- Patch #525504 by Dave Reid, gpk: anonymous user should not have contact form.
Dries Buytaert
parent
bcd2a1a44f
commit
e419a37e84
|
|
@ -105,19 +105,39 @@ function contact_menu() {
|
|||
}
|
||||
|
||||
/**
|
||||
* Determine permission to a user's personal contact form.
|
||||
* Menu access callback for a user's personal contact form.
|
||||
*
|
||||
* @param $account
|
||||
* A user account object.
|
||||
* @return
|
||||
* TRUE if the current user has access to the requested user's contact form,
|
||||
* or FALSE otherwise.
|
||||
*/
|
||||
function _contact_personal_tab_access(stdClass $account) {
|
||||
global $user;
|
||||
if (!isset($account->contact)) {
|
||||
$account->contact = FALSE;
|
||||
|
||||
// Anonymous users cannot use or have contact forms.
|
||||
if (!$user->uid || !$account->uid) {
|
||||
return FALSE;
|
||||
}
|
||||
return
|
||||
$account && $user->uid &&
|
||||
(
|
||||
($user->uid != $account->uid && $account->contact) ||
|
||||
user_access('administer users')
|
||||
);
|
||||
|
||||
// User administrators should always have access to personal contact forms.
|
||||
if (user_access('administer users')) {
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
// Users may not contact themselves.
|
||||
if ($user->uid == $account->uid) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
// If the requested user has disabled their contact form, or this preference
|
||||
// has not yet been saved, do not allow users to contact them.
|
||||
if (empty($account->contact)) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -274,6 +274,10 @@ class ContactSitewideTestCase extends DrupalWebTestCase {
|
|||
* Test the personal contact form.
|
||||
*/
|
||||
class ContactPersonalTestCase extends DrupalWebTestCase {
|
||||
private $admin_user;
|
||||
private $web_user;
|
||||
private $contact_user;
|
||||
|
||||
public static function getInfo() {
|
||||
return array(
|
||||
'name' => 'Personal contact form',
|
||||
|
|
@ -284,78 +288,99 @@ class ContactPersonalTestCase extends DrupalWebTestCase {
|
|||
|
||||
function setUp() {
|
||||
parent::setUp('contact');
|
||||
|
||||
// Create an admin user.
|
||||
$this->admin_user = $this->drupalCreateUser(array('administer contact forms', 'administer users'));
|
||||
|
||||
// Create some normal users with their contact forms enabled by default.
|
||||
variable_set('contact_default_status', TRUE);
|
||||
$this->web_user = $this->drupalCreateUser();
|
||||
$this->contact_user = $this->drupalCreateUser();
|
||||
variable_set('contact_default_status', FALSE);
|
||||
}
|
||||
|
||||
/**
|
||||
* Test personal contact form.
|
||||
* Test personal contact form access.
|
||||
*/
|
||||
function testPersonalContact() {
|
||||
$admin_user = $this->drupalCreateUser(array('administer contact forms', 'administer users'));
|
||||
$this->drupalLogin($admin_user);
|
||||
function testPersonalContactAccess() {
|
||||
// Test allowed access to user with contact form enabled.
|
||||
$this->drupalLogin($this->web_user);
|
||||
$this->drupalGet('user/' . $this->contact_user->uid . '/contact');
|
||||
$this->assertResponse(200);
|
||||
|
||||
$flood_limit = 3;
|
||||
variable_set('contact_threshold_limit', $flood_limit);
|
||||
// Test denied access to the user's own contact form.
|
||||
$this->drupalGet('user/' . $this->web_user->uid . '/contact');
|
||||
$this->assertResponse(403);
|
||||
|
||||
// Enable the personal contact form.
|
||||
$edit = array();
|
||||
$edit['contact_default_status'] = TRUE;
|
||||
// Test always denied access to the anonymous user contact form.
|
||||
$this->drupalGet('user/0/contact');
|
||||
$this->assertResponse(403);
|
||||
|
||||
// Disable the personal contact form.
|
||||
$this->drupalLogin($this->admin_user);
|
||||
$edit = array('contact_default_status' => FALSE);
|
||||
$this->drupalPost('admin/config/people/accounts', $edit, t('Save configuration'));
|
||||
$this->assertText(t('The configuration options have been saved.'), t('Setting successfully saved.'));
|
||||
|
||||
// Reload variables.
|
||||
$this->drupalLogout();
|
||||
|
||||
// Create web users and attempt to use personal contact forms with default set to true.
|
||||
$web_user1 = $this->drupalCreateUser(array());
|
||||
$web_user2 = $this->drupalCreateUser(array());
|
||||
// Re-create our contacted user with personal contact forms disabled by
|
||||
// default.
|
||||
$this->contact_user = $this->drupalCreateUser();
|
||||
|
||||
$this->drupalLogin($web_user1);
|
||||
// Test denied access to a user with contact form disabled.
|
||||
$this->drupalLogin($this->web_user);
|
||||
$this->drupalGet('user/' . $this->contact_user->uid . '/contact');
|
||||
$this->assertResponse(403);
|
||||
|
||||
$this->drupalGet('user/' . $web_user2->uid . '/contact');
|
||||
$this->assertResponse(200, t('Access to personal contact form granted.'));
|
||||
// Test allowed access for admin user to a user with contact form disabled.
|
||||
$this->drupalLogin($this->admin_user);
|
||||
$this->drupalGet('user/' . $this->contact_user->uid . '/contact');
|
||||
$this->assertResponse(200);
|
||||
}
|
||||
|
||||
$edit = array();
|
||||
$edit['subject'] = $this->randomName(16);
|
||||
$edit['message'] = $this->randomName(64);
|
||||
$this->drupalPost(NULL, $edit, t('Send message'));
|
||||
$this->assertText(t('Your message has been sent.'), t('Message sent.'));
|
||||
/**
|
||||
* Test the personal contact form flood protection.
|
||||
*/
|
||||
function testPersonalContactFlood() {
|
||||
$flood_limit = 3;
|
||||
variable_set('contact_threshold_limit', $flood_limit);
|
||||
|
||||
// Clear flood table in preparation for flood test and allow other checks to complete.
|
||||
db_delete('flood')->execute();
|
||||
$num_records_flood = db_query("SELECT COUNT(*) FROM {flood}")->fetchField();
|
||||
$this->assertIdentical($num_records_flood, '0', t('Flood table emptied.'));
|
||||
$this->assertIdentical($num_records_flood, '0', 'Flood table emptied.');
|
||||
|
||||
$this->drupalLogin($this->web_user);
|
||||
|
||||
// Submit contact form with correct values and check flood interval.
|
||||
for ($i = 0; $i < $flood_limit; $i++) {
|
||||
$this->drupalGet('user/' . $web_user2->uid . '/contact');
|
||||
$this->drupalPost(NULL, $edit, t('Send message'));
|
||||
$this->assertText(t('Your message has been sent.'), t('Message sent.'));
|
||||
$this->submitPersonalContact($this->contact_user);
|
||||
$this->assertText(t('Your message has been sent.'), 'Message sent.');
|
||||
}
|
||||
|
||||
// Submit contact form one over limit.
|
||||
$this->drupalGet('user/' . $web_user2->uid . '/contact');
|
||||
$this->assertRaw(t('You cannot send more than %number messages in @interval. Please try again later.', array('%number' => $flood_limit, '@interval' => format_interval(variable_get('contact_threshold_window', 3600)))), t('Message threshold reached.'));
|
||||
$this->drupalGet('user/' . $this->contact_user->uid. '/contact');
|
||||
$this->assertRaw(t('You cannot send more than %number messages in @interval. Please try again later.', array('%number' => $flood_limit, '@interval' => format_interval(variable_get('contact_threshold_window', 3600)))), 'Normal user denied access to flooded contact form.');
|
||||
|
||||
$this->drupalLogout();
|
||||
// Test that the admin user can still access the contact form even though
|
||||
// the flood limit was reached.
|
||||
$this->drupalLogin($this->admin_user);
|
||||
$this->assertNoText('Please try again later.', 'Admin user not denied access to flooded contact form.');
|
||||
}
|
||||
|
||||
$this->drupalLogin($admin_user);
|
||||
|
||||
// Disable the personal contact form.
|
||||
$edit = array();
|
||||
$edit['contact_default_status'] = FALSE;
|
||||
$this->drupalPost('admin/config/people/accounts', $edit, t('Save configuration'));
|
||||
$this->assertText(t('The configuration options have been saved.'), t('Setting successfully saved.'));
|
||||
|
||||
// Reload variables.
|
||||
$this->drupalLogout();
|
||||
|
||||
// Create web users and attempt to use personal contact forms with default set to false.
|
||||
$web_user3 = $this->drupalCreateUser(array());
|
||||
$web_user4 = $this->drupalCreateUser(array());
|
||||
|
||||
$this->drupalLogin($web_user3);
|
||||
|
||||
$this->drupalGet('user/' . $web_user4->uid . '/contact');
|
||||
$this->assertResponse(403, t('Access to personal contact form denied.'));
|
||||
/**
|
||||
* Fill out a user's personal contact form and submit.
|
||||
*
|
||||
* @param $account
|
||||
* A user object of the user being contacted.
|
||||
* @param $message
|
||||
* An optional array with the form fields being used.
|
||||
*/
|
||||
protected function submitPersonalContact($account, array $message = array()) {
|
||||
$message += array(
|
||||
'subject' => $this->randomName(16),
|
||||
'message' => $this->randomName(64),
|
||||
);
|
||||
$this->drupalPost('user/' . $account->uid . '/contact', $message, t('Send message'));
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1557,12 +1557,30 @@ function user_menu() {
|
|||
return $items;
|
||||
}
|
||||
|
||||
/**
|
||||
* Implement hook_init().
|
||||
*/
|
||||
function user_init() {
|
||||
drupal_add_css(drupal_get_path('module', 'user') . '/user.css');
|
||||
}
|
||||
|
||||
function user_uid_optional_load($arg) {
|
||||
return user_load(isset($arg) ? $arg : $GLOBALS['user']->uid);
|
||||
/**
|
||||
* Load a either a specified or the current user account.
|
||||
*
|
||||
* @param $uid
|
||||
* An optional user ID of the user to load. If not provided, the current
|
||||
* user's ID will be used.
|
||||
* @return
|
||||
* A fully-loaded $user object upon successful user load, FALSE if user
|
||||
* cannot be loaded.
|
||||
*
|
||||
* @see user_load()
|
||||
*/
|
||||
function user_uid_optional_load($uid = NULL) {
|
||||
if (!isset($uid)) {
|
||||
$uid = $GLOBALS['user']->uid;
|
||||
}
|
||||
return user_load($uid);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
Loading…
Reference in New Issue