diff options
| author | Angie Byron <webchick@24967.no-reply.drupal.org> | 2010-02-17 04:39:49 +0000 |
|---|---|---|
| committer | Angie Byron <webchick@24967.no-reply.drupal.org> | 2010-02-17 04:39:49 +0000 |
| commit | 08563b46dab769ff158827f1db8356b8d0c0471b (patch) | |
| tree | 53c5b10a8657c32a8929c0028948b76569952284 /modules/contact | |
| parent | 2d4b5d085fa3d033553f0ddb149886aa2af4d907 (diff) | |
| download | brdo-08563b46dab769ff158827f1db8356b8d0c0471b.tar.gz brdo-08563b46dab769ff158827f1db8356b8d0c0471b.tar.bz2 | |
#586664 by bleen18: Fixed Users should not be able to contact blocked users (with tests).
Diffstat (limited to 'modules/contact')
| -rw-r--r-- | modules/contact/contact.module | 5 | ||||
| -rw-r--r-- | modules/contact/contact.test | 13 |
2 files changed, 18 insertions, 0 deletions
diff --git a/modules/contact/contact.module b/modules/contact/contact.module index ff3cf164e..d3ef4ce7d 100644 --- a/modules/contact/contact.module +++ b/modules/contact/contact.module @@ -142,6 +142,11 @@ function _contact_personal_tab_access(stdClass $account) { return FALSE; } + // If requested user has been blocked, do not allow users to contact them. + if (empty($account->status)) { + return FALSE; + } + return user_access('access user contact forms'); } diff --git a/modules/contact/contact.test b/modules/contact/contact.test index b54dbe3d0..cc89d8632 100644 --- a/modules/contact/contact.test +++ b/modules/contact/contact.test @@ -352,6 +352,19 @@ class ContactPersonalTestCase extends DrupalWebTestCase { $this->drupalLogin($this->admin_user); $this->drupalGet('user/' . $this->contact_user->uid . '/contact'); $this->assertResponse(200); + + // Re-create our contacted user as a blocked user. + $this->contact_user = $this->drupalCreateUser(); + user_save($this->contact_user, array('status' => 0)); + + // Test that blocked users can still be contacted by admin. + $this->drupalGet('user/' . $this->contact_user->uid . '/contact'); + $this->assertResponse(200); + + // Test that blocked users cannot be contacted by non-admins. + $this->drupalLogin($this->web_user); + $this->drupalGet('user/' . $this->contact_user->uid . '/contact'); + $this->assertResponse(403); } /** |