Unverified Commit c2bfd009 authored by alexpott's avatar alexpott

Issue #3047216 by mxr576, kevin.dutra, jungle, xjm, Lendude, alexpott, catch,...

Issue #3047216 by mxr576, kevin.dutra, jungle, xjm, Lendude, alexpott, catch, joelpittet: Displays are attached even when user does not have access

(cherry picked from commit 8fafcd34)
parent c016a7dc
......@@ -1722,8 +1722,8 @@ public function attachDisplays() {
// Find out which other displays attach to the current one.
foreach ($this->display_handler->getAttachedDisplays() as $id) {
$display_handler = $this->displayHandlers->get($id);
// Only attach enabled attachments.
if ($display_handler->isEnabled()) {
// Only attach enabled attachments that the user has access to.
if ($display_handler->isEnabled() && $display_handler->access()) {
$cloned_view = Views::executableFactory()->get($this->storage);
$display_handler->attachTo($cloned_view, $this->current_display, $this->element);
}
......
......@@ -31,6 +31,16 @@ class ViewExecutableTest extends UnitTestCase {
*/
const DISPLAY_DISABLED = FALSE;
/**
* Indicates that user has access to the display.
*/
const ACCESS_GRANTED = TRUE;
/**
* Indicates that user has no access to the display.
*/
const ACCESS_REVOKED = FALSE;
/**
* A mocked display collection.
*
......@@ -442,9 +452,19 @@ public function addHandlerProvider() {
}
/**
* Tests if a display gets attached or not.
*
* @param bool $display_enabled
* Whether the display to test should be enabled.
* @param bool $access_granted
* Whether the user has access to the attached display or not.
* @param bool $expected_to_be_attached
* Expected result.
*
* @covers ::attachDisplays
* @dataProvider providerAttachDisplays
*/
public function testAttachDisplays() {
public function testAttachDisplays($display_enabled, $access_granted, $expected_to_be_attached) {
/** @var \Drupal\views\ViewExecutable|\PHPUnit\Framework\MockObject\MockObject $view */
/** @var \Drupal\views\Plugin\views\display\DisplayPluginBase|\PHPUnit\Framework\MockObject\MockObject $display */
list($view, $display) = $this->setupBaseViewAndDisplay();
......@@ -456,20 +476,15 @@ public function testAttachDisplays() {
->method('getAttachedDisplays')
->willReturn(['page_1']);
$cloned_view = $this->getMockBuilder('Drupal\views\ViewExecutable')
->disableOriginalConstructor()
->getMock();
$this->viewExecutableFactory->expects($this->atLeastOnce())
->method('get')
->willReturn($cloned_view);
$page_display = $this->getMockBuilder('Drupal\views\Plugin\views\display\DisplayPluginBase')
->disableOriginalConstructor()
->getMock();
$page_display->expects($this->atLeastOnce())
->method('isEnabled')
->willReturn(TRUE);
->willReturn($display_enabled);
$page_display->method('access')
->willReturn($access_granted);
$display_collection = $this->getMockBuilder('Drupal\views\DisplayPluginCollection')
->disableOriginalConstructor()
......@@ -482,13 +497,35 @@ public function testAttachDisplays() {
$view->displayHandlers = $display_collection;
// Setup the expectations.
$page_display->expects($this->once())
$cloned_view = $this->getMockBuilder('Drupal\views\ViewExecutable')
->disableOriginalConstructor()
->getMock();
$this->viewExecutableFactory
->method('get')
->willReturn($cloned_view);
$page_display->expects($expected_to_be_attached ? $this->once() : $this->never())
->method('attachTo')
->with($cloned_view, 'default', $view->element);
$view->attachDisplays();
}
/**
* Provider for testAttachDisplays().
*
* @return array[]
* An array of arrays containing the display state, a user's access to the
* display and whether it is expected or not that the display gets attached.
*/
public function providerAttachDisplays() {
return [
'enabled-granted' => [static::DISPLAY_ENABLED, static::ACCESS_GRANTED, TRUE],
'enabled-revoked' => [static::DISPLAY_ENABLED, static::ACCESS_REVOKED, FALSE],
'disabled-granted' => [static::DISPLAY_DISABLED, static::ACCESS_GRANTED, FALSE],
'disabled-revoked' => [static::DISPLAY_DISABLED, static::ACCESS_REVOKED, FALSE],
];
}
/**
* Setups a view executable and default display.
*
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment