diff options
| author | David Rothstein <drothstein@gmail.com> | 2014-11-02 23:49:26 -0500 |
|---|---|---|
| committer | David Rothstein <drothstein@gmail.com> | 2014-11-02 23:49:26 -0500 |
| commit | 2e235b51529b76c93930d1d2c84170d7d3064ba6 (patch) | |
| tree | 49a0f236dbf789f23c4a6744d802ee07f588975d /modules/menu | |
| parent | 355446db94f4ad4e0a75f22e00d12f524a2807d4 (diff) | |
| download | brdo-2e235b51529b76c93930d1d2c84170d7d3064ba6.tar.gz brdo-2e235b51529b76c93930d1d2c84170d7d3064ba6.tar.bz2 | |
Issue #849624 by brad.bulger, dcam, Alan Evans, oriol_e9g, Stevel | tsvenson: Fixed wrong permission for admin/structure/menu/parents.
Diffstat (limited to 'modules/menu')
| -rw-r--r-- | modules/menu/menu.module | 2 | ||||
| -rw-r--r-- | modules/menu/menu.test | 17 |
2 files changed, 18 insertions, 1 deletions
diff --git a/modules/menu/menu.module b/modules/menu/menu.module index 644479122..dc8f015dc 100644 --- a/modules/menu/menu.module +++ b/modules/menu/menu.module @@ -69,7 +69,7 @@ function menu_menu() { 'title' => 'Parent menu items', 'page callback' => 'menu_parent_options_js', 'type' => MENU_CALLBACK, - 'access arguments' => array(TRUE), + 'access arguments' => array('administer menu'), ); $items['admin/structure/menu/list'] = array( 'title' => 'List menus', diff --git a/modules/menu/menu.test b/modules/menu/menu.test index 95e0ee9ea..a9bdb5f27 100644 --- a/modules/menu/menu.test +++ b/modules/menu/menu.test @@ -514,6 +514,23 @@ class MenuTestCase extends DrupalWebTestCase { } /** + * Test administrative users other than user 1 can access the menu parents AJAX callback. + */ + public function testMenuParentsJsAccess() { + $admin = $this->drupalCreateUser(array('administer menu')); + $this->drupalLogin($admin); + // Just check access to the callback overall, the POST data is irrelevant. + $this->drupalGetAJAX('admin/structure/menu/parents'); + $this->assertResponse(200); + + // Do standard user tests. + // Login the user. + $this->drupalLogin($this->std_user); + $this->drupalGetAJAX('admin/structure/menu/parents'); + $this->assertResponse(403); + } + + /** * Get standard menu link. */ private function getStandardMenuLink() { |