Commit 73c2194b authored by alexpott's avatar alexpott

Issue #366950 by amontero, boombatower, brianV, univate, hefox, stpaultim,...

Issue #366950 by amontero, boombatower, brianV, univate, hefox, stpaultim, EllaTheHarpy, babruix: Fixed 'Administer Users' permission should be separate from 'Administer Account Settings'.
parent 95c2e17c
......@@ -54,7 +54,7 @@ function setUp() {
parent::setUp();
// Create an admin user.
$this->admin_user = $this->drupalCreateUser(array('administer contact forms', 'administer users'));
$this->admin_user = $this->drupalCreateUser(array('administer contact forms', 'administer users', 'administer account settings'));
// Create some normal users with their contact forms enabled by default.
\Drupal::config('contact.settings')->set('user_default_enabled', 1)->save();
......
......@@ -39,6 +39,7 @@ function testSiteWideContact() {
'access site-wide contact form',
'administer contact forms',
'administer users',
'administer account settings',
'administer contact_message fields',
));
$this->drupalLogin($admin_user);
......
......@@ -26,7 +26,7 @@ function setUp() {
parent::setUp();
// Create test user.
$admin_user = $this->drupalCreateUser(array('access content', 'administer content types', 'administer node fields', 'administer node form display', 'administer node display', 'administer taxonomy', 'administer taxonomy_term fields', 'administer taxonomy_term display', 'administer users', 'administer user display', 'bypass node access'));
$admin_user = $this->drupalCreateUser(array('access content', 'administer content types', 'administer node fields', 'administer node form display', 'administer node display', 'administer taxonomy', 'administer taxonomy_term fields', 'administer taxonomy_term display', 'administer users', 'administer account settings', 'administer user display', 'bypass node access'));
$this->drupalLogin($admin_user);
// Create content type, with underscores.
......
<?php
/**
* @file
* Definition of Drupal\system\Tests\Upgrade\UserPermissionUpgradePathTest.
*/
namespace Drupal\system\Tests\Upgrade;
use Drupal\Core\Session\UserSession;
/**
* Tests upgrading a bare database with user role data.
*
* Loads a bare installation of Drupal 7 with role data and runs the
* upgrade process on it. Tests for the upgrade of user permissions.
*/
class UserPermissionUpgradePathTest extends UpgradePathTestBase {
public static function getInfo() {
return array(
'name' => 'User permission upgrade test',
'description' => 'Upgrade tests for user permissions.',
'group' => 'Upgrade path',
);
}
public function setUp() {
$this->databaseDumpFiles = array(
drupal_get_path('module', 'system') . '/tests/upgrade/drupal-7.bare.standard_all.database.php.gz',
drupal_get_path('module', 'system') . '/tests/upgrade/drupal-7.user_permission.database.php',
);
parent::setUp();
}
/**
* Tests user-related permissions after a successful upgrade.
*/
public function testUserPermissionUpgrade() {
$this->assertTrue($this->performUpgrade(), 'The upgrade was completed successfully.');
$this->drupalGet('');
$this->assertResponse(200);
// Verify that we are still logged in.
$this->drupalGet('user');
$this->clickLink(t('Edit'));
$this->assertEqual($this->getUrl(), url('user/1/edit', array('absolute' => TRUE)), 'We are still logged in as admin at the end of the upgrade.');
// Login as another 'administrator' role user whose uid != 1
$this->drupalLogout();
$user = new UserSession(array(
'uid' => 2,
'name' => 'user1',
'pass_raw' => 'user1',
));
$this->drupalLogin($user);
// Check that user with permission 'administer users' also gets
// 'administer account settings' access.
$this->drupalGet('admin/config/people/accounts');
$this->assertResponse(200, '"Administer account settings" page was found.');
}
}
<?php
/**
* @file
* Database additions for user permissions tests. Used in
* \Drupal\system\Tests\Upgrade\UserPermissionUpgradePathTest.
*
* This dump only contains data and schema components relevant for user data
* permission upgrade tests. The drupal-7.bare.standard_all.database.php.gz
* file is imported before this dump, so the two form the database
* structure expected in tests altogether.
*/
db_insert('users_roles')->fields(array(
'uid',
'rid',
))
->values(array(
'uid' => '2',
'rid' => '3',
))
->execute();
db_insert('users')->fields(array(
'uid',
'name',
'pass',
'mail',
'theme',
'signature',
'signature_format',
'created',
'access',
'login',
'status',
'timezone',
'language',
'picture',
'init',
'data',
))
->values(array(
'uid' => '2',
'name' => 'user1',
'pass' => '$S$D9JgycE33DawX/9Iv2SfAjkQEi5alDZhxycfan6dDkUKf9lH0Nfo',
'mail' => 'user1@example.com',
'theme' => '',
'signature' => '',
'signature_format' => NULL,
'created' => '1376147347',
'access' => '0',
'login' => '0',
'status' => '1',
'timezone' => 'Europe/Berlin',
'language' => '',
'picture' => '0',
'init' => 'user1@example.com',
'data' => NULL,
))
->execute();
......@@ -120,7 +120,7 @@ function testUserAdmin() {
*/
function testNotificationEmailAddress() {
// Test that the Notification E-mail address field is on the config page.
$admin_user = $this->drupalCreateUser(array('administer users'));
$admin_user = $this->drupalCreateUser(array('administer users', 'administer account settings'));
$this->drupalLogin($admin_user);
$this->drupalGet('admin/config/people/accounts');
$this->assertRaw('id="edit-mail-notification-address"', 'Notification E-mail address field exists');
......
......@@ -25,7 +25,7 @@ public static function getInfo() {
function setUp() {
parent::setUp();
$this->admin_user = $this->drupalCreateUser(array('administer permissions', 'access user profiles', 'administer site configuration', 'administer modules', 'administer users'));
$this->admin_user = $this->drupalCreateUser(array('administer permissions', 'access user profiles', 'administer site configuration', 'administer modules', 'administer account settings'));
// Find the new role ID.
$all_rids = $this->admin_user->getRoles();
......
......@@ -1011,12 +1011,32 @@ function user_update_8016() {
db_drop_field('users', 'data');
}
/**
* Grant "administer account settings" to roles with "administer users."
*/
function user_update_8017() {
$rids = db_query("SELECT rid FROM {role_permission} WHERE permission = :perm", array(':perm' => 'administer users'))->fetchCol();
// None found.
if (empty($rids)) {
return;
}
$insert = db_insert('role_permission')->fields(array('rid', 'permission', 'module'));
foreach ($rids as $rid) {
$insert->values(array(
'rid' => $rid,
'permission' => 'administer account settings',
'module' => 'user'
));
}
$insert->execute();
}
/**
* Migrate user roles into configuration.
*
* @ingroup config_upgrade
*/
function user_update_8017() {
function user_update_8018() {
$uuid = new Uuid();
$roles = db_select('role', 'r')
......@@ -1038,7 +1058,7 @@ function user_update_8017() {
/**
* Use the maximum allowed module name length in module name database fields.
*/
function user_update_8018() {
function user_update_8019() {
if (db_field_exists('role_permission', 'module')) {
$spec = array(
'type' => 'varchar',
......@@ -1095,7 +1115,7 @@ function _user_update_map_rid($rid) {
*
* @ingroup config_upgrade
*/
function user_update_8019() {
function user_update_8020() {
$db_permissions = db_select('role_permission', 'p')
->fields('p')
->execute()
......@@ -1117,7 +1137,7 @@ function user_update_8019() {
/**
* Create the 'register' form mode.
*/
function user_update_8020() {
function user_update_8021() {
$uuid = new Uuid();
Drupal::config("entity.form_mode.user.register")
......
......@@ -466,6 +466,11 @@ function user_permission() {
'title' => t('Administer permissions'),
'restrict access' => TRUE,
),
'administer account settings' => array(
'title' => t('Administer account settings'),
'description' => t('Configure site-wide settings and behavior for <a href="@url">user accounts and registration</a>.', array('@url' => url('admin/config/people'))),
'restrict access' => TRUE,
),
'administer users' => array(
'title' => t('Administer users'),
'restrict access' => TRUE,
......
......@@ -38,7 +38,7 @@ user_account_settings:
defaults:
_form: '\Drupal\user\AccountSettingsForm'
requirements:
_permission: 'administer users'
_permission: 'administer account settings'
user_admin_create:
pattern: '/admin/people/create'
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment