summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAlex Pott2015-01-22 14:45:01 +0000
committerAlex Pott2015-01-22 14:45:01 +0000
commitf067cd5a81067e9ea0dd9c9511c2b0fb96f6a9ad (patch)
tree4bfa6c1c4b99e56ab6a7ab9dbe56b59408cf37fd
parent146069d455acf3cad18ba478e191046b110de215 (diff)
Issue #2225597 by tibbsa, larowlan, akozma: contact.module allows you to send emails to users with no email address - producing an error
-rw-r--r--core/modules/contact/contact.module21
-rw-r--r--core/modules/contact/src/Controller/ContactController.php9
-rw-r--r--core/modules/contact/src/Tests/ContactPersonalTest.php21
3 files changed, 49 insertions, 2 deletions
diff --git a/core/modules/contact/contact.module b/core/modules/contact/contact.module
index 921e017..110a6e4 100644
--- a/core/modules/contact/contact.module
+++ b/core/modules/contact/contact.module
@@ -7,6 +7,7 @@
use Drupal\Core\Form\FormStateInterface;
use Drupal\Core\Routing\RouteMatchInterface;
+use Drupal\user\Entity\User;
/**
* Implements hook_help().
@@ -85,6 +86,26 @@ function contact_entity_extra_field_info() {
}
/**
+ * Implements hook_menu_local_tasks_alter().
+ *
+ * Hides the 'Contact' tab on the user profile if the user does not have an
+ * email address configured.
+ */
+function contact_menu_local_tasks_alter(&$data, $route_name) {
+ if ($route_name == 'entity.user.canonical') {
+ foreach ($data['tabs'][0] as $href => $tab_data) {
+ if ($href == 'entity.user.contact_form') {
+ $link_params = $tab_data['#link']['url']->getRouteParameters();
+ $account = User::load($link_params['user']);
+ if (!$account->getEmail()) {
+ unset($data['tabs'][0]['entity.user.contact_form']);
+ }
+ }
+ }
+ }
+}
+
+/**
* Implements hook_mail().
*/
function contact_mail($key, &$message, $params) {
diff --git a/core/modules/contact/src/Controller/ContactController.php b/core/modules/contact/src/Controller/ContactController.php
index cffbf5a..78ee8e0 100644
--- a/core/modules/contact/src/Controller/ContactController.php
+++ b/core/modules/contact/src/Controller/ContactController.php
@@ -115,8 +115,17 @@ class ContactController extends ControllerBase {
*
* @return array
* The personal contact form as render array as expected by drupal_render().
+ *
+ * @throws \Symfony\Component\HttpKernel\Exception\NotFoundHttpException
+ * Exception is thrown when user tries to access a contact form for a
+ * user who does not have an e-mail address configured.
*/
public function contactPersonalPage(UserInterface $user) {
+ // Do not continue if the user does not have an e-mail address configured.
+ if (!$user->getEmail()) {
+ throw new NotFoundHttpException();
+ }
+
// Check if flood control has been activated for sending emails.
if (!$this->currentUser()->hasPermission('administer contact forms') && !$this->currentUser()->hasPermission('administer users')) {
$this->contactFloodControl();
diff --git a/core/modules/contact/src/Tests/ContactPersonalTest.php b/core/modules/contact/src/Tests/ContactPersonalTest.php
index 94ce04d..1cc09fe 100644
--- a/core/modules/contact/src/Tests/ContactPersonalTest.php
+++ b/core/modules/contact/src/Tests/ContactPersonalTest.php
@@ -33,7 +33,7 @@ class ContactPersonalTest extends WebTestBase {
private $adminUser;
/**
- * A user with 'access user contact forms' permission.
+ * A user with permission to view profiles and access user contact forms.
*
* @var \Drupal\user\UserInterface
*/
@@ -54,7 +54,7 @@ class ContactPersonalTest extends WebTestBase {
// Create some normal users with their contact forms enabled by default.
$this->config('contact.settings')->set('user_default_enabled', TRUE)->save();
- $this->webUser = $this->drupalCreateUser(array('access user contact forms'));
+ $this->webUser = $this->drupalCreateUser(array('access user profiles', 'access user contact forms'));
$this->contactUser = $this->drupalCreateUser();
}
@@ -117,6 +117,23 @@ class ContactPersonalTest extends WebTestBase {
$this->drupalGet('user/' . $this->contactUser->id() . '/contact');
$this->assertResponse(200);
+ // Test that there is no access to personal contact forms for users
+ // without an email address configured.
+ $original_email = $this->contactUser->getEmail();
+ $this->contactUser->setEmail(FALSE)->save();
+ $this->drupalGet('user/' . $this->contactUser->id() . '/contact');
+ $this->assertResponse(404, 'Not found (404) returned when visiting a personal contact form for a user with no email address');
+
+ // Test that the 'contact tab' does not appear on the user profiles
+ // for users without an email address configured.
+ $this->drupalGet('user/' . $this->contactUser->id());
+ $contact_link = '/user/' . $this->contactUser->id() . '/contact';
+ $this->assertResponse(200);
+ $this->assertNoLinkByHref ($contact_link, 'The "contact" tab is hidden on profiles for users with no email address');
+
+ // Restore original email address.
+ $this->contactUser->setEmail($original_email)->save();
+
// Test denied access to the user's own contact form.
$this->drupalGet('user/' . $this->webUser->id() . '/contact');
$this->assertResponse(403);