diff --git a/core/lib/Drupal/Core/Access/AccessManager.php b/core/lib/Drupal/Core/Access/AccessManager.php index 62ab2d6..6b675db 100644 --- a/core/lib/Drupal/Core/Access/AccessManager.php +++ b/core/lib/Drupal/Core/Access/AccessManager.php @@ -159,13 +159,11 @@ protected function applies(Route $route) { $checks[] = $service_id; } } - // This means appliesTo() method was empty. Iterate through all checkers. - else { - foreach ($this->dynamicRequirementMap as $service_id) { - if ($this->checks[$service_id]->applies($route)) { - $checks[] = $service_id; - } - } + } + // Finally ask the dynamic access checkers whether they do apply. + foreach ($this->dynamicRequirementMap as $service_id) { + if ($this->checks[$service_id]->applies($route)) { + $checks[] = $service_id; } } diff --git a/core/modules/simpletest/lib/Drupal/simpletest/WebTestBase.php b/core/modules/simpletest/lib/Drupal/simpletest/WebTestBase.php index 284df1d..a90107d 100644 --- a/core/modules/simpletest/lib/Drupal/simpletest/WebTestBase.php +++ b/core/modules/simpletest/lib/Drupal/simpletest/WebTestBase.php @@ -645,6 +645,9 @@ protected function drupalLogin(AccountInterface $account) { if ($pass) { $this->loggedInUser = $account; $this->container->set('current_user', $account); + // @todo Temporary workaround for not being able to use synchronized + // services in non dumped container. + $this->container->get('access_subscriber')->setCurrentUser($account); } } diff --git a/core/modules/user/lib/Drupal/user/Plugin/views/access/Role.php b/core/modules/user/lib/Drupal/user/Plugin/views/access/Role.php index d812270..c6bc3d5 100644 --- a/core/modules/user/lib/Drupal/user/Plugin/views/access/Role.php +++ b/core/modules/user/lib/Drupal/user/Plugin/views/access/Role.php @@ -42,7 +42,10 @@ public function access(AccountInterface $account) { * {@inheritdoc} */ public function alterRouteDefinition(Route $route) { - $route->setRequirement('_role_id', $this->options['role']); + if ($this->options['role']) { + $route->setRequirement('_role', (string) implode(',', $this->options['role'])); + debug($route->setRequirement('_role', (string) implode(',', $this->options['role']))); + } } public function summaryTitle() { @@ -74,7 +77,7 @@ public function buildOptionsForm(&$form, &$form_state) { '#type' => 'checkboxes', '#title' => t('Role'), '#default_value' => $this->options['role'], - '#options' => array_map('check_plain', $this->getRoles()), + '#options' => array_map('\Drupal\Component\Utility\String::checkPlain', user_role_names()), '#description' => t('Only the checked roles will be able to access this display. Note that users with "access all views" can see any view, regardless of role.'), ); } diff --git a/core/modules/user/lib/Drupal/user/Tests/Views/AccessRoleTest.php b/core/modules/user/lib/Drupal/user/Tests/Views/AccessRoleTest.php index 7218046..0f0e480 100644 --- a/core/modules/user/lib/Drupal/user/Tests/Views/AccessRoleTest.php +++ b/core/modules/user/lib/Drupal/user/Tests/Views/AccessRoleTest.php @@ -8,6 +8,9 @@ namespace Drupal\user\Tests\Views; use Drupal\user\Plugin\views\access\Role; +use Drupal\views\Views; +use Drupal\views\ViewStorageInterface; +use Symfony\Component\HttpFoundation\Request; /** * Tests views role access plugin. @@ -35,19 +38,43 @@ public static function getInfo() { * Tests role access plugin. */ function testAccessRole() { - $view = views_get_view('test_access_role'); - $view->setDisplay(); - - $view->displayHandlers->get('default')->options['access']['options']['role'] = array( + /** @var \Drupal\views\ViewStorageInterface $view */ + $view = \Drupal::entityManager()->getStorageController('view')->load('test_access_role'); + $display = &$view->getDisplay('default'); + $display['display_options']['access']['options']['role'] = array( $this->normalRole => $this->normalRole, ); + $view->save(); + + $executable = Views::executableFactory()->get($view); + $executable->setDisplay('page_1'); - $access_plugin = $view->display_handler->getPlugin('access'); + $access_plugin = $executable->display_handler->getPlugin('access'); $this->assertTrue($access_plugin instanceof Role, 'Make sure the right class got instantiated.'); - $this->assertTrue($view->display_handler->access($this->adminUser), 'Admin-Account should be able to access the view everytime'); - $this->assertFalse($view->display_handler->access($this->webUser)); - $this->assertTrue($view->display_handler->access($this->normalUser)); + // Test the access() method on the access plugin. + $this->assertTrue($executable->display_handler->access($this->adminUser), 'Admin-Account should be able to access the view everytime'); + $this->assertFalse($executable->display_handler->access($this->webUser)); + $this->assertTrue($executable->display_handler->access($this->normalUser)); + + // Test the actual access doing a request. + /** @var \Symfony\Component\HttpKernel\HttpKernelInterface $kernel */ + $kernel = $this->container->get('http_kernel'); + + $this->drupalLogin($this->adminUser); + $request = Request::create('/test-role'); + $response = $kernel->handle($request); + $this->assertEqual($response->getStatusCode(), 200); + + $this->drupalLogin($this->webUser); + $request = Request::create('/test-role'); + $response = $kernel->handle($request); + $this->assertEqual($response->getStatusCode(), 403); + + $this->drupalLogin($this->normalUser); + $request = Request::create('/test-role'); + $response = $kernel->handle($request); + $this->assertEqual($response->getStatusCode(), 200); } } diff --git a/core/modules/user/lib/Drupal/user/Tests/Views/AccessRoleUITest.php b/core/modules/user/lib/Drupal/user/Tests/Views/AccessRoleUITest.php new file mode 100644 index 0000000..3f59b3b --- /dev/null +++ b/core/modules/user/lib/Drupal/user/Tests/Views/AccessRoleUITest.php @@ -0,0 +1,71 @@ + 'User: Access role (UI)', + 'description' => 'Tests views role access plugin UI.', + 'group' => 'Views module integration', + ); + } + + /** + * {@inheritdoc} + */ + protected function setUp() { + parent::setUp(); + + ViewTestData::createTestViews(get_class($this), array('user_test_views')); + } + + /** + * Tests the role access plugin UI. + */ + public function testAccessRoleUI() { + $entity_manager = $this->container->get('plugin.manager.entity'); + $entity_manager->getStorageController('user_role')->create(array('id' => 'custom_role', 'label' => 'Custom role'))->save(); + $access_url = "admin/structure/views/nojs/display/test_access_role/default/access_options"; + $this->drupalPostForm($access_url, array('access_options[role][custom_role]' => 1), t('Apply')); + $this->assertResponse(200); + + $this->drupalPostForm(NULL, array(), t('Save')); + $view = $entity_manager->getStorageController('view')->load('test_access_role'); + + $display = $view->getDisplay('default'); + $this->assertEqual($display['display_options']['access']['options']['role'], array('custom_role' => 'custom_role')); + } + +} diff --git a/core/modules/user/lib/Drupal/user/Tests/Views/AccessTestBase.php b/core/modules/user/lib/Drupal/user/Tests/Views/AccessTestBase.php index 4ec709d..5fac787 100644 --- a/core/modules/user/lib/Drupal/user/Tests/Views/AccessTestBase.php +++ b/core/modules/user/lib/Drupal/user/Tests/Views/AccessTestBase.php @@ -60,6 +60,7 @@ protected function setUp() { $this->normalRole = $this->drupalCreateRole(array()); $this->normalUser = $this->drupalCreateUser(array('views_test_data test permission')); $this->normalUser->addRole($this->normalRole); + $this->normalUser->save(); // @todo when all the plugin information is cached make a reset function and // call it here. } diff --git a/core/modules/user/tests/modules/user_test_views/test_views/views.view.test_access_role.yml b/core/modules/user/tests/modules/user_test_views/test_views/views.view.test_access_role.yml index 870b4bb..f971f75 100644 --- a/core/modules/user/tests/modules/user_test_views/test_views/views.view.test_access_role.yml +++ b/core/modules/user/tests/modules/user_test_views/test_views/views.view.test_access_role.yml @@ -1,10 +1,16 @@ -base_table: node +base_table: views_test_data core: '8' description: '' status: '1' display: default: display_options: + fields: + id: + id: id + field: id + table: views_test_data + plugin_id: numeric access: type: role cache: @@ -21,6 +27,13 @@ display: display_title: Master id: default position: '0' + page_1: + display_options: + path: test-role + display_plugin: page + display_title: Page + id: page_1 + position: '1' label: '' id: test_access_role tag: '' diff --git a/core/modules/views/lib/Drupal/views/Plugin/views/display/PathPluginBase.php b/core/modules/views/lib/Drupal/views/Plugin/views/display/PathPluginBase.php index 19893c7..e852427 100644 --- a/core/modules/views/lib/Drupal/views/Plugin/views/display/PathPluginBase.php +++ b/core/modules/views/lib/Drupal/views/Plugin/views/display/PathPluginBase.php @@ -185,6 +185,10 @@ protected function getRoute($view_id, $display_id) { $access_plugin = Views::pluginManager('access')->createInstance('none'); } $access_plugin->alterRouteDefinition($route); + // @todo Figure out whether _access_mode ANY is the proper one. This is + // particular important for altering routes. + $route->setOption('_access_mode', 'ANY'); + return $route; } diff --git a/core/modules/views/lib/Drupal/views/ViewsAccessCheck.php b/core/modules/views/lib/Drupal/views/ViewsAccessCheck.php index 483f582..8a81fb7 100644 --- a/core/modules/views/lib/Drupal/views/ViewsAccessCheck.php +++ b/core/modules/views/lib/Drupal/views/ViewsAccessCheck.php @@ -7,7 +7,7 @@ namespace Drupal\views; -use Drupal\Core\Access\StaticAccessCheckInterface; +use Drupal\Core\Access\AccessCheckInterface; use Drupal\Core\Session\AccountInterface; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\Routing\Route; @@ -17,13 +17,13 @@ * * @todo We could leverage the permission one as well? */ -class ViewsAccessCheck implements StaticAccessCheckInterface { +class ViewsAccessCheck implements AccessCheckInterface { /** * {@inheritdoc} */ - public function appliesTo() { - return array('views_id'); + public function applies(Route $route) { + return $route->hasDefault('view_id'); } /** diff --git a/core/tests/Drupal/Tests/Core/Access/AccessManagerTest.php b/core/tests/Drupal/Tests/Core/Access/AccessManagerTest.php index c7ae50a..f89f151 100644 --- a/core/tests/Drupal/Tests/Core/Access/AccessManagerTest.php +++ b/core/tests/Drupal/Tests/Core/Access/AccessManagerTest.php @@ -149,6 +149,35 @@ public function testSetChecks() { } /** + * Tests setChecks with a dynamic access checker. + */ + public function testSetChecksWithDynamicAccessChecker() { + // Setup the access manager. + $this->accessManager = new AccessManager($this->routeProvider, $this->urlGenerator, $this->paramConverter, $this->account); + $this->accessManager->setContainer($this->container); + + // Setup the dynamic access checker. + $access_check = $this->getMock('Drupal\Core\Access\AccessCheckInterface'); + $this->container->set('test_access', $access_check); + $this->accessManager->addCheckService('test_access'); + + $route = new Route('/test-path', array(), array('_foo' => '1', '_bar' => '1')); + $route2 = new Route('/test-path', array(), array('_foo' => '1', '_bar' => '2')); + $collection = new RouteCollection(); + $collection->add('test_route', $route); + $collection->add('test_route2', $route2); + + $access_check->expects($this->exactly(2)) + ->method('applies') + ->with($this->isInstanceOf('Symfony\Component\Routing\Route')) + ->will($this->returnCallback(function (Route $route) { + return $route->getRequirement('_bar') == 2; + })); + + $this->accessManager->setChecks($collection); + } + + /** * Tests \Drupal\Core\Access\AccessManager::check(). */ public function testCheck() {