diff --git a/field_permissions.module b/field_permissions.module index 9bef90b..b124099 100644 --- a/field_permissions.module +++ b/field_permissions.module @@ -171,14 +171,25 @@ function _field_permissions_field_view_access($field_name, $obj_type, $object, $ * Implementation of hook_field_access('edit'). */ function _field_permissions_field_edit_access($field_name, $obj_type, $object, $account) { - // Check if the object is already created. - // @TODO: There is an exception warning that is issued here, hence the @. We - // should remove the @ when the Drupal core bug is fixed. You can find the - // bug here: http://drupal.org/node/1301522 - list($id, $vid, $bundle) = @entity_extract_ids($obj_type, $object); - - // Check if user has access to edit this field on object creation. - if (!isset($id)) { + // If this is a new object, check if the user has access to edit the field on + // object creation. + if (!isset($object)) { + // If the object doesn't exist, we assume it's new. + $is_new = TRUE; + } + else { + // If the object does exist, we check its ID to see if it's new. Using + // empty() rather than !isset() is important here, to deal with the case of + // entities that store "0" as their ID while the final entity is in the + // process of being created (user accounts are a good example of this). + // + // @TODO: There is an exception warning that is issued here, hence the @. + // We should remove the @ when the Drupal core bug is fixed. You can find + // the bug here: http://drupal.org/node/1301522 + list($id, $vid, $bundle) = @entity_extract_ids($obj_type, $object); + $is_new = empty($id); + } + if ($is_new) { return user_access('create ' . $field_name, $account); } diff --git a/field_permissions.test b/field_permissions.test index 9253581..201fa46 100644 --- a/field_permissions.test +++ b/field_permissions.test @@ -23,7 +23,7 @@ class FieldPermissionsTestCase extends DrupalWebTestCase { } function setUp() { - parent::setUp('field_permissions'); + parent::setUp('field_ui', 'field_permissions'); // Create test user. $admin_permissions = array('access content', 'administer nodes', 'bypass node access', 'administer content types', 'administer taxonomy', 'administer permissions', 'create page content'); @@ -33,6 +33,7 @@ class FieldPermissionsTestCase extends DrupalWebTestCase { $this->limited_rid = array_pop($all_rids); $admin_permissions[] = 'administer field permissions'; + $admin_permissions[] = 'administer users'; $this->admin_user = $this->drupalCreateUser($admin_permissions); $all_rids = array_keys($this->admin_user->roles); sort($all_rids); @@ -263,6 +264,39 @@ class FieldPermissionsTestCase extends DrupalWebTestCase { $this->assertText($field_info['value']); } + function testUserFields() { + // Create a field attached to users and make it appear on the user + // registration form with (default) custom permissions. + $this->drupalLogin($this->admin_user); + $label = 'Field attached to users'; + $edit = array( + 'fields[_add_new_field][label]' => $label, + 'fields[_add_new_field][field_name]' => 'attached_to_users', + 'fields[_add_new_field][type]' => 'text', + 'fields[_add_new_field][widget_type]' => 'text_textfield', + ); + $this->drupalPost('admin/config/people/accounts/fields', $edit, t('Save')); + $this->drupalPost(NULL, array(), t('Save field settings')); + $edit = array( + 'field[field_permissions][type]' => 2, + 'instance[settings][user_register_form]' => TRUE, + ); + $this->drupalPost(NULL, $edit, t('Save settings')); + + // Log out, go to the registration form and make sure the field appears + // there for anonymous users. + $this->drupalLogout(); + $this->drupalGet('user/register'); + $this->assertText($label); + + // Log in and make sure the user does not have access to edit the field + // (i.e., there are only default permissions to create it). + $this->drupalLogin($this->limited_user); + $this->drupalGet('user/' . $this->limited_user->uid . '/edit'); + $this->assertResponse(200); + $this->assertNoText($label); + } + /** * Asserts that a user account has a permission. */