diff options
-rw-r--r-- | modules/contact/contact.module | 5 | ||||
-rw-r--r-- | modules/contact/contact.test | 13 |
2 files changed, 18 insertions, 0 deletions
diff --git a/modules/contact/contact.module b/modules/contact/contact.module index ff3cf164e..d3ef4ce7d 100644 --- a/modules/contact/contact.module +++ b/modules/contact/contact.module @@ -142,6 +142,11 @@ function _contact_personal_tab_access(stdClass $account) { return FALSE; } + // If requested user has been blocked, do not allow users to contact them. + if (empty($account->status)) { + return FALSE; + } + return user_access('access user contact forms'); } diff --git a/modules/contact/contact.test b/modules/contact/contact.test index b54dbe3d0..cc89d8632 100644 --- a/modules/contact/contact.test +++ b/modules/contact/contact.test @@ -352,6 +352,19 @@ class ContactPersonalTestCase extends DrupalWebTestCase { $this->drupalLogin($this->admin_user); $this->drupalGet('user/' . $this->contact_user->uid . '/contact'); $this->assertResponse(200); + + // Re-create our contacted user as a blocked user. + $this->contact_user = $this->drupalCreateUser(); + user_save($this->contact_user, array('status' => 0)); + + // Test that blocked users can still be contacted by admin. + $this->drupalGet('user/' . $this->contact_user->uid . '/contact'); + $this->assertResponse(200); + + // Test that blocked users cannot be contacted by non-admins. + $this->drupalLogin($this->web_user); + $this->drupalGet('user/' . $this->contact_user->uid . '/contact'); + $this->assertResponse(403); } /** |