Commit 5430ac91 authored by alexpott's avatar alexpott

Issue #2398073 by mohit_aghera, geertvd, sidharrell, Swarnendu-Dutta, piggito,...

Issue #2398073 by mohit_aghera, geertvd, sidharrell, Swarnendu-Dutta, piggito, jesperjb, larowlan, pingers, larsmw: Admin should not be able to edit email of authenticated commenters
parent 1a728480
......@@ -169,7 +169,7 @@ public function form(array $form, FormStateInterface $form_state) {
'#maxlength' => 64,
'#size' => 30,
'#description' => $this->t('The content of this field is kept private and will not be shown publicly.'),
'#access' => $is_admin || ($this->currentUser->isAnonymous() && $anonymous_contact != COMMENT_ANONYMOUS_MAYNOT_CONTACT),
'#access' => ($comment->getOwner()->isAnonymous() && $is_admin) || ($this->currentUser->isAnonymous() && $anonymous_contact != COMMENT_ANONYMOUS_MAYNOT_CONTACT),
);
$form['author']['homepage'] = array(
......
......@@ -168,4 +168,45 @@ public function testCommentAdmin() {
// Rest from here on in is field_ui.
}
/**
* Tests editing a comment as an admin.
*/
public function testEditComment() {
// Enable anonymous user comments.
user_role_grant_permissions(DRUPAL_ANONYMOUS_RID, array(
'access comments',
'post comments',
'skip comment approval',
));
// Login as a web user.
$this->drupalLogin($this->webUser);
// Post a comment.
$comment = $this->postComment($this->node, $this->randomMachineName());
$this->drupalLogout();
// Post anonymous comment.
$this->drupalLogin($this->adminUser);
$this->setCommentAnonymous('2'); // Ensure that we need email id before posting comment.
$this->drupalLogout();
// Post comment with contact info (required).
$author_name = $this->randomMachineName();
$author_mail = $this->randomMachineName() . '@example.com';
$anonymous_comment = $this->postComment($this->node, $this->randomMachineName(), $this->randomMachineName(), array('name' => $author_name, 'mail' => $author_mail));
// Login as an admin user.
$this->drupalLogin($this->adminUser);
// Make sure the comment field is not visible when
// the comment was posted by an authenticated user.
$this->drupalGet('comment/' . $comment->id() . '/edit');
$this->assertNoFieldById('edit-mail', $comment->getAuthorEmail());
// Make sure the comment field is visible when
// the comment was posted by an anonymous user.
$this->drupalGet('comment/' . $anonymous_comment->id() . '/edit');
$this->assertFieldById('edit-mail', $anonymous_comment->getAuthorEmail());
}
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment