summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNathaniel Catchpole2013-09-15 08:41:06 (GMT)
committerNathaniel Catchpole2013-09-15 08:41:06 (GMT)
commit070b183e05312f769fc76c5e291d140def139d73 (patch)
treefa098e10874c075df75fa4a0388b45bda6249999
parent490e8753dbb70b8abce5607536230341b9fccdc7 (diff)
Issue #2078155 by Amitaibu, Sweetchuck: Fixed Access protected field items being removed.
-rw-r--r--core/modules/entity_reference/lib/Drupal/entity_reference/Plugin/field/formatter/EntityReferenceEntityFormatter.php7
-rw-r--r--core/modules/entity_reference/lib/Drupal/entity_reference/Plugin/field/formatter/EntityReferenceFormatterBase.php15
-rw-r--r--core/modules/entity_reference/lib/Drupal/entity_reference/Plugin/field/formatter/EntityReferenceIdFormatter.php4
-rw-r--r--core/modules/entity_reference/lib/Drupal/entity_reference/Plugin/field/formatter/EntityReferenceLabelFormatter.php13
-rw-r--r--core/modules/entity_reference/lib/Drupal/entity_reference/Tests/EntityReferenceFormatterTest.php95
5 files changed, 110 insertions, 24 deletions
diff --git a/core/modules/entity_reference/lib/Drupal/entity_reference/Plugin/field/formatter/EntityReferenceEntityFormatter.php b/core/modules/entity_reference/lib/Drupal/entity_reference/Plugin/field/formatter/EntityReferenceEntityFormatter.php
index dd054f2..190cd43 100644
--- a/core/modules/entity_reference/lib/Drupal/entity_reference/Plugin/field/formatter/EntityReferenceEntityFormatter.php
+++ b/core/modules/entity_reference/lib/Drupal/entity_reference/Plugin/field/formatter/EntityReferenceEntityFormatter.php
@@ -80,9 +80,6 @@ class EntityReferenceEntityFormatter extends EntityReferenceFormatterBase {
* {@inheritdoc}
*/
public function viewElements(EntityInterface $entity, $langcode, FieldInterface $items) {
- // Remove un-accessible items.
- parent::viewElements($entity, $langcode, $items);
-
$view_mode = $this->getSetting('view_mode');
$links = $this->getSetting('links');
@@ -91,6 +88,10 @@ class EntityReferenceEntityFormatter extends EntityReferenceFormatterBase {
$elements = array();
foreach ($items as $delta => $item) {
+ if (!$item->access) {
+ // User doesn't have access to the referenced entity.
+ continue;
+ }
// Protect ourselves from recursive rendering.
static $depth = 0;
$depth++;
diff --git a/core/modules/entity_reference/lib/Drupal/entity_reference/Plugin/field/formatter/EntityReferenceFormatterBase.php b/core/modules/entity_reference/lib/Drupal/entity_reference/Plugin/field/formatter/EntityReferenceFormatterBase.php
index 98db38e5..1d62824 100644
--- a/core/modules/entity_reference/lib/Drupal/entity_reference/Plugin/field/formatter/EntityReferenceFormatterBase.php
+++ b/core/modules/entity_reference/lib/Drupal/entity_reference/Plugin/field/formatter/EntityReferenceFormatterBase.php
@@ -94,19 +94,4 @@ abstract class EntityReferenceFormatterBase extends FormatterBase {
}
}
}
-
- /**
- * Overrides \Drupal\field\Plugin\Type\Formatter\FormatterBase::viewElements().
- *
- * @see \Drupal\entity_reference\Plugin\field\formatter\EntityReferenceFormatterBase::viewElements().
- */
- public function viewElements(EntityInterface $entity, $langcode, FieldInterface $items) {
- // Remove un-accessible items.
- foreach ($items as $delta => $item) {
- if (empty($item->access)) {
- unset($items[$delta]);
- }
- }
- return array();
- }
}
diff --git a/core/modules/entity_reference/lib/Drupal/entity_reference/Plugin/field/formatter/EntityReferenceIdFormatter.php b/core/modules/entity_reference/lib/Drupal/entity_reference/Plugin/field/formatter/EntityReferenceIdFormatter.php
index f7402bf..f8c1196 100644
--- a/core/modules/entity_reference/lib/Drupal/entity_reference/Plugin/field/formatter/EntityReferenceIdFormatter.php
+++ b/core/modules/entity_reference/lib/Drupal/entity_reference/Plugin/field/formatter/EntityReferenceIdFormatter.php
@@ -34,6 +34,10 @@ class EntityReferenceIdFormatter extends EntityReferenceFormatterBase {
$elements = array();
foreach ($items as $delta => $item) {
+ if (!$item->access) {
+ // User doesn't have access to the referenced entity.
+ continue;
+ }
if (!empty($item->entity) && !empty($item->target_id)) {
$elements[$delta] = array('#markup' => check_plain($item->target_id));
}
diff --git a/core/modules/entity_reference/lib/Drupal/entity_reference/Plugin/field/formatter/EntityReferenceLabelFormatter.php b/core/modules/entity_reference/lib/Drupal/entity_reference/Plugin/field/formatter/EntityReferenceLabelFormatter.php
index c63dfd6..31397f6 100644
--- a/core/modules/entity_reference/lib/Drupal/entity_reference/Plugin/field/formatter/EntityReferenceLabelFormatter.php
+++ b/core/modules/entity_reference/lib/Drupal/entity_reference/Plugin/field/formatter/EntityReferenceLabelFormatter.php
@@ -56,17 +56,18 @@ class EntityReferenceLabelFormatter extends EntityReferenceFormatterBase {
* {@inheritdoc}
*/
public function viewElements(EntityInterface $entity, $langcode, FieldInterface $items) {
- // Remove un-accessible items.
- parent::viewElements($entity, $langcode, $items);
-
$elements = array();
foreach ($items as $delta => $item) {
- if ($entity = $item->entity) {
- $label = $entity->label();
+ if (!$item->access) {
+ // User doesn't have access to the referenced entity.
+ continue;
+ }
+ if ($referenced_entity = $item->entity) {
+ $label = $referenced_entity->label();
// If the link is to be displayed and the entity has a uri,
// display a link.
- if ($this->getSetting('link') && $uri = $entity->uri()) {
+ if ($this->getSetting('link') && $uri = $referenced_entity->uri()) {
$elements[$delta] = array(
'#type' => 'link',
'#title' => $label,
diff --git a/core/modules/entity_reference/lib/Drupal/entity_reference/Tests/EntityReferenceFormatterTest.php b/core/modules/entity_reference/lib/Drupal/entity_reference/Tests/EntityReferenceFormatterTest.php
new file mode 100644
index 0000000..fc4c4bf
--- /dev/null
+++ b/core/modules/entity_reference/lib/Drupal/entity_reference/Tests/EntityReferenceFormatterTest.php
@@ -0,0 +1,95 @@
+<?php
+
+/**
+ * @file
+ * Contains \Drupal\entity_reference\Tests\EntityReferenceFormatterTest.
+ */
+
+namespace Drupal\entity_reference\Tests;
+
+use Drupal\system\Tests\Entity\EntityUnitTestBase;
+
+use Symfony\Component\HttpFoundation\Request;
+
+/**
+ * Tests Entity Reference formatters.
+ */
+class EntityReferenceFormatterTest extends EntityUnitTestBase {
+
+ /**
+ * The entity type used in this test.
+ *
+ * @var string
+ */
+ protected $entityType = 'entity_test_render';
+
+ /**
+ * The bundle used in this test.
+ *
+ * @var string
+ */
+ protected $bundle = 'entity_test_render';
+
+ /**
+ * The name of the field used in this test.
+ *
+ * @var string
+ */
+ protected $fieldName = 'field_test';
+
+ /**
+ * Modules to enable.
+ *
+ * @var array
+ */
+ public static $modules = array('entity_reference');
+
+ public static function getInfo() {
+ return array(
+ 'name' => 'Entity reference formatters',
+ 'description' => 'Tests the formatters functionality.',
+ 'group' => 'Entity Reference',
+ );
+ }
+
+ public function setUp() {
+ parent::setUp();
+
+ entity_reference_create_instance($this->entityType, $this->bundle, $this->fieldName, 'Field test', $this->entityType);
+ }
+
+ /**
+ * Assert unaccessible items don't change the data of the fields.
+ */
+ public function testAccess() {
+ $field_name = $this->fieldName;
+
+ $entity_1 = entity_create($this->entityType, array('name' => $this->randomName()));
+ $entity_1->save();
+
+ $entity_2 = entity_create($this->entityType, array('name' => $this->randomName()));
+ $entity_2->save();
+ $entity_2->{$field_name}->entity = $entity_1;
+
+ // Assert user doesn't have access to the entity.
+ $this->assertFalse($entity_1->access('view'), 'Current user does not have access to view the referenced entity.');
+
+ $formatter_manager = $this->container->get('plugin.manager.field.formatter');
+
+ // Get all the existing formatters.
+ foreach ($formatter_manager->getOptions('entity_reference') as $formatter => $name) {
+ // Set formatter type for the 'full' view mode.
+ entity_get_display($this->entityType, $this->bundle, 'default')
+ ->setComponent($field_name, array(
+ 'type' => $formatter,
+ ))
+ ->save();
+
+ // Invoke entity view.
+ entity_view($entity_2, 'default');
+
+ // Verify the un-accessible item still exists.
+ $this->assertEqual($entity_2->{$field_name}->value, $entity_1->id(), format_string('The un-accessible item still exists after @name formatter was executed.', array('@name' => $name)));
+ }
+ }
+}