Drupal
/
drupal
mirror of https://git.drupalcode.org/project/drupal.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Issue #2087253 by olli: Views entity area handler does not check view access.

8.0.x
webchick 2013-11-23 13:16:33 -08:00
parent acdc6714aa
commit b9dd442912
3 changed files with 21 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
core/modules/system/tests/modules/entity_test/entity_test.module
View File

@ -544,6 +544,7 @@ function entity_test_entity_prepare_view($entity_type, array $entities, array $d
*/ */
function entity_test_entity_access(EntityInterface $entity, $operation, AccountInterface $account, $langcode) { function entity_test_entity_access(EntityInterface $entity, $operation, AccountInterface $account, $langcode) {
\Drupal::state()->set('entity_test_entity_access', TRUE); \Drupal::state()->set('entity_test_entity_access', TRUE);
return \Drupal::state()->get("entity_test_entity_access.{$operation}." . $entity->id(), NULL);
} }
/** /**

11
core/modules/views/lib/Drupal/views/Plugin/views/area/Entity.php
View File

@ -46,6 +46,7 @@ class Entity extends TokenizeAreaPluginBase {
$options['entity_id'] = array('default' => ''); $options['entity_id'] = array('default' => '');
$options['view_mode'] = array('default' => 'default'); $options['view_mode'] = array('default' => 'default');
$options['bypass_access'] = array('default' => FALSE);
return $options; return $options;
} }
@ -69,6 +70,13 @@ class Entity extends TokenizeAreaPluginBase {
'#type' => 'textfield', '#type' => 'textfield',
'#default_value' => $this->options['entity_id'], '#default_value' => $this->options['entity_id'],
); );
$form['bypass_access'] = array(
'#type' => 'checkbox',
'#title' => t('Bypass access checks'),
'#description' => t('If enabled, access permissions for rendering the entity are not checked.'),
'#default_value' => !empty($this->options['bypass_access']),
);
} }
/** /**
@ -93,7 +101,8 @@ class Entity extends TokenizeAreaPluginBase {
public function render($empty = FALSE) { public function render($empty = FALSE) {
if (!$empty || !empty($this->options['empty'])) { if (!$empty || !empty($this->options['empty'])) {
$entity_id = $this->tokenizeValue($this->options['entity_id']); $entity_id = $this->tokenizeValue($this->options['entity_id']);
if ($entity = entity_load($this->entityType, $entity_id)) { $entity = entity_load($this->entityType, $entity_id);
if ($entity && (!empty($this->options['bypass_access']) || $entity->access('view'))) {
return entity_view($entity, $this->options['view_mode']); return entity_view($entity, $this->options['view_mode']);
} }
} }

12
core/modules/views/lib/Drupal/views/Tests/Handler/AreaEntityTest.php
View File

@ -8,7 +8,7 @@
namespace Drupal\views\Tests\Handler; namespace Drupal\views\Tests\Handler;
use Drupal\views\Tests\ViewTestBase; use Drupal\views\Tests\ViewTestBase;
use Drupal\views\Tests\ViewUnitTestBase; use Drupal\views\Views;
/** /**
* Tests the generic entity area handler. * Tests the generic entity area handler.
@ -79,12 +79,13 @@ class AreaEntityTest extends ViewTestBase {
public function testEntityArea() { public function testEntityArea() {
$entities = array(); $entities = array();
for ($i = 0; $i < 2; $i++) { for ($i = 0; $i < 3; $i++) {
$random_label = $this->randomName(); $random_label = $this->randomName();
$data = array('bundle' => 'entity_test', 'name' => $random_label); $data = array('bundle' => 'entity_test', 'name' => $random_label);
$entity_test = $this->container->get('entity.manager')->getStorageController('entity_test')->create($data); $entity_test = $this->container->get('entity.manager')->getStorageController('entity_test')->create($data);
$entity_test->save(); $entity_test->save();
$entities[] = $entity_test; $entities[] = $entity_test;
\Drupal::state()->set('entity_test_entity_access.view.' . $entity_test->id(), $i != 2);
} }
$view = views_get_view('test_entity_area'); $view = views_get_view('test_entity_area');
@ -112,6 +113,13 @@ class AreaEntityTest extends ViewTestBase {
$this->assertTrue(strpos(trim((string) $result[0]), $entities[0]->label()) !== FALSE, 'The rendered entity appears in the header of the view.'); $this->assertTrue(strpos(trim((string) $result[0]), $entities[0]->label()) !== FALSE, 'The rendered entity appears in the header of the view.');
$this->assertTrue(strpos(trim((string) $result[0]), 'test') !== FALSE, 'The rendered entity appeared in the right view mode.'); $this->assertTrue(strpos(trim((string) $result[0]), 'test') !== FALSE, 'The rendered entity appeared in the right view mode.');
// Test entity access.
$view = Views::getView('test_entity_area');
$preview = $view->preview('default', array($entities[2]->id()));
$this->drupalSetContent(drupal_render($preview));
$result = $this->xpath('//div[@class = "view-footer"]');
$this->assertTrue(strpos($result[0], $entities[2]->label()) === FALSE, 'The rendered entity does not appear in the footer of the view.');
// Test the available view mode options. // Test the available view mode options.
$form = array(); $form = array();
$form_state = array(); $form_state = array();