All hail testing! I was trying to fix some failing tests and found that two of them are failing because of an actual bug. When you try to visit the blog of a user who has permission to create blog posts, but hasn't started their blog yet, you get a 403 error. There's existing logic to display a much friendlier message along the lines of "this user hasn't created any blog posts yet" but it's being bypassed by a somewhat overzealous access check.
| Comment | File | Size | Author |
|---|---|---|---|
| #2 | blog.patch | 1.58 KB | desbeers |
| #1 | 259496_access_fix.patch | 3.85 KB | ksenzee |
Comments
Comment #1
ksenzeeHere's a patch. It looks more involved than it actually is because it moves a bunch of code into an if clause. This patch fixes two of the eight blog.module tests that currently fail.
Comment #2
desbeers commentedConfirmed the problem but found that the problem was that the ‘create blog entries’ was renamed to ‘create blog content’.
As a side result, on the users own blog page, it always said ''You are not allowed to post a new blog entry.' in depended of the permission set or not.
Attached the patch that correct the permission name in two places and now the blog.module will pass all tests.
Comment #3
boombatower commentedThe tests found a bug!
Confirmed this patch fixes the bug and the tests pass.
Comment #4
dries commentedCommitted to CVS HEAD. Thanks folks.
Comment #5
damien tournoud commentedI guess this needs to be backported to Drupal 6. The patch applies there (with some benign fuzz).
Comment #6
desbeers commentedNp, in D6 the permission is still named 'create blog entries'; so correct. It was changed in #30984
Comment #7
Anonymous (not verified) commentedAutomatically closed -- issue fixed for two weeks with no activity.