/** * {@inheritdoc} */ public function fieldSettingsForm(array $form, FormStateInterface $form_state) { $element = array(); $settings = $this->getSettings(); $anonymous_user = new AnonymousUserSession(); $element['default_mode'] = array('#type' => 'checkbox', '#title' => t('Threading'), '#default_value' => $settings['default_mode'], '#description' => t('Show comment replies in a threaded list.')); $element['per_page'] = array('#type' => 'number', '#title' => t('Comments per page'), '#default_value' => $settings['per_page'], '#required' => TRUE, '#min' => 10, '#max' => 1000, '#step' => 10); $element['anonymous'] = array('#type' => 'select', '#title' => t('Anonymous commenting'), '#default_value' => $settings['anonymous'], '#options' => array(COMMENT_ANONYMOUS_MAYNOT_CONTACT => t('Anonymous posters may not enter their contact information'), COMMENT_ANONYMOUS_MAY_CONTACT => t('Anonymous posters may leave their contact information'), COMMENT_ANONYMOUS_MUST_CONTACT => t('Anonymous posters must leave their contact information')), '#access' => $anonymous_user->hasPermission('post comments')); $element['form_location'] = array('#type' => 'checkbox', '#title' => t('Show reply form on the same page as comments'), '#default_value' => $settings['form_location']); $element['preview'] = array('#type' => 'radios', '#title' => t('Preview comment'), '#default_value' => $settings['preview'], '#options' => array(DRUPAL_DISABLED => t('Disabled'), DRUPAL_OPTIONAL => t('Optional'), DRUPAL_REQUIRED => t('Required'))); return $element; }
/** * Provides the list of accounts that can be used for the user switch. * * Inactive users are omitted from all of the following db selects. Users * with 'switch users' permission and anonymous user if include_anon property * is set to TRUE, are prioritized. * * @return \Drupal\core\Session\AccountInterface[] * List of accounts to be used for the switch. */ protected function getUsers() { $list_size = $this->configuration['list_size']; $include_anonymous = $this->configuration['include_anon']; $list_size = $include_anonymous ? $list_size - 1 : $list_size; // Users with 'switch users' permission are prioritized so // we try to load first users with this permission. $query = $this->userStorage->getQuery()->condition('uid', 0, '>')->condition('status', 0, '>')->sort('access', 'DESC')->range(0, $list_size); $roles = user_roles(TRUE, 'switch users'); if (!isset($roles[Role::AUTHENTICATED_ID])) { $query->condition('roles', array_keys($roles), 'IN'); } $user_ids = $query->execute(); // If we don't have enough users with 'switch users' permission, add // uids until we hit $list_size. if (count($user_ids) < $list_size) { $users = $this->userStorage->getQuery()->condition('uid', 0, '>')->condition('status', 0, '>')->condition('uid', array_keys($user_ids), 'NOT IN')->sort('access', 'DESC')->range(0, $list_size - count($user_ids))->execute(); $user_ids += $users; } $accounts = $this->userStorage->loadMultiple($user_ids); if ($include_anonymous) { $anonymous = new AnonymousUserSession(); $accounts[$anonymous->id()] = $anonymous; } uasort($accounts, 'static::sortUserList'); return $accounts; }
/** * Tests the method getRoles exclude or include locked roles based in param. * * @covers ::getRoles * @todo Move roles constants to a class/interface */ public function testUserGetRoles() { $anonymous_user = new AnonymousUserSession(); $this->assertEquals(array(DRUPAL_ANONYMOUS_RID), $anonymous_user->getRoles()); $this->assertEquals(array(), $anonymous_user->getRoles(TRUE)); }
/** * Test permissions on comment fields. */ public function testAccessToAdministrativeFields() { // Create a comment type. $comment_type = CommentType::create(['id' => 'comment', 'label' => 'Default comments', 'description' => 'Default comment field', 'target_entity_type_id' => 'entity_test']); $comment_type->save(); // Create a comment against a test entity. $host = EntityTest::create(); $host->save(); // An administrator user. No user exists yet, ensure that the first user // does not have UID 1. $comment_admin_user = $this->createUser(['uid' => 2, 'name' => 'admin'], ['administer comments', 'access comments']); // Two comment enabled users, one with edit access. $comment_enabled_user = $this->createUser(['name' => 'enabled'], ['post comments', 'skip comment approval', 'edit own comments', 'access comments']); $comment_no_edit_user = $this->createUser(['name' => 'no edit'], ['post comments', 'skip comment approval', 'access comments']); // An unprivileged user. $comment_disabled_user = $this->createUser(['name' => 'disabled'], ['access content']); $role = Role::load(RoleInterface::ANONYMOUS_ID); $role->grantPermission('post comments')->save(); $anonymous_user = new AnonymousUserSession(); // Add two fields. $this->addDefaultCommentField('entity_test', 'entity_test', 'comment'); $this->addDefaultCommentField('entity_test', 'entity_test', 'comment_other'); // Change the second field's anonymous contact setting. $instance = FieldConfig::loadByName('entity_test', 'entity_test', 'comment_other'); // Default is 'May not contact', for this field - they may contact. $instance->setSetting('anonymous', COMMENT_ANONYMOUS_MAY_CONTACT); $instance->save(); // Create three "Comments". One is owned by our edit-enabled user. $comment1 = Comment::create(['entity_type' => 'entity_test', 'name' => 'Tony', 'hostname' => 'magic.example.com', 'mail' => '*****@*****.**', 'subject' => 'Bruce the Mesopotamian moose', 'entity_id' => $host->id(), 'comment_type' => 'comment', 'field_name' => 'comment', 'pid' => 0, 'uid' => 0, 'status' => 1]); $comment1->save(); $comment2 = Comment::create(['entity_type' => 'entity_test', 'hostname' => 'magic.example.com', 'subject' => 'Brian the messed up lion', 'entity_id' => $host->id(), 'comment_type' => 'comment', 'field_name' => 'comment', 'status' => 1, 'pid' => 0, 'uid' => $comment_enabled_user->id()]); $comment2->save(); $comment3 = Comment::create(['entity_type' => 'entity_test', 'hostname' => 'magic.example.com', 'status' => 0, 'subject' => 'Gail the minky whale', 'entity_id' => $host->id(), 'comment_type' => 'comment', 'field_name' => 'comment_other', 'pid' => $comment2->id(), 'uid' => $comment_no_edit_user->id()]); $comment3->save(); // Note we intentionally don't save this comment so it remains 'new'. $comment4 = Comment::create(['entity_type' => 'entity_test', 'hostname' => 'magic.example.com', 'status' => 0, 'subject' => 'Daniel the Cocker-Spaniel', 'entity_id' => $host->id(), 'comment_type' => 'comment', 'field_name' => 'comment_other', 'pid' => 0, 'uid' => $anonymous_user->id()]); // Generate permutations. $combinations = ['comment' => [$comment1, $comment2, $comment3, $comment4], 'user' => [$comment_admin_user, $comment_enabled_user, $comment_no_edit_user, $comment_disabled_user, $anonymous_user]]; $permutations = TestBase::generatePermutations($combinations); // Check access to administrative fields. foreach ($this->administrativeFields as $field) { foreach ($permutations as $set) { $may_view = $set['comment']->{$field}->access('view', $set['user']); $may_update = $set['comment']->{$field}->access('edit', $set['user']); $this->assertTrue($may_view, SafeMarkup::format('User @user can view field @field on comment @comment', ['@user' => $set['user']->getUsername(), '@comment' => $set['comment']->getSubject(), '@field' => $field])); $this->assertEqual($may_update, $set['user']->hasPermission('administer comments'), SafeMarkup::format('User @user @state update field @field on comment @comment', ['@user' => $set['user']->getUsername(), '@state' => $may_update ? 'can' : 'cannot', '@comment' => $set['comment']->getSubject(), '@field' => $field])); } } // Check access to normal field. foreach ($permutations as $set) { $may_update = $set['comment']->access('update', $set['user']) && $set['comment']->subject->access('edit', $set['user']); $this->assertEqual($may_update, $set['user']->hasPermission('administer comments') || $set['user']->hasPermission('edit own comments') && $set['user']->id() == $set['comment']->getOwnerId(), SafeMarkup::format('User @user @state update field subject on comment @comment', ['@user' => $set['user']->getUsername(), '@state' => $may_update ? 'can' : 'cannot', '@comment' => $set['comment']->getSubject()])); } // Check read-only fields. foreach ($this->readOnlyFields as $field) { // Check view operation. foreach ($permutations as $set) { $may_view = $set['comment']->{$field}->access('view', $set['user']); $may_update = $set['comment']->{$field}->access('edit', $set['user']); // Nobody has access to view the hostname field. if ($field === 'hostname') { $view_access = FALSE; $state = 'cannot'; } else { $view_access = TRUE; $state = 'can'; } $this->assertEqual($may_view, $view_access, SafeMarkup::format('User @user @state view field @field on comment @comment', ['@user' => $set['user']->getUsername(), '@comment' => $set['comment']->getSubject(), '@field' => $field, '@state' => $state])); $this->assertFalse($may_update, SafeMarkup::format('User @user @state update field @field on comment @comment', ['@user' => $set['user']->getUsername(), '@state' => $may_update ? 'can' : 'cannot', '@comment' => $set['comment']->getSubject(), '@field' => $field])); } } // Check create-only fields. foreach ($this->createOnlyFields as $field) { // Check view operation. foreach ($permutations as $set) { $may_view = $set['comment']->{$field}->access('view', $set['user']); $may_update = $set['comment']->{$field}->access('edit', $set['user']); $this->assertEqual($may_view, TRUE, SafeMarkup::format('User @user can view field @field on comment @comment', ['@user' => $set['user']->getUsername(), '@comment' => $set['comment']->getSubject(), '@field' => $field])); $this->assertEqual($may_update, $set['user']->hasPermission('post comments') && $set['comment']->isNew(), SafeMarkup::format('User @user @state update field @field on comment @comment', ['@user' => $set['user']->getUsername(), '@state' => $may_update ? 'can' : 'cannot', '@comment' => $set['comment']->getSubject(), '@field' => $field])); } } // Check contact fields. foreach ($this->contactFields as $field) { // Check view operation. foreach ($permutations as $set) { $may_update = $set['comment']->{$field}->access('edit', $set['user']); // To edit the 'mail' or 'name' field, either the user has the // "administer comments" permissions or the user is anonymous and // adding a new comment using a field that allows contact details. $this->assertEqual($may_update, $set['user']->hasPermission('administer comments') || $set['user']->isAnonymous() && $set['comment']->isNew() && $set['user']->hasPermission('post comments') && $set['comment']->getFieldName() == 'comment_other', SafeMarkup::format('User @user @state update field @field on comment @comment', ['@user' => $set['user']->getUsername(), '@state' => $may_update ? 'can' : 'cannot', '@comment' => $set['comment']->getSubject(), '@field' => $field])); } } foreach ($permutations as $set) { // Check no view-access to mail field for other than admin. $may_view = $set['comment']->mail->access('view', $set['user']); $this->assertEqual($may_view, $set['user']->hasPermission('administer comments')); } }
/** * Provides the Switch user list. */ public function switchUserList() { $list_size = $this->configuration['list_size']; $include_anon = $this->configuration['include_anon']; $anon = new AnonymousUserSession(); $links = array(); if ($this->currentUser->hasPermission('switch users')) { if ($include_anon) { --$list_size; } $dest = $this->redirectDestination->getAsArray(); // Try to find at least $list_size users that can switch. // Inactive users are omitted from all of the following db selects. $roles = user_roles(TRUE, 'switch users'); $query = db_select('users', 'u'); $query->join('users_field_data', 'ufd'); $query->addField('u', 'uid'); $query->addField('ufd', 'access'); $query->distinct(); $query->condition('u.uid', 0, '>'); $query->condition('ufd.status', 0, '>'); $query->orderBy('ufd.access', 'DESC'); $query->range(0, $list_size); if (!isset($roles[DRUPAL_AUTHENTICATED_RID])) { $query->leftJoin('users_roles', 'r', 'u.uid = r.uid'); $or_condition = db_or(); $or_condition->condition('u.uid', 1); if (!empty($roles)) { $or_condition->condition('r.rid', array_keys($roles), 'IN'); } $query->condition($or_condition); } $uids = $query->execute()->fetchCol(); $accounts = user_load_multiple($uids); foreach ($accounts as $account) { $path = 'devel/switch/' . $account->name->value; $links[$account->id()] = array('title' => user_format_name($account), 'href' => $path, 'query' => $dest + array('token' => $this->csrfTokenGenerator->get($path)), 'attributes' => array('title' => t('This user can switch back.')), 'html' => TRUE, 'last_access' => $account->access->value); } $num_links = count($links); if ($num_links < $list_size) { // If we don't have enough, add distinct uids until we hit $list_size. $uids = db_query_range('SELECT u.uid FROM {users} u INNER JOIN {users_field_data} ufd WHERE u.uid > 0 AND u.uid NOT IN (:uids) AND ufd.status > 0 ORDER BY ufd.access DESC', 0, $list_size - $num_links, array(':uids' => array_keys($links)))->fetchCol(); $accounts = user_load_multiple($uids); foreach ($accounts as $account) { $path = 'devel/switch/' . $account->name->value; $links[$account->id()] = array('title' => user_format_name($account), 'href' => $path, 'query' => $dest + array('token' => $this->csrfTokenGenerator->get($path)), 'attributes' => array('title' => t('Caution: this user will be unable to switch back.')), 'last_access' => $account->access->value); } uasort($links, '_devel_switch_user_list_cmp'); } if ($include_anon) { $path = 'devel/switch'; $link = array('title' => $anon->getUsername(), 'href' => $path, 'query' => $dest + array('token' => $this->csrfTokenGenerator->get($path)), 'attributes' => array('title' => t('Caution: the anonymous user will be unable to switch back.'))); if ($this->currentUser->hasPermission('switch users')) { $link['title'] = SafeMarkup::placeholder($link['title']); $link['attributes'] = array('title' => t('This user can switch back.')); $link['html'] = TRUE; } $links[$anon->id()] = $link; } } if (array_key_exists($uid = $this->currentUser->id(), $links)) { $links[$uid]['title'] = '<strong>' . $links[$uid]['title'] . '</strong>'; } return $links; }