Commit 98d23400 authored by webchick's avatar webchick

Issue #2216271 by larowlan, dawehner, lokapujya, mariusz.slonina, Berdir:...

Issue #2216271 by larowlan, dawehner, lokapujya, mariusz.slonina, Berdir: Regression: Shortcut links access is not checked
parent 77a6a262
......@@ -254,12 +254,15 @@ function shortcut_renderable_links($shortcut_set = NULL) {
$cache_tags = array();
foreach ($shortcut_set->getShortcuts() as $shortcut) {
$shortcut = \Drupal::entityManager()->getTranslationFromContext($shortcut);
$links[$shortcut->id()] = array(
'type' => 'link',
'title' => $shortcut->label(),
'url' => $shortcut->getUrl(),
);
$cache_tags = Cache::mergeTags($cache_tags, $shortcut->getCacheTags());
$url = $shortcut->getUrl();
if ($url->access()) {
$links[$shortcut->id()] = array(
'type' => 'link',
'title' => $shortcut->label(),
'url' => $shortcut->getUrl(),
);
$cache_tags = Cache::mergeTags($cache_tags, $shortcut->getCacheTags());
}
}
if (!empty($links)) {
......
......@@ -51,11 +51,15 @@ public function form(array $form, FormStateInterface $form_state) {
foreach ($this->entity->getShortcuts() as $shortcut) {
$id = $shortcut->id();
$url = $shortcut->getUrl();
if (!$url->access()) {
continue;
}
$form['shortcuts']['links'][$id]['#attributes']['class'][] = 'draggable';
$form['shortcuts']['links'][$id]['name'] = array(
'#type' => 'link',
'#title' => $shortcut->getTitle(),
) + $shortcut->getUrl()->toRenderArray();
) + $url->toRenderArray();
unset($form['shortcuts']['links'][$id]['name']['#access_callback']);
$form['shortcuts']['links'][$id]['#weight'] = $shortcut->getWeight();
$form['shortcuts']['links'][$id]['weight'] = array(
......@@ -77,6 +81,7 @@ public function form(array $form, FormStateInterface $form_state) {
$form['shortcuts']['links'][$id]['operations'] = array(
'#type' => 'operations',
'#links' => $links,
'#access' => $url->access(),
);
}
return $form;
......
......@@ -50,6 +50,11 @@ public function testShortcutLinkAdd() {
'router_test/test3/value',
];
$test_cases_non_access = [
'admin',
'admin/config/system/site-information',
];
// Check that each new shortcut links where it should.
foreach ($test_cases as $test_path) {
$title = $this->randomMachineName();
......@@ -62,7 +67,13 @@ public function testShortcutLinkAdd() {
$saved_set = ShortcutSet::load($set->id());
$paths = $this->getShortcutInformation($saved_set, 'link');
$this->assertTrue(in_array('user-path:' . $test_path, $paths), 'Shortcut created: ' . $test_path);
$this->assertLink($title, 0, String::format('Shortcut link %url found on the page.', ['%url' => $test_path]));
if (in_array($test_path, $test_cases_non_access)) {
$this->assertNoLink($title, String::format('Shortcut link %url not accessible on the page.', ['%url' => $test_path]));
}
else {
$this->assertLink($title, 0, String::format('Shortcut link %url found on the page.', ['%url' => $test_path]));
}
}
$saved_set = ShortcutSet::load($set->id());
// Test that saving and re-loading a shortcut preserves its values.
......@@ -249,11 +260,19 @@ public function testAccessShortcutsPermission() {
// Verify that users without the 'access shortcuts' permission can't see the
// shortcuts.
$this->drupalLogin($this->drupalCreateUser(array('access toolbar')));
$this->assertNoLink('Shortcuts', 0, 'Shortcut link not found on page.');
$this->assertNoLink('Shortcuts', 'Shortcut link not found on page.');
// Verify that users without the 'administer site configuration' permission
// can't see the cron shortcuts.
$this->drupalLogin($this->drupalCreateUser(array('access toolbar', 'access shortcuts')));
$this->assertNoLink('Shortcuts', 'Shortcut link not found on page.');
$this->assertNoLink('Cron', 'Cron shortcut link not found on page.');
// Verify that users with the 'access shortcuts' permission can see the
// shortcuts.
$this->drupalLogin($this->drupalCreateUser(array('access toolbar', 'access shortcuts')));
$this->drupalLogin($this->drupalCreateUser(array(
'access toolbar', 'access shortcuts', 'administer site configuration',
)));
$this->clickLink('Shortcuts', 0, 'Shortcut link found on page.');
$this->assertLink('Cron', 0, 'Cron shortcut link found on page.');
......@@ -264,7 +283,8 @@ public function testAccessShortcutsPermission() {
* Tests the shortcuts are correctly ordered by weight in the toolbar.
*/
public function testShortcutLinkOrder() {
$this->drupalLogin($this->drupalCreateUser(array('access toolbar', 'access shortcuts')));
// Ensure to give permissions to access the shortcuts.
$this->drupalLogin($this->drupalCreateUser(array('access toolbar', 'access shortcuts', 'access content overview', 'administer content types')));
$this->drupalGet(Url::fromRoute('<front>'));
$shortcuts = $this->cssSelect('#toolbar-item-shortcuts-tray .menu a');
$this->assertEqual((string) $shortcuts[0], 'Add content');
......
......@@ -83,7 +83,7 @@ protected function setUp() {
}
// Create users.
$this->adminUser = $this->drupalCreateUser(array('access toolbar', 'administer shortcuts', 'view the administration theme', 'create article content', 'create page content', 'access content overview', 'administer users', 'link to any page'));
$this->adminUser = $this->drupalCreateUser(array('access toolbar', 'administer shortcuts', 'view the administration theme', 'create article content', 'create page content', 'access content overview', 'administer users', 'link to any page', 'edit any article content'));
$this->shortcutUser = $this->drupalCreateUser(array('customize shortcut links', 'switch shortcut sets', 'access shortcuts', 'access content'));
// Create a node.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment