summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNathaniel Catchpole2014-04-30 10:47:01 (GMT)
committerNathaniel Catchpole2014-04-30 10:47:01 (GMT)
commit5c2dc50b20f56e6517f42ae3b759a921dddfea18 (patch)
treef54146df220967f6c6f60ece16c7a19e9f4906d1
parent95c69f5b9b351bfcc6a5b6badd8b9aa306e8996b (diff)
Issue #2084323 by Berdir, sandipmkhairnar, Xano, Jalandhar: EntityForm::actions() adds 'delete' without checking access.
-rw-r--r--core/lib/Drupal/Core/Entity/EntityAccessController.php3
-rw-r--r--core/lib/Drupal/Core/Entity/EntityForm.php7
-rw-r--r--core/modules/contact/lib/Drupal/contact/Entity/Message.php7
-rw-r--r--core/modules/contact/lib/Drupal/contact/MessageForm.php1
-rw-r--r--core/modules/filter/lib/Drupal/filter/FilterFormatFormBase.php1
-rw-r--r--core/modules/menu_link/lib/Drupal/menu_link/MenuLinkForm.php2
-rw-r--r--core/modules/menu_ui/lib/Drupal/menu_ui/MenuForm.php2
-rw-r--r--core/modules/node/lib/Drupal/node/NodeTypeForm.php1
-rw-r--r--core/modules/node/lib/Drupal/node/Tests/NodeTypeTest.php4
-rw-r--r--core/modules/search/lib/Drupal/search/Form/SearchPageFormBase.php11
-rw-r--r--core/modules/shortcut/src/ShortcutSetForm.php10
-rw-r--r--core/modules/user/lib/Drupal/user/RoleForm.php10
12 files changed, 16 insertions, 43 deletions
diff --git a/core/lib/Drupal/Core/Entity/EntityAccessController.php b/core/lib/Drupal/Core/Entity/EntityAccessController.php
index b43c112..b092914 100644
--- a/core/lib/Drupal/Core/Entity/EntityAccessController.php
+++ b/core/lib/Drupal/Core/Entity/EntityAccessController.php
@@ -129,6 +129,9 @@ class EntityAccessController extends EntityControllerBase implements EntityAcces
* could not be determined.
*/
protected function checkAccess(EntityInterface $entity, $operation, $langcode, AccountInterface $account) {
+ if ($operation == 'delete' && $entity->isNew()) {
+ return FALSE;
+ }
if ($admin_permission = $this->entityType->getAdminPermission()) {
return $account->hasPermission($admin_permission);
}
diff --git a/core/lib/Drupal/Core/Entity/EntityForm.php b/core/lib/Drupal/Core/Entity/EntityForm.php
index c80daa4..9f59694 100644
--- a/core/lib/Drupal/Core/Entity/EntityForm.php
+++ b/core/lib/Drupal/Core/Entity/EntityForm.php
@@ -168,11 +168,7 @@ class EntityForm extends FormBase implements EntityFormInterface {
protected function actionsElement(array $form, array &$form_state) {
$element = $this->actions($form, $form_state);
- // We cannot delete an entity that has not been created yet.
- if ($this->entity->isNew()) {
- unset($element['delete']);
- }
- elseif (isset($element['delete'])) {
+ if (isset($element['delete'])) {
// Move the delete action as last one, unless weights are explicitly
// provided.
$delete = $element['delete'];
@@ -230,6 +226,7 @@ class EntityForm extends FormBase implements EntityFormInterface {
$actions['delete'] = array(
'#type' => 'link',
'#title' => $this->t('Delete'),
+ '#access' => $this->entity->access('delete'),
'#attributes' => array(
'class' => array('button', 'button--danger'),
),
diff --git a/core/modules/contact/lib/Drupal/contact/Entity/Message.php b/core/modules/contact/lib/Drupal/contact/Entity/Message.php
index ea7eaa8..f2c05fc 100644
--- a/core/modules/contact/lib/Drupal/contact/Entity/Message.php
+++ b/core/modules/contact/lib/Drupal/contact/Entity/Message.php
@@ -47,6 +47,13 @@ class Message extends ContentEntityBase implements MessageInterface {
/**
* {@inheritdoc}
*/
+ public function uuid() {
+ return NULL;
+ }
+
+ /**
+ * {@inheritdoc}
+ */
public function isPersonal() {
return $this->bundle() == 'personal';
}
diff --git a/core/modules/contact/lib/Drupal/contact/MessageForm.php b/core/modules/contact/lib/Drupal/contact/MessageForm.php
index 4519db7..401291e 100644
--- a/core/modules/contact/lib/Drupal/contact/MessageForm.php
+++ b/core/modules/contact/lib/Drupal/contact/MessageForm.php
@@ -146,7 +146,6 @@ class MessageForm extends ContentEntityForm {
public function actions(array $form, array &$form_state) {
$elements = parent::actions($form, $form_state);
$elements['submit']['#value'] = t('Send message');
- $elements['delete']['#access'] = FALSE;
$elements['preview'] = array(
'#value' => t('Preview'),
'#validate' => array(
diff --git a/core/modules/filter/lib/Drupal/filter/FilterFormatFormBase.php b/core/modules/filter/lib/Drupal/filter/FilterFormatFormBase.php
index 28d2758..fd9520d 100644
--- a/core/modules/filter/lib/Drupal/filter/FilterFormatFormBase.php
+++ b/core/modules/filter/lib/Drupal/filter/FilterFormatFormBase.php
@@ -268,7 +268,6 @@ abstract class FilterFormatFormBase extends EntityForm {
protected function actions(array $form, array &$form_state) {
$actions = parent::actions($form, $form_state);
$actions['submit']['#value'] = t('Save configuration');
- unset($actions['delete']);
return $actions;
}
diff --git a/core/modules/menu_link/lib/Drupal/menu_link/MenuLinkForm.php b/core/modules/menu_link/lib/Drupal/menu_link/MenuLinkForm.php
index 422906f..b4c6904 100644
--- a/core/modules/menu_link/lib/Drupal/menu_link/MenuLinkForm.php
+++ b/core/modules/menu_link/lib/Drupal/menu_link/MenuLinkForm.php
@@ -195,8 +195,6 @@ class MenuLinkForm extends EntityForm {
protected function actions(array $form, array &$form_state) {
$element = parent::actions($form, $form_state);
$element['submit']['#button_type'] = 'primary';
- $element['delete']['#access'] = $this->entity->access('delete');
-
return $element;
}
diff --git a/core/modules/menu_ui/lib/Drupal/menu_ui/MenuForm.php b/core/modules/menu_ui/lib/Drupal/menu_ui/MenuForm.php
index aa8a51a..a796f66 100644
--- a/core/modules/menu_ui/lib/Drupal/menu_ui/MenuForm.php
+++ b/core/modules/menu_ui/lib/Drupal/menu_ui/MenuForm.php
@@ -178,8 +178,6 @@ class MenuForm extends EntityForm {
protected function actions(array $form, array &$form_state) {
$actions = parent::actions($form, $form_state);
- $actions['delete']['#access'] = !$this->entity->isNew() && $this->entity->access('delete');
-
// Add the language configuration submit handler. This is needed because the
// submit button has custom submit handlers.
if ($this->moduleHandler->moduleExists('language')) {
diff --git a/core/modules/node/lib/Drupal/node/NodeTypeForm.php b/core/modules/node/lib/Drupal/node/NodeTypeForm.php
index 0875c80..4d87e03 100644
--- a/core/modules/node/lib/Drupal/node/NodeTypeForm.php
+++ b/core/modules/node/lib/Drupal/node/NodeTypeForm.php
@@ -163,7 +163,6 @@ class NodeTypeForm extends EntityForm {
$actions = parent::actions($form, $form_state);
$actions['submit']['#value'] = t('Save content type');
$actions['delete']['#value'] = t('Delete content type');
- $actions['delete']['#access'] = $this->entity->access('delete');
return $actions;
}
diff --git a/core/modules/node/lib/Drupal/node/Tests/NodeTypeTest.php b/core/modules/node/lib/Drupal/node/Tests/NodeTypeTest.php
index 6cfc32f..4f3defa 100644
--- a/core/modules/node/lib/Drupal/node/Tests/NodeTypeTest.php
+++ b/core/modules/node/lib/Drupal/node/Tests/NodeTypeTest.php
@@ -193,9 +193,13 @@ class NodeTypeTest extends NodeTestBase {
$this->assertText(t('This action cannot be undone.'), 'The node type deletion confirmation form is available.');
// Test that forum node type could not be deleted while forum active.
$this->container->get('module_handler')->install(array('forum'));
+ $this->drupalGet('admin/structure/types/manage/forum');
+ $this->assertNoLink(t('Delete'));
$this->drupalGet('admin/structure/types/manage/forum/delete');
$this->assertResponse(403);
$this->container->get('module_handler')->uninstall(array('forum'));
+ $this->drupalGet('admin/structure/types/manage/forum');
+ $this->assertLink(t('Delete'));
$this->drupalGet('admin/structure/types/manage/forum/delete');
$this->assertResponse(200);
}
diff --git a/core/modules/search/lib/Drupal/search/Form/SearchPageFormBase.php b/core/modules/search/lib/Drupal/search/Form/SearchPageFormBase.php
index 43fed9c..45e5cd4 100644
--- a/core/modules/search/lib/Drupal/search/Form/SearchPageFormBase.php
+++ b/core/modules/search/lib/Drupal/search/Form/SearchPageFormBase.php
@@ -181,15 +181,4 @@ abstract class SearchPageFormBase extends EntityForm {
$form_state['redirect_route']['route_name'] = 'search.settings';
}
- /**
- * {@inheritdoc}
- */
- protected function actions(array $form, array &$form_state) {
- $actions = parent::actions($form, $form_state);
- if ($this->entity->isDefaultSearch()) {
- unset($actions['delete']);
- }
- return $actions;
- }
-
}
diff --git a/core/modules/shortcut/src/ShortcutSetForm.php b/core/modules/shortcut/src/ShortcutSetForm.php
index c35b72d..3dd6282 100644
--- a/core/modules/shortcut/src/ShortcutSetForm.php
+++ b/core/modules/shortcut/src/ShortcutSetForm.php
@@ -50,16 +50,6 @@ class ShortcutSetForm extends EntityForm {
/**
* {@inheritdoc}
*/
- protected function actions(array $form, array &$form_state) {
- // Disable delete of default shortcut set.
- $actions = parent::actions($form, $form_state);
- $actions['delete']['#access'] = $this->entity->access('delete');
- return $actions;
- }
-
- /**
- * {@inheritdoc}
- */
public function validate(array $form, array &$form_state) {
parent::validate($form, $form_state);
$entity = $this->entity;
diff --git a/core/modules/user/lib/Drupal/user/RoleForm.php b/core/modules/user/lib/Drupal/user/RoleForm.php
index 902fc04..2bed647 100644
--- a/core/modules/user/lib/Drupal/user/RoleForm.php
+++ b/core/modules/user/lib/Drupal/user/RoleForm.php
@@ -51,16 +51,6 @@ class RoleForm extends EntityForm {
/**
* {@inheritdoc}
*/
- protected function actions(array $form, array &$form_state) {
- $actions = parent::actions($form, $form_state);
- // Disable delete of new and built-in roles.
- $actions['delete']['#access'] = !$this->entity->isNew() && !in_array($this->entity->id(), array(DRUPAL_ANONYMOUS_RID, DRUPAL_AUTHENTICATED_RID));
- return $actions;
- }
-
- /**
- * {@inheritdoc}
- */
public function save(array $form, array &$form_state) {
$entity = $this->entity;