Drupal
/
drupal
mirror of https://git.drupalcode.org/project/drupal.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Issue #3414800 by plopesc, smustgrave: Access check in AnnounceBlock does not take into account $return_as_object parameter 

(cherry picked from commit 7025180d11)
merge-requests/6924/head
Dave Long 2024-01-24 22:44:03 +00:00
parent 1cab00ca64
commit 67bb7069a0
No known key found for this signature in database
GPG Key ID: ED52AE211E142771
2 changed files with 23 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
core/modules/announcements_feed/src/Plugin/Block/AnnounceBlock.php
View File

@ -6,6 +6,7 @@ namespace Drupal\announcements_feed\Plugin\Block;
use Drupal\announcements_feed\AnnounceRenderer; use Drupal\announcements_feed\AnnounceRenderer;
use Drupal\Core\Access\AccessResult; use Drupal\Core\Access\AccessResult;
use Drupal\Core\Access\AccessResultInterface;
use Drupal\Core\Block\BlockBase; use Drupal\Core\Block\BlockBase;
use Drupal\Core\Plugin\ContainerFactoryPluginInterface; use Drupal\Core\Plugin\ContainerFactoryPluginInterface;
use Drupal\Core\Session\AccountInterface; use Drupal\Core\Session\AccountInterface;
@ -34,37 +35,34 @@ class AnnounceBlock extends BlockBase implements ContainerFactoryPluginInterface
* The plugin implementation definition. * The plugin implementation definition.
* @param \Drupal\announcements_feed\AnnounceRenderer $announceRenderer * @param \Drupal\announcements_feed\AnnounceRenderer $announceRenderer
* The AnnounceRenderer service. * The AnnounceRenderer service.
* @param \Drupal\Core\Session\AccountInterface $currentUser
* The current user.
*/ */
public function __construct(array $configuration, $plugin_id, $plugin_definition, protected AnnounceRenderer $announceRenderer, protected AccountInterface $currentUser) { public function __construct(array $configuration, $plugin_id, $plugin_definition, protected AnnounceRenderer $announceRenderer) {
parent::__construct($configuration, $plugin_id, $plugin_definition); parent::__construct($configuration, $plugin_id, $plugin_definition);
} }
/** /**
* {@inheritdoc} * {@inheritdoc}
*/ */
public static function create(ContainerInterface $container, array $configuration, $plugin_id, $plugin_definition) { public static function create(ContainerInterface $container, array $configuration, $plugin_id, $plugin_definition): static {
return new static( return new static(
$configuration, $configuration,
$plugin_id, $plugin_id,
$plugin_definition, $plugin_definition,
$container->get('announcements_feed.renderer'), $container->get('announcements_feed.renderer')
$container->get('current_user')
); );
} }
/** /**
* {@inheritdoc} * {@inheritdoc}
*/ */
public function access(AccountInterface $account, $return_as_object = FALSE) { public function blockAccess(AccountInterface $account): AccessResultInterface {
return AccessResult::allowedIfHasPermission($this->currentUser, 'access announcements'); return AccessResult::allowedIfHasPermission($account, 'access announcements');
} }
/** /**
* {@inheritdoc} * {@inheritdoc}
*/ */
public function build() { public function build(): array {
return $this->announceRenderer->render(); return $this->announceRenderer->render();
} }

20
core/modules/announcements_feed/tests/src/FunctionalJavascript/AnnounceBlockTest.php
View File

@ -5,6 +5,10 @@ declare(strict_types=1);
namespace Drupal\Tests\announcements_feed\FunctionalJavascript; namespace Drupal\Tests\announcements_feed\FunctionalJavascript;
use Drupal\announce_feed_test\AnnounceTestHttpClientMiddleware; use Drupal\announce_feed_test\AnnounceTestHttpClientMiddleware;
use Drupal\block\BlockInterface;
use Drupal\Core\Access\AccessResultAllowed;
use Drupal\Core\Access\AccessResultNeutral;
use Drupal\Core\Session\AnonymousUserSession;
use Drupal\FunctionalJavascriptTests\WebDriverTestBase; use Drupal\FunctionalJavascriptTests\WebDriverTestBase;
/** /**
@ -30,9 +34,9 @@ class AnnounceBlockTest extends WebDriverTestBase {
/** /**
* The announce block instance. * The announce block instance.
* *
* @var \Drupal\block\Entity\Block * @var \Drupal\block\BlockInterface
*/ */
protected $announceBlock; protected BlockInterface $announceBlock;
/** /**
* {@inheritdoc} * {@inheritdoc}
@ -48,11 +52,13 @@ class AnnounceBlockTest extends WebDriverTestBase {
/** /**
* Testing announce feed block visibility. * Testing announce feed block visibility.
*/ */
public function testAnnounceWithoutPermission() { public function testAnnounceWithoutPermission(): void {
// User with "access announcements" permission. // User with "access announcements" permission and anonymous session.
$account = $this->drupalCreateUser([ $account = $this->drupalCreateUser([
'access announcements', 'access announcements',
]); ]);
$anonymous_account = new AnonymousUserSession();
$this->drupalLogin($account); $this->drupalLogin($account);
$this->drupalGet('<front>'); $this->drupalGet('<front>');
@ -65,6 +71,12 @@ class AnnounceBlockTest extends WebDriverTestBase {
$this->drupalLogout(); $this->drupalLogout();
$assert_session->pageTextNotContains('Announcements Feed'); $assert_session->pageTextNotContains('Announcements Feed');
// Test access() method return type.
$this->assertTrue($this->announceBlock->getPlugin()->access($account));
$this->assertInstanceOf(AccessResultAllowed::class, $this->announceBlock->getPlugin()->access($account, TRUE));
$this->assertFalse($this->announceBlock->getPlugin()->access($anonymous_account));
$this->assertInstanceOf(AccessResultNeutral::class, $this->announceBlock->getPlugin()->access($anonymous_account, TRUE));
} }
} }