From cb03af1056c0e9d4638576e49b8a5b67c2453588 Mon Sep 17 00:00:00 2001 From: Alex Pott Date: Tue, 26 Mar 2019 11:33:43 +0000 Subject: [PATCH] Issue #3030477 by Manuel Garcia, Anas_maw: Views filter "Published status or admin user" not checking "View any unpublished content" permission --- .../content_moderation.views_execution.inc | 18 ++++++++++++++++++ .../node/src/Plugin/views/filter/Status.php | 6 +++++- .../src/Functional/Views/StatusExtraTest.php | 14 ++++++++++++++ 3 files changed, 37 insertions(+), 1 deletion(-) create mode 100644 core/modules/content_moderation/content_moderation.views_execution.inc diff --git a/core/modules/content_moderation/content_moderation.views_execution.inc b/core/modules/content_moderation/content_moderation.views_execution.inc new file mode 100644 index 000000000000..fcf5f95dc4b5 --- /dev/null +++ b/core/modules/content_moderation/content_moderation.views_execution.inc @@ -0,0 +1,18 @@ + intval($account->hasPermission('view any unpublished content')), + ]; +} diff --git a/core/modules/node/src/Plugin/views/filter/Status.php b/core/modules/node/src/Plugin/views/filter/Status.php index bd1fcd309bd6..3f841f1b9b94 100644 --- a/core/modules/node/src/Plugin/views/filter/Status.php +++ b/core/modules/node/src/Plugin/views/filter/Status.php @@ -24,7 +24,11 @@ class Status extends FilterPluginBase { public function query() { $table = $this->ensureMyTable(); - $this->query->addWhereExpression($this->options['group'], "$table.status = 1 OR ($table.uid = ***CURRENT_USER*** AND ***CURRENT_USER*** <> 0 AND ***VIEW_OWN_UNPUBLISHED_NODES*** = 1) OR ***BYPASS_NODE_ACCESS*** = 1"); + $snippet = "$table.status = 1 OR ($table.uid = ***CURRENT_USER*** AND ***CURRENT_USER*** <> 0 AND ***VIEW_OWN_UNPUBLISHED_NODES*** = 1) OR ***BYPASS_NODE_ACCESS*** = 1"; + if ($this->moduleHandler->moduleExists('content_moderation')) { + $snippet .= ' OR ***VIEW_ANY_UNPUBLISHED_NODES*** = 1'; + } + $this->query->addWhereExpression($this->options['group'], $snippet); } /** diff --git a/core/modules/node/tests/src/Functional/Views/StatusExtraTest.php b/core/modules/node/tests/src/Functional/Views/StatusExtraTest.php index 7961088c48e7..0bccbdd2c63d 100644 --- a/core/modules/node/tests/src/Functional/Views/StatusExtraTest.php +++ b/core/modules/node/tests/src/Functional/Views/StatusExtraTest.php @@ -12,6 +12,11 @@ use Drupal\node\NodeInterface; */ class StatusExtraTest extends NodeTestBase { + /** + * {@inheritdoc} + */ + public static $modules = ['node_test_views', 'content_moderation']; + /** * Views used by this test. * @@ -26,6 +31,7 @@ class StatusExtraTest extends NodeTestBase { $node_author = $this->drupalCreateUser(['view own unpublished content']); $node_author_not_unpublished = $this->drupalCreateUser(); $normal_user = $this->drupalCreateUser(); + $privileged_user = $this->drupalCreateUser(['view any unpublished content']); $admin_user = $this->drupalCreateUser(['bypass node access']); // Create one published and one unpublished node by the admin. @@ -47,6 +53,14 @@ class StatusExtraTest extends NodeTestBase { $this->assertText($node_unpublished2->label()); $this->assertText($node_unpublished3->label()); + // The privileged user should simply see all nodes. + $this->drupalLogin($privileged_user); + $this->drupalGet('test_status_extra'); + $this->assertText($node_published->label()); + $this->assertText($node_unpublished->label()); + $this->assertText($node_unpublished2->label()); + $this->assertText($node_unpublished3->label()); + // The node author should see the published node and his own node. $this->drupalLogin($node_author); $this->drupalGet('test_status_extra');