Commit 1fa8f2dc authored by git's avatar git Committed by fago

Issue #2323619 by Weaver, lex0r, a.milkovsky, fago: Improve...

Issue #2323619 by Weaver, lex0r, a.milkovsky, fago: Improve entity_metadata_taxonomy_access to cover existing permissions
parent 4a642637
......@@ -1342,6 +1342,74 @@ class EntityMetadataNodeRevisionAccessTestCase extends DrupalWebTestCase {
}
}
/**
* Tests basic entity_access() functionality for taxonomy terms.
*/
class EntityMetadataTaxonomyAccessTestCase extends EntityWebTestCase {
public static function getInfo() {
return array(
'name' => 'Entity Metadata Taxonomy Access',
'description' => 'Test entity_access() for taxonomy terms',
'group' => 'Entity API',
);
}
/**
* Asserts entity_access() correctly grants or denies access.
*/
function assertTaxonomyMetadataAccess($ops, $term, $account) {
foreach ($ops as $op => $result) {
$msg = t("entity_access() returns @result with operation '@op'.", array('@result' => $result ? 'TRUE' : 'FALSE', '@op' => $op));
$access = entity_access($op, 'taxonomy_term', $term, $account);
$this->assertEqual($result, $access, $msg);
}
}
/**
* @inheritdoc
*/
function setUp() {
parent::setUp('entity', 'taxonomy');
// Clear permissions for authenticated users.
db_delete('role_permission')
->condition('rid', DRUPAL_AUTHENTICATED_RID)
->execute();
}
/**
* Runs basic tests for entity_access() function.
*/
function testTaxonomyMetadataAccess() {
$vocab = $this->createVocabulary();
$term = entity_property_values_create_entity('taxonomy_term', array(
'name' => $this->randomName(),
'vocabulary' => $vocab,
))->save()->value();
// Clear permissions static cache to get new taxonomy permissions.
drupal_static_reset('checkPermissions');
// Check assignment of view permissions.
$user1 = $this->drupalCreateUser(array('access content'));
$this->assertTaxonomyMetadataAccess(array('create' => FALSE, 'view' => TRUE, 'update' => FALSE, 'delete' => FALSE), $term, $user1);
// Check assignment of edit permissions.
$user2 = $this->drupalCreateUser(array('edit terms in ' . $vocab->vid));
$this->assertTaxonomyMetadataAccess(array('create' => FALSE, 'view' => FALSE, 'update' => TRUE, 'delete' => FALSE), $term, $user2);
// Check assignment of delete permissions.
$user3 = $this->drupalCreateUser(array('delete terms in ' . $vocab->vid));
$this->assertTaxonomyMetadataAccess(array('create' => FALSE, 'view' => FALSE, 'update' => FALSE, 'delete' => TRUE), $term, $user3);
// Check assignment of view, edit, delete permissions.
$user4 = $this->drupalCreateUser(array('access content', 'edit terms in ' . $vocab->vid, 'delete terms in ' . $vocab->vid));
$this->assertTaxonomyMetadataAccess(array('create' => FALSE, 'view' => TRUE, 'update' => TRUE, 'delete' => TRUE), $term, $user4);
// Check assignment of administration permissions.
$user5 = $this->drupalCreateUser(array('administer taxonomy'));
$this->assertTaxonomyMetadataAccess(array('create' => TRUE, 'view' => TRUE, 'update' => TRUE, 'delete' => TRUE), $term, $user5);
}
}
/**
* Tests provided entity property info of the core modules.
*/
......
......@@ -798,14 +798,35 @@ function entity_metadata_comment_properties_access($op, $property, $entity = NUL
* Access callback for the taxonomy entities.
*/
function entity_metadata_taxonomy_access($op, $entity = NULL, $account = NULL, $entity_type = NULL) {
if ($entity_type == 'taxonomy_vocabulary') {
return user_access('administer taxonomy', $account);
}
if (isset($entity) && $op == 'update' && !isset($account) && taxonomy_term_edit_access($entity)) {
// If user has administer taxonomy permission then no further checks.
if (user_access('administer taxonomy', $account)) {
return TRUE;
}
if (user_access('administer taxonomy', $account) || user_access('access content', $account) && $op == 'view') {
return TRUE;
switch ($op) {
case "view":
if (user_access('access content', $account)) {
return TRUE;
}
break;
case "update":
if ($entity_type == 'taxonomy_term') {
return user_access("edit terms in $entity->vid", $account);
}
break;
case "create":
if ($entity_type == 'taxonomy_term') {
// Check for taxonomy_access_fix contrib module which adds additional
// permissions to create new terms in a given vocabulary.
if (function_exists('taxonomy_access_fix_access')) {
return taxonomy_access_fix_access('add terms', $entity->vocabulary_machine_name);
}
}
break;
case "delete":
if ($entity_type == 'taxonomy_term') {
return user_access("delete terms in $entity->vid", $account);
}
break;
}
return FALSE;
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment