Commit 5c2dc50b authored by catch's avatar catch

Issue #2084323 by Berdir, sandipmkhairnar, Xano, Jalandhar:...

Issue #2084323 by Berdir, sandipmkhairnar, Xano, Jalandhar: EntityForm::actions() adds 'delete' without checking access.
parent 95c69f5b
...@@ -129,6 +129,9 @@ protected function processAccessHookResults(array $access) { ...@@ -129,6 +129,9 @@ protected function processAccessHookResults(array $access) {
* could not be determined. * could not be determined.
*/ */
protected function checkAccess(EntityInterface $entity, $operation, $langcode, AccountInterface $account) { protected function checkAccess(EntityInterface $entity, $operation, $langcode, AccountInterface $account) {
if ($operation == 'delete' && $entity->isNew()) {
return FALSE;
}
if ($admin_permission = $this->entityType->getAdminPermission()) { if ($admin_permission = $this->entityType->getAdminPermission()) {
return $account->hasPermission($admin_permission); return $account->hasPermission($admin_permission);
} }
......
...@@ -168,11 +168,7 @@ public function processForm($element, $form_state, $form) { ...@@ -168,11 +168,7 @@ public function processForm($element, $form_state, $form) {
protected function actionsElement(array $form, array &$form_state) { protected function actionsElement(array $form, array &$form_state) {
$element = $this->actions($form, $form_state); $element = $this->actions($form, $form_state);
// We cannot delete an entity that has not been created yet. if (isset($element['delete'])) {
if ($this->entity->isNew()) {
unset($element['delete']);
}
elseif (isset($element['delete'])) {
// Move the delete action as last one, unless weights are explicitly // Move the delete action as last one, unless weights are explicitly
// provided. // provided.
$delete = $element['delete']; $delete = $element['delete'];
...@@ -230,6 +226,7 @@ protected function actions(array $form, array &$form_state) { ...@@ -230,6 +226,7 @@ protected function actions(array $form, array &$form_state) {
$actions['delete'] = array( $actions['delete'] = array(
'#type' => 'link', '#type' => 'link',
'#title' => $this->t('Delete'), '#title' => $this->t('Delete'),
'#access' => $this->entity->access('delete'),
'#attributes' => array( '#attributes' => array(
'class' => array('button', 'button--danger'), 'class' => array('button', 'button--danger'),
), ),
......
...@@ -44,6 +44,13 @@ public function id() { ...@@ -44,6 +44,13 @@ public function id() {
return NULL; return NULL;
} }
/**
* {@inheritdoc}
*/
public function uuid() {
return NULL;
}
/** /**
* {@inheritdoc} * {@inheritdoc}
*/ */
......
...@@ -146,7 +146,6 @@ public function form(array $form, array &$form_state) { ...@@ -146,7 +146,6 @@ public function form(array $form, array &$form_state) {
public function actions(array $form, array &$form_state) { public function actions(array $form, array &$form_state) {
$elements = parent::actions($form, $form_state); $elements = parent::actions($form, $form_state);
$elements['submit']['#value'] = t('Send message'); $elements['submit']['#value'] = t('Send message');
$elements['delete']['#access'] = FALSE;
$elements['preview'] = array( $elements['preview'] = array(
'#value' => t('Preview'), '#value' => t('Preview'),
'#validate' => array( '#validate' => array(
......
...@@ -268,7 +268,6 @@ public function submit(array $form, array &$form_state) { ...@@ -268,7 +268,6 @@ public function submit(array $form, array &$form_state) {
protected function actions(array $form, array &$form_state) { protected function actions(array $form, array &$form_state) {
$actions = parent::actions($form, $form_state); $actions = parent::actions($form, $form_state);
$actions['submit']['#value'] = t('Save configuration'); $actions['submit']['#value'] = t('Save configuration');
unset($actions['delete']);
return $actions; return $actions;
} }
......
...@@ -195,8 +195,6 @@ public function form(array $form, array &$form_state) { ...@@ -195,8 +195,6 @@ public function form(array $form, array &$form_state) {
protected function actions(array $form, array &$form_state) { protected function actions(array $form, array &$form_state) {
$element = parent::actions($form, $form_state); $element = parent::actions($form, $form_state);
$element['submit']['#button_type'] = 'primary'; $element['submit']['#button_type'] = 'primary';
$element['delete']['#access'] = $this->entity->access('delete');
return $element; return $element;
} }
......
...@@ -178,8 +178,6 @@ public function menuNameExists($value) { ...@@ -178,8 +178,6 @@ public function menuNameExists($value) {
protected function actions(array $form, array &$form_state) { protected function actions(array $form, array &$form_state) {
$actions = parent::actions($form, $form_state); $actions = parent::actions($form, $form_state);
$actions['delete']['#access'] = !$this->entity->isNew() && $this->entity->access('delete');
// Add the language configuration submit handler. This is needed because the // Add the language configuration submit handler. This is needed because the
// submit button has custom submit handlers. // submit button has custom submit handlers.
if ($this->moduleHandler->moduleExists('language')) { if ($this->moduleHandler->moduleExists('language')) {
......
...@@ -163,7 +163,6 @@ protected function actions(array $form, array &$form_state) { ...@@ -163,7 +163,6 @@ protected function actions(array $form, array &$form_state) {
$actions = parent::actions($form, $form_state); $actions = parent::actions($form, $form_state);
$actions['submit']['#value'] = t('Save content type'); $actions['submit']['#value'] = t('Save content type');
$actions['delete']['#value'] = t('Delete content type'); $actions['delete']['#value'] = t('Delete content type');
$actions['delete']['#access'] = $this->entity->access('delete');
return $actions; return $actions;
} }
......
...@@ -193,9 +193,13 @@ function testNodeTypeDeletion() { ...@@ -193,9 +193,13 @@ function testNodeTypeDeletion() {
$this->assertText(t('This action cannot be undone.'), 'The node type deletion confirmation form is available.'); $this->assertText(t('This action cannot be undone.'), 'The node type deletion confirmation form is available.');
// Test that forum node type could not be deleted while forum active. // Test that forum node type could not be deleted while forum active.
$this->container->get('module_handler')->install(array('forum')); $this->container->get('module_handler')->install(array('forum'));
$this->drupalGet('admin/structure/types/manage/forum');
$this->assertNoLink(t('Delete'));
$this->drupalGet('admin/structure/types/manage/forum/delete'); $this->drupalGet('admin/structure/types/manage/forum/delete');
$this->assertResponse(403); $this->assertResponse(403);
$this->container->get('module_handler')->uninstall(array('forum')); $this->container->get('module_handler')->uninstall(array('forum'));
$this->drupalGet('admin/structure/types/manage/forum');
$this->assertLink(t('Delete'));
$this->drupalGet('admin/structure/types/manage/forum/delete'); $this->drupalGet('admin/structure/types/manage/forum/delete');
$this->assertResponse(200); $this->assertResponse(200);
} }
......
...@@ -181,15 +181,4 @@ public function save(array $form, array &$form_state) { ...@@ -181,15 +181,4 @@ public function save(array $form, array &$form_state) {
$form_state['redirect_route']['route_name'] = 'search.settings'; $form_state['redirect_route']['route_name'] = 'search.settings';
} }
/**
* {@inheritdoc}
*/
protected function actions(array $form, array &$form_state) {
$actions = parent::actions($form, $form_state);
if ($this->entity->isDefaultSearch()) {
unset($actions['delete']);
}
return $actions;
}
} }
...@@ -47,16 +47,6 @@ public function form(array $form, array &$form_state) { ...@@ -47,16 +47,6 @@ public function form(array $form, array &$form_state) {
return $form; return $form;
} }
/**
* {@inheritdoc}
*/
protected function actions(array $form, array &$form_state) {
// Disable delete of default shortcut set.
$actions = parent::actions($form, $form_state);
$actions['delete']['#access'] = $this->entity->access('delete');
return $actions;
}
/** /**
* {@inheritdoc} * {@inheritdoc}
*/ */
......
...@@ -48,16 +48,6 @@ public function form(array $form, array &$form_state) { ...@@ -48,16 +48,6 @@ public function form(array $form, array &$form_state) {
return parent::form($form, $form_state, $entity); return parent::form($form, $form_state, $entity);
} }
/**
* {@inheritdoc}
*/
protected function actions(array $form, array &$form_state) {
$actions = parent::actions($form, $form_state);
// Disable delete of new and built-in roles.
$actions['delete']['#access'] = !$this->entity->isNew() && !in_array($this->entity->id(), array(DRUPAL_ANONYMOUS_RID, DRUPAL_AUTHENTICATED_RID));
return $actions;
}
/** /**
* {@inheritdoc} * {@inheritdoc}
*/ */
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment