Issue #788114 by quicksketch, David_Rothstein, sun, Wim Leers: Unprivileged users should only get one text format by default.

2013-03-04 22:45:18 -05:00 · 2013-03-04 22:45:18 -05:00 · b9a4e9b7ab
parent 4d18e2965b
commit b9a4e9b7ab
11 changed files with 83 additions and 32 deletions
--- a/core/modules/block/lib/Drupal/block/Tests/BlockTest.php
+++ b/core/modules/block/lib/Drupal/block/Tests/BlockTest.php
@ -35,6 +35,12 @@ class BlockTest extends WebTestBase {
    // Use the test page as the front page.
    config('system.site')->set('page.front', 'test-page')->save();
    // Create Filtered HTML text format.
    $filtered_html_format = entity_create('filter_format', array(
      'format' => 'filtered_html',
      'name' => 'Filtered HTML',
    ));
    $filtered_html_format->save();
    // Create Full HTML text format.
    $full_html_format = entity_create('filter_format', array(
      'format' => 'full_html',
@ -47,6 +53,7 @@ class BlockTest extends WebTestBase {
    // text format.
    $this->adminUser = $this->drupalCreateUser(array(
      'administer blocks',
      filter_permission_name($filtered_html_format),
      filter_permission_name($full_html_format),
      'access administration pages',
    ));
--- a/core/modules/ckeditor/lib/Drupal/ckeditor/Tests/CKEditorLoadingTest.php
+++ b/core/modules/ckeditor/lib/Drupal/ckeditor/Tests/CKEditorLoadingTest.php
@ -46,6 +46,16 @@ class CKEditorLoadingTest extends WebTestBase {
    ));
    $editor->save();
    // Create a second format without an associated editor so a drop down select
    // list is created when selecting formats.
    $full_html_format = entity_create('filter_format', array(
      'format' => 'full_html',
      'name' => 'Full HTML',
      'weight' => 1,
      'filters' => array(),
    ));
    $full_html_format->save();
    // Create node type.
    $this->drupalCreateContentType(array(
      'type' => 'article',
@ -56,7 +66,7 @@ class CKEditorLoadingTest extends WebTestBase {
    //   - "untrusted": plain_text
    //   - "normal": plain_text, filtered_html
    $this->untrusted_user = $this->drupalCreateUser(array('create article content', 'edit any article content'));
-    $this->normal_user = $this->drupalCreateUser(array('create article content', 'edit any article content', 'use text format filtered_html'));
+    $this->normal_user = $this->drupalCreateUser(array('create article content', 'edit any article content', 'use text format filtered_html', 'use text format full_html'));
  }
  /**
--- a/core/modules/comment/lib/Drupal/comment/Tests/CommentPreviewTest.php
+++ b/core/modules/comment/lib/Drupal/comment/Tests/CommentPreviewTest.php
@ -48,7 +48,6 @@ class CommentPreviewTest extends CommentTestBase {
    config('user.settings')->set('signatures', 1)->save();
    $test_signature = $this->randomName();
    $edit['signature[value]'] = '<a href="http://example.com/">' . $test_signature. '</a>';
    $edit['signature[format]'] = 'filtered_html';
    $image = current($this->drupalGetTestFiles('image'));
    $edit['files[user_picture_und_0]'] = drupal_realpath($image->uri);
    $this->drupalPost('user/' . $this->web_user->uid . '/edit', $edit, t('Save'));
--- a/core/modules/editor/lib/Drupal/editor/Tests/EditorLoadingTest.php
+++ b/core/modules/editor/lib/Drupal/editor/Tests/EditorLoadingTest.php
@ -83,14 +83,11 @@ class EditorLoadingTest extends WebTestBase {
    $this->assertFalse($editor_settings_present, 'No Text Editor module settings.');
    $this->assertFalse($editor_js_present, 'No Text Editor JavaScript.');
    $this->assertTrue(count($body) === 1, 'A body field exists.');
-    $this->assertTrue(count($format_selector) === 1, 'A single text format selector exists on the page.');
+    $this->assertTrue(count($format_selector) === 0, 'No text format selector exists on the page because the user only has access to a single format.');
    $specific_format_selector = $this->xpath('//select[contains(@class, "filter-list") and not(contains(@class, "editor")) and not(@data-editor-for="edit-body-und-0-value")]');
    $this->assertTrue(count($specific_format_selector) === 1, 'A single text format selector exists on the page and does not have the "editor" class nor a "data-editor-for" attribute.');
    $this->drupalLogout($this->normal_user);
    // The normal user:
-    // - has access to 3 text formats;
+    // - has access to 2 text formats (and the fallback format);
    // - does have access to the full_html text format, so: Unicorn text editor.
    $this->drupalLogin($this->privileged_user);
    $this->drupalGet('node/add/article');
--- a/core/modules/filter/config/filter.settings.yml
+++ b/core/modules/filter/config/filter.settings.yml
@ -1 +1,2 @@
 fallback_format: plain_text
 always_show_fallback_choice: false
--- a/core/modules/filter/filter.admin.inc
+++ b/core/modules/filter/filter.admin.inc
@ -39,7 +39,12 @@ function filter_admin_overview($form) {
    $form['formats'][$id]['#is_fallback'] = ($id == $fallback_format);
    if ($form['formats'][$id]['#is_fallback']) {
      $form['formats'][$id]['name'] = array('#markup' => drupal_placeholder($format->name));
-      $roles_markup = drupal_placeholder(t('All roles may use this format'));
+      if (config('filter.settings')->get('always_show_fallback_choice')) {
        $roles_markup = drupal_placeholder(t('All roles may use this format'));
      }
      else {
        $roles_markup = drupal_placeholder(t('This format is shown when no other formats are available'));
      }
    }
    else {
      $form['formats'][$id]['name'] = array('#markup' => check_plain($format->name));
--- a/core/modules/filter/filter.module
+++ b/core/modules/filter/filter.module
@ -868,7 +868,6 @@ function filter_process_format($element) {
  $element['value'] += element_info($element['#base_type']);
  // Turn original element into a text format wrapper.
  $path = drupal_get_path('module', 'filter');
  $element['#attached']['library'][] = array('filter', 'drupal.filter');
  // Setup child container for the text format widget.
@ -877,14 +876,30 @@ function filter_process_format($element) {
    '#attributes' => array('class' => array('filter-wrapper')),
  );
  // Get a list of formats that the current user has access to.
  $formats = filter_formats($user);
  // Use the default format for this user if none was selected.
  if (!isset($element['#format'])) {
    $element['#format'] = filter_default_format($user);
  }
  // If multiple text formats are available, remove the fallback. The
  // "always_show_fallback_choice" is a hidden variable that has no UI. It
  // defaults to false.
  if (!config('filter.settings')->get('always_show_fallback_choice')) {
    $fallback_format = filter_fallback_format();
    if ($element['#format'] !== $fallback_format && count($formats) > 1) {
      unset($formats[$fallback_format]);
    }
  }
  // Prepare text format guidelines.
  $element['format']['guidelines'] = array(
    '#type' => 'container',
    '#attributes' => array('class' => array('filter-guidelines')),
    '#weight' => 20,
  );
  // Get a list of formats that the current user has access to.
  $formats = filter_formats($user);
  foreach ($formats as $format) {
    $options[$format->format] = $format->name;
    $element['format']['guidelines'][$format->format] = array(
@ -893,11 +908,6 @@ function filter_process_format($element) {
    );
  }
  // Use the default format for this user if none was selected.
  if (!isset($element['#format'])) {
    $element['#format'] = filter_default_format($user);
  }
  $element['format']['format'] = array(
    '#type' => 'select',
    '#title' => t('Text format'),
--- a/core/modules/filter/lib/Drupal/filter/Tests/FilterAdminTest.php
+++ b/core/modules/filter/lib/Drupal/filter/Tests/FilterAdminTest.php
@ -236,11 +236,19 @@ class FilterAdminTest extends WebTestBase {
    $this->assertRaw($body . $extra_text, 'Filter removed invalid tag.');
    // Use plain text and see if it escapes all tags, whether allowed or not.
    // In order to test plain text, we have to enable the hidden variable for
    // "show_fallback_format", which displays plain text in the format list.
    config('filter.settings')
      ->set('always_show_fallback_choice', TRUE)
      ->save();
    $edit = array();
    $edit["body[$langcode][0][format]"] = $plain;
    $this->drupalPost('node/' . $node->nid . '/edit', $edit, t('Save'));
    $this->drupalGet('node/' . $node->nid);
    $this->assertText(check_plain($text), 'The "Plain text" text format escapes all HTML tags.');
    config('filter.settings')
      ->set('always_show_fallback_choice', FALSE)
      ->save();
    // Switch user.
    $this->drupalLogout();
--- a/core/modules/filter/lib/Drupal/filter/Tests/FilterFormatAccessTest.php
+++ b/core/modules/filter/lib/Drupal/filter/Tests/FilterFormatAccessTest.php
@ -41,6 +41,13 @@ class FilterFormatAccessTest extends WebTestBase {
   */
  protected $allowed_format;
  /**
   * An object representing a secondary allowed text format.
   *
   * @var object
   */
  protected $second_allowed_format;
  /**
   * An object representing a disallowed text format.
   *
@ -69,10 +76,11 @@ class FilterFormatAccessTest extends WebTestBase {
      'edit any page content',
    ));
-    // Create two text formats.
+    // Create three text formats. Two text formats are created for all users so
    // that the drop-down list appears for all tests.
    $this->drupalLogin($this->filter_admin_user);
    $formats = array();
-    for ($i = 0; $i < 2; $i++) {
+    for ($i = 0; $i < 3; $i++) {
      $edit = array(
        'format' => drupal_strtolower($this->randomName()),
        'name' => $this->randomName(),
@ -81,22 +89,24 @@ class FilterFormatAccessTest extends WebTestBase {
      $this->resetFilterCaches();
      $formats[] = filter_format_load($edit['format']);
    }
-    list($this->allowed_format, $this->disallowed_format) = $formats;
+    list($this->allowed_format, $this->second_allowed_format, $this->disallowed_format) = $formats;
    $this->drupalLogout();
-    // Create a regular user with access to one of the formats.
+    // Create a regular user with access to two of the formats.
    $this->web_user = $this->drupalCreateUser(array(
      'create page content',
      'edit any page content',
      filter_permission_name($this->allowed_format),
      filter_permission_name($this->second_allowed_format),
    ));
-    // Create an administrative user who has access to use both formats.
+    // Create an administrative user who has access to use all three formats.
    $this->admin_user = $this->drupalCreateUser(array(
      'administer filters',
      'create page content',
      'edit any page content',
      filter_permission_name($this->allowed_format),
      filter_permission_name($this->second_allowed_format),
      filter_permission_name($this->disallowed_format),
    ));
  }
@ -105,8 +115,8 @@ class FilterFormatAccessTest extends WebTestBase {
   * Tests the Filter format access permissions functionality.
   */
  function testFormatPermissions() {
-    // Make sure that a regular user only has access to the text format they
+    // Make sure that a regular user only has access to the text formats for
-    // were granted access to, as well to the fallback format.
+    // which they were granted access.
    $this->assertTrue(filter_access($this->allowed_format, $this->web_user), 'A regular user has access to a text format they were granted access to.');
    $this->assertFalse(filter_access($this->disallowed_format, $this->web_user), 'A regular user does not have access to a text format they were not granted access to.');
    $this->assertTrue(filter_access(filter_format_load(filter_fallback_format()), $this->web_user), 'A regular user has access to the fallback format.');
@ -137,7 +147,7 @@ class FilterFormatAccessTest extends WebTestBase {
    }
    $this->assertTrue(isset($options[$this->allowed_format->format]), 'The allowed text format appears as an option when adding a new node.');
    $this->assertFalse(isset($options[$this->disallowed_format->format]), 'The disallowed text format does not appear as an option when adding a new node.');
-    $this->assertTrue(isset($options[filter_fallback_format()]), 'The fallback format appears as an option when adding a new node.');
+    $this->assertFalse(isset($options[filter_fallback_format()]), 'The fallback format does not appear as an option when adding a new node.');
    // Check regular user access to the filter tips pages.
    $this->drupalGet('filter/tips/' . $this->allowed_format->format);
--- a/core/modules/search/lib/Drupal/search/Tests/SearchCommentCountToggleTest.php
+++ b/core/modules/search/lib/Drupal/search/Tests/SearchCommentCountToggleTest.php
@ -59,8 +59,6 @@ class SearchCommentCountToggleTest extends SearchTestBase {
    $edit_comment = array();
    $edit_comment['subject'] = $this->randomName();
    $edit_comment['comment_body[' . LANGUAGE_NOT_SPECIFIED . '][0][value]'] = $this->randomName();
    $filtered_html_format_id = 'filtered_html';
    $edit_comment['comment_body[' . LANGUAGE_NOT_SPECIFIED . '][0][format]'] = $filtered_html_format_id;
    // Post comment to the test node with comment
    $this->drupalPost('comment/reply/' . $this->searchable_nodes['1 comment']->nid, $edit_comment, t('Save'));
--- a/core/modules/user/lib/Drupal/user/Tests/UserSignatureTest.php
+++ b/core/modules/user/lib/Drupal/user/Tests/UserSignatureTest.php
@ -39,11 +39,19 @@ class UserSignatureTest extends WebTestBase {
    $this->drupalCreateContentType(array('type' => 'page', 'name' => 'Basic page'));
    // Prefetch and create text formats.
    $this->plain_text_format = filter_format_load('plain_text');
    $this->filtered_html_format = entity_create('filter_format', array(
-      'format' => 'filtered_html',
+      'format' => 'filtered_html_format',
      'name' => 'Filtered HTML',
      'weight' => -1,
      'filters' => array(
        'filter_html' => array(
          'module' => 'filter',
          'status' => '1',
          'settings' => array(
            'allowed_html' => '<a> <em> <strong>',
          ),
        ),
      ),
    ));
    $this->filtered_html_format->save();
@ -85,13 +93,11 @@ class UserSignatureTest extends WebTestBase {
    $signature_text = "<h1>" . $this->randomName() . "</h1>";
    $edit = array(
      'signature[value]' => $signature_text,
      'signature[format]' => $this->plain_text_format->format,
    );
    $this->drupalPost('user/' . $this->web_user->uid . '/edit', $edit, t('Save'));
    // Verify that values were stored.
    $this->assertFieldByName('signature[value]', $edit['signature[value]'], 'Submitted signature text found.');
    $this->assertFieldByName('signature[format]', $edit['signature[format]'], 'Submitted signature format found.');
    // Create a comment.
    $langcode = LANGUAGE_NOT_SPECIFIED;
@ -115,6 +121,6 @@ class UserSignatureTest extends WebTestBase {
    // Assert that the signature did not make it through unfiltered.
    $this->drupalGet('node/' . $node->nid);
    $this->assertNoRaw($signature_text, 'Unfiltered signature text not found.');
-    $this->assertRaw(check_markup($signature_text, $this->plain_text_format->format), 'Filtered signature text found.');
+    $this->assertRaw(check_markup($signature_text, $this->filtered_html_format->format), 'Filtered signature text found.');
  }
 }
`@ -1 +1,2 @@`
	`fallback_format: plain_text`	`fallback_format: plain_text`
		`always_show_fallback_choice: false`