#285237: Ability to disallow a flag/unflag operation is super cool, but we need to add tests to make sure that this functionality works correctly. We should test that access is both available and denied in the following situations:

- Flagging own content
- Flagging others' content
- Flagging own comments
- Flagging others' comments
- Flagging comments of own nodes
- Flagging comments of others' nodes
- In multiple and single access checks of all of the above

CommentFileSizeAuthor
#2 flag_comment_access_fix.patch671 bytesquicksketch
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

xn2001’s picture

Users may only flag own comments = OK
Users may only flag comments by others = OK

Users may only flag comments of nodes they own = Not OK
-Logging as node owner but there is no flag link in the comments. I expect flag links in the comments.

Users may only flag comments of nodes by others = Not OK
-Logging as node owner and there are flag links in the comments. It shouldn't.
-Logging as not the node owner and there are flag links in the comments. That is ok.

quicksketch’s picture

FileSize
671 bytes

Thanks for testing these xn2001! I found a error in the access handling for comments like you described above. I've fixed it with the attached patch.

Note that this issue is actually for writing automated tests so this doesn't break in the future, so we'll leave this open even though the problem you described is fixed with this patch.

joachim’s picture

Version: 6.x-2.x-dev » 7.x-3.x-dev

Upping the version.

The patch above fixes a bug that's not to do with this issue -- and the latest 6-2 branch has this fixed.

joachim’s picture

Title: Add tests for Flag access » Add tests for Flag access for own/others' content
joachim’s picture

Worth bearing in mind that #879988: Flag permission for 'own entities' will change how access to flag 'own' content will work, so might be best to postpone writing tests till that is in.