Drupal
/
drupal
mirror of https://git.drupalcode.org/project/drupal.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Issue #3414800 by plopesc, smustgrave: Access check in AnnounceBlock does not take into account $return_as_object parameter 

(cherry picked from commit 7025180d11)
merge-requests/6924/head
Dave Long 2024-01-24 22:44:03 +00:00
parent 1cab00ca64
commit 67bb7069a0
No known key found for this signature in database
GPG Key ID: ED52AE211E142771
2 changed files with 23 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
core/modules/announcements_feed/src/Plugin/Block/AnnounceBlock.php
View File

@ -6,6 +6,7 @@ namespace Drupal\announcements_feed\Plugin\Block;
use Drupal\announcements_feed\AnnounceRenderer;
use Drupal\Core\Access\AccessResult;
use Drupal\Core\Access\AccessResultInterface;
use Drupal\Core\Block\BlockBase;
use Drupal\Core\Plugin\ContainerFactoryPluginInterface;
use Drupal\Core\Session\AccountInterface;
@ -34,37 +35,34 @@ class AnnounceBlock extends BlockBase implements ContainerFactoryPluginInterface
* The plugin implementation definition.
* @param \Drupal\announcements_feed\AnnounceRenderer $announceRenderer
* The AnnounceRenderer service.
* @param \Drupal\Core\Session\AccountInterface $currentUser
* The current user.
*/
public function __construct(array $configuration, $plugin_id, $plugin_definition, protected AnnounceRenderer $announceRenderer, protected AccountInterface $currentUser) {
public function __construct(array $configuration, $plugin_id, $plugin_definition, protected AnnounceRenderer $announceRenderer) {
parent::__construct($configuration, $plugin_id, $plugin_definition);
}
/**
* {@inheritdoc}
*/
public static function create(ContainerInterface $container, array $configuration, $plugin_id, $plugin_definition) {
public static function create(ContainerInterface $container, array $configuration, $plugin_id, $plugin_definition): static {
return new static(
$configuration,
$plugin_id,
$plugin_definition,
$container->get('announcements_feed.renderer'),
$container->get('current_user')
$container->get('announcements_feed.renderer')
);
}
/**
* {@inheritdoc}
*/
public function access(AccountInterface $account, $return_as_object = FALSE) {
return AccessResult::allowedIfHasPermission($this->currentUser, 'access announcements');
public function blockAccess(AccountInterface $account): AccessResultInterface {
return AccessResult::allowedIfHasPermission($account, 'access announcements');
}
/**
* {@inheritdoc}
*/
public function build() {
public function build(): array {
return $this->announceRenderer->render();
}

20
core/modules/announcements_feed/tests/src/FunctionalJavascript/AnnounceBlockTest.php
View File

@ -5,6 +5,10 @@ declare(strict_types=1);
namespace Drupal\Tests\announcements_feed\FunctionalJavascript;
use Drupal\announce_feed_test\AnnounceTestHttpClientMiddleware;
use Drupal\block\BlockInterface;
use Drupal\Core\Access\AccessResultAllowed;
use Drupal\Core\Access\AccessResultNeutral;
use Drupal\Core\Session\AnonymousUserSession;
use Drupal\FunctionalJavascriptTests\WebDriverTestBase;
/**
@ -30,9 +34,9 @@ class AnnounceBlockTest extends WebDriverTestBase {
/**
* The announce block instance.
*
* @var \Drupal\block\Entity\Block
* @var \Drupal\block\BlockInterface
*/
protected $announceBlock;
protected BlockInterface $announceBlock;
/**
* {@inheritdoc}
@ -48,11 +52,13 @@ class AnnounceBlockTest extends WebDriverTestBase {
/**
* Testing announce feed block visibility.
*/
public function testAnnounceWithoutPermission() {
// User with "access announcements" permission.
public function testAnnounceWithoutPermission(): void {
// User with "access announcements" permission and anonymous session.
$account = $this->drupalCreateUser([
'access announcements',
]);
$anonymous_account = new AnonymousUserSession();
$this->drupalLogin($account);
$this->drupalGet('<front>');
@ -65,6 +71,12 @@ class AnnounceBlockTest extends WebDriverTestBase {
$this->drupalLogout();
$assert_session->pageTextNotContains('Announcements Feed');
// Test access() method return type.
$this->assertTrue($this->announceBlock->getPlugin()->access($account));
$this->assertInstanceOf(AccessResultAllowed::class, $this->announceBlock->getPlugin()->access($account, TRUE));
$this->assertFalse($this->announceBlock->getPlugin()->access($anonymous_account));
$this->assertInstanceOf(AccessResultNeutral::class, $this->announceBlock->getPlugin()->access($anonymous_account, TRUE));
}
}