Revert "Issue #2799049 by AaronBauman, jungle, hussainweb, Neograph734, a_mitch, anmolgoyal74, Hardik_Patel_12, geek-merlin, cilefen, eblue, fmueller_previon, Anas_maw, rensingh99, Abhijith S, yepa, Ruchi Joshi, Stephen Ollman, dww, alexpott, catch, benjifisher, Wim Leers: Add new permission to view user email field"
This reverts commit 84c8b1e1d9.
merge-requests/539/head
catch
parent
f9506b82ec
commit
311bc9114d
|
|
@ -412,18 +412,6 @@ class UserTest extends ResourceTestBase {
|
||||||
$this->assertArrayNotHasKey('mail', $doc['data'][2]['attributes']);
|
$this->assertArrayNotHasKey('mail', $doc['data'][2]['attributes']);
|
||||||
$this->assertSame($user_b->uuid(), $doc['data'][count($doc['data']) - 1]['id']);
|
$this->assertSame($user_b->uuid(), $doc['data'][count($doc['data']) - 1]['id']);
|
||||||
$this->assertArrayHasKey('mail', $doc['data'][count($doc['data']) - 1]['attributes']);
|
$this->assertArrayHasKey('mail', $doc['data'][count($doc['data']) - 1]['attributes']);
|
||||||
|
|
||||||
// Now grant permission to access user mail and verify.
|
|
||||||
$this->grantPermissionsToTestedRole(['access user mail']);
|
|
||||||
// Viewing user A as user B: "mail" field should be accessible.
|
|
||||||
$response = $this->request('GET', $user_a_url, $request_options);
|
|
||||||
$doc = Json::decode((string) $response->getBody());
|
|
||||||
$this->assertArrayHasKey('mail', $doc['data']['attributes']);
|
|
||||||
// Also when looking at the collection.
|
|
||||||
$response = $this->request('GET', $collection_url, $request_options);
|
|
||||||
$doc = Json::decode((string) $response->getBody());
|
|
||||||
$this->assertSame($user_a->uuid(), $doc['data']['2']['id']);
|
|
||||||
$this->assertArrayHasKey('mail', $doc['data'][2]['attributes']);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
||||||
|
|
@ -113,15 +113,10 @@ class UserAccessControlHandler extends EntityAccessControlHandler {
|
||||||
return AccessResult::neutral();
|
return AccessResult::neutral();
|
||||||
}
|
}
|
||||||
|
|
||||||
case 'mail':
|
|
||||||
// Only check for the access user mail permission and a view operation.
|
|
||||||
// Use case fall-through for all other cases.
|
|
||||||
if ($operation == 'view' && $account->hasPermission('access user mail')) {
|
|
||||||
return AccessResult::allowed()->cachePerPermissions();
|
|
||||||
}
|
|
||||||
case 'preferred_langcode':
|
case 'preferred_langcode':
|
||||||
case 'preferred_admin_langcode':
|
case 'preferred_admin_langcode':
|
||||||
case 'timezone':
|
case 'timezone':
|
||||||
|
case 'mail':
|
||||||
// Allow view access to own mail address and other personalization
|
// Allow view access to own mail address and other personalization
|
||||||
// settings.
|
// settings.
|
||||||
if ($operation == 'view') {
|
if ($operation == 'view') {
|
||||||
|
|
|
||||||
|
|
@ -32,13 +32,6 @@ class UserAccessControlHandlerTest extends UnitTestCase {
|
||||||
*/
|
*/
|
||||||
protected $viewer;
|
protected $viewer;
|
||||||
|
|
||||||
/**
|
|
||||||
* The mock user account with 'access user mail' permission.
|
|
||||||
*
|
|
||||||
* @var \Drupal\Core\Session\AccountInterface
|
|
||||||
*/
|
|
||||||
protected $emailViewer;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* The mock user account that is able to change their own account name.
|
* The mock user account that is able to change their own account name.
|
||||||
*
|
*
|
||||||
|
|
@ -103,18 +96,6 @@ class UserAccessControlHandlerTest extends UnitTestCase {
|
||||||
->method('hasPermission')
|
->method('hasPermission')
|
||||||
->will($this->returnValue(TRUE));
|
->will($this->returnValue(TRUE));
|
||||||
|
|
||||||
$this->emailViewer = $this->createMock('\Drupal\Core\Session\AccountInterface');
|
|
||||||
$this->emailViewer
|
|
||||||
->expects($this->any())
|
|
||||||
->method('hasPermission')
|
|
||||||
->will($this->returnValueMap([
|
|
||||||
['access user mail', TRUE],
|
|
||||||
]));
|
|
||||||
$this->emailViewer
|
|
||||||
->expects($this->any())
|
|
||||||
->method('id')
|
|
||||||
->will($this->returnValue(3));
|
|
||||||
|
|
||||||
$entity_type = $this->createMock('Drupal\Core\Entity\EntityTypeInterface');
|
$entity_type = $this->createMock('Drupal\Core\Entity\EntityTypeInterface');
|
||||||
|
|
||||||
$this->accessControlHandler = new UserAccessControlHandler($entity_type);
|
$this->accessControlHandler = new UserAccessControlHandler($entity_type);
|
||||||
|
|
@ -259,14 +240,6 @@ class UserAccessControlHandlerTest extends UnitTestCase {
|
||||||
'view' => TRUE,
|
'view' => TRUE,
|
||||||
'edit' => TRUE,
|
'edit' => TRUE,
|
||||||
];
|
];
|
||||||
$access_info[] = [
|
|
||||||
'field' => $field,
|
|
||||||
'viewer' => 'emailViewer',
|
|
||||||
'target' => 'owner',
|
|
||||||
'view' => $field === 'mail',
|
|
||||||
// See note above.
|
|
||||||
'edit' => TRUE,
|
|
||||||
];
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return $access_info;
|
return $access_info;
|
||||||
|
|
|
||||||
|
|
@ -11,9 +11,6 @@ administer users:
|
||||||
restrict access: true
|
restrict access: true
|
||||||
access user profiles:
|
access user profiles:
|
||||||
title: 'View user information'
|
title: 'View user information'
|
||||||
access user mail:
|
|
||||||
title: 'View user email addresses'
|
|
||||||
description: 'Users without this permission will not have access to email addresses on user pages or other places where they might be shown, such as Views and JSON:API responses.'
|
|
||||||
change own username:
|
change own username:
|
||||||
title: 'Change own username'
|
title: 'Change own username'
|
||||||
select account cancellation method:
|
select account cancellation method:
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue