Skip to content
Snippets Groups Projects
Verified Commit bed3a77a authored by Alex Pott's avatar Alex Pott
Browse files

Issue #3419548 by amateescu, smustgrave, malcomio: Workspace switcher block does not check access

parent 519dc8de
No related branches found
No related tags found
27 merge requests!11131[10.4.x-only-DO-NOT-MERGE]: Issue ##2842525 Ajax attached to Views exposed filter form does not trigger callbacks,!9470[10.3.x-only-DO-NOT-MERGE]: #3331771 Fix file_get_contents(): Passing null to parameter,!8540Issue #3457061: Bootstrap Modal dialog Not closing after 10.3.0 Update,!8528Issue #3456871 by Tim Bozeman: Support NULL services,!8373Issue #3427374 by danflanagan8, Vighneshh: taxonomy_tid ViewsArgumentDefault...,!7526Expose roles in response,!7352Draft: Resolve #3203489 "Set filename as",!3878Removed unused condition head title for views,!3818Issue #2140179: $entity->original gets stale between updates,!3742Issue #3328429: Create item list field formatter for displaying ordered and unordered lists,!3731Claro: role=button on status report items,!3651Issue #3347736: Create new SDC component for Olivero (header-search),!3531Issue #3336994: StringFormatter always displays links to entity even if the user in context does not have access,!3355Issue #3209129: Scrolling problems when adding a block via layout builder,!3154Fixes #2987987 - CSRF token validation broken on routes with optional parameters.,!3133core/modules/system/css/components/hidden.module.css,!2812Issue #3312049: [Followup] Fix Drupal.Commenting.FunctionComment.MissingReturnType returns for NULL,!2794Issue #3100732: Allow specifying `meta` data on JSON:API objects,!2378Issue #2875033: Optimize joins and table selection in SQL entity query implementation,!2062Issue #3246454: Add weekly granularity to views date sort,!1105Issue #3025039: New non translatable field on translatable content throws error,!1073issue #3191727: Focus states on mobile second level navigation items fixed,!877Issue #2708101: Default value for link text is not saved,!617Issue #3043725: Provide a Entity Handler for user cancelation,!579Issue #2230909: Simple decimals fail to pass validation,!560Move callback classRemove outside of the loop,!555Issue #3202493
Pipeline #130564 canceled
......@@ -2,11 +2,14 @@
namespace Drupal\workspaces\Plugin\Block;
use Drupal\Core\Access\AccessResult;
use Drupal\Core\Access\AccessResultInterface;
use Drupal\Core\Block\Attribute\Block;
use Drupal\Core\Block\BlockBase;
use Drupal\Core\Entity\EntityTypeManagerInterface;
use Drupal\Core\Form\FormBuilderInterface;
use Drupal\Core\Plugin\ContainerFactoryPluginInterface;
use Drupal\Core\Session\AccountInterface;
use Drupal\Core\StringTranslation\TranslatableMarkup;
use Drupal\workspaces\Form\WorkspaceSwitcherForm;
use Symfony\Component\DependencyInjection\ContainerInterface;
......@@ -82,4 +85,15 @@ public function build() {
return $build;
}
/**
* {@inheritdoc}
*/
protected function blockAccess(AccountInterface $account): AccessResultInterface {
return AccessResult::allowedIfHasPermissions($account, [
'view own workspace',
'view any workspace',
'administer workspaces',
], 'OR');
}
}
......@@ -53,6 +53,11 @@ public function testSwitchingWorkspaces() {
$this->createAndActivateWorkspaceThroughUi('Vultures', 'vultures');
$gravity = $this->createWorkspaceThroughUi('Gravity', 'gravity');
// Confirm the block shows on the front page.
$this->drupalGet('<front>');
$page = $this->getSession()->getPage();
$this->assertTrue($page->hasContent('Workspace switcher'));
$this->drupalGet('/admin/config/workflow/workspaces/manage/' . $gravity->id() . '/activate');
$this->assertSession()->statusCodeEquals(200);
......
......@@ -248,7 +248,6 @@ public function testWorkspaceFieldUi() {
*/
public function testDeleteWorkspaceWithExistingContent() {
$this->createContentType(['type' => 'test', 'label' => 'Test']);
$this->setupWorkspaceSwitcherBlock();
// Login and create a workspace.
$this->drupalLogin($this->rootUser);
......
......@@ -110,12 +110,8 @@ protected function setupWorkspaceSwitcherBlock() {
'region' => 'sidebar_first',
'label' => 'Workspace switcher',
]);
// Confirm the block shows on the front page.
$this->drupalGet('<front>');
$page = $this->getSession()->getPage();
$this->assertTrue($page->hasContent('Workspace switcher'));
$this->switcherBlockConfigured = TRUE;
}
......
......@@ -223,4 +223,26 @@ public function testWorkspaceSelection() {
$this->assertEquals($expected_top, array_keys($selection_handler->getReferenceableEntities('top')['workspace']));
}
/**
* @covers \Drupal\workspaces\Plugin\Block\WorkspaceSwitcherBlock::blockAccess
*/
public function testWorkspaceSwitcherBlock(): void {
$own_permission_user = $this->createUser(['view own workspace']);
$any_permission_user = $this->createUser(['view any workspace']);
$admin_permission_user = $this->createUser(['administer workspaces']);
$access_content_user = $this->createUser(['access content']);
$no_permission_user = $this->createUser();
/** @var \Drupal\Core\Block\BlockManagerInterface $block_manager */
$block_manager = \Drupal::service('plugin.manager.block');
/** @var \Drupal\Core\Block\BlockPluginInterface $switcher_block */
$switcher_block = $block_manager->createInstance('workspace_switcher');
$this->assertTrue($switcher_block->access($own_permission_user));
$this->assertTrue($switcher_block->access($any_permission_user));
$this->assertTrue($switcher_block->access($admin_permission_user));
$this->assertFalse($switcher_block->access($access_content_user));
$this->assertFalse($switcher_block->access($no_permission_user));
}
}
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment