In #2423449: Convert the overview of scheduled nodes into a view the scheduled node lists were converted to Views. As part of the work the original access check on these lists was removed and replaced by the internal access checks of Views. We should test that only users with the right permissions can access scheduled content lists. Also, users should only be able to see their own (unpublished) scheduled content unless they have the "view scheduled content" permission.

CommentFileSizeAuthor
#7 2592293-7.test_access_to_scheduled_content_view.patch6.32 KBjonathan1055
#5 2592293-5.test_access_to_scheduled_content_view.patch6.55 KBjonathan1055
#3 2592293-3.test_access_to_scheduled_content_view.patch5.08 KBjonathan1055

Comments

pfrenssen created an issue. See original summary.

mr.baileys’s picture

mr.baileys
Primary language Dutch
Location 🇧🇪 (Ghent)
commented
Assigned: Unassigned » mr.baileys
Issue tags: +drupaldevdays
jonathan1055’s picture

jonathan1055 commented
Status: Active » Needs review
StatusFileSize
new 2592293-3.test_access_to_scheduled_content_view.patch5.08 KB

Just for the record, here is a patch which contains just the new test file from #2755665-4: Restore original access requirement for scheduled content overview.. This will produce some failures because, as we know, the access is not correct in the current code base.

Status: Needs review » Needs work

The last submitted patch, 3: 2592293-3.test_access_to_scheduled_content_view.patch, failed testing.

jonathan1055’s picture

jonathan1055 commented
Status: Needs work » Needs review
StatusFileSize
new 2592293-5.test_access_to_scheduled_content_view.patch6.55 KB

I have re-worked the excellent test file created in #2755665-4: Restore original access requirement for scheduled content overview.. There were some existing faults which the tests did not trap, and an assumption which differs from how the 7.x permissions were working, which led to an incorrect 'all green' pass with the new code fix patch.

Here is just the new test, to see how the existing committed code performs. According to my local testing there should be 13 failures here.

Status: Needs review » Needs work

The last submitted patch, 5: 2592293-5.test_access_to_scheduled_content_view.patch, failed testing.

jonathan1055’s picture

jonathan1055 commented
Assigned: mr.baileys » jonathan1055
Status: Needs work » Needs review
StatusFileSize
new 2592293-7.test_access_to_scheduled_content_view.patch6.32 KB

As expected, 102 passes and 13 fail (7 for user tab and 6 for overview tab). I have expanded the tests to check that a user without permission cannot access another users tab, but when they do have permssion they should be able to see both published and unpublished titles. Should be 104 passes and 16 fails on existing committed code.

Status: Needs review » Needs work

The last submitted patch, 7: 2592293-7.test_access_to_scheduled_content_view.patch, failed testing.

jonathan1055’s picture

jonathan1055 commented
Status: Needs work » Needs review

Should be 104 passes and 16 fails on existing committed code.

Correct. 10 fails in user tab, 6 in overview. When #2755665: Restore original access requirement for scheduled content overview. is committed I will re-queue the above patch

  • jonathan1055 committed 30afbf3 on 8.x-1.x 
    Issue #2592293 by jonathan1055, mr.baileys: Test access to scheduled...
jonathan1055’s picture

jonathan1055 commented
Assigned: jonathan1055 » Unassigned
Status: Needs review » Fixed

All green passes for the committed code now. Thank you @mr.baileys for starting the tests. I decided to commit them on this issue, not on #2755665: Restore original access requirement for scheduled content overview., as this is where the task was originally raised.

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.