Index: modules/contact/contact.module =================================================================== RCS file: /cvs/drupal/drupal/modules/contact/contact.module,v retrieving revision 1.111 diff -u -p -u -p -r1.111 contact.module --- modules/contact/contact.module 9 Oct 2008 15:15:51 -0000 1.111 +++ modules/contact/contact.module 18 Nov 2008 01:47:19 -0000 @@ -45,6 +45,10 @@ function contact_perm() { 'title' => t('Access site-wide contact form'), 'description' => t('Send feedback to administrators via e-mail using the site-wide contact form.'), ), + 'access personal contact form' => array( + 'title' => t('Access users personal contact forms'), + 'description' => t('Send feedback to users via e-mail using their personal contact form.'), + ), ); } @@ -119,12 +123,10 @@ function _contact_user_tab_access($accou if (!isset($account->contact)) { $account->contact = FALSE; } - return - $account && $user->uid && - ( - ($user->uid != $account->uid && $account->contact) || - user_access('administer users') - ); + $other_user_access = $user->uid != $account->uid && $account->contact && user_access('access personal contact form'); + // If this is the user themselves, another user that has the appropriate + // access, or an admin user then we return TRUE. + return $account && $user->uid && ($other_user_access || user_access('administer users')); } /** @@ -192,7 +194,7 @@ function contact_mail($key, &$message, $ $account = $params['account']; $message['subject'] .= '[' . variable_get('site_name', 'Drupal') . '] ' . $params['subject']; $message['body'][] = "$account->name,"; - $message['body'][] = t("!name (!name-url) has sent you a message via your contact form (!form-url) at !site.", array('!name' => $user->name, '!name-url' => url("user/$user->uid", array('absolute' => TRUE, 'language' => $language)), '!form-url' => url($_GET['q'], array('absolute' => TRUE, 'language' => $language)), '!site' => variable_get('site_name', 'Drupal')), $language->language); + $message['body'][] = t("!name (!name-url) has sent you a message via your contact form (!form-url) at !site.", array('!name' => $user->name, '!name-url' => $user->uid ? url("user/$user->uid", array('absolute' => TRUE, 'language' => $language)) : $user->mail, '!form-url' => url($_GET['q'], array('absolute' => TRUE, 'language' => $language)), '!site' => variable_get('site_name', 'Drupal')), $language->language); $message['body'][] = t("If you don't want to receive such e-mails, you can change your settings at !url.", array('!url' => url("user/$account->uid", array('absolute' => TRUE, 'language' => $language))), $language->language); $message['body'][] = t('Message:', NULL, $language->language); $message['body'][] = $params['message']; Index: modules/contact/contact.pages.inc =================================================================== RCS file: /cvs/drupal/drupal/modules/contact/contact.pages.inc,v retrieving revision 1.15 diff -u -p -u -p -r1.15 contact.pages.inc --- modules/contact/contact.pages.inc 13 Oct 2008 00:33:02 -0000 1.15 +++ modules/contact/contact.pages.inc 18 Nov 2008 01:47:19 -0000 @@ -157,10 +157,7 @@ function contact_mail_page_submit($form, function contact_user_page($account) { global $user; - if (!valid_email_address($user->mail)) { - $output = t('You need to provide a valid e-mail address to contact other users. Please update your user information and try again.', array('@url' => url("user/$user->uid/edit", array('query' => 'destination=' . drupal_get_destination())))); - } - elseif (!flood_is_allowed('contact', variable_get('contact_hourly_threshold', 3)) && !user_access('administer site-wide contact form')) { + if (!flood_is_allowed('contact', variable_get('contact_hourly_threshold', 3)) && !user_access('administer site-wide contact form')) { $output = t("You cannot send more than %number messages per hour. Please try again later.", array('%number' => variable_get('contact_hourly_threshold', 3))); } else { @@ -173,11 +170,21 @@ function contact_user_page($account) { function contact_mail_user(&$form_state, $recipient) { global $user; - $form['#token'] = $user->name . $user->mail; - $form['recipient'] = array('#type' => 'value', '#value' => $recipient); - $form['from'] = array('#type' => 'item', - '#title' => t('From'), - '#markup' => check_plain($user->name) . ' <' . check_plain($user->mail) . '>', + $form['#token'] = $user->uid ? $user->name . $user->mail : ''; + $form['recipient'] = array('#type' => 'value', + '#value' => $recipient + ); + $form['from'] = array('#type' => 'textfield', + '#title' => t('Your name'), + '#maxlength' => 255, + '#default_value' => $user->uid ? $user->name : '', + '#required' => TRUE, + ); + $form['mail'] = array('#type' => 'textfield', + '#title' => t('Your e-mail address'), + '#maxlength' => 255, + '#default_value' => $user->uid ? $user->mail : '', + '#required' => TRUE, ); $form['to'] = array('#type' => 'item', '#title' => t('To'), @@ -193,9 +200,17 @@ function contact_mail_user(&$form_state, '#rows' => 15, '#required' => TRUE, ); - $form['copy'] = array('#type' => 'checkbox', - '#title' => t('Send yourself a copy.'), - ); + if ($user->uid) { + $form['copy'] = array('#type' => 'checkbox', + '#title' => t('Send yourself a copy.'), + ); + } + else { + drupal_add_js(drupal_get_path('module', 'contact') . '/contact.js'); + $form['copy'] = array('#type' => 'value', + '#value' => FALSE, + ); + } $form['submit'] = array('#type' => 'submit', '#value' => t('Send e-mail'), ); @@ -203,27 +218,49 @@ function contact_mail_user(&$form_state, } /** + * Validate the user contact page form submission. + */ +function contact_mail_user_validate($form, &$form_state) { + global $user; + if (!valid_email_address($form_state['values']['mail'])) { + form_set_error('mail', t('You must enter a valid e-mail address.')); + } + if (!$user->uid) { + foreach (array('from' => 'name', 'mail' => 'mail') as $form_field => $cookie_field) { + // Set cookie for 365 days. + if (isset($form_state['values'][$form_field])) { + setcookie('comment_info_' . $cookie_field, $form_state['values'][$form_field], $_SERVER['REQUEST_TIME'] + 31536000, '/'); + } + } + } +} + +/** * Process the personal contact page form submission. */ function contact_mail_user_submit($form, &$form_state) { global $user, $language; - $account = $form_state['values']['recipient']; + $values = $form_state['values']; + $account = $values['recipient']; // Send from the current user to the requested user. $to = $account->mail; - $from = $user->mail; + $from = $values['mail']; // Save both users and all form values for email composition. - $values = $form_state['values']; $values['account'] = $account; + if (!$user->uid) { + $user->mail = $values['mail']; + $user->name = $values['from']; + } $values['user'] = $user; // Send the e-mail in the requested user language. drupal_mail('contact', 'user_mail', $to, user_preferred_language($account), $values, $from); // Send a copy if requested, using current page language. - if ($form_state['values']['copy']) { + if ($values['copy']) { drupal_mail('contact', 'user_copy', $from, $language, $values, $from); } @@ -231,6 +268,7 @@ function contact_mail_user_submit($form, watchdog('mail', '%name-from sent %name-to an e-mail.', array('%name-from' => $user->name, '%name-to' => $account->name)); drupal_set_message(t('The message has been sent.')); - // Back to the requested users profile page. - $form_state['redirect'] = "user/$account->uid"; + // Back to the requested users profile page or the homepage if the + // user does not have access to user profiles. + $form_state['redirect'] = user_access('access user profiles') ? "user/$account->uid" : ''; } Index: modules/contact/contact.test =================================================================== RCS file: /cvs/drupal/drupal/modules/contact/contact.test,v retrieving revision 1.12 diff -u -p -u -p -r1.12 contact.test --- modules/contact/contact.test 17 Sep 2008 06:54:11 -0000 1.12 +++ modules/contact/contact.test 18 Nov 2008 01:47:19 -0000 @@ -289,31 +289,31 @@ class ContactPersonalTestCase extends Dr $admin_user = $this->drupalCreateUser(array('administer site-wide contact form')); $this->drupalLogin($admin_user); - // Enable the personal contact form. + // Set settings and make sure permissions to view user contact pages are disabled. $flood_control = 3; $edit = array(); $edit['contact_default_status'] = TRUE; $edit['contact_hourly_threshold'] = $flood_control; $this->drupalPost('admin/build/contact/settings', $edit, t('Save configuration')); $this->assertText(t('The configuration options have been saved.'), t('Setting successfully saved.')); - - // Reload variables. + $this->setPermission('anonymous user', array('access personal contact form' => FALSE)); + $this->setPermission('authenticated user', array('access personal contact form' => FALSE)); $this->drupalLogout(); - // Create web users and attempt to use personal contact forms with default set to true. + // Create web users and attempt to use personal contact forms with + // default set to true but permissions disabled. $web_user1 = $this->drupalCreateUser(array()); $web_user2 = $this->drupalCreateUser(array()); - $this->drupalLogin($web_user1); - + // Test denied access by anonymous user $this->drupalGet('user/' . $web_user2->uid . '/contact'); - $this->assertResponse(200, t('Access to personal contact form granted.')); + $this->assertResponse(403, t('Access to personal contact form user denied to anonymous user.')); - $edit = array(); - $edit['subject'] = $this->randomName(16); - $edit['message'] = $this->randomName(64); - $this->drupalPost(NULL, $edit, t('Send e-mail')); - $this->assertText(t('The message has been sent.'), t('Message sent.')); + // Test denied acces by registered user + $this->drupalLogin($web_user1); + $this->drupalGet('user/' . $web_user2->uid . '/contact'); + $this->assertResponse(403, t('Access to personal contact form user denied to authenticated user.')); + $this->drupalLogout(); // Clear flood table in preparation for flood test and allow other checks to complete. $this->assertTrue(db_query('DELETE FROM {flood}'), t('Flood table emptied.')); @@ -332,23 +332,75 @@ class ContactPersonalTestCase extends Dr $this->drupalLogout(); $this->drupalLogin($admin_user); - - // Disable the personal contact form. - $edit = array(); $edit['contact_default_status'] = FALSE; $this->drupalPost('admin/build/contact/settings', $edit, t('Save configuration')); $this->assertText(t('The configuration options have been saved.'), t('Setting successfully saved.')); - // Reload variables. + $this->setPermission('anonymous user', array('access personal contact form' => TRUE)); + $this->setPermission('authenticated user', array('access personal contact form' => TRUE)); $this->drupalLogout(); - // Create web users and attempt to use personal contact forms with default set to false. + // Create web users and attempt to use personal contact forms with + // default set to false but permissions enabled. $web_user3 = $this->drupalCreateUser(array()); $web_user4 = $this->drupalCreateUser(array()); $this->drupalLogin($web_user3); + // Enable the contact form for one of the new users. + $this->drupalLogin($web_user4); + $edit_user = array(); + $edit_user['contact'] = TRUE; + $this->drupalPost('user/' . $web_user4->uid . '/edit', $edit_user, t('Save')); + $this->assertText(t('The changes have been saved.'), t('User setting successfully saved.')); + $this->drupalLogout(); + // Test allowed access and contact form sending by anonymous user. + $this->drupalGet('user/' . $web_user3->uid . '/contact'); + $this->assertResponse(403, t('Access to personal contact form denied to anonymous user with permission.')); $this->drupalGet('user/' . $web_user4->uid . '/contact'); - $this->assertResponse(403, t('Access to personal contact form denied.')); + $this->assertResponse(200, t('Access to personal contact form granted to anonymous user with permission.')); + $edit = array(); + $edit['from'] = $this->randomName(16); + $edit['mail'] = 'simpletest@example.com'; + $edit['subject'] = $this->randomName(16); + $edit['message'] = $this->randomName(64); + $this->drupalPost('user/' . $web_user4->uid . '/contact', $edit, t('Send e-mail')); + $this->assertText(t('The message has been sent.'), t('Message sent.')); + + // Test allowed access and contact form sending by registered user. + $this->drupalLogin($web_user1); + $this->drupalGet('user/' . $web_user3->uid . '/contact'); + $this->assertResponse(403, t('Access to personal contact form denied to authenticated user with permission.')); + $this->drupalGet('user/' . $web_user4->uid . '/contact'); + $this->assertResponse(200, t('Access to personal contact form granted to authenticated user with permission.')); + $edit = array(); + $edit['subject'] = $this->randomName(16); + $edit['message'] = $this->randomName(64); + $this->drupalPost('user/' . $web_user4->uid . '/contact', $edit, t('Send e-mail')); + $this->assertText(t('The message has been sent.'), t('Message sent.')); + $this->drupalLogout(); + } + + /** + * Set permission. + * + * @param string $role User role to set permissions for. + * @param array $permissions Key-value array of permissions to set. + */ + function setPermission($role, $permissions) { + // Get role id (rid) for specified role. + $rid = db_result(db_query("SELECT rid FROM {role} WHERE name = '%s'", array($role))); + if ($rid === FALSE) { + $this->fail(t('Role %role not found.', array('%role' => $role)), t('Permission')); + } + + // Create edit array from permission. + $edit = array(); + foreach ($permissions as $name => $value) { + $edit[$rid . '[' . $name . ']'] = $value; + } + + $this->drupalPost('admin/user/permissions', $edit, t('Save permissions')); + $this->assertText(t('The changes have been saved.'), t('Saved changes.'), t('Permission')); } -} +} \ No newline at end of file