Skip to content
Commits on Source (12)
......@@ -81,7 +81,7 @@ class Drupal {
/**
* The current system version.
*/
const VERSION = '8.1.9-dev';
const VERSION = '8.1.11-dev';
/**
* Core API compatibility.
......
......@@ -188,13 +188,16 @@ public function onException(GetResponseForExceptionEvent $event) {
if (!method_exists($this, $method)) {
if ($exception instanceof HttpExceptionInterface) {
$this->onFormatUnknown($event);
$response = $event->getResponse();
$response->headers->set('Content-Type', 'text/plain');
}
else {
$this->onHtml($event);
}
return;
}
$this->$method($event);
else {
$this->$method($event);
}
}
/**
......
......@@ -2,7 +2,9 @@
namespace Drupal\comment;
use Drupal\Core\Access\AccessResult;
use Drupal\Core\Field\FieldItemList;
use Drupal\Core\Session\AccountInterface;
/**
* Defines a item list class for comment fields.
......@@ -37,4 +39,28 @@ public function offsetExists($offset) {
return parent::offsetExists($offset);
}
/**
* {@inheritdoc}
*/
public function access($operation = 'view', AccountInterface $account = NULL, $return_as_object = FALSE) {
if ($operation === 'edit') {
// Only users with administer comments permission can edit the comment
// status field.
$result = AccessResult::allowedIfHasPermission($account ?: \Drupal::currentUser(), 'administer comments');
return $return_as_object ? $result : $result->isAllowed();
}
if ($operation === 'view') {
// Only users with either post comments or access comments permisison can
// view the field value. The formatter,
// Drupal\comment\Plugin\Field\FieldFormatter\CommentDefaultFormatter,
// takes care of showing the thread and form based on individual
// permissions, so if a user only has ‘post comments’ access, only the
// form will be shown and not the comments.
$result = AccessResult::allowedIfHasPermission($account ?: \Drupal::currentUser(), 'access comments')
->orIf(AccessResult::allowedIfHasPermission($account ?: \Drupal::currentUser(), 'post comments'));
return $return_as_object ? $result : $result->isAllowed();
}
return parent::access($operation, $account, $return_as_object);
}
}
......@@ -384,6 +384,7 @@ function testCommentFunctionality() {
'administer entity_test fields',
'view test entity',
'administer entity_test content',
'administer comments',
));
$this->drupalLogin($limited_user);
$this->drupalGet('entity_test/structure/entity_test/fields/entity_test.entity_test.comment');
......
<?php
namespace Drupal\Tests\comment\Functional;
use Drupal\comment\Tests\CommentTestTrait;
use Drupal\node\Entity\NodeType;
use Drupal\Tests\BrowserTestBase;
/**
* Tests comment status field access.
*
* @group comment
*/
class CommentStatusFieldAccessTest extends BrowserTestBase {
use CommentTestTrait;
/**
* {@inheritdoc}
*/
public $profile = 'testing';
/**
* Comment admin.
*
* @var \Drupal\user\UserInterface
*/
protected $commentAdmin;
/**
* Node author.
*
* @var \Drupal\user\UserInterface
*/
protected $nodeAuthor;
/**
* {@inheritdoc}
*/
public static $modules = [
'node',
'comment',
'user',
'system',
'text',
];
/**
* {@inheritdoc}
*/
protected function setUp() {
parent::setUp();
$node_type = NodeType::create([
'type' => 'article',
'name' => t('Article'),
]);
$node_type->save();
$this->nodeAuthor = $this->drupalCreateUser([
'create article content',
'skip comment approval',
'post comments',
'edit own comments',
'access comments',
'administer nodes',
]);
$this->commentAdmin = $this->drupalCreateUser([
'administer comments',
'create article content',
'edit own comments',
'skip comment approval',
'post comments',
'access comments',
'administer nodes',
]);
$this->addDefaultCommentField('node', 'article');
}
/**
* Tests comment status field access.
*/
public function testCommentStatusFieldAccessStatus() {
$this->drupalLogin($this->nodeAuthor);
$this->drupalGet('node/add/article');
$assert = $this->assertSession();
$assert->fieldNotExists('comment[0][status]');
$this->submitForm([
'title[0][value]' => 'Node 1',
], t('Save and publish'));
$assert->fieldExists('subject[0][value]');
$this->drupalLogin($this->commentAdmin);
$this->drupalGet('node/add/article');
$assert->fieldExists('comment[0][status]');
$this->submitForm([
'title[0][value]' => 'Node 2',
], t('Save and publish'));
$assert->fieldExists('subject[0][value]');
}
}
......@@ -65,14 +65,17 @@ function config_file_download($uri) {
$scheme = file_uri_scheme($uri);
$target = file_uri_target($uri);
if ($scheme == 'temporary' && $target == 'config.tar.gz') {
$request = \Drupal::request();
$date = DateTime::createFromFormat('U', $request->server->get('REQUEST_TIME'));
$date_string = $date->format('Y-m-d-H-i');
$hostname = str_replace('.', '-', $request->getHttpHost());
$filename = 'config' . '-' . $hostname . '-' . $date_string . '.tar.gz';
$disposition = 'attachment; filename="' . $filename . '"';
return array(
'Content-disposition' => $disposition,
);
if (\Drupal::currentUser()->hasPermission('export configuration')) {
$request = \Drupal::request();
$date = DateTime::createFromFormat('U', $request->server->get('REQUEST_TIME'));
$date_string = $date->format('Y-m-d-H-i');
$hostname = str_replace('.', '-', $request->getHttpHost());
$filename = 'config' . '-' . $hostname . '-' . $date_string . '.tar.gz';
$disposition = 'attachment; filename="' . $filename . '"';
return array(
'Content-disposition' => $disposition,
);
}
return -1;
}
}
......@@ -88,6 +88,12 @@ function testExport() {
// Check the single export form doesn't have "form-required" elements.
$this->drupalGet('admin/config/development/configuration/single/export');
$this->assertNoRaw('js-form-required form-required', 'No form required fields are found.');
// Ensure the temporary file is not available to users without the
// permission.
$this->drupalLogout();
$this->drupalGet('system/temporary', ['query' => ['file' => 'config.tar.gz']]);
$this->assertResponse(403);
}
}
......@@ -453,60 +453,6 @@ function _editor_delete_file_usage(array $uuids, EntityInterface $entity, $count
}
}
/**
* Implements hook_file_download().
*
* @see file_file_download()
* @see file_get_file_references()
*/
function editor_file_download($uri) {
// Get the file record based on the URI. If not in the database just return.
/** @var \Drupal\file\FileInterface[] $files */
$files = \Drupal::entityTypeManager()
->getStorage('file')
->loadByProperties(['uri' => $uri]);
if (count($files)) {
foreach ($files as $item) {
// Since some database servers sometimes use a case-insensitive comparison
// by default, double check that the filename is an exact match.
if ($item->getFileUri() === $uri) {
$file = $item;
break;
}
}
}
if (!isset($file)) {
return;
}
// Temporary files are handled by file_file_download(), so nothing to do here
// about them.
// @see file_file_download()
// Find out if any editor-backed field contains the file.
$usage_list = \Drupal::service('file.usage')->listUsage($file);
// Stop processing if there are no references in order to avoid returning
// headers for files controlled by other modules. Make an exception for
// temporary files where the host entity has not yet been saved (for example,
// an image preview on a node creation form) in which case, allow download by
// the file's owner.
if (empty($usage_list['editor']) && ($file->isPermanent() || $file->getOwnerId() != \Drupal::currentUser()->id())) {
return;
}
// Editor.module MUST NOT call $file->access() here (like file_file_download()
// does) as checking the 'download' access to a file entity would end up in
// FileAccessControlHandler->checkAccess() and ->getFileReferences(), which
// calls file_get_file_references(). This latter one would allow downloading
// files only handled by the file.module, which is exactly not the case right
// here.
// Access is granted.
$headers = file_get_content_headers($file);
return $headers;
}
/**
* Finds all files referenced (data-entity-uuid) by formatted text fields.
*
......
<?php
namespace Drupal\editor\Tests;
use Drupal\file\Entity\File;
use Drupal\simpletest\WebTestBase;
/**
* Tests Editor module's file reference filter with private files.
*
* @group editor
*/
class EditorPrivateFileReferenceFilterTest extends WebTestBase {
/**
* Modules to enable.
*
* @var array
*/
public static $modules = [
// Needed for the config: this is the only module in core that utilizes the
// functionality in editor.module to be tested, and depends on that.
'ckeditor',
// Depends on filter.module (indirectly).
'node',
// Pulls in the config we're using during testing which create a text format
// - with the filter_html_image_secure filter DISABLED,
// - with the editor set to CKEditor,
// - with drupalimage.image_upload.scheme set to 'private',
// - with drupalimage.image_upload.directory set to ''.
'editor_private_test',
];
/**
* Tests the editor file reference filter with private files.
*/
function testEditorPrivateFileReferenceFilter() {
// Create a content type with a body field.
$this->drupalCreateContentType(['type' => 'page', 'name' => 'Basic page']);
// Create a file in the 'private:// ' stream.
$filename = 'test.png';
$src = '/system/files/' . $filename;
$file = File::create([
'uri' => 'private://' . $filename,
'status' => FILE_STATUS_PERMANENT,
]);
// Create the file itself.
file_put_contents($file->getFileUri(), $this->randomString());
$file->save();
// Create a node with its body field properly pointing to the just-created
// file.
$node = $this->drupalCreateNode([
'type' => 'page',
'body' => [
'value' => '<img alt="alt" data-entity-type="file" data-entity-uuid="' . $file->uuid() . '" src="' . $src . '" />',
'format' => 'private_images',
],
]);
$this->drupalGet('/node/' . $node->id());
// Do the actual test. The image should be visible for anonymous.
$this->drupalGet($src);
$this->assertResponse(200, 'Image is downloadable as anonymous.');
}
}
format: private_images
status: true
langcode: en
editor: ckeditor
settings:
toolbar:
rows:
-
-
name: Media
items:
- DrupalImage
-
name: Tools
items:
- Source
plugins:
language:
language_list: un
stylescombo:
styles: ''
image_upload:
status: true
scheme: private
directory: ''
max_size: ''
max_dimensions:
width: null
height: null
dependencies:
config:
- filter.format.private_images
module:
- ckeditor
format: private_images
name: 'Private images'
status: true
langcode: en
filters:
editor_file_reference:
id: editor_file_reference
provider: editor
status: true
weight: 0
settings: { }
filter_html:
id: filter_html
provider: filter
status: false
weight: -10
settings:
allowed_html: '<img src alt data-entity-type data-entity-uuid>'
filter_html_help: true
filter_html_nofollow: false
dependencies:
module:
- editor
name: 'Text Editor Private test'
type: module
description: 'Support module for the Text Editor Private module tests.'
core: 8.x
package: Testing
version: VERSION
dependencies:
- filter
- ckeditor
......@@ -81,9 +81,11 @@ public function delete() {
parent::delete();
$entity = $this->getEntity();
// Delete all file usages within this entity.
// If a translation is deleted only decrement the file usage by one. If the
// default translation is deleted remove all file usages within this entity.
$count = $entity->isDefaultTranslation() ? 0 : 1;
foreach ($this->referencedEntities() as $file) {
\Drupal::service('file.usage')->delete($file, 'file', $entity->getEntityTypeId(), $entity->id(), 0);
\Drupal::service('file.usage')->delete($file, 'file', $entity->getEntityTypeId(), $entity->id(), $count);
}
}
......
......@@ -2,6 +2,13 @@
namespace Drupal\Tests\file\Kernel;
use Drupal\field\Entity\FieldConfig;
use Drupal\field\Entity\FieldStorageConfig;
use Drupal\language\Entity\ConfigurableLanguage;
use Drupal\language\Entity\ContentLanguageSettings;
use Drupal\node\Entity\Node;
use Drupal\node\Entity\NodeType;
/**
* Tests file usage functions.
*
......@@ -203,4 +210,57 @@ function testTempFileCustomCleanup() {
$this->assertTrue(file_exists($perm_new->getFileUri()), 'New permanent file was correctly ignored.');
}
/**
* Tests file usage with translated entities.
*/
public function testFileUsageWithEntityTranslation() {
/** @var \Drupal\file\FileUsage\FileUsageInterface $file_usage */
$file_usage = $this->container->get('file.usage');
$this->enableModules(['node', 'language']);
$this->installEntitySchema('node');
$this->installSchema('node', ['node_access']);
// Activate English and Romanian languages.
ConfigurableLanguage::create(['id' => 'en'])->save();
ConfigurableLanguage::create(['id' => 'ro'])->save();
NodeType::create(['type' => 'page'])->save();
ContentLanguageSettings::loadByEntityTypeBundle('node', 'page')
->setLanguageAlterable(FALSE)
->setDefaultLangcode('en')
->save();
// Create a file field attached to 'page' node-type.
FieldStorageConfig::create([
'type' => 'file',
'entity_type' => 'node',
'field_name' => 'file',
])->save();
FieldConfig::create([
'entity_type' => 'node',
'bundle' => 'page',
'field_name' => 'file',
'label' => 'File',
])->save();
// Create a node, attach a file and add a Romanian translation.
$node = Node::create(['type' => 'page', 'title' => 'Page']);
$node
->set('file', $file = $this->createFile())
->addTranslation('ro', $node->getTranslation('en')->toArray())
->save();
// Check that the file is used twice.
$usage = $file_usage->listUsage($file);
$this->assertEquals(2, $usage['file']['node'][$node->id()]);
// Remove the Romanian translation.
$node->removeTranslation('ro');
$node->save();
// Check that one usage has been removed and is used only once now.
$usage = $file_usage->listUsage($file);
$this->assertEquals(1, $usage['file']['node'][$node->id()]);
}
}
......@@ -15,6 +15,8 @@
* arguments can be passed to the callback as this would make the migration YAML
* file too complex.
*
* @link https://www.drupal.org/node/2181783 Online handbook documentation for callback process plugin @endlink
*
* @MigrateProcessPlugin(
* id = "callback"
* )
......
......@@ -10,6 +10,8 @@
/**
* Concatenates the strings in the current value.
*
* @link https://www.drupal.org/node/2345927 Online handbook documentation for concat process plugin @endlink
*
* @MigrateProcessPlugin(
* id = "concat",
* handle_multiples = TRUE
......
......@@ -15,6 +15,8 @@
* creating filter format names, the current value is checked against the
* existing filter format names and if it exists, a numeric postfix is added
* and incremented until a unique value is created.
*
* @link https://www.drupal.org/node/2345929 Online handbook documentation for dedupebase process plugin @endlink
*/
abstract class DedupeBase extends ProcessPluginBase {
......
......@@ -10,6 +10,8 @@
/**
* Ensures value is not duplicated against an entity field.
*
* @link https://www.drupal.org/node/2135325 Online handbook documentation for dedupe_entity process plugin @endlink
*
* @MigrateProcessPlugin(
* id = "dedupe_entity"
* )
......
......@@ -9,6 +9,8 @@
/**
* This plugin sets missing values on the destination.
*
* @link https://www.drupal.org/node/2135313 Online handbook documentation for default_value process plugin @endlink
*
* @MigrateProcessPlugin(
* id = "default_value"
* )
......
......@@ -10,6 +10,8 @@
/**
* This plugin explodes a delimited string into an array of values.
*
* @link https://www.drupal.org/node/2674504 Online handbook documentation for explode process plugin @endlink
*
* @MigrateProcessPlugin(
* id = "explode"
* )
......