From 1db9c0ce2d5ff06f371c4efccba19bf521a3195d Mon Sep 17 00:00:00 2001 From: amontero Date: Fri, 19 Jul 2013 17:41:04 +0200 Subject: [PATCH] "Administer Users" permission should be separate from "User Settings" --- .../Drupal/contact/Tests/ContactPersonalTest.php | 2 +- .../Drupal/contact/Tests/ContactSitewideTest.php | 1 + .../lib/Drupal/field_ui/Tests/FieldUiTestBase.php | 2 +- .../Upgrade/UserPermissionUpgradePathTest.php | 64 ++++++++++++++++++++ .../upgrade/drupal-7.user_permission.database.php | 60 ++++++++++++++++++ .../user/lib/Drupal/user/Tests/UserAdminTest.php | 2 +- .../lib/Drupal/user/Tests/UserPermissionsTest.php | 2 +- core/modules/user/user.module | 9 ++- core/modules/user/user.routing.yml | 2 +- 9 files changed, 138 insertions(+), 6 deletions(-) create mode 100644 core/modules/system/lib/Drupal/system/Tests/Upgrade/UserPermissionUpgradePathTest.php create mode 100644 core/modules/system/tests/upgrade/drupal-7.user_permission.database.php diff --git a/core/modules/contact/lib/Drupal/contact/Tests/ContactPersonalTest.php b/core/modules/contact/lib/Drupal/contact/Tests/ContactPersonalTest.php index 61f1fb9..e9badf3 100644 --- a/core/modules/contact/lib/Drupal/contact/Tests/ContactPersonalTest.php +++ b/core/modules/contact/lib/Drupal/contact/Tests/ContactPersonalTest.php @@ -54,7 +54,7 @@ function setUp() { parent::setUp(); // Create an admin user. - $this->admin_user = $this->drupalCreateUser(array('administer contact forms', 'administer users')); + $this->admin_user = $this->drupalCreateUser(array('administer contact forms', 'administer users', 'administer account settings')); // Create some normal users with their contact forms enabled by default. config('contact.settings')->set('user_default_enabled', 1)->save(); diff --git a/core/modules/contact/lib/Drupal/contact/Tests/ContactSitewideTest.php b/core/modules/contact/lib/Drupal/contact/Tests/ContactSitewideTest.php index 42f4423..132476c 100644 --- a/core/modules/contact/lib/Drupal/contact/Tests/ContactSitewideTest.php +++ b/core/modules/contact/lib/Drupal/contact/Tests/ContactSitewideTest.php @@ -39,6 +39,7 @@ function testSiteWideContact() { 'access site-wide contact form', 'administer contact forms', 'administer users', + 'administer account settings', 'administer contact_message fields', )); $this->drupalLogin($admin_user); diff --git a/core/modules/field_ui/lib/Drupal/field_ui/Tests/FieldUiTestBase.php b/core/modules/field_ui/lib/Drupal/field_ui/Tests/FieldUiTestBase.php index c836023..8d397f1 100644 --- a/core/modules/field_ui/lib/Drupal/field_ui/Tests/FieldUiTestBase.php +++ b/core/modules/field_ui/lib/Drupal/field_ui/Tests/FieldUiTestBase.php @@ -26,7 +26,7 @@ function setUp() { parent::setUp(); // Create test user. - $admin_user = $this->drupalCreateUser(array('access content', 'administer content types', 'administer node fields', 'administer node form display', 'administer node display', 'administer taxonomy', 'administer taxonomy_term fields', 'administer taxonomy_term display', 'administer users', 'administer user display', 'bypass node access')); + $admin_user = $this->drupalCreateUser(array('access content', 'administer content types', 'administer node fields', 'administer node form display', 'administer node display', 'administer taxonomy', 'administer taxonomy_term fields', 'administer taxonomy_term display', 'administer users', 'administer account settings', 'administer user display', 'bypass node access')); $this->drupalLogin($admin_user); // Create content type, with underscores. diff --git a/core/modules/system/lib/Drupal/system/Tests/Upgrade/UserPermissionUpgradePathTest.php b/core/modules/system/lib/Drupal/system/Tests/Upgrade/UserPermissionUpgradePathTest.php new file mode 100644 index 0000000..ecb8b3a --- /dev/null +++ b/core/modules/system/lib/Drupal/system/Tests/Upgrade/UserPermissionUpgradePathTest.php @@ -0,0 +1,64 @@ + 'User permission upgrade test', + 'description' => 'Upgrade tests for user permissions.', + 'group' => 'Upgrade path', + ); + } + + public function setUp() { + $this->databaseDumpFiles = array( + drupal_get_path('module', 'system') . '/tests/upgrade/drupal-7.bare.standard_all.database.php.gz', + drupal_get_path('module', 'system') . '/tests/upgrade/drupal-7.user_permission.database.php', + ); + parent::setUp(); + } + + /** + * Tests user-related permissions after a successful upgrade. + */ + public function testUserPermissionUpgrade() { + $this->assertTrue($this->performUpgrade(), 'The upgrade was completed successfully.'); + + $this->drupalGet(''); + $this->assertResponse(200); + + // Verify that we are still logged in. + $this->drupalGet('user'); + $this->clickLink(t('Edit')); + $this->assertEqual($this->getUrl(), url('user/1/edit', array('absolute' => TRUE)), 'We are still logged in as admin at the end of the upgrade.'); + + // Login as another 'administrator' role user whose uid != 1 + $this->drupalLogout(); + $user = new UserSession(array( + 'uid' => 2, + 'name' => 'user1', + 'pass_raw' => 'user1', + )); + $this->drupalLogin($user); + + // Check that user with permission 'administer users' also gets + // 'administer account settings' access. + $this->drupalGet('admin/config/people/accounts'); + $this->assertResponse(200, '"Administer account settings" page was found.'); + } + +} diff --git a/core/modules/system/tests/upgrade/drupal-7.user_permission.database.php b/core/modules/system/tests/upgrade/drupal-7.user_permission.database.php new file mode 100644 index 0000000..dc6cd5a --- /dev/null +++ b/core/modules/system/tests/upgrade/drupal-7.user_permission.database.php @@ -0,0 +1,60 @@ +fields(array( + 'uid', + 'rid', +)) +->values(array( + 'uid' => '2', + 'rid' => '3', +)) +->execute(); + +db_insert('users')->fields(array( + 'uid', + 'name', + 'pass', + 'mail', + 'theme', + 'signature', + 'signature_format', + 'created', + 'access', + 'login', + 'status', + 'timezone', + 'language', + 'picture', + 'init', + 'data', +)) +->values(array( + 'uid' => '2', + 'name' => 'user1', + 'pass' => '$S$D9JgycE33DawX/9Iv2SfAjkQEi5alDZhxycfan6dDkUKf9lH0Nfo', + 'mail' => 'user1@example.com', + 'theme' => '', + 'signature' => '', + 'signature_format' => NULL, + 'created' => '1376147347', + 'access' => '0', + 'login' => '0', + 'status' => '1', + 'timezone' => 'Europe/Berlin', + 'language' => '', + 'picture' => '0', + 'init' => 'user1@example.com', + 'data' => NULL, +)) +->execute(); diff --git a/core/modules/user/lib/Drupal/user/Tests/UserAdminTest.php b/core/modules/user/lib/Drupal/user/Tests/UserAdminTest.php index 1dd89b2..69384b5 100644 --- a/core/modules/user/lib/Drupal/user/Tests/UserAdminTest.php +++ b/core/modules/user/lib/Drupal/user/Tests/UserAdminTest.php @@ -120,7 +120,7 @@ function testUserAdmin() { */ function testNotificationEmailAddress() { // Test that the Notification E-mail address field is on the config page. - $admin_user = $this->drupalCreateUser(array('administer users')); + $admin_user = $this->drupalCreateUser(array('administer users', 'administer account settings')); $this->drupalLogin($admin_user); $this->drupalGet('admin/config/people/accounts'); $this->assertRaw('id="edit-mail-notification-address"', 'Notification E-mail address field exists'); diff --git a/core/modules/user/lib/Drupal/user/Tests/UserPermissionsTest.php b/core/modules/user/lib/Drupal/user/Tests/UserPermissionsTest.php index e2e97a1..a336372 100644 --- a/core/modules/user/lib/Drupal/user/Tests/UserPermissionsTest.php +++ b/core/modules/user/lib/Drupal/user/Tests/UserPermissionsTest.php @@ -25,7 +25,7 @@ public static function getInfo() { function setUp() { parent::setUp(); - $this->admin_user = $this->drupalCreateUser(array('administer permissions', 'access user profiles', 'administer site configuration', 'administer modules', 'administer users')); + $this->admin_user = $this->drupalCreateUser(array('administer permissions', 'access user profiles', 'administer site configuration', 'administer modules', 'administer account settings')); // Find the new role ID. $all_rids = $this->admin_user->getRoles(); diff --git a/core/modules/user/user.module b/core/modules/user/user.module index 0a8d4ab..85d5fd5 100644 --- a/core/modules/user/user.module +++ b/core/modules/user/user.module @@ -479,6 +479,13 @@ function user_permission() { 'title' => t('Administer permissions'), 'restrict access' => TRUE, ), + 'administer account settings' => array( + 'title' => t('Administer account settings'), + 'description' => user_access('administer account settings') + ? t('Configure site-wide settings and behavior for user accounts and registration.', array('@url' => url('admin/config/people'))) + : t('Configure site-wide settings and behavior for user accounts and registration.'), + 'restrict access' => TRUE, + ), 'administer users' => array( 'title' => t('Administer users'), 'restrict access' => TRUE, @@ -898,7 +905,7 @@ function user_menu() { 'position' => 'left', 'weight' => -20, 'page callback' => 'system_admin_menu_block_page', - 'access arguments' => array('access administration pages'), + 'access arguments' => array('administer account settings'), 'file' => 'system.admin.inc', 'file path' => drupal_get_path('module', 'system'), ); diff --git a/core/modules/user/user.routing.yml b/core/modules/user/user.routing.yml index 90570ea..901d57b 100644 --- a/core/modules/user/user.routing.yml +++ b/core/modules/user/user.routing.yml @@ -31,7 +31,7 @@ user_account_settings: defaults: _form: '\Drupal\user\AccountSettingsForm' requirements: - _permission: 'administer users' + _permission: 'administer account settings' user_admin_create: pattern: '/admin/people/create' -- 1.7.9.5