diff options
| -rw-r--r-- | modules/comment/comment.module | 1 | ||||
| -rw-r--r-- | modules/comment/comment.test | 10 | ||||
| -rw-r--r-- | modules/node/node.module | 11 | ||||
| -rw-r--r-- | modules/node/node.test | 99 |
4 files changed, 114 insertions, 7 deletions
diff --git a/modules/comment/comment.module b/modules/comment/comment.module index b69b3b481..aa512a700 100644 --- a/modules/comment/comment.module +++ b/modules/comment/comment.module @@ -2064,6 +2064,7 @@ function comment_preview($comment) { $comment->name = check_plain($account->name); $comment->signature = $account->signature; $comment->signature_format = $account->signature_format; + $comment->picture = $account->picture; } elseif (empty($comment->name)) { $comment->name = variable_get('anonymous', t('Anonymous')); diff --git a/modules/comment/comment.test b/modules/comment/comment.test index 723e5c4b9..3c85b12bd 100644 --- a/modules/comment/comment.test +++ b/modules/comment/comment.test @@ -956,15 +956,18 @@ class CommentPreviewTest extends CommentHelperCase { $this->setCommentSettings('comment_default_mode', COMMENT_MODE_THREADED, t('Comment paging changed.')); $this->drupalLogout(); - // Login as web user and add a signature. + // Login as web user and add a signature and a user picture. $this->drupalLogin($this->web_user); variable_set('user_signatures', 1); + variable_set('user_pictures', 1); $test_signature = $this->randomName(); $edit['signature[value]'] = '<a href="http://example.com/">' . $test_signature. '</a>'; $edit['signature[format]'] = 'filtered_html'; + $image = current($this->drupalGetTestFiles('image')); + $edit['files[picture_upload]'] = drupal_realpath($image->uri); $this->drupalPost('user/' . $this->web_user->uid . '/edit', $edit, t('Save')); - // Fill in the comment form and preview the comment. + // As the web user, fill in the comment form and preview the comment. $edit = array(); $edit['subject'] = $this->randomName(8); $edit['comment_body[' . $langcode . '][0][value]'] = $this->randomName(16); @@ -981,6 +984,9 @@ class CommentPreviewTest extends CommentHelperCase { // Check that the signature is displaying with the correct text format. $this->assertLink($test_signature); + + // Check that the user picture is displayed. + $this->assertFieldByXPath("//div[contains(@class, 'comment-preview')]//div[contains(@class, 'user-picture')]//img", NULL, 'User picture displayed.'); } /** diff --git a/modules/node/node.module b/modules/node/node.module index fe8ee5169..3896b8b5b 100644 --- a/modules/node/node.module +++ b/modules/node/node.module @@ -1834,18 +1834,19 @@ function _node_revision_access($node, $op = 'view') { // Also, if you try to revert to or delete the current revision, that's // not good. if ($is_current_revision && (db_query('SELECT COUNT(vid) FROM {node_revision} WHERE nid = :nid', array(':nid' => $node->nid))->fetchField() == 1 || $op == 'update' || $op == 'delete')) { - $access[$node->vid] = FALSE; + $access[$cid] = FALSE; } - elseif (user_access('administer nodes')) { - $access[$node->vid] = TRUE; + elseif (user_access('administer nodes', $account)) { + $access[$cid] = TRUE; } else { // First check the access to the current revision and finally, if the // node passed in is not the current revision then access to that, too. - $access[$node->vid] = node_access($op, $node_current_revision) && ($is_current_revision || node_access($op, $node)); + $access[$cid] = node_access($op, $node_current_revision, $account) && ($is_current_revision || node_access($op, $node, $account)); } } - return $access[$node->vid]; + + return $access[$cid]; } function _node_add_access() { diff --git a/modules/node/node.test b/modules/node/node.test index 636b9be64..834960271 100644 --- a/modules/node/node.test +++ b/modules/node/node.test @@ -2306,3 +2306,102 @@ class NodeTokenReplaceTestCase extends DrupalWebTestCase { } } } + +/** + * Tests user permissions for node revisions. + */ +class NodeRevisionPermissionsTestCase extends DrupalWebTestCase { + protected $node_revisions = array(); + protected $accounts = array(); + + // Map revision permission names to node revision access ops. + protected $map = array( + 'view' => 'view revisions', + 'update' => 'revert revisions', + 'delete' => 'delete revisions', + ); + + public static function getInfo() { + return array( + 'name' => 'Node revision permissions', + 'description' => 'Tests user permissions for node revision operations.', + 'group' => 'Node', + ); + } + + function setUp() { + parent::setUp(); + + // Create a node with several revisions. + $node = $this->drupalCreateNode(); + $this->node_revisions[] = $node; + + for ($i = 0; $i < 3; $i++) { + // Create a revision for the same nid and settings with a random log. + $revision = clone $node; + $revision->revision = 1; + $revision->log = $this->randomName(32); + node_save($revision); + $this->node_revisions[] = $revision; + } + + // Create three users, one with each revision permission. + foreach ($this->map as $op => $permission) { + // Create the user. + $account = $this->drupalCreateUser( + array( + 'access content', + 'edit any page content', + 'delete any page content', + $permission, + ) + ); + $account->op = $op; + $this->accounts[] = $account; + } + + // Create an admin account (returns TRUE for all revision permissions). + $admin_account = $this->drupalCreateUser(array('access content', 'administer nodes')); + $admin_account->is_admin = TRUE; + $this->accounts['admin'] = $admin_account; + + // Create a normal account (returns FALSE for all revision permissions). + $normal_account = $this->drupalCreateUser(); + $normal_account->op = FALSE; + $this->accounts[] = $normal_account; + } + + /** + * Tests the _node_revision_access() function. + */ + function testNodeRevisionAccess() { + $revision = $this->node_revisions[1]; + + $parameters = array( + 'op' => array_keys($this->map), + 'account' => $this->accounts, + ); + + $permutations = $this->generatePermutations($parameters); + foreach ($permutations as $case) { + if (!empty($case['account']->is_admin) || $case['op'] == $case['account']->op) { + $this->assertTrue(_node_revision_access($revision, $case['op'], $case['account']), "{$this->map[$case['op']]} granted."); + } + else { + $this->assertFalse(_node_revision_access($revision, $case['op'], $case['account']), "{$this->map[$case['op']]} not granted."); + } + } + + // Test that access is FALSE for a node administrator with an invalid $node + // or $op parameters. + $admin_account = $this->accounts['admin']; + $this->assertFalse(_node_revision_access(FALSE, 'view', $admin_account), '_node_revision_access() returns FALSE with an invalid node.'); + $this->assertFalse(_node_revision_access($revision, 'invalid-op', $admin_account), '_node_revision_access() returns FALSE with an invalid op.'); + + // Test that the $account parameter defaults to the "logged in" user. + $original_user = $GLOBALS['user']; + $GLOBALS['user'] = $admin_account; + $this->assertTrue(_node_revision_access($revision, 'view'), '_node_revision_access() returns TRUE when used with global user.'); + $GLOBALS['user'] = $original_user; + } +} |