Add 'access content' permission to routes in js_example [#2585593]

Problem/Motivation

js_example module doesn't demonstrate basic security best practices on its routes.

We need to change that.

In the routes.yml file, it currently says:

  requirements:
    _access: 'TRUE'

This allows anyone with access to the site to see the page, which opens up other possible security concerns.

Proposed resolution

Change the routes.yml file to say something like this:
```
  requirements:
    _permission: 'access content'
```
Update the tool menu test to reflect that this route is not visible to anonymous users, and *is* visible once a user with 'access content' permissions has been logged in.
Amend any tests which use these routes to log in a user who can access them.

Comment	File	Size	Author
#14	js_example_access_checking-2585593-8-14.patch	2 KB	Andrew.Mikhailov
#14	8.x-1.x: PHP 5.5 & MySQL 5.5 90 pass
#12	js_example_access_checking-2585593-8-12.patch	2 KB	Andrew.Mikhailov
#12	8.x-1.x: PHP 5.5 & MySQL 5.5 1 fail
#10	js_example-access_checking-2585593-10-2.patch	2.19 KB	sumthief
#10	8.x-1.x: PHP 5.5 & MySQL 5.5 89 pass, 1 fail
#2	js_example-access_checking-2585593-2-8.patch	1.04 KB	sumthief
#2	8.x-1.x: PHP 5.5 & MySQL 5.5 89 pass, 1 fail

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

Comment #1

9 October 2015 at 22:20

Mile23 created an issue. See original summary.

Comment #2

sumthief CreditAttribution: sumthief as a volunteer and at DrupalJedi commented 10 October 2015 at 10:38

Status:

Active

» Needs review

File	Size
js_example-access_checking-2585593-2-8.patch	1.04 KB
8.x-1.x: PHP 5.5 & MySQL 5.5 89 pass, 1 fail

Comment #3

Mile23

English

Seattle, WA

CreditAttribution: Mile23 as a volunteer commented 11 October 2015 at 22:52

Status:

Needs review

» Needs work

Comment #4

Mile23

English

Seattle, WA

CreditAttribution: Mile23 as a volunteer commented 11 October 2015 at 22:52

Status:

Needs work

» Needs review

Comment #5

11 October 2015 at 22:59

Status:

Needs review

» Needs work

The last submitted patch, 2: js_example-access_checking-2585593-2-8.patch, failed testing.

Comment #6

12 October 2015 at 04:14

The last submitted patch, 2: js_example-access_checking-2585593-2-8.patch, failed testing.

Comment #7

sumthief CreditAttribution: sumthief as a volunteer and at DrupalJedi commented 13 October 2015 at 09:10

Status:

Needs work

» Needs review

Need manually review.

Comment #8

13 October 2015 at 09:13

Status:

Needs review

» Needs work

The last submitted patch, 2: js_example-access_checking-2585593-2-8.patch, failed testing.

Comment #9

Mile23

English

Seattle, WA

CreditAttribution: Mile23 as a volunteer commented 13 October 2015 at 16:38

If you click on the newest failing testbot run, you'll see that the patch causes failing tests.

So we have to figure out why the tests are failing, and then try another patch.

In this case, the results look like this:

fail: [Browser] Line 39 of modules/examples/js_example/src/Tests/JsExampleTest.php:
Visited examples/js_example

fail: [Browser] Line 39 of modules/examples/js_example/src/Tests/JsExampleTest.php:
Visited examples/js_example/weights

fail: [Browser] Line 39 of modules/examples/js_example/src/Tests/JsExampleTest.php:
Visited examples/js_example/accordion

Comment #10

sumthief CreditAttribution: sumthief as a volunteer and at DrupalJedi commented 14 October 2015 at 11:25

Status:

Needs work

» Needs review

File	Size
js_example-access_checking-2585593-10-2.patch	2.19 KB
8.x-1.x: PHP 5.5 & MySQL 5.5 89 pass, 1 fail

Update tests for patch #2.

Comment #11

14 October 2015 at 11:28

Status:

Needs review

» Needs work

The last submitted patch, 10: js_example-access_checking-2585593-10-2.patch, failed testing.

Comment #12

Andrew.Mikhailov CreditAttribution: Andrew.Mikhailov at DrupalJedi commented 16 October 2015 at 02:38

Status:

Needs work

» Needs review

File	Size
js_example_access_checking-2585593-8-12.patch	2 KB
8.x-1.x: PHP 5.5 & MySQL 5.5 1 fail

Corrected patch.

Comment #13

16 October 2015 at 02:40

Status:

Needs review

» Needs work

The last submitted patch, 12: js_example_access_checking-2585593-8-12.patch, failed testing.

Comment #14

Andrew.Mikhailov CreditAttribution: Andrew.Mikhailov at DrupalJedi commented 16 October 2015 at 02:41

Status:

Needs work

» Needs review

File	Size
js_example_access_checking-2585593-8-14.patch	2 KB
8.x-1.x: PHP 5.5 & MySQL 5.5 90 pass

Sorry) I've create patch via phpStorm)
Now all should be fine.

Comment #15

Andrew.Mikhailov CreditAttribution: Andrew.Mikhailov at DrupalJedi commented 16 October 2015 at 02:46

Everything is ok) Please check and apply my patch)
Best regards!

Comment #16

Andrew.Mikhailov CreditAttribution: Andrew.Mikhailov at DrupalJedi commented 17 October 2015 at 17:37

Could you check this task?
Is everything correct for you or do we need to do some improvements?
Best regards.

Comment #17

22 October 2015 at 20:28

marvil07 committed 0288704 on 8.x-1.x authored by Andrew.Mikhailov

Issue #2585593 by Andrew.Mikhailov, Shlyapkin Grigoriy, Mile23: Add '...

Comment #18

marvil07 CreditAttribution: marvil07 as a volunteer commented 22 October 2015 at 20:29

Status:

Needs review

» Fixed

Thanks!

Comment #19

5 November 2015 at 20:34

Status:

Fixed

» Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.

Add 'access content' permission to routes in js_example

Problem/Motivation

Proposed resolution

Comments

Comment #1

Comment #2

Comment #3

Comment #4

Comment #5

Comment #6

Comment #7

Comment #8

Comment #9

Comment #10

Comment #11

Comment #12

Comment #13

Comment #14

Comment #15

Comment #16

Comment #17

Comment #18

Comment #19

Parent issue

Thank you to these Drupal contributors

News items

Our community

Documentation

Drupal code base

Governance of community