diff --git a/message_subscribe.module b/message_subscribe.module index 68e46cb..f8c5a57 100644 --- a/message_subscribe.module +++ b/message_subscribe.module @@ -34,6 +34,8 @@ * send messages. Defautls to FALSE. * - "queue": Array with all the information needed to work with the * queue. see message_subscribe_advancedqueue_worker(). + * - "entity access": Determine if access to view the entity should be applied + * when getting the list of subscribed users. Defaults to TRUE. * @param $context * Optional; Array keyed with the entity type and array of entity IDs as * the value. For example, if the event is related to a node @@ -69,6 +71,7 @@ function message_subscribe_process_message($entity_type, $entity, Message $messa 'end time' => FALSE, 'use queue' => $use_queue, 'queue' => array(), + 'entity access' => TRUE, ); if (empty($message->mid) && $subscribe_options['save message']) { @@ -213,6 +216,13 @@ function message_subscribe_get_subscribers($entity_type, $entity, Message $messa $function = $module . '_message_subscribe_get_subscribers'; $result = $function($message, $subscribe_options, $context); foreach ($result as $uid => $values) { + if (!empty($subscribe_options['entity access'])) { + $account = user_load($uid); + if (!entity_access('view', $entity_type, $entity, $account)) { + // User doesn't have access to view the entity. + continue; + } + } $uids[$uid] = $values; } } diff --git a/message_subscribe.test b/message_subscribe.test index c03b3a9..db557a9 100644 --- a/message_subscribe.test +++ b/message_subscribe.test @@ -170,8 +170,7 @@ class MessageSubscribeSubscribersTest extends DrupalWebTestCase { $user2 = $this->drupalCreateUser(); // Create node-type. - $type = $this->drupalCreateContentType(); - $node_type = $type->type; + $node_type = 'article'; // Create node. $settings = array(); @@ -208,14 +207,17 @@ class MessageSubscribeSubscribersTest extends DrupalWebTestCase { $this->node = $node; $this->user1 = $user1; $this->user2 = $user2; + + // Override default notifiers. + variable_set('message_subscribe_default_notifiers', array()); } + /** + * Test getting the subscribers list. + */ function testGetSubscribers() { $message = message_create('foo', array()); - // Override default notifiers. - variable_set('message_subscribe_default_notifiers', array()); - $node = $this->node; $user1 = $this->user1; $user2 = $this->user2; @@ -256,6 +258,32 @@ class MessageSubscribeSubscribersTest extends DrupalWebTestCase { $uids = message_subscribe_get_subscribers('node', $node, $message, $subscribe_options); $this->assertEqual(array_keys($uids), array($user3->uid), 'All subscribers from "last uid" and "range" were fetched.'); } + + /** + * Assert subscribers list is entity-access aware. + */ + function testEntityAccess() { + $message = message_create('foo', array()); + + $node = $this->node; + $node->status = NODE_NOT_PUBLISHED; + node_save($node); + + // Add permission to view own unpublished content. + user_role_change_permissions(DRUPAL_AUTHENTICATED_RID, array('view own unpublished content' => TRUE)); + + // Set the node to be unpublished. + $user1 = $this->user1; + $user2 = $this->user2; + + $subscribe_options['entity access'] = TRUE; + $uids = message_subscribe_get_subscribers('node', $node, $message, $subscribe_options); + $this->assertEqual(array_keys($uids), array($user1->uid), 'Only user with access to node returned for subscribers list.'); + + $subscribe_options['entity access'] = FALSE; + $uids = message_subscribe_get_subscribers('node', $node, $message, $subscribe_options); + $this->assertEqual(array_keys($uids), array($user1->uid, $user2->uid), 'All users (even without access) returned for subscribers list.'); + } }