summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAlex Pott2015-02-27 13:25:03 (GMT)
committerAlex Pott2015-02-27 13:25:03 (GMT)
commit5430ac91174d0530c1299556dec35842f87a8cb9 (patch)
tree5d757b5198c6b011dc54e0452bd1c94bce8e0171
parent1a728480f5d620adec7352d2a05449909150eecd (diff)
Issue #2398073 by mohit_aghera, geertvd, sidharrell, Swarnendu-Dutta, piggito, jesperjb, larowlan, pingers, larsmw: Admin should not be able to edit email of authenticated commenters
-rw-r--r--core/modules/comment/src/CommentForm.php2
-rw-r--r--core/modules/comment/src/Tests/CommentAdminTest.php41
2 files changed, 42 insertions, 1 deletions
diff --git a/core/modules/comment/src/CommentForm.php b/core/modules/comment/src/CommentForm.php
index a9d742b..8766e27 100644
--- a/core/modules/comment/src/CommentForm.php
+++ b/core/modules/comment/src/CommentForm.php
@@ -169,7 +169,7 @@ class CommentForm extends ContentEntityForm {
'#maxlength' => 64,
'#size' => 30,
'#description' => $this->t('The content of this field is kept private and will not be shown publicly.'),
- '#access' => $is_admin || ($this->currentUser->isAnonymous() && $anonymous_contact != COMMENT_ANONYMOUS_MAYNOT_CONTACT),
+ '#access' => ($comment->getOwner()->isAnonymous() && $is_admin) || ($this->currentUser->isAnonymous() && $anonymous_contact != COMMENT_ANONYMOUS_MAYNOT_CONTACT),
);
$form['author']['homepage'] = array(
diff --git a/core/modules/comment/src/Tests/CommentAdminTest.php b/core/modules/comment/src/Tests/CommentAdminTest.php
index 3414ab6..4fd0c21 100644
--- a/core/modules/comment/src/Tests/CommentAdminTest.php
+++ b/core/modules/comment/src/Tests/CommentAdminTest.php
@@ -168,4 +168,45 @@ class CommentAdminTest extends CommentTestBase {
// Rest from here on in is field_ui.
}
+ /**
+ * Tests editing a comment as an admin.
+ */
+ public function testEditComment() {
+ // Enable anonymous user comments.
+ user_role_grant_permissions(DRUPAL_ANONYMOUS_RID, array(
+ 'access comments',
+ 'post comments',
+ 'skip comment approval',
+ ));
+
+ // Login as a web user.
+ $this->drupalLogin($this->webUser);
+ // Post a comment.
+ $comment = $this->postComment($this->node, $this->randomMachineName());
+
+ $this->drupalLogout();
+
+ // Post anonymous comment.
+ $this->drupalLogin($this->adminUser);
+ $this->setCommentAnonymous('2'); // Ensure that we need email id before posting comment.
+ $this->drupalLogout();
+
+ // Post comment with contact info (required).
+ $author_name = $this->randomMachineName();
+ $author_mail = $this->randomMachineName() . '@example.com';
+ $anonymous_comment = $this->postComment($this->node, $this->randomMachineName(), $this->randomMachineName(), array('name' => $author_name, 'mail' => $author_mail));
+
+ // Login as an admin user.
+ $this->drupalLogin($this->adminUser);
+
+ // Make sure the comment field is not visible when
+ // the comment was posted by an authenticated user.
+ $this->drupalGet('comment/' . $comment->id() . '/edit');
+ $this->assertNoFieldById('edit-mail', $comment->getAuthorEmail());
+
+ // Make sure the comment field is visible when
+ // the comment was posted by an anonymous user.
+ $this->drupalGet('comment/' . $anonymous_comment->id() . '/edit');
+ $this->assertFieldById('edit-mail', $anonymous_comment->getAuthorEmail());
+ }
}