diff --git a/masquerade.module b/masquerade.module index a487b60..56a0d78 100644 --- a/masquerade.module +++ b/masquerade.module @@ -75,9 +75,9 @@ function masquerade_cron() { $subquery = db_select('sessions', 's'); $subquery->addField('s', 'sid'); - $query = db_delete('masquerade'); - $query->condition('sid', $subquery, 'NOT IN'); - $query->execute(); + db_delete('masquerade') + ->condition('sid', $subquery, 'NOT IN') + ->execute(); } /** @@ -252,6 +252,7 @@ function masquerade_menu_access($type, $uid = NULL) { * Admin settings form. */ function masquerade_admin_settings() { + drupal_set_message(user_access('masquerade as user') ? 'Allowed' : 'Disallowed'); // create a list of roles; all selected roles are considered administrative. $roles = user_roles(); $form['masquerade_admin_roles'] = array( @@ -359,14 +360,15 @@ function _masquerade_user_load($username) { function masquerade_user_logout($account) { if (!empty($account->masquerading)) { global $user; + // @TODO Seems this useless. cache_clear_all($user->uid, 'cache_menu', TRUE); $real_user = user_load($user->masquerading); watchdog('masquerade', "User %user no longer masquerading as %masq_as.", array('%user' => $real_user->name, '%masq_as' => $user->name), WATCHDOG_INFO); - $query = db_delete('masquerade'); - $query->condition('sid', session_id()); - $query->condition('uid_as', $account->uid); - $query->execute(); + db_delete('masquerade') + ->condition('sid', session_id()) + ->condition('uid_as', $account->uid) + ->execute(); } } @@ -374,7 +376,7 @@ function masquerade_user_logout($account) { * Implements hook_user_view(). */ function masquerade_user_view($account, $view_mode, $langcode) { - // check if user qualifies as admin + // Check if user qualifies as admin. $roles = array_keys(array_filter(variable_get('masquerade_admin_roles', array()))); $perm = $account->uid == 1 || array_intersect(array_keys((array)$account->roles), $roles) ? 'masquerade as admin' : @@ -462,9 +464,9 @@ function masquerade_user_submit(&$form, $form_state) { function masquerade_user_update(&$edit, $account, $category) { global $_masquerade_old_session_id; if ($category == 'account' && isset($edit['masquerade_users'])) { - $query = db_delete('masquerade_users'); - $query->condition('uid_from', $account->uid); - $query->execute(); + db_delete('masquerade_users') + ->condition('uid_from', $account->uid) + ->execute(); // Save users from settings form. $users = drupal_explode_tags($edit['masquerade_users']); $query = db_insert('masquerade_users')->fields(array('uid_from', 'uid_to')); @@ -482,12 +484,10 @@ function masquerade_user_update(&$edit, $account, $category) { // Update user session... // @TODO check other way of session API. if (!empty($_masquerade_old_session_id)) { - $query = db_update('masquerade'); - $query->fields(array( - 'sid' => session_id(), - )); - $query->condition('sid', $_masquerade_old_session_id); - $query->execute(); + db_update('masquerade') + ->fields(array('sid' => session_id())) + ->condition('sid', $_masquerade_old_session_id) + ->execute(); } } } @@ -497,18 +497,19 @@ function masquerade_user_update(&$edit, $account, $category) { */ function masquerade_user_delete($account) { // Cleanup tables. - $query = db_delete('masquerade_users'); $conditions = db_or(); $conditions->condition('uid_from', $account->uid); $conditions->condition('uid_to', $account->uid); - $query->condition($conditions); - $query->execute(); + db_delete('masquerade_users') + ->condition($conditions) + ->execute(); // Cleanup variables. $switches = variable_get('masquerade_quick_switches', array()); $switches_new = array_diff($switches, array($account->uid)); if ($switches != $switches_new) { variable_set('masquerade_quick_switches', $switches_new); // @TODO Implement block cache cleaning. + // @TODO Seems useless. menu_rebuild(); } } @@ -542,7 +543,11 @@ function masquerade_block_view($delta = '') { } /** - * Masquerade block form. + * Form constructor for the masquerade block form. + * + * @see masquerade_block_1_validate() + * @see masquerade_block_1_submit() + * @ingroup forms */ function masquerade_block_1() { global $user; @@ -610,7 +615,7 @@ function masquerade_block_1() { } /** - * Masquerade block form validation. + * Form validation handler for masquerade_block_1(). */ function masquerade_block_1_validate($form, &$form_state) { global $user; @@ -643,7 +648,7 @@ function masquerade_block_1_validate($form, &$form_state) { } /** - * Masquerade block form submission. + * Form submission handler for masquerade_block_1(). */ function masquerade_block_1_submit($form, &$form_state) { //unset($form); @@ -657,7 +662,12 @@ function masquerade_block_1_submit($form, &$form_state) { } /** - * Returns JS array for Masquerade autocomplete fields. + * Page callback: Returns JS array for Masquerade autocomplete fields. + * + * @param string $string + * A part of user name. + * + * @see masquerade_menu */ function masquerade_autocomplete($string) { $matches = array(); @@ -680,14 +690,17 @@ function masquerade_autocomplete($string) { } /** - * Returns JS array for Masquerade autocomplete fields. + * Page callback: Returns JS array for Masquerade autocomplete fields. * * Supports multiple entries separated by a comma. * * @param $string * The string of autocmplete value submitted by the user. + * * @param $add_anonymous * Flag to include Anonymous user into result. + * + * @see masquerade_menu() */ function masquerade_autocomplete_multiple($string, $add_anonymous = TRUE) { $matches = array(); @@ -732,7 +745,7 @@ function masquerade_autocomplete_multiple($string, $add_anonymous = TRUE) { } /** - * Page callback to switch users. + * Page callback: Switches user. */ function masquerade_switch_user_page($uid) { if (isset($_GET['token']) && drupal_valid_token($_GET['token'], 'masquerade/switch/' . $uid) && masquerade_switch_user($uid)) { @@ -791,18 +804,18 @@ function masquerade_switch_user($uid) { module_invoke_all('user_logout', $user); drupal_session_regenerate(); - $query = db_insert('masquerade'); - $query->fields(array( - 'uid_from' => $user->uid, - 'uid_as' => $new_user->uid, - 'sid' => session_id(), - )); - $query->execute(); - // switch user + // Switch user. + db_insert('masquerade') + ->fields(array( + 'uid_from' => $user->uid, + 'uid_as' => $new_user->uid, + 'sid' => session_id(), + )) + ->execute(); watchdog('masquerade', 'User %user now masquerading as %masq_as.', array('%user' => $user->name, '%masq_as' => $new_user->name ? $new_user->name : variable_get('anonymous', t('Anonymous'))), WATCHDOG_INFO); drupal_set_message(t('You are now masquerading as !masq_as.', array('!masq_as' => theme('username', array('account' => $new_user))))); - $user->masquerading = $new_user->uid; + $new_user->masquerading = $user->uid; $user = $new_user; // Call all login hooks when switching to masquerading user. @@ -813,7 +826,7 @@ function masquerade_switch_user($uid) { } /** - * Allows a user who is currently masquerading to become a new user. + * Page callback: Switches the currently masquerading user to a new user. */ function masquerade_switch_back_page() { if (isset($_GET['token']) && drupal_valid_token($_GET['token'], 'masquerade/unswitch')) { @@ -832,8 +845,9 @@ function masquerade_switch_back_page() { * Function for a masquerading user to switch back to the previous user. */ function masquerade_switch_back() { - // switch user + // Switch user. global $user; + // @TODO Seems useless. cache_clear_all($user->uid, 'cache_menu', TRUE); $uid = db_query("SELECT m.uid_from FROM {masquerade} m WHERE m.sid = :sid AND m.uid_as = :uid_as ", array( ':sid' => session_id(), @@ -843,9 +857,9 @@ function masquerade_switch_back() { $conditions = db_or(); $conditions->condition('sid', session_id()); $conditions->condition('uid_as', $user->uid); - $query = db_delete('masquerade'); - $query->condition($conditions); - $query->execute(); + db_delete('masquerade') + ->condition($conditions) + ->execute(); $oldname = ($user->uid == 0 ? variable_get('anonymous', t('Anonymous')) : $user->name); // Call logout hooks when switching from masquerading user. diff --git a/masquerade.test b/masquerade.test index ac01d08..c1a6fa8 100644 --- a/masquerade.test +++ b/masquerade.test @@ -22,25 +22,36 @@ class MasqueradeTestCase extends DrupalWebTestCase { public function testMasquerade() { $admin_perms = array( - 'administer site configuration', - 'administer permissions', + 'access user profiles', + 'administer masquerade', 'masquerade as user', ); - $admin = $this->drupalCreateUser($admin_perms); - $user = $this->drupalCreateUser(); - - $this->drupalLogin($admin); - - //test admin form - $this->drupalGet('admin/config/development/masquerade'); - - //test switch - $this->drupalGet('masquerade/switch/' . $user->uid); - $this->assertText('Now masquerading as ' . $user->name); - - //test unswitch - $this->drupalGet('masquerade/unswitch'); - $this->assertText('No longer masquerading as ' . $user->name); + $admin_user = $this->drupalCreateUser($admin_perms); + $web_user = $this->drupalCreateUser(); + + $this->drupalLogin($admin_user); + + // Tests admin form. + $this->drupalGet('admin/config/people/masquerade'); + $this->assertResponse(200); + $this->assertText('Roles that are considered "administrators" for masquerading'); + + $switch_link = 'masquerade/switch/' . $web_user->uid; + // Tests user account link. + $this->drupalGet('user/' . $web_user->uid); + $this->assertLink('Masquerade as ' . check_plain($web_user->name)); + + // Tests switch. + $switch_link = 'masquerade/switch/' . $web_user->uid; + debug($this->drupalGetToken($switch_link), 'drupalGetToken'); + debug( drupal_hmac_base64($switch_link, $this->session_id . drupal_get_private_key(). drupal_get_hash_salt())); + $this->drupalGet($switch_link, array('query' => array('token' => $this->drupalGetToken($switch_link)))); + $this->assertText('Now masquerading as ' . $web_user->name); + + // Tests switch back. + $unswitch_link = 'masquerade/unswitch'; + $this->drupalGet($unswitch_link, array('query' => array('token' => $this->drupalGetToken($unswitch_link)))); + $this->assertText('No longer masquerading as ' . $web_user->name); } }