Commit 661c2108 authored by acbramley's avatar acbramley Committed by larowlan

Issue #2708941 by acbramley, larowlan: Allow roles to view but not administer moderation state

parent 9073a347
......@@ -13,6 +13,7 @@ use Drupal\workbench_moderation\ModerationStateInterface;
* label = @Translation("Moderation state"),
* handlers = {
* "list_builder" = "Drupal\workbench_moderation\ModerationStateListBuilder",
* "access" = "Drupal\workbench_moderation\ModerationStateAccessControlHandler",
* "form" = {
* "add" = "Drupal\workbench_moderation\Form\ModerationStateForm",
* "edit" = "Drupal\workbench_moderation\Form\ModerationStateForm",
......@@ -20,7 +21,6 @@ use Drupal\workbench_moderation\ModerationStateInterface;
* },
* },
* config_prefix = "moderation_state",
* admin_permission = "administer moderation states",
* entity_keys = {
* "id" = "id",
* "label" = "label",
......
<?php
/**
* @file
* Contains \Drupal\workbench_moderation\ModerationStateAccessControlHandler.
*/
namespace Drupal\workbench_moderation;
use Drupal\Core\Entity\EntityAccessControlHandler;
use Drupal\Core\Entity\EntityInterface;
use Drupal\Core\Session\AccountInterface;
use Drupal\Core\Access\AccessResult;
/**
* Access controller for the Moderation State entity.
*
* @see \Drupal\workbench_moderation\Entity\ModerationState.
*/
class ModerationStateAccessControlHandler extends EntityAccessControlHandler {
/**
* {@inheritdoc}
*/
protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {
$admin_access = AccessResult::allowedIfHasPermission($account, 'administer moderation states');
// Allow view with other permission.
if ($operation == 'view') {
return AccessResult::allowedIfHasPermission($account, 'view moderation states')->orIf($admin_access);
}
return $admin_access;
}
/**
* {@inheritdoc}
*/
protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) {
return AccessResult::allowedIfHasPermission($account, 'administer moderation states');
}
}
<?php
/**
* @file
* Contains \Drupal\Tests\workbench_moderation\Functional\ModerationStateAccessTest.
*/
namespace Drupal\Tests\workbench_moderation\Functional;
use Drupal\node\Entity\Node;
use Drupal\node\Entity\NodeType;
use Drupal\simpletest\BrowserTestBase;
/**
* Tests the view access control handler for moderation state entities.
*
* @group workbench_moderation
*
* @runTestsInSeparateProcesses
*
* @preserveGlobalState disabled
*/
class ModerationStateAccessTest extends BrowserTestBase {
/**
* {@inheritdoc}
*/
public static $modules = [
'workbench_moderation_test_views',
'workbench_moderation',
'node',
'views',
'options',
'user',
'system',
];
/**
* Test the view operation access handler with the view permission.
*/
public function testViewShowsCorrectStates() {
$node_type_id = 'test';
$node_type = $this->createNodeType('Test', $node_type_id);
$permissions = [
'access content',
'view all revisions',
'view moderation states',
];
$editor1 = $this->drupalCreateUser($permissions);
$this->drupalLogin($editor1);
/** @var Node $node_1 */
$node_1 = Node::create([
'type' => $node_type_id,
'title' => 'Draft node',
'uid' => $editor1->id(),
]);
$node_1->moderation_state->target_id = 'draft';
$node_1->save();
/** @var Node $node_2 */
$node_2 = Node::create([
'type' => $node_type_id,
'title' => 'Review node',
'uid' => $editor1->id(),
]);
$node_2->moderation_state->target_id = 'needs_review';
$node_2->save();
/** @var Node $node_3 */
$node_3 = Node::create([
'type' => $node_type_id,
'title' => 'Published node',
'uid' => $editor1->id(),
]);
$node_3->moderation_state->target_id = 'published';
$node_3->save();
// Resave the node with a new state.
$node_3->setTitle('Archived node');
$node_3->moderation_state->target_id = 'archived';
$node_3->save();
// Now show the View, and confirm that the state labels are showing.
$this->drupalGet('/latest');
$page = $this->getSession()->getPage();
$this->assertTrue($page->hasLink('Draft'));
$this->assertTrue($page->hasLink('Needs Review'));
$this->assertTrue($page->hasLink('Archived'));
$this->assertFalse($page->hasLink('Published'));
// Now log in as an admin and test the same thing.
$permissions = [
'access content',
'view all revisions',
'administer moderation states',
];
$admin1 = $this->drupalCreateUser($permissions);
$this->drupalLogin($admin1);
$this->drupalGet('/latest');
$page = $this->getSession()->getPage();
$this->assertEquals(200, $this->getSession()->getStatusCode());
$this->assertTrue($page->hasLink('Draft'));
$this->assertTrue($page->hasLink('Needs Review'));
$this->assertTrue($page->hasLink('Archived'));
$this->assertFalse($page->hasLink('Published'));
}
/**
* Creates a new node type.
*
* @param string $label
* The human-readable label of the type to create.
* @param string $machine_name
* The machine name of the type to create.
*
* @return NodeType
* The node type just created.
*/
protected function createNodeType($label, $machine_name) {
/** @var NodeType $node_type */
$node_type = NodeType::create([
'type' => $machine_name,
'label' => $label,
]);
$node_type->setThirdPartySetting('workbench_moderation', 'enabled', TRUE);
$node_type->save();
return $node_type;
}
}
......@@ -2,6 +2,10 @@ view any unpublished content:
title: View any unpublished content
description: This permission is necessary for any users that may moderate content.
'view moderation states':
title: View moderation states
description: View moderation states.
'administer moderation states':
title: Administer moderation states
description: Create and edit moderation states.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment