Merge pull request #3080 from...

Merge pull request #3080 from goalgorilla/bugfix/3305919-fix-event-enrollment-access-for-recipient-users Issue #3305919: User does not receive email notification when added directly to a event

Merge pull request #3080 from...
a61c95c3 · Robert Ragas · Robert Ragas · bb975d2b · a61c95c3 · a61c95c3
Commit a61c95c3 authored 2 years ago by Robert Ragas Committed by Robert Ragas 2 years ago
--- a/modules/social_features/social_event/modules/social_event_managers/social_event_managers.module
+++ b/modules/social_features/social_event/modules/social_event_managers/social_event_managers.module
@@ -65,6 +65,37 @@ function social_event_managers_activity_send_email_notifications_alter(array &$i
  }
 }

+/**
+ * Implements hook_entity_access().
+ */
+function social_event_managers_event_enrollment_access(EventEnrollment $event_enrollment, string $operation, AccountInterface $account): AccessResult {
+  // This allows view access to event_enrollment entities for users which are
+  // the recipients of the event enrollment but not the owner of the entity.
+  // For example a site manager can create an enrollment for a specific user.
+  if ($operation !== 'view') {
+    // If we are doing different operations than viewing, then let other
+    // access checks to determine the access.
+    return AccessResult::neutral();
+  }
+
+  $enrollment_status = $event_enrollment->get('field_enrollment_status')->getString();
+  if (!(bool) $enrollment_status) {
+    // Return neutral and let other access checks acts on this.
+    return AccessResult::neutral();
+  }
+
+  $owner = $event_enrollment->getOwner();
+  if (!$owner->hasPermission('view published event enrollment entities')) {
+    // Return neutral and let other access checks acts on this.
+    return AccessResult::neutral();
+  }
+
+  $field_account_id = $event_enrollment->get('field_account')->getString();
+
+  // If the user is a recipient allow access to event enrollment.
+  return AccessResult::allowedIf((int) $field_account_id === (int) $account->id());
+}
+
 /**
 * Implements hook_block_access().
 */

--- a/modules/social_features/social_event/modules/social_event_managers/tests/src/Unit/Access/SocialEventManagersAccessTest.php
+++ b/modules/social_features/social_event/modules/social_event_managers/tests/src/Unit/Access/SocialEventManagersAccessTest.php
+<?php
+
+namespace Drupal\social_event_manager\Tests;
+
+use Drupal\Core\Access\AccessResult;
+use Drupal\Tests\UnitTestCase;
+
+/**
+ * Tests the SocialEventManagersAccess.
+ *
+ * @group social_event_manager
+ */
+class SocialEventManagersAccessTest extends UnitTestCase {
+
+  /**
+   * Include the event managers module in the setup, so we can call the hooks.
+   */
+  protected function setUp(): void {
+    parent::setUp();
+    // Include module file for the hook_entity_access.
+    require_once __DIR__ . '/../../../../social_event_managers.module';
+  }
+
+  /**
+   * Test eventEnrollmentAccessCheck.
+   *
+   * Test the access check to event enrollment if the recipient is the actual
+   * user that got the enrollment.
+   */
+  public function testAllowedEventEnrollmentAccessForRecipients(): void {
+    $event_enrollment = $this->createMock('\Drupal\social_event\Entity\EventEnrollment');
+
+    $account = $this->createMock('\Drupal\Core\Session\AccountInterface');
+    $account->expects($this->any())
+      ->method('id')
+      ->willReturn("2");
+
+    $field_item = $this->getMockBuilder('\Drupal\Core\Field\FieldItemListInterface')
+      ->disallowMockingUnknownTypes()
+      ->getMock();
+
+    $field_item->expects($this->any())
+      ->method('getString')
+      ->willReturn("1");
+
+    $field_account_item = $this->createMock('\Drupal\Core\Field\EntityReferenceFieldItemList');
+    $field_account_item->expects($this->any())
+      ->method('getString')
+      ->willReturn("2");
+
+    $event_enrollment->expects($this->any())
+      ->method('get')
+      ->willReturnMap([
+        [
+          'field_enrollment_status',
+          $field_item,
+        ],
+        [
+          'field_account',
+          $field_account_item,
+        ],
+      ]);
+
+    $owner = $this->createMock('\Drupal\user\UserInterface');
+    $owner->expects($this->any())
+      ->method('hasPermission')
+      ->willReturn(TRUE);
+
+    $event_enrollment->expects($this->any())
+      ->method('getOwner')
+      ->willReturn($owner);
+
+    $returned_access = social_event_managers_event_enrollment_access($event_enrollment, 'view', $account);
+
+    $this->assertEquals(AccessResult::allowed(), $returned_access);
+  }
+
+  /**
+   * Test eventEnrollmentAccessCheck.
+   *
+   * Test the access check to event enrollment if the recipient is not the
+   * user that got the enrollment.
+   */
+  public function testNeutralEventEnrollmentAccessForRecipients(): void {
+    $event_enrollment = $this->createMock('\Drupal\social_event\Entity\EventEnrollment');
+
+    $account = $this->createMock('\Drupal\Core\Session\AccountInterface');
+    $account->expects($this->any())
+      ->method('id')
+      ->willReturn("2");
+
+    $field_item = $this->getMockBuilder('\Drupal\Core\Field\FieldItemListInterface')
+      ->disallowMockingUnknownTypes()
+      ->getMock();
+
+    $field_item->expects($this->any())
+      ->method('getString')
+      ->willReturn("1");
+
+    $field_account_item = $this->createMock('\Drupal\Core\Field\EntityReferenceFieldItemList');
+    $field_account_item->expects($this->any())
+      ->method('getString')
+      ->willReturn("100");
+
+    $event_enrollment->expects($this->any())
+      ->method('get')
+      ->willReturnMap([
+        [
+          'field_enrollment_status',
+          $field_item,
+        ],
+        [
+          'field_account',
+          $field_account_item,
+        ],
+      ]);
+
+    $owner = $this->createMock('\Drupal\user\UserInterface');
+    $owner->expects($this->any())
+      ->method('hasPermission')
+      ->willReturn(TRUE);
+
+    $event_enrollment->expects($this->any())
+      ->method('getOwner')
+      ->willReturn($owner);
+
+    $returned_access = social_event_managers_event_enrollment_access($event_enrollment, 'view', $account);
+
+    $this->assertEquals(AccessResult::neutral(), $returned_access);
+  }
+
+}
--- a/tests/behat/features/bootstrap/EmailContext.php
+++ b/tests/behat/features/bootstrap/EmailContext.php
@@ -137,7 +137,7 @@ class EmailContext implements Context {

        // Make it a traversable HTML doc.
        $doc = new \DOMDocument();
-        $doc->loadHTML($email_body);
+        @$doc->loadHTML($email_body);
        $xpath = new \DOMXPath($doc);
        // Find the post header and email content in the HTML file.
        $content = $xpath->evaluate('string(//*[contains(@class,"postheader")])');

--- a/tests/behat/features/capabilities/group/group-create-closed.feature
+++ b/tests/behat/features/capabilities/group/group-create-closed.feature
@@ -173,6 +173,7 @@ Feature: Create Closed Group
    And I click "Test closed group"
    And I click "Edit group"
    And I click "Delete"
+    And I wait for "3" seconds
    And I should see "Are you sure you want to delete your group"
    And I should see the button "Cancel"
    And I should see the button "Delete"