- Patch #470840 by salvis, sinasquax, sun: fixed bug in node_access() if we specify an account. Extend filter_access() to take custom account.

2 files changed, 44 insertions, 15 deletions

diff --git a/modules/filter/filter.module b/modules/filter/filter.module
index c98db9ff9..59fc6d721 100644
--- a/modules/filter/filter.module
+++ b/modules/filter/filter.module
@@ -390,17 +390,31 @@ function _filter_html_escape_tips($filter, $format, $long = FALSE) {
 
 /**
  * Retrieve a list of text formats.
+ *
+ * @param $format
+ *   (optional) The text format to retrieve; if omitted or NULL, retrieve an
+ *   array of accessible text formats.
+ * @param $account
+ *   (optional) The user account to retrieve accessible text formats for; if
+ *   omitted, the currently logged-in user is used.
+ *
+ * @return
+ *   Either one text format object or a list of text format objects, depending
+ *   on the $format parameter. FALSE if the user does not have access to the
+ *   given text $format.
  */
-function filter_formats($index = NULL) {
+function filter_formats($format = NULL, $account = NULL) {
   global $user;
-  static $formats;
+  $formats = &drupal_static(__FUNCTION__, array());
 
-  // Administrators can always use all text formats.
-  $all = user_access('administer filters');
+  if (!isset($account)) {
+    $account = $user;
+  }
 
-  if (!isset($formats)) {
-    $formats = array();
+  // Administrators can always use all text formats.
+  $all = user_access('administer filters', $account);
 
+  if (!isset($formats[$account->uid])) {
     $query = db_select('filter_format', 'f');
     $query->addField('f', 'format', 'format');
     $query->addField('f', 'name', 'name');
@@ -418,12 +432,12 @@ function filter_formats($index = NULL) {
       $query->condition($or);
     }
 
-    $formats = $query->execute()->fetchAllAssoc('format');
+    $formats[$account->uid] = $query->execute()->fetchAllAssoc('format');
   }
-  if (isset($index)) {
-    return isset($formats[$index]) ? $formats[$index] : FALSE;
+  if (isset($format)) {
+    return isset($formats[$account->uid][$format]) ? $formats[$account->uid][$format] : FALSE;
   }
-  return $formats;
+  return $formats[$account->uid];
 }
 
 /**
@@ -651,16 +665,27 @@ function filter_form($selected_format = FILTER_FORMAT_DEFAULT, $weight = NULL, $
 }
 
 /**
- * Returns TRUE if the user is allowed to access this format.
+ * Returns whether a user is allowed to access a given text format.
+ *
+ * @param $format
+ *   The format of a text to be filtered. Specify FILTER_FORMAT_DEFAULT for
+ *   the site's default text format.
+ * @param $account
+ *   (optional) The user account to check access for; if omitted, the currently
+ *   logged-in user is used.
+ *
+ * @return
+ *   Boolean TRUE if the user is allowed to access the given format.
+ *
+ * @see filter_formats()
  */
-function filter_access($format) {
+function filter_access($format, $account = NULL) {
   $format = filter_resolve_format($format);
-  if (user_access('administer filters') || ($format == variable_get('filter_default_format', 1))) {
+  if (user_access('administer filters', $account) || ($format == variable_get('filter_default_format', 1))) {
     return TRUE;
   }
   else {
-    $formats = filter_formats();
-    return isset($formats[$format]);
+    return (bool) filter_formats($format, $account);
   }
 }
 
diff --git a/modules/filter/filter.test b/modules/filter/filter.test
index 4747495d5..507144487 100644
--- a/modules/filter/filter.test
+++ b/modules/filter/filter.test
@@ -26,6 +26,10 @@ class FilterAdminTestCase extends DrupalWebTestCase {
 
     list($filtered, $full) = $this->checkFilterFormats();
 
+    // Verify access permissions to Full HTML format.
+    $this->assertTrue(filter_access($full, $admin_user), t('Admin user may use Full HTML.'));
+    $this->assertFalse(filter_access($full, $web_user), t('Web user may not use Full HTML.'));
+
     // Change default filter.
     $edit = array();
     $edit['default'] = $full;