Commit 820205f1 authored by alexpott's avatar alexpott

Issue #1327224 by Berdir, ryanissamson, johnv, chris.leversuch, edb,...

Issue #1327224 by Berdir, ryanissamson, johnv, chris.leversuch, edb, nyirocsaba: Fixed Access denied to taxonomy term image.
parent bd5e0494
<?php
/**
* @file
* Contains \Drupal\taxonomy\Tests\TaxonomyImageTest.
*/
namespace Drupal\taxonomy\Tests;
/**
* Provides helper methods for taxonomy terms with image fields.
*/
class TaxonomyImageTest extends TaxonomyTestBase {
/**
* Used taxonomy vocabulary.
*
* @var \Drupal\taxonomy\VocabularyInterface
*/
protected $vocabulary;
/**
* Modules to enable.
*
* @var array
*/
public static $modules = array('image');
public static function getInfo() {
return array(
'name' => 'Taxonomy Image Test',
'description' => 'Tests access checks of private image fields',
'group' => 'Taxonomy',
);
}
public function setUp() {
parent::setUp();
// Remove access content permission from registered users.
user_role_revoke_permissions(DRUPAL_AUTHENTICATED_RID, array('access content'));
$this->vocabulary = $this->createVocabulary();
// Add a field instance to the vocabulary.
$entity_type = 'taxonomy_term';
$name = 'field_test';
entity_create('field_entity', array(
'name' => $name,
'entity_type' => $entity_type,
'type' => 'image',
'settings' => array(
'uri_scheme' => 'private',
),
))->save();
entity_create('field_instance', array(
'field_name' => $name,
'entity_type' => $entity_type,
'bundle' => $this->vocabulary->id(),
'settings' => array(),
))->save();
entity_get_display($entity_type, $this->vocabulary->id(), 'default')
->setComponent($name, array(
'type' => 'image',
'settings' => array(),
))
->save();
entity_get_form_display($entity_type, $this->vocabulary->id(), 'default')
->setComponent($name, array(
'type' => 'image_image',
'settings' => array(),
))
->save();
}
public function testTaxonomyImageAccess() {
$user = $this->drupalCreateUser(array('administer site configuration', 'administer taxonomy', 'access user profiles'));
$this->drupalLogin($user);
// Create a term and upload the image.
$files = $this->drupalGetTestFiles('image');
$image = array_pop($files);
$edit['name'] = $this->randomName();
$edit['files[field_test_0]'] = drupal_realpath($image->uri);
$this->drupalPostForm('admin/structure/taxonomy/manage/' . $this->vocabulary->id() . '/add', $edit, t('Save'));
$terms = entity_load_multiple_by_properties('taxonomy_term', array('name' => $edit['name']));
$term = reset($terms);
$this->assertText(t('Created new term @name.', array('@name' => $term->label())));
// Create a user that should have access to the file and one that doesn't.
$access_user = $this->drupalCreateUser(array('access content'));
$no_access_user = $this->drupalCreateUser();
$image = file_load($term->field_test->target_id);
$this->drupalLogin($access_user);
$this->drupalGet(file_create_url($image->getFileUri()));
$this->assertResponse(200, 'Private image on term is accessible with right permission');
$this->drupalLogin($no_access_user);
$this->drupalGet(file_create_url($image->getFileUri()));
$this->assertResponse(403, 'Private image on term not accessible without right permission');
}
}
......@@ -8,6 +8,7 @@
use Drupal\Core\Entity\DatabaseStorageController;
use Drupal\Core\Entity\EntityInterface;
use Drupal\Core\Entity\Field\FieldDefinitionInterface;
use Drupal\file\FileInterface;
use Drupal\node\Entity\Node;
use Drupal\taxonomy\Entity\Term;
use Drupal\taxonomy\Entity\Vocabulary;
......@@ -828,6 +829,15 @@ function taxonomy_term_load($tid) {
return entity_load('taxonomy_term', $tid);
}
/**
* Implements hook_file_download_access().
*/
function taxonomy_file_download_access($field, EntityInterface $entity, FileInterface $file) {
if ($entity->entityType() == 'taxonomy_term') {
return $entity->access('view');
}
}
/**
* Implodes a list of tags of a certain vocabulary into a string.
*
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment