summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--core/modules/menu/lib/Drupal/menu/Tests/MenuTest.php18
-rw-r--r--core/modules/menu/menu.module2
2 files changed, 19 insertions, 1 deletions
diff --git a/core/modules/menu/lib/Drupal/menu/Tests/MenuTest.php b/core/modules/menu/lib/Drupal/menu/Tests/MenuTest.php
index d0fbb8c..44ea1e0 100644
--- a/core/modules/menu/lib/Drupal/menu/Tests/MenuTest.php
+++ b/core/modules/menu/lib/Drupal/menu/Tests/MenuTest.php
@@ -661,6 +661,24 @@ class MenuTest extends MenuWebTestBase {
}
/**
+ * Test administrative users other than user 1 can access the menu parents AJAX callback.
+ */
+ public function testMenuParentsJsAccess() {
+
+ $admin = $this->drupalCreateUser(array('administer menu'));
+ $this->drupalLogin($admin);
+ // Just check access to the callback overall, the POST data is irrelevant.
+ $this->drupalGetAJAX('admin/structure/menu/parents');
+ $this->assertResponse(200);
+
+ // Do standard user tests.
+ // Login the user.
+ $this->drupalLogin($this->std_user);
+ $this->drupalGetAJAX('admin/structure/menu/parents');
+ $this->assertResponse(403);
+ }
+
+ /**
* Get standard menu link.
*/
private function getStandardMenuLink() {
diff --git a/core/modules/menu/menu.module b/core/modules/menu/menu.module
index 850feed..af081e5 100644
--- a/core/modules/menu/menu.module
+++ b/core/modules/menu/menu.module
@@ -77,7 +77,7 @@ function menu_menu() {
'title' => 'Parent menu items',
'page callback' => 'menu_parent_options_js',
'type' => MENU_CALLBACK,
- 'access arguments' => array(TRUE),
+ 'access arguments' => array('administer menu'),
);
$items['admin/structure/menu/list'] = array(
'title' => 'List menus',