Current: db_query('SELECT COUNT(vid) FROM {node_revision} WHERE nid = :nid', array(':nid' => $node->nid))->fetchField() == 1 || $op == 'update' || $op == 'delete'

Could be: $op == 'update' || $op == 'delete' || db_query('SELECT COUNT(vid) FROM {node_revision} WHERE nid = :nid', array(':nid' => $node->nid))->fetchField() == 1

Patch attach changes the order it, but did against a freshly checked out copy 8.x.. so hopefully no syntax errors.

CommentFileSizeAuthor
#14 drupal_1439336_node_revision_acess_14.patch6.78 KBhefox
#11 drupal_1439336_node_revision_acess_11.patch4.53 KBhefox
#9 drupal_1439336_node_revision_acess_8.patch4.76 KBhefox
#7 drupal_1439336_node_revision_acess_6.patch2.53 KBhefox
#6 drupal_1439336_node_revision_acess_5.patch2.53 KBhefox
#5 drupal_1439336_node_revision_acess_4.patch2.53 KBhefox
drupal_node_revision_access.patch902 byteshefox
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

kafitz’s picture

kafitz CreditAttribution: kafitz commented

Indeedn, It seems better that the if-statement first checks if op is delete or update. I tested the patch and all went fine. Seems good to me.

xjm’s picture

xjm
she/her
Primary language English
CreditAttribution: xjm commented
Issue tags: +Needs tests

Based on experiences in #1064954: _node_revision_access() static usage I'd like to see some nice robust test coverage to go with this.

xjm’s picture

xjm
she/her
Primary language English
CreditAttribution: xjm commented
Issue tags: +Needs backport to D7

So to clarify my previous comment, it would be good to add test coverage for the particular flow branch of _node_revision_access() that the patch changes. In this, case, that's if the node is the current revision, and it is either the only revision, or the user is trying to update or delete it.

There are two non-mutually-exclusive possibilities for tests:

  1. A unit(ish) test along the lines in #1064954: _node_revision_access() static usage, probably extending the new NodeRevisionPermissionsTestCase, that tests the return value of _node_access_revision() in all these cases.
  2. A functional test that tries to delete the current revision of a node, etc. See node_menu() for where this function gets used as an access callback.
Kristen Pol’s picture

Kristen Pol
she/her
Primary language English
Location Santa Cruz, CA, USA
CreditAttribution: Kristen Pol commented
Title: _node_revision_access is executing a uneeded query when op is delete or update » _node_revision_access is executing an unnecessary query when $op equals 'delete' or 'update'
hefox’s picture

hefox CreditAttribution: hefox commented
FileSize
drupal_1439336_node_revision_acess_4.patch2.53 KB

Tests for 1)

hefox’s picture

hefox CreditAttribution: hefox commented
FileSize
drupal_1439336_node_revision_acess_5.patch2.53 KB

Typo

hefox’s picture

hefox CreditAttribution: hefox commented
FileSize
drupal_1439336_node_revision_acess_6.patch2.53 KB

Another typo

xjm’s picture

xjm
she/her
Primary language English
CreditAttribution: xjm commented

That test coverage looks good to me. So we just need the functional tests, then.

Couple minor cleanups:

+++ b/core/modules/node/node.testundefined
@@ -2422,6 +2422,17 @@ class NodeRevisionPermissionsTestCase extends NodeWebTestCase {
+    // Test that user cannot delete/update current revision.

Let's make this "delete or update" so that it's a more complete sentence.

+++ b/core/modules/node/node.testundefined
@@ -2422,6 +2422,17 @@ class NodeRevisionPermissionsTestCase extends NodeWebTestCase {
+    // Create a node with a single revision and make sure cannot view/update/delete it.

This comment is over 80 chars, so let's wrap it. I'd also say "view, update, or delete".

hefox’s picture

hefox CreditAttribution: hefox commented
FileSize
drupal_1439336_node_revision_acess_8.patch4.76 KB

above + a try at functional test, not sure how to handle the user object for drupalGet

xjm’s picture

xjm
she/her
Primary language English
CreditAttribution: xjm commented
Status: Needs review » Needs work 
+++ b/core/modules/node/node.testundefined
@@ -2394,6 +2394,7 @@ class NodeRevisionPermissionsTestCase extends NodeWebTestCase {
+    $current_account = $GLOBALS['user'];

@@ -2403,14 +2404,25 @@ class NodeRevisionPermissionsTestCase extends NodeWebTestCase {
+    // Reset the current user back for further tests.
+    $GLOBALS['user'] = $current_account;

Let's remove this. Each test method gets its own session, so we don't need to restore the logged-in user. Also, we probably shouldn't muck with data for the test in the parent site environment.

Edit: Also, if need be, we can create a separate test method.

hefox’s picture

hefox CreditAttribution: hefox commented
FileSize
drupal_1439336_node_revision_acess_11.patch4.53 KB

One of the test stores $GLOBAL user just after than, sets admin user, then rests after. Removed that also and added a login for admin user, which is a user needed for that test and for rest of coming tests.

hefox’s picture

hefox CreditAttribution: hefox commented
Status: Needs work » Needs review
xjm’s picture

xjm
she/her
Primary language English
CreditAttribution: xjm commented 
+++ b/core/modules/node/node.testundefined
@@ -2418,10 +2426,28 @@ class NodeRevisionPermissionsTestCase extends NodeWebTestCase {
     // Test that the $account parameter defaults to the "logged in" user.
-    $original_user = $GLOBALS['user'];
-    $GLOBALS['user'] = $admin_account;
+    $this->drupalLogin($admin_account);
     $this->assertTrue(_node_revision_access($revision, 'view'), '_node_revision_access() returns TRUE when used with global user.');
-    $GLOBALS['user'] = $original_user;

Ah. I see now why you were using this. The purpose here was to test the function used the correct default account when the account wasn't passed (i.e. no third parameter for _node_revision_access($revision, 'view')). Running within the test case, it will actually default to the current user in the parent environment (not $admin_account), so the fact that the patch passes with this hunk is (I think) misleading. I think if we switched it to an unprivileged user and tested for FALSE instead, it would probably fail.

Since we're passing the account parameter in the assertions immediately below this hunk, I am not sure we should have the the drupalLogin() where it is.

I'd say we should open a followup for testing _node_revision_access($revision, 'view') without passing the account parameter, and maybe we should also move the functional assertions into their own method? Edit: we could even create that extra node in setUp(). What do you think?

hefox’s picture

hefox CreditAttribution: hefox commented
FileSize
drupal_1439336_node_revision_acess_14.patch6.78 KB

Well, that's unexpected.

Anyhow, tried moving the functional parts to their own test, but keeps failing due to being unable to login some users (wrong username or password on user login form). I'm a bit confused.

Anyhow, node creation moved to setup, and all functional tests moved together to bottom, but still in same function, but assuming can fix the above issue, can split them two two functions.

johnv’s picture

johnv
Primary language Dutch
CreditAttribution: johnv commented

#808730: Show the Revisions tab/page even when only one revision exists. changes the same line of code and has an extra use case.
Should we merge the two issues? Or better leave this as the 'test'-issue vs. the other 'patch'-issue
The patch-code seems to change regularly, whereas the test-code should be stable.

socketwench’s picture

socketwench CreditAttribution: socketwench commented
Issue summary: View changes
Issue tags: -Novice

Novice issue cleanup.

jhedstrom’s picture

jhedstrom
Primary language English
Location Portland, OR
CreditAttribution: jhedstrom commented
Status: Needs review » Needs work
Issue tags: +Needs reroll

Patch no longer applies.

Guybrush Threepwood’s picture

Guybrush Threepwood CreditAttribution: Guybrush Threepwood as a volunteer commented

Does this mean that everything needs to be redone?

deepakaryan1988’s picture

deepakaryan1988
Primary language Hindi
CreditAttribution: deepakaryan1988 at Srijan | A Material+ Company commented
Assigned: Unassigned » deepakaryan1988
deepakaryan1988’s picture

deepakaryan1988
Primary language Hindi
CreditAttribution: deepakaryan1988 at Srijan | A Material+ Company commented
Assigned: deepakaryan1988 » Unassigned

Status: Needs work » Needs review

RavindraSingh queued 14: drupal_1439336_node_revision_acess_14.patch for re-testing.

Status: Needs review » Needs work

The last submitted patch, 14: drupal_1439336_node_revision_acess_14.patch, failed testing.

cchanana’s picture

cchanana CreditAttribution: cchanana commented
Assigned: Unassigned » cchanana
cchanana’s picture

cchanana CreditAttribution: cchanana commented
Assigned: cchanana » Unassigned
iMiksu’s picture

iMiksu
Location Finland
CreditAttribution: iMiksu as a volunteer commented
Assigned: Unassigned » iMiksu

Let start rerolling

iMiksu’s picture

iMiksu
Location Finland
CreditAttribution: iMiksu as a volunteer commented
Assigned: iMiksu » Unassigned

OK, Teemu is taking this! He already started on it.

teemuaro’s picture

teemuaro CreditAttribution: teemuaro at Drontti Oy commented
Assigned: Unassigned » teemuaro

Sorry about forgetting to assign this to me :)

teemuaro’s picture

teemuaro CreditAttribution: teemuaro at Drontti Oy commented
Status: Needs work » Closed (outdated)

This one seems to be outdated and not relevant anymore. Feel free to reopen though if I'm mistaken.

teemuaro’s picture

teemuaro CreditAttribution: teemuaro at Drontti Oy commented
Assigned: teemuaro » Unassigned
niyon’s picture

niyon CreditAttribution: niyon commented
Issue tags: -Needs reroll