Issue #2087253 by olli: Views entity area handler does not check view access.
webchick
parent
acdc6714aa
commit
b9dd442912
|
|
@ -544,6 +544,7 @@ function entity_test_entity_prepare_view($entity_type, array $entities, array $d
|
|||
*/
|
||||
function entity_test_entity_access(EntityInterface $entity, $operation, AccountInterface $account, $langcode) {
|
||||
\Drupal::state()->set('entity_test_entity_access', TRUE);
|
||||
return \Drupal::state()->get("entity_test_entity_access.{$operation}." . $entity->id(), NULL);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -46,6 +46,7 @@ class Entity extends TokenizeAreaPluginBase {
|
|||
|
||||
$options['entity_id'] = array('default' => '');
|
||||
$options['view_mode'] = array('default' => 'default');
|
||||
$options['bypass_access'] = array('default' => FALSE);
|
||||
|
||||
return $options;
|
||||
}
|
||||
|
|
@ -69,6 +70,13 @@ class Entity extends TokenizeAreaPluginBase {
|
|||
'#type' => 'textfield',
|
||||
'#default_value' => $this->options['entity_id'],
|
||||
);
|
||||
|
||||
$form['bypass_access'] = array(
|
||||
'#type' => 'checkbox',
|
||||
'#title' => t('Bypass access checks'),
|
||||
'#description' => t('If enabled, access permissions for rendering the entity are not checked.'),
|
||||
'#default_value' => !empty($this->options['bypass_access']),
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -93,7 +101,8 @@ class Entity extends TokenizeAreaPluginBase {
|
|||
public function render($empty = FALSE) {
|
||||
if (!$empty || !empty($this->options['empty'])) {
|
||||
$entity_id = $this->tokenizeValue($this->options['entity_id']);
|
||||
if ($entity = entity_load($this->entityType, $entity_id)) {
|
||||
$entity = entity_load($this->entityType, $entity_id);
|
||||
if ($entity && (!empty($this->options['bypass_access']) || $entity->access('view'))) {
|
||||
return entity_view($entity, $this->options['view_mode']);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@
|
|||
namespace Drupal\views\Tests\Handler;
|
||||
|
||||
use Drupal\views\Tests\ViewTestBase;
|
||||
use Drupal\views\Tests\ViewUnitTestBase;
|
||||
use Drupal\views\Views;
|
||||
|
||||
/**
|
||||
* Tests the generic entity area handler.
|
||||
|
|
@ -79,12 +79,13 @@ class AreaEntityTest extends ViewTestBase {
|
|||
public function testEntityArea() {
|
||||
|
||||
$entities = array();
|
||||
for ($i = 0; $i < 2; $i++) {
|
||||
for ($i = 0; $i < 3; $i++) {
|
||||
$random_label = $this->randomName();
|
||||
$data = array('bundle' => 'entity_test', 'name' => $random_label);
|
||||
$entity_test = $this->container->get('entity.manager')->getStorageController('entity_test')->create($data);
|
||||
$entity_test->save();
|
||||
$entities[] = $entity_test;
|
||||
\Drupal::state()->set('entity_test_entity_access.view.' . $entity_test->id(), $i != 2);
|
||||
}
|
||||
|
||||
$view = views_get_view('test_entity_area');
|
||||
|
|
@ -112,6 +113,13 @@ class AreaEntityTest extends ViewTestBase {
|
|||
$this->assertTrue(strpos(trim((string) $result[0]), $entities[0]->label()) !== FALSE, 'The rendered entity appears in the header of the view.');
|
||||
$this->assertTrue(strpos(trim((string) $result[0]), 'test') !== FALSE, 'The rendered entity appeared in the right view mode.');
|
||||
|
||||
// Test entity access.
|
||||
$view = Views::getView('test_entity_area');
|
||||
$preview = $view->preview('default', array($entities[2]->id()));
|
||||
$this->drupalSetContent(drupal_render($preview));
|
||||
$result = $this->xpath('//div[@class = "view-footer"]');
|
||||
$this->assertTrue(strpos($result[0], $entities[2]->label()) === FALSE, 'The rendered entity does not appear in the footer of the view.');
|
||||
|
||||
// Test the available view mode options.
|
||||
$form = array();
|
||||
$form_state = array();
|
||||
|
|
|
|||
Loading…
Reference in New Issue