = reset($entity);
$field = field_info_field($field_name);
// Load the field item that references the file.
$field_item = NULL;
$field = NULL;
if ($entity) {
// Load all field items for that entity.
// Load all fields for that entity.
$field_items = field_get_items($entity_type, $entity, $field_name);
// Find the field item with the matching URI.
foreach ($field_items as $item) {
if ($item['uri'] == $uri) {
$field_item = $item;
foreach ($field_items as $field_item) {
if ($field_item['uri'] == $uri) {
$field = field_info_field($field_name);
break;
}
}
}
// Check that $entity, $field and $field_item were loaded successfully
// and check if access to that field is not disallowed. If any of these
// checks fail, stop checking access for this reference.
if (empty($entity) || empty($field) || empty($field_item) || !field_access('view', $field, $entity_type, $entity)) {
// Check that $entity and $field were loaded successfully and check if
// access to that field is not disallowed. If any of these checks fail,
// stop checking access for this reference.
if (empty($entity) || empty($field) || !field_access('view', $field, $entity_type, $entity)) {
$denied = TRUE;
break;
}
......
......@@ -1123,7 +1123,7 @@ class FilePrivateTestCase extends FileFieldTestCase {
}
function setUp() {
parent::setUp(array('node_access_test', 'field_test'));
parent::setUp('node_access_test');
node_access_rebuild();
variable_set('node_access_test_private', TRUE);
}
......@@ -1140,10 +1140,6 @@ class FilePrivateTestCase extends FileFieldTestCase {
$field_name = strtolower($this->randomName());
$this->createFileField($field_name, $type_name, array('uri_scheme' => 'private'));
// Create a field with no view access - see field_test_field_access().
$no_access_field_name = 'field_no_view_access';
$this->createFileField($no_access_field_name, $type_name, array('uri_scheme' => 'private'));
$test_file = $this->getTestFile('text');
$nid = $this->uploadNodeFile($test_file, $field_name, $type_name, TRUE, array('private' => TRUE));
$node = node_load($nid, NULL, TRUE);
......@@ -1154,14 +1150,5 @@ class FilePrivateTestCase extends FileFieldTestCase {
$this->drupalLogOut();
$this->drupalGet(file_create_url($node_file->uri));
$this->assertResponse(403, t('Confirmed that access is denied for the file without the needed permission.'));
// Test with the field that should deny access through field access.
$this->drupalLogin($this->admin_user);
$nid = $this->uploadNodeFile($test_file, $no_access_field_name, $type_name, TRUE, array('private' => TRUE));
$node = node_load($nid, NULL, TRUE);
$node_file = (object) $node->{$no_access_field_name}[LANGUAGE_NONE][0];
// Ensure the file cannot be downloaded.
$this->drupalGet(file_create_url($node_file->uri));
$this->assertResponse(403, t('Confirmed that access is denied for the file without view field access permission.'));
}
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment