Issue #3182970 by acbramley, paulocs, vakulrai, chandrashekhar_srijan, dww, sonam.chaturvedi, Madhu kumar, vikashsoni: Logout option is displayed for anonymous users

2021-04-09 09:05:27 +01:00 · 2021-04-09 09:05:27 +01:00 · d2799a3815
parent 93084ba962
commit d2799a3815
4 changed files with 32 additions and 1 deletions
--- a/core/modules/menu_ui/tests/src/Functional/MenuUiTest.php
+++ b/core/modules/menu_ui/tests/src/Functional/MenuUiTest.php
@ -84,6 +84,7 @@ class MenuUiTest extends BrowserTestBase {
    parent::setUp();

    $this->drupalPlaceBlock('page_title_block');
+    $this->drupalPlaceBlock('system_menu_block:main');

    $this->drupalCreateContentType(['type' => 'article', 'name' => 'Article']);

@ -492,6 +493,28 @@ class MenuUiTest extends BrowserTestBase {
    $this->items[] = $item2;
  }

+  /**
+   * Test logout link isn't displayed when the user is logged out.
+   */
+  public function testLogoutLinkVisibility() {
+    $adminUserWithLinkAnyPage = $this->drupalCreateUser([
+      'access administration pages',
+      'administer blocks',
+      'administer menu',
+      'create article content',
+      'link to any page',
+    ]);
+    $this->drupalLogin($adminUserWithLinkAnyPage);
+    $this->addMenuLink('', '/user/logout', 'main');
+    $assert = $this->assertSession();
+    // Verify that any link with logout URL is displayed.
+    $assert->linkByHrefExists('user/logout');
+
+    // Verify that any link with logout URL is not displayed.
+    $this->drupalLogout();
+    $assert->linkByHrefNotExists('user/logout');
+  }
+
  /**
   * Ensures that the proper default values are set when adding a menu link.
   */
--- a/core/modules/user/src/EventSubscriber/AccessDeniedSubscriber.php
+++ b/core/modules/user/src/EventSubscriber/AccessDeniedSubscriber.php
@ -65,6 +65,9 @@ class AccessDeniedSubscriber implements EventSubscriberInterface {
      elseif ($route_name === 'user.page') {
        $redirect_url = Url::fromRoute('user.login', [], ['absolute' => TRUE]);
      }
+      elseif ($route_name === 'user.logout') {
+        $redirect_url = Url::fromRoute('<front>', [], ['absolute' => TRUE]);
+      }

      if ($redirect_url) {
        $event->setResponse(new RedirectResponse($redirect_url->toString()));
--- a/core/modules/user/tests/src/Functional/UserAccountLinksTest.php
+++ b/core/modules/user/tests/src/Functional/UserAccountLinksTest.php
@ -148,6 +148,11 @@ class UserAccountLinksTest extends BrowserTestBase {
    $this->drupalGet('user/logout');
    $this->assertSession()->addressEquals('/');
    $this->assertSession()->statusCodeEquals(200);
+
+    // The redirection shouldn't affect other pages.
+    $this->drupalGet('admin');
+    $this->assertSession()->addressEquals('/admin');
+    $this->assertSession()->statusCodeEquals(403);
  }

 }
--- a/core/modules/user/user.routing.yml
+++ b/core/modules/user/user.routing.yml
@ -11,7 +11,7 @@ user.logout:
  defaults:
    _controller: '\Drupal\user\Controller\UserController::logout'
  requirements:
-    _access: 'TRUE'
+    _user_is_logged_in: 'TRUE'

 user.admin_index:
  path: '/admin/config/people'