Ejemplo n.º 1
0
 protected function setUp()
 {
     parent::setUp();
     $this->adminUser = $this->drupalCreateUser(array('administer permissions', 'access user profiles', 'administer site configuration', 'administer modules', 'administer account settings'));
     // Find the new role ID.
     $all_rids = $this->adminUser->getRoles();
     unset($all_rids[array_search(RoleInterface::AUTHENTICATED_ID, $all_rids)]);
     $this->rid = reset($all_rids);
 }
Ejemplo n.º 2
0
 /**
  * Evaluate if user has role(s).
  *
  * @param \Drupal\user\UserInterface $account
  *   The account to check.
  * @param \Drupal\user\RoleInterface[] $roles
  *   Array of user roles.
  * @param string $operation
  *   Either "AND": user has all of roles.
  *   Or "OR": user has at least one of all roles.
  *   Defaults to "AND".
  *
  * @return bool
  *   TRUE if the user has the role(s).
  */
 protected function doEvaluate(UserInterface $account, array $roles, $operation = 'AND')
 {
     $rids = array_map(function ($role) {
         return $role->id();
     }, $roles);
     switch ($operation) {
         case 'OR':
             return (bool) array_intersect($rids, $account->getRoles());
         case 'AND':
             return (bool) (!array_diff($rids, $account->getRoles()));
         default:
             throw new \InvalidArgumentException('Either use "AND" or "OR". Leave empty for default "AND" behavior.');
     }
 }
Ejemplo n.º 3
0
 /**
  * {@inheritdoc}
  */
 protected function setUp()
 {
     parent::setUp();
     $this->drupalPlaceBlock('system_breadcrumb_block');
     $this->enableViewsTestModule();
     $this->webUser = $this->drupalCreateUser();
     $roles = $this->webUser->getRoles();
     $this->webRole = $roles[0];
     $this->normalRole = $this->drupalCreateRole(array());
     $this->normalUser = $this->drupalCreateUser(array('views_test_data test permission'));
     $this->normalUser->addRole($this->normalRole);
     $this->normalUser->save();
     // @todo when all the plugin information is cached make a reset function and
     // call it here.
 }
 /**
  * @param array $form
  * @param \Drupal\user\UserInterface $user
  * @return array
  */
 public static function addRoleDelegationElement(array $form, UserInterface $user)
 {
     $current_user = \Drupal::currentUser();
     $roles_current = $user->getRoles(TRUE);
     $roles_delegate = array();
     $roles = user_roles(TRUE);
     unset($roles[AccountInterface::AUTHENTICATED_ROLE]);
     unset($roles['administrator']);
     foreach ($roles as $rid => $role) {
         if ($current_user->hasPermission('assign all roles') || $current_user->hasPermission("assign {$role->get('id')} role")) {
             $roles_delegate[$rid] = isset($form['account']['roles']['#options'][$rid]) ? $form['account']['roles']['#options'][$rid] : $role->get('id');
         }
     }
     if (empty($roles_delegate)) {
         // No role can be assigned.
         return $form;
     }
     if (!isset($form['account'])) {
         $form['account'] = array('#type' => 'value', '#value' => $user);
     }
     $default_options = array();
     foreach ($roles_current as $role) {
         if (in_array($role, $roles_delegate)) {
             $default_options[$role] = $role;
         }
     }
     // Generate the form items.
     $form['account']['roles_change'] = array('#type' => 'checkboxes', '#title' => isset($form['account']['roles']['#title']) ? $form['account']['roles']['#title'] : t('Roles'), '#options' => $roles_delegate, '#default_value' => array_keys(array_intersect_key(array_flip($roles_current), $roles_delegate)), '#description' => isset($form['account']['roles']['#description']) ? $form['account']['roles']['#description'] : t('Change roles assigned to user.'));
     return $form;
 }
Ejemplo n.º 5
0
 /**
  * Tests for the presence of nodes on a user's tracker listing.
  */
 function testTrackerUser()
 {
     $this->drupalLogin($this->user);
     $unpublished = $this->drupalCreateNode(array('title' => $this->randomMachineName(8), 'uid' => $this->user->id(), 'status' => 0));
     $my_published = $this->drupalCreateNode(array('title' => $this->randomMachineName(8), 'uid' => $this->user->id(), 'status' => 1));
     $other_published_no_comment = $this->drupalCreateNode(array('title' => $this->randomMachineName(8), 'uid' => $this->otherUser->id(), 'status' => 1));
     $other_published_my_comment = $this->drupalCreateNode(array('title' => $this->randomMachineName(8), 'uid' => $this->otherUser->id(), 'status' => 1));
     $comment = array('subject[0][value]' => $this->randomMachineName(), 'comment_body[0][value]' => $this->randomMachineName(20));
     $this->drupalPostForm('comment/reply/node/' . $other_published_my_comment->id() . '/comment', $comment, t('Save'));
     $this->drupalGet('user/' . $this->user->id() . '/activity');
     $this->assertNoText($unpublished->label(), "Unpublished nodes do not show up in the user's tracker listing.");
     $this->assertText($my_published->label(), "Published nodes show up in the user's tracker listing.");
     $this->assertNoText($other_published_no_comment->label(), "Another user's nodes do not show up in the user's tracker listing.");
     $this->assertText($other_published_my_comment->label(), "Nodes that the user has commented on appear in the user's tracker listing.");
     // Assert cache contexts.
     $this->assertCacheContexts(['languages:language_interface', 'route', 'theme', 'url.query_args:' . MainContentViewSubscriber::WRAPPER_FORMAT, 'url.query_args.pagers:0', 'user', 'user.node_grants:view']);
     // Assert cache tags for the visible nodes (including owners) and node list
     // cache tag.
     $expected_tags = Cache::mergeTags($my_published->getCacheTags(), $my_published->getOwner()->getCacheTags());
     $expected_tags = Cache::mergeTags($expected_tags, $other_published_my_comment->getCacheTags());
     $expected_tags = Cache::mergeTags($expected_tags, $other_published_my_comment->getOwner()->getCacheTags());
     // Because the 'user.permissions' cache context is being optimized away.
     $role_tags = [];
     foreach ($this->user->getRoles() as $rid) {
         $role_tags[] = "config:user.role.{$rid}";
     }
     $expected_tags = Cache::mergeTags($expected_tags, $role_tags);
     $block_tags = ['block_view', 'config:block.block.page_actions_block', 'config:block.block.page_tabs_block', 'config:block_list'];
     $expected_tags = Cache::mergeTags($expected_tags, $block_tags);
     $additional_tags = ['node_list', 'rendered'];
     $expected_tags = Cache::mergeTags($expected_tags, $additional_tags);
     $this->assertCacheTags($expected_tags);
     $this->assertCacheContexts(['languages:language_interface', 'route', 'theme', 'url.query_args:' . MainContentViewSubscriber::WRAPPER_FORMAT, 'url.query_args.pagers:0', 'user', 'user.node_grants:view']);
     $this->assertLink($my_published->label());
     $this->assertNoLink($unpublished->label());
     // Verify that title and tab title have been set correctly.
     $this->assertText('Activity', 'The user activity tab has the name "Activity".');
     $this->assertTitle(t('@name | @site', array('@name' => $this->user->getUsername(), '@site' => $this->config('system.site')->get('name'))), 'The user tracker page has the correct page title.');
     // Verify that unpublished comments are removed from the tracker.
     $admin_user = $this->drupalCreateUser(array('post comments', 'administer comments', 'access user profiles'));
     $this->drupalLogin($admin_user);
     $this->drupalPostForm('comment/1/edit', array('status' => CommentInterface::NOT_PUBLISHED), t('Save'));
     $this->drupalGet('user/' . $this->user->id() . '/activity');
     $this->assertNoText($other_published_my_comment->label(), 'Unpublished comments are not counted on the tracker listing.');
     // Test escaping of title on user's tracker tab.
     \Drupal::service('module_installer')->install(['user_hooks_test']);
     Cache::invalidateTags(['rendered']);
     \Drupal::state()->set('user_hooks_test_user_format_name_alter', TRUE);
     $this->drupalGet('user/' . $this->user->id() . '/activity');
     $this->assertEscaped('<em>' . $this->user->id() . '</em>');
     \Drupal::state()->set('user_hooks_test_user_format_name_alter_safe', TRUE);
     Cache::invalidateTags(['rendered']);
     $this->drupalGet('user/' . $this->user->id() . '/activity');
     $this->assertNoEscaped('<em>' . $this->user->id() . '</em>');
     $this->assertRaw('<em>' . $this->user->id() . '</em>');
 }
Ejemplo n.º 6
0
 /**
  * Exercises the toolbar_user_role_update() and toolbar_user_update() hook
  * implementations.
  */
 function testUserRoleUpdateSubtreesHashCacheClear()
 {
     // Find the new role ID.
     $all_rids = $this->adminUser->getRoles();
     unset($all_rids[array_search(RoleInterface::AUTHENTICATED_ID, $all_rids)]);
     $rid = reset($all_rids);
     $edit = array();
     $edit[$rid . '[administer taxonomy]'] = FALSE;
     $this->drupalPostForm('admin/people/permissions', $edit, t('Save permissions'));
     // Assert that the subtrees hash has been altered because the subtrees
     // structure changed.
     $this->assertDifferentHash();
     // Test that assigning a user an extra role only affects that single user.
     // Get the hash for a second user.
     $this->drupalLogin($this->adminUser2);
     $this->drupalGet('test-page');
     $this->assertResponse(200);
     // Assert that the toolbar is present in the HTML.
     $this->assertRaw('id="toolbar-administration"');
     $admin_user_2_hash = $this->getSubtreesHash();
     // Log in the first admin user again.
     $this->drupalLogin($this->adminUser);
     $this->drupalGet('test-page');
     $this->assertResponse(200);
     // Assert that the toolbar is present in the HTML.
     $this->assertRaw('id="toolbar-administration"');
     $this->hash = $this->getSubtreesHash();
     $rid = $this->drupalCreateRole(array('administer content types'));
     // Assign the role to the user.
     $this->drupalPostForm('user/' . $this->adminUser->id() . '/edit', array("roles[{$rid}]" => $rid), t('Save'));
     $this->assertText(t('The changes have been saved.'));
     // Assert that the subtrees hash has been altered because the subtrees
     // structure changed.
     $this->assertDifferentHash();
     // Log in the second user again and assert that their subtrees hash did not
     // change.
     $this->drupalLogin($this->adminUser2);
     // Request a new page to refresh the drupalSettings object.
     $this->drupalGet('test-page');
     $this->assertResponse(200);
     $new_subtree_hash = $this->getSubtreesHash();
     // Assert that the old admin menu subtree hash and the new admin menu
     // subtree hash are the same.
     $this->assertTrue($new_subtree_hash, 'A valid hash value for the admin menu subtrees was created.');
     $this->assertEqual($admin_user_2_hash, $new_subtree_hash, 'The user-specific subtree menu hash has not been updated.');
 }
Ejemplo n.º 7
0
 /**
  * Verify access rules for comment indexing with different permissions.
  */
 function testSearchResultsCommentAccess()
 {
     $comment_body = 'Test comment body';
     $this->commentSubject = 'Test comment subject';
     $roles = $this->adminUser->getRoles(TRUE);
     $this->adminRole = $roles[0];
     // Create a node.
     // Make preview optional.
     $field = FieldConfig::loadByName('node', 'article', 'comment');
     $field->setSetting('preview', DRUPAL_OPTIONAL);
     $field->save();
     $this->node = $this->drupalCreateNode(array('type' => 'article'));
     // Post a comment using 'Full HTML' text format.
     $edit_comment = array();
     $edit_comment['subject[0][value]'] = $this->commentSubject;
     $edit_comment['comment_body[0][value]'] = '<h1>' . $comment_body . '</h1>';
     $this->drupalPostForm('comment/reply/node/' . $this->node->id() . '/comment', $edit_comment, t('Save'));
     $this->drupalLogout();
     $this->setRolePermissions(RoleInterface::ANONYMOUS_ID);
     $this->assertCommentAccess(FALSE, 'Anon user has search permission but no access comments permission, comments should not be indexed');
     $this->setRolePermissions(RoleInterface::ANONYMOUS_ID, TRUE);
     $this->assertCommentAccess(TRUE, 'Anon user has search permission and access comments permission, comments should be indexed');
     $this->drupalLogin($this->adminUser);
     $this->drupalGet('admin/people/permissions');
     // Disable search access for authenticated user to test admin user.
     $this->setRolePermissions(RoleInterface::AUTHENTICATED_ID, FALSE, FALSE);
     $this->setRolePermissions($this->adminRole);
     $this->assertCommentAccess(FALSE, 'Admin user has search permission but no access comments permission, comments should not be indexed');
     $this->drupalGet('node/' . $this->node->id());
     $this->setRolePermissions($this->adminRole, TRUE);
     $this->assertCommentAccess(TRUE, 'Admin user has search permission and access comments permission, comments should be indexed');
     $this->setRolePermissions(RoleInterface::AUTHENTICATED_ID);
     $this->assertCommentAccess(FALSE, 'Authenticated user has search permission but no access comments permission, comments should not be indexed');
     $this->setRolePermissions(RoleInterface::AUTHENTICATED_ID, TRUE);
     $this->assertCommentAccess(TRUE, 'Authenticated user has search permission and access comments permission, comments should be indexed');
     // Verify that access comments permission is inherited from the
     // authenticated role.
     $this->setRolePermissions(RoleInterface::AUTHENTICATED_ID, TRUE, FALSE);
     $this->setRolePermissions($this->adminRole);
     $this->assertCommentAccess(TRUE, 'Admin user has search permission and no access comments permission, but comments should be indexed because admin user inherits authenticated user\'s permission to access comments');
     // Verify that search content permission is inherited from the authenticated
     // role.
     $this->setRolePermissions(RoleInterface::AUTHENTICATED_ID, TRUE, TRUE);
     $this->setRolePermissions($this->adminRole, TRUE, FALSE);
     $this->assertCommentAccess(TRUE, 'Admin user has access comments permission and no search permission, but comments should be indexed because admin user inherits authenticated user\'s permission to search');
 }
Ejemplo n.º 8
0
 /**
  * Tests if text format is available to a role.
  */
 function testFormatRoles()
 {
     // Get the role ID assigned to the regular user.
     $roles = $this->webUser->getRoles(TRUE);
     $rid = $roles[0];
     // Check that this role appears in the list of roles that have access to an
     // allowed text format, but does not appear in the list of roles that have
     // access to a disallowed text format.
     $this->assertTrue(in_array($rid, array_keys(filter_get_roles_by_format($this->allowedFormat))), 'A role which has access to a text format appears in the list of roles that have access to that format.');
     $this->assertFalse(in_array($rid, array_keys(filter_get_roles_by_format($this->disallowedFormat))), 'A role which does not have access to a text format does not appear in the list of roles that have access to that format.');
     // Check that the correct text format appears in the list of formats
     // available to that role.
     $this->assertTrue(in_array($this->allowedFormat->id(), array_keys(filter_get_formats_by_role($rid))), 'A text format which a role has access to appears in the list of formats available to that role.');
     $this->assertFalse(in_array($this->disallowedFormat->id(), array_keys(filter_get_formats_by_role($rid))), 'A text format which a role does not have access to does not appear in the list of formats available to that role.');
     // Check that the fallback format is always allowed.
     $this->assertEqual(filter_get_roles_by_format(FilterFormat::load(filter_fallback_format())), user_role_names(), 'All roles have access to the fallback format.');
     $this->assertTrue(in_array(filter_fallback_format(), array_keys(filter_get_formats_by_role($rid))), 'The fallback format appears in the list of allowed formats for any role.');
 }
Ejemplo n.º 9
0
 /**
  * {@inheritdoc}
  */
 public function saveRoles(UserInterface $account)
 {
     $query = $this->database->insert('users_roles')->fields(array('uid', 'rid'));
     foreach ($account->getRoles() as $rid) {
         if (!in_array($rid, array(DRUPAL_ANONYMOUS_RID, DRUPAL_AUTHENTICATED_RID))) {
             $query->values(array('uid' => $account->id(), 'rid' => $rid));
         }
     }
     $query->execute();
 }
Ejemplo n.º 10
0
 /**
  * {@inheritdoc}
  */
 public function getRoles($exclude_locked_roles = FALSE)
 {
     return $this->subject->getRoles($exclude_locked_roles);
 }
Ejemplo n.º 11
0
 /**
  * Tests that the taxonomy term view is working properly.
  */
 public function testTaxonomyTermView()
 {
     // Create terms in the vocabulary.
     $term = $this->createTerm();
     // Post an article.
     $edit = array();
     $edit['title[0][value]'] = $original_title = $this->randomMachineName();
     $edit['body[0][value]'] = $this->randomMachineName();
     $edit["{$this->fieldName1}[]"] = $term->id();
     $this->drupalPostForm('node/add/article', $edit, t('Save'));
     $node = $this->drupalGetNodeByTitle($edit['title[0][value]']);
     $this->drupalGet('taxonomy/term/' . $term->id());
     $this->assertText($term->label());
     $this->assertText($node->label());
     \Drupal::service('module_installer')->install(array('language', 'content_translation'));
     $language = ConfigurableLanguage::createFromLangcode('ur');
     $language->save();
     // Enable translation for the article content type and ensure the change is
     // picked up.
     \Drupal::service('content_translation.manager')->setEnabled('node', 'article', TRUE);
     $roles = $this->adminUser->getRoles(TRUE);
     Role::load(reset($roles))->grantPermission('create content translations')->grantPermission('translate any entity')->save();
     drupal_static_reset();
     \Drupal::entityManager()->clearCachedDefinitions();
     \Drupal::service('router.builder')->rebuild();
     \Drupal::service('entity.definition_update_manager')->applyUpdates();
     $edit['title[0][value]'] = $translated_title = $this->randomMachineName();
     $this->drupalPostForm('node/' . $node->id() . '/translations/add/en/ur', $edit, t('Save (this translation)'));
     $this->drupalGet('taxonomy/term/' . $term->id());
     $this->assertText($term->label());
     $this->assertText($original_title);
     $this->assertNoText($translated_title);
     $this->drupalGet('ur/taxonomy/term/' . $term->id());
     $this->assertText($term->label());
     $this->assertNoText($original_title);
     $this->assertText($translated_title);
     // Uninstall language module and ensure that the language is not part of the
     // query anymore.
     // @see \Drupal\views\Plugin\views\filter\LanguageFilter::query()
     $node->delete();
     \Drupal::service('module_installer')->uninstall(['content_translation', 'language']);
     $view = Views::getView('taxonomy_term');
     $view->initDisplay();
     $view->setArguments([$term->id()]);
     $view->build();
     /** @var \Drupal\Core\Database\Query\Select $query */
     $query = $view->build_info['query'];
     $tables = $query->getTables();
     // Ensure that the join to node_field_data is not added by default.
     $this->assertEqual(['node_field_data', 'taxonomy_index'], array_keys($tables));
     // Ensure that the filter to the language column is not there by default.
     $condition = $query->conditions();
     // We only want to check the no. of conditions in the query.
     unset($condition['#conjunction']);
     $this->assertEqual(1, count($condition));
     // Clear permissions for anonymous users to check access for default views.
     Role::load(RoleInterface::ANONYMOUS_ID)->revokePermission('access content')->save();
     // Test the default views disclose no data by default.
     $this->drupalLogout();
     $this->drupalGet('taxonomy/term/' . $term->id());
     $this->assertResponse(403);
     $this->drupalGet('taxonomy/term/' . $term->id() . '/feed');
     $this->assertResponse(403);
 }
 /**
  * {@inheritdoc}
  */
 public function isAllowed(UserInterface $user, $force = FALSE)
 {
     $result = FALSE;
     $type_id = $this->getWorkflowId();
     if ($user->hasPermission("bypass {$type_id} workflow_transition access")) {
         // Superuser is special. And $force allows Rules to cause transition.
         return TRUE;
     }
     if ($force) {
         return TRUE;
     }
     if ($this->getFromSid() == $this->getToSid()) {
         // Anyone may save an entity without changing state.
         return TRUE;
     }
     return TRUE == array_intersect($user->getRoles(), $this->roles);
 }