- Patch #679530 by sun: administer filters permission should not affect text format widget.

6 files changed, 55 insertions, 9 deletions

diff --git a/misc/vertical-tabs.js b/misc/vertical-tabs.js
index 32c4ee697..edf9a6108 100644
--- a/misc/vertical-tabs.js
+++ b/misc/vertical-tabs.js
@@ -41,7 +41,9 @@ Drupal.behaviors.verticalTabs = {
       if (!focus) {
         focus = $('> .vertical-tabs-pane:first', this);
       }
-      focus.data('verticalTab').focus();
+      if (focus.length) {
+        focus.data('verticalTab').focus();
+      }
     });
   }
 };
diff --git a/modules/block/block.test b/modules/block/block.test
index 73403d4b7..77057b62f 100644
--- a/modules/block/block.test
+++ b/modules/block/block.test
@@ -20,8 +20,15 @@ class BlockTestCase extends DrupalWebTestCase {
   function setUp() {
     parent::setUp();
 
-    // Create and login user
-    $admin_user = $this->drupalCreateUser(array('administer blocks', 'administer filters', 'access administration pages', 'access dashboard'));
+    // Create and login administrative user having access to Full HTML text
+    // format.
+    $fullhtml_format = db_query_range('SELECT * FROM {filter_format} WHERE name = :name', 0, 1, array(':name' => 'Full HTML'))->fetchObject();
+    $admin_user = $this->drupalCreateUser(array(
+      'administer blocks',
+      filter_permission_name($fullhtml_format),
+      'access administration pages',
+      'access dashboard',
+    ));
     $this->drupalLogin($admin_user);
 
     // Define the existing regions
diff --git a/modules/filter/filter.install b/modules/filter/filter.install
index 5a04ee69b..57905d2b3 100644
--- a/modules/filter/filter.install
+++ b/modules/filter/filter.install
@@ -445,6 +445,27 @@ function filter_update_7007() {
 }
 
 /**
+ * Grant usage of all text formats to user roles having the 'administer filters' permission.
+ */
+function filter_update_7008() {
+  // Build the list of permissions to grant.
+  $permissions = array();
+  foreach (filter_formats() as $format_id => $format) {
+    if ($permission = filter_permission_name($format)) {
+      $permissions[] = $permission;
+    }
+  }
+  // Grant text format permissions to all roles that can 'administer filters'.
+  // Albeit anonymous users *should not* have the permission, we cannot presume
+  // that they do not or must not.
+  if ($roles = user_roles(FALSE, 'administer filters')) {
+    foreach ($roles as $rid => $name) {
+      user_role_grant_permissions($rid, $permissions);
+    }
+  }
+}
+
+/**
  * @} End of "defgroup updates-6.x-to-7.x"
  * The next series of updates should start at 8000.
  */
diff --git a/modules/filter/filter.module b/modules/filter/filter.module
index 36385c22c..389d88436 100644
--- a/modules/filter/filter.module
+++ b/modules/filter/filter.module
@@ -272,8 +272,8 @@ function filter_admin_format_title($format) {
  */
 function filter_permission() {
   $perms['administer filters'] = array(
-    'title' => t('Administer and use any text formats and filters'),
-    'description' => drupal_placeholder(array('text' => t('Warning: This permission may have security implications depending on how the text format is configured.'))),
+    'title' => t('Administer text formats and filters'),
+    'description' => drupal_placeholder(array('text' => t('Warning: This permission has security implications.'))),
   );
 
   // Generate permissions for each text format. Warn the administrator that any
@@ -786,8 +786,8 @@ function filter_access($format, $account = NULL) {
     $account = $user;
   }
   // Handle special cases up front. All users have access to the fallback
-  // format, and administrators have access to all formats.
-  if (user_access('administer filters', $account) || $format->format == filter_fallback_format()) {
+  // format.
+  if ($format->format == filter_fallback_format()) {
     return TRUE;
   }
   // Check the permission if one exists; otherwise, we have a non-existent
diff --git a/modules/filter/filter.test b/modules/filter/filter.test
index 65e24e113..4de212d34 100644
--- a/modules/filter/filter.test
+++ b/modules/filter/filter.test
@@ -168,7 +168,14 @@ class FilterAdminTestCase extends DrupalWebTestCase {
     parent::setUp();
 
     // Create users.
-    $this->admin_user = $this->drupalCreateUser(array('administer filters'));
+    $filteredhtml_format = db_query_range('SELECT * FROM {filter_format} WHERE name = :name', 0, 1, array(':name' => 'Filtered HTML'))->fetchObject();
+    $fullhtml_format = db_query_range('SELECT * FROM {filter_format} WHERE name = :name', 0, 1, array(':name' => 'Full HTML'))->fetchObject();
+    $this->admin_user = $this->drupalCreateUser(array(
+      'administer filters',
+      filter_permission_name($filteredhtml_format),
+      filter_permission_name($fullhtml_format),
+    ));
+
     $this->web_user = $this->drupalCreateUser(array('create page content', 'edit own page content'));
     $this->drupalLogin($this->admin_user);
   }
diff --git a/modules/search/search.test b/modules/search/search.test
index d428ed87b..d0f974ce4 100644
--- a/modules/search/search.test
+++ b/modules/search/search.test
@@ -490,7 +490,16 @@ class SearchCommentTestCase extends DrupalWebTestCase {
   function setUp() {
     parent::setUp('comment', 'search');
 
-    $this->admin_user = $this->drupalCreateUser(array('administer filters', 'administer permissions', 'create page content', 'post comments without approval'));
+    // Create and login administrative user having access to Full HTML text
+    // format.
+    $fullhtml_format = db_query_range('SELECT * FROM {filter_format} WHERE name = :name', 0, 1, array(':name' => 'Full HTML'))->fetchObject();
+    $this->admin_user = $this->drupalCreateUser(array(
+      'administer filters',
+      filter_permission_name($fullhtml_format),
+      'administer permissions',
+      'create page content',
+      'post comments without approval',
+    ));
     $this->drupalLogin($this->admin_user);
   }