diff --git a/core/modules/user/lib/Drupal/user/TempStore.php b/core/modules/user/lib/Drupal/user/TempStore.php index dd6451c..2c0e241 100644 --- a/core/modules/user/lib/Drupal/user/TempStore.php +++ b/core/modules/user/lib/Drupal/user/TempStore.php @@ -34,9 +34,6 @@ * editing certain data, or even to restrict other users from editing it at * the same time. It is the responsibility of the implementation to decide * when and whether one owner can use or update another owner's data. - * - * @todo We could add getIfOwner() or setIfOwner() methods to make this more - * explicit. */ class TempStore { @@ -85,7 +82,7 @@ class TempStore { * @param mixed $owner * The owner key to store along with the data (e.g. a user or session ID). */ - function __construct(KeyValueStoreExpirableInterface $storage, LockBackendInterface $lockBackend, $owner) { + public function __construct(KeyValueStoreExpirableInterface $storage, LockBackendInterface $lockBackend, $owner) { $this->storage = $storage; $this->lockBackend = $lockBackend; $this->owner = $owner; @@ -100,13 +97,30 @@ function __construct(KeyValueStoreExpirableInterface $storage, LockBackendInterf * @return mixed * The data associated with the key, or NULL if the key does not exist. */ - function get($key) { + public function get($key) { if ($object = $this->storage->get($key)) { return $object->data; } } /** + * Retrieves a value from this TempStore for a given key. + * + * Only returns the value if the value is owned by $this->owner. + * + * @param string $key + * The key of the data to retrieve. + * + * @return mixed + * The data associated with the key, or NULL if the key does not exist. + */ + public function getIfOwner($key) { + if (($object = $this->storage->get($key)) && ($object->owner == $this->owner)) { + return $object->data; + } + } + + /** * Stores a particular key/value pair only if the key doesn't already exist. * * @param string $key @@ -117,7 +131,7 @@ function get($key) { * @return bool * TRUE if the data was set, or FALSE if it already existed. */ - function setIfNotExists($key, $value) { + public function setIfNotExists($key, $value) { $value = (object) array( 'owner' => $this->owner, 'data' => $value, @@ -129,12 +143,39 @@ function setIfNotExists($key, $value) { /** * Stores a particular key/value pair in this TempStore. * + * Only stores the given key/value pair if it does not exist yet or is owned + * by $this->owner. + * + * @param string $key + * The key of the data to store. + * @param mixed $value + * The data to store. + * + * @return bool + * TRUE if the data was set, or FALSE if it already exists and is not owned + * by $this->user. + */ + public function setIfOwner($key, $value) { + if ($this->setIfNotExists($key, $value)) { + return TRUE; + } + + if (($object = $this->storage->get($key)) && ($object->owner == $this->owner)) { + $this->set($key, $value); + return TRUE; + } + return FALSE; + } + + /** + * Stores a particular key/value pair in this TempStore. + * * @param string $key * The key of the data to store. * @param mixed $value * The data to store. */ - function set($key, $value) { + public function set($key, $value) { if (!$this->lockBackend->acquire($key)) { $this->lockBackend->wait($key); if (!$this->lockBackend->acquire($key)) { @@ -164,7 +205,7 @@ function set($key, $value) { * An object with the owner and updated time if the key has a value, or * NULL otherwise. */ - function getMetadata($key) { + public function getMetadata($key) { // Fetch the key/value pair and its metadata. $object = $this->storage->get($key); if ($object) { @@ -180,7 +221,7 @@ function getMetadata($key) { * @param string $key * The key of the data to delete. */ - function delete($key) { + public function delete($key) { if (!$this->lockBackend->acquire($key)) { $this->lockBackend->wait($key); if (!$this->lockBackend->acquire($key)) { @@ -194,4 +235,27 @@ function delete($key) { $this->lockBackend->release($key); } + /** + * Deletes data from the store for a given key and releases the lock on it. + * + * Only delete the given key if it is owned by $this->owner. + * + * @param string $key + * The key of the data to delete. + * + * @return bool + * TRUE if the object was deleted or does not exist, FALSE if it exists but + * is not owned by $this->owner. + */ + public function deleteIfOwner($key) { + if (!$object = $this->storage->get($key)) { + return TRUE; + } + elseif ($object->owner == $this->owner) { + $this->delete($key); + return TRUE; + } + return FALSE; + } + } diff --git a/core/modules/user/lib/Drupal/user/Tests/TempStoreDatabaseTest.php b/core/modules/user/lib/Drupal/user/Tests/TempStoreDatabaseTest.php index 28edf55..0437837 100644 --- a/core/modules/user/lib/Drupal/user/Tests/TempStoreDatabaseTest.php +++ b/core/modules/user/lib/Drupal/user/Tests/TempStoreDatabaseTest.php @@ -123,6 +123,12 @@ public function testUserTempStore() { $this->assertIdenticalObject($this->objects[2], $stores[0]->get($key)); // The object is the same when another user loads it. $this->assertIdenticalObject($this->objects[2], $stores[1]->get($key)); + + // This user should be allowed to get, update, delete. + $this->assertTrue($stores[0]->getIfOwner($key) instanceof \stdClass); + $this->assertTrue($stores[0]->setIfOwner($key, $this->objects[1])); + $this->assertTrue($stores[0]->deleteIfOwner($key)); + // Another user can update the object and become the owner. $stores[1]->set($key, $this->objects[3]); $this->assertIdenticalObject($this->objects[3], $stores[0]->get($key)); @@ -134,6 +140,11 @@ public function testUserTempStore() { $metadata = $stores[0]->getMetadata($key); $this->assertEqual($users[1], $metadata->owner); + // The first user should no longer be allowed to get, update, delete. + $this->assertNull($stores[0]->getIfOwner($key)); + $this->assertFalse($stores[0]->setIfOwner($key, $this->objects[1])); + $this->assertFalse($stores[0]->deleteIfOwner($key)); + // Now manually expire the item (this is not exposed by the API) and then // assert it is no longer accessible. db_update('key_value_expire')