Unverified Commit f3b60eda authored by larowlan's avatar larowlan

Issue #2932154 by jhedstrom: ModerationInformation::getLatestRevisionId...

Issue #2932154 by jhedstrom: ModerationInformation::getLatestRevisionId returns access-specific results
parent e145f2a5
......@@ -87,6 +87,9 @@ public function getLatestRevisionId($entity_type_id, $entity_id) {
$result = $storage->getQuery()
->latestRevision()
->condition($this->entityTypeManager->getDefinition($entity_type_id)->getKey('id'), $entity_id)
// No access check is performed here since this is an API function and
// should return the same ID regardless of the current user.
->accessCheck(FALSE)
->execute();
if ($result) {
return key($result);
......@@ -102,6 +105,9 @@ public function getDefaultRevisionId($entity_type_id, $entity_id) {
$result = $storage->getQuery()
->currentRevision()
->condition($this->entityTypeManager->getDefinition($entity_type_id)->getKey('id'), $entity_id)
// No access check is performed here since this is an API function and
// should return the same ID regardless of the current user.
->accessCheck(FALSE)
->execute();
if ($result) {
return key($result);
......
......@@ -2,6 +2,8 @@
namespace Drupal\Tests\content_moderation\Functional;
use Drupal\node\Entity\NodeType;
/**
* Tests permission access control around nodes.
*
......@@ -19,7 +21,7 @@ class NodeAccessTest extends ModerationStateTestBase {
'block',
'block_content',
'node',
'node_access_test_empty',
'node_access_test',
];
/**
......@@ -49,6 +51,9 @@ protected function setUp() {
$this->createContentTypeFromUi('Moderated content', 'moderated_content', FALSE);
$this->grantUserPermissionToCreateContentOfType($this->adminUser, 'moderated_content');
// Add the private field to the node type.
node_access_test_add_field(NodeType::load('moderated_content'));
// Rebuild permissions because hook_node_grants() is implemented by the
// node_access_test_empty module.
node_access_rebuild();
......@@ -58,6 +63,10 @@ protected function setUp() {
* Verifies that a non-admin user can still access the appropriate pages.
*/
public function testPageAccess() {
// Initially disable access grant records in
// node_access_test_node_access_records().
\Drupal::state()->set('node_access_test.private', TRUE);
$this->drupalLogin($this->adminUser);
// Access the node form before moderation is enabled, the publication state
......@@ -149,6 +158,30 @@ public function testPageAccess() {
$this->assertResponse(403);
$this->drupalGet($view_path);
$this->assertResponse(200);
// Now create a private node that the user is not granted access to by the
// node grants, but is granted access via hook_node_access().
// @see node_access_test_node_access
$node = $this->createNode([
'type' => 'moderated_content',
'private' => TRUE,
'uid' => $this->adminUser->id(),
]);
$user = $this->createUser([
'use editorial transition publish',
]);
$this->drupalLogin($user);
// Grant access to the node via node_access_test_node_access().
\Drupal::state()->set('node_access_test.allow_uid', $user->id());
$this->drupalGet($node->toUrl());
$this->assertResponse(200);
// Verify the moderation form is in place by publishing the node.
$this->drupalPostForm(NULL, [], t('Apply'));
$node = \Drupal::entityTypeManager()->getStorage('node')->loadUnchanged($node->id());
$this->assertEquals('published', $node->moderation_state->value);
}
}
<?php
namespace Drupal\Tests\content_moderation\Kernel;
use Drupal\KernelTests\KernelTestBase;
use Drupal\node\Entity\NodeType;
use Drupal\Tests\node\Traits\NodeCreationTrait;
use Drupal\Tests\user\Traits\UserCreationTrait;
use Drupal\workflows\Entity\Workflow;
/**
* Tests with node access enabled.
*
* @group content_moderation
*/
class NodeAccessTest extends KernelTestBase {
use NodeCreationTrait;
use UserCreationTrait;
/**
* The moderation information service.
*
* @var \Drupal\content_moderation\ModerationInformationInterface
*/
protected $moderationInformation;
/**
* {@inheritdoc}
*/
public static $modules = [
'content_moderation',
'filter',
'node',
'node_access_test',
'system',
'user',
'workflows',
];
/**
* {@inheritdoc}
*/
protected function setUp() {
parent::setUp();
$this->installEntitySchema('content_moderation_state');
$this->installEntitySchema('node');
$this->installEntitySchema('user');
$this->installEntitySchema('workflow');
$this->installConfig(['content_moderation', 'filter']);
$this->installSchema('system', ['sequences']);
$this->installSchema('node', ['node_access']);
// Add a moderated node type.
$node_type = NodeType::create([
'type' => 'page',
'label' => 'Page',
]);
$node_type->save();
$workflow = Workflow::load('editorial');
$workflow->getTypePlugin()->addEntityTypeAndBundle('node', 'page');
$workflow->save();
$this->moderationInformation = \Drupal::service('content_moderation.moderation_information');
}
/**
* Tests for moderation information methods with node access.
*/
public function testModerationInformation() {
// Create an admin user.
$user = $this->createUser([], NULL, TRUE);
\Drupal::currentUser()->setAccount($user);
// Create a node.
$node = $this->createNode(['type' => 'page']);
$this->assertEquals($node->getRevisionId(), $this->moderationInformation->getDefaultRevisionId('node', $node->id()));
$this->assertEquals($node->getRevisionId(), $this->moderationInformation->getLatestRevisionId('node', $node->id()));
// Create a non-admin user.
$user = $this->createUser();
\Drupal::currentUser()->setAccount($user);
$this->assertEquals($node->getRevisionId(), $this->moderationInformation->getDefaultRevisionId('node', $node->id()));
$this->assertEquals($node->getRevisionId(), $this->moderationInformation->getLatestRevisionId('node', $node->id()));
}
}
......@@ -152,6 +152,12 @@ function node_access_test_node_access(NodeInterface $node, $op, AccountInterface
// Make all Catalan content secret.
return AccessResult::forbidden()->setCacheMaxAge(0);
}
// Grant access if a specific user is specified.
if (\Drupal::state()->get('node_access_test.allow_uid') === $account->id()) {
return AccessResult::allowed();
}
// No opinion.
return AccessResult::neutral()->setCacheMaxAge(0);
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment