From 08563b46dab769ff158827f1db8356b8d0c0471b Mon Sep 17 00:00:00 2001
From: Angie Byron <webchick@24967.no-reply.drupal.org>
Date: Wed, 17 Feb 2010 04:39:49 +0000
Subject: #586664 by bleen18: Fixed Users should not be able to contact blocked
 users (with tests).

---
 modules/contact/contact.module |  5 +++++
 modules/contact/contact.test   | 13 +++++++++++++
 2 files changed, 18 insertions(+)

(limited to 'modules/contact')

diff --git a/modules/contact/contact.module b/modules/contact/contact.module
index ff3cf164e..d3ef4ce7d 100644
--- a/modules/contact/contact.module
+++ b/modules/contact/contact.module
@@ -142,6 +142,11 @@ function _contact_personal_tab_access(stdClass $account) {
     return FALSE;
   }
 
+  // If requested user has been blocked, do not allow users to contact them.
+  if (empty($account->status)) {
+    return FALSE;
+  }
+
   return user_access('access user contact forms');
 }
 
diff --git a/modules/contact/contact.test b/modules/contact/contact.test
index b54dbe3d0..cc89d8632 100644
--- a/modules/contact/contact.test
+++ b/modules/contact/contact.test
@@ -352,6 +352,19 @@ class ContactPersonalTestCase extends DrupalWebTestCase {
     $this->drupalLogin($this->admin_user);
     $this->drupalGet('user/' . $this->contact_user->uid . '/contact');
     $this->assertResponse(200);
+
+    // Re-create our contacted user as a blocked user.
+    $this->contact_user = $this->drupalCreateUser();
+    user_save($this->contact_user, array('status' => 0));
+
+    // Test that blocked users can still be contacted by admin.
+    $this->drupalGet('user/' . $this->contact_user->uid . '/contact');
+    $this->assertResponse(200);
+
+    // Test that blocked users cannot be contacted by non-admins.
+    $this->drupalLogin($this->web_user);
+    $this->drupalGet('user/' . $this->contact_user->uid . '/contact');
+    $this->assertResponse(403);
   }
 
   /**
-- 
cgit v1.2.3