From fb40bd6f06ed4dd1fb52d47262a627203ae9dcd4 Mon Sep 17 00:00:00 2001
From: Alex Pott <alex.a.pott@googlemail.com>
Date: Sat, 13 Dec 2014 18:56:18 +0100
Subject: [PATCH] Issue #2382931 by larowlan, pfrenssen, Mile23:
 Drupal\field\Plugin\views\field\Field::access returns an object instead of
 the expected boolean

---
 .../field/src/Plugin/views/field/Field.php    |  2 +-
 .../src/Tests/Views/HandlerFieldFieldTest.php | 42 ++++++++++++++++++-
 .../views.view.test_view_fieldapi.yml         |  5 +++
 .../Plugin/views/ViewsHandlerInterface.php    |  6 ++-
 4 files changed, 51 insertions(+), 4 deletions(-)

diff --git a/core/modules/field/src/Plugin/views/field/Field.php b/core/modules/field/src/Plugin/views/field/Field.php
index 6c7b9c54913b..106ce87f1e07 100644
--- a/core/modules/field/src/Plugin/views/field/Field.php
+++ b/core/modules/field/src/Plugin/views/field/Field.php
@@ -216,7 +216,7 @@ public function init(ViewExecutable $view, DisplayPluginBase $display, array &$o
   public function access(AccountInterface $account) {
     $base_table = $this->get_base_table();
     $access_control_handler = $this->entityManager->getAccessControlHandler($this->definition['entity_tables'][$base_table]);
-    return $access_control_handler->fieldAccess('view', $this->getFieldDefinition(), $account, NULL, TRUE);
+    return $access_control_handler->fieldAccess('view', $this->getFieldDefinition(), $account);
   }
 
   /**
diff --git a/core/modules/field/src/Tests/Views/HandlerFieldFieldTest.php b/core/modules/field/src/Tests/Views/HandlerFieldFieldTest.php
index 36e903d85c04..f3bd30a90521 100644
--- a/core/modules/field/src/Tests/Views/HandlerFieldFieldTest.php
+++ b/core/modules/field/src/Tests/Views/HandlerFieldFieldTest.php
@@ -23,6 +23,11 @@
  */
 class HandlerFieldFieldTest extends FieldTestBase {
 
+  /**
+   * {@inheritdoc}
+   */
+  public static $modules = array('node', 'field_test');
+
   /**
    * Views used by this test.
    *
@@ -30,10 +35,15 @@ class HandlerFieldFieldTest extends FieldTestBase {
    */
   public static $testViews = array('test_view_fieldapi');
 
+  /**
+   * Test nodes.
+   *
+   * @var \Drupal\node\NodeInterface[]
+   */
   public $nodes;
 
   /**
-   * @todo.
+   * {@inheritdoc}
    */
   protected function setUp() {
     parent::setUp();
@@ -66,6 +76,15 @@ protected function setUp() {
     ));
     $this->fieldStorages[5]->save();
 
+    // Setup a text field with access control.
+    // @see field_test_entity_field_access()
+    $this->fieldStorages[6] = entity_create('field_storage_config', array(
+      'field_name' => 'field_no_view_access',
+      'entity_type' => 'node',
+      'type' => 'text',
+    ));
+    $this->fieldStorages[6]->save();
+
     $this->setUpFields();
 
     // Create some nodes.
@@ -77,6 +96,8 @@ protected function setUp() {
         $field_storage = $this->fieldStorages[$key];
         $edit[$field_storage->getName()][0]['value'] = $this->randomMachineName(8);
       }
+      // Add a hidden value for the no-view field.
+      $edit[$this->fieldStorages[6]->getName()][0]['value'] = 'ssh secret squirrel';
       for ($j = 0; $j < 5; $j++) {
         $edit[$this->fieldStorages[3]->getName()][$j]['value'] = $this->randomMachineName(8);
       }
@@ -107,6 +128,7 @@ protected function prepareView(ViewExecutable $view) {
 
   public function testFieldRender() {
     $this->_testSimpleFieldRender();
+    $this->_testInaccessibleFieldRender();
     $this->_testFormatterSimpleFieldRender();
     $this->_testMultipleFieldRender();
   }
@@ -127,6 +149,24 @@ public function _testSimpleFieldRender() {
     }
   }
 
+  public function _testInaccessibleFieldRender() {
+    $view = Views::getView('test_view_fieldapi');
+    $this->prepareView($view);
+    $this->executeView($view);
+
+    // Check that the field handler for the hidden field is correctly removed
+    // from the display.
+    // @see https://www.drupal.org/node/2382931
+    $this->assertFalse(array_key_exists('field_no_view_access', $view->field));
+
+    // Check that the access-denied field is not visible.
+    for ($i = 0; $i < 3; $i++) {
+      $field_name = $this->fieldStorages[6]->getName();
+      $rendered_field = $view->style_plugin->getField($i, $field_name);
+      $this->assertFalse($rendered_field, 'Hidden field not rendered');
+    }
+  }
+
   /**
    * Tests that fields with formatters runs as expected.
    */
diff --git a/core/modules/field/tests/modules/field_test_views/test_views/views.view.test_view_fieldapi.yml b/core/modules/field/tests/modules/field_test_views/test_views/views.view.test_view_fieldapi.yml
index ed6334fb0a5b..6f2bac08f5d4 100644
--- a/core/modules/field/tests/modules/field_test_views/test_views/views.view.test_view_fieldapi.yml
+++ b/core/modules/field/tests/modules/field_test_views/test_views/views.view.test_view_fieldapi.yml
@@ -33,6 +33,11 @@ display:
           table: node__field_name_5
           field: field_name_5
           plugin_id: field
+        field_no_view_access:
+          id: field_no_view_access
+          table: node__field_no_view_access
+          field: field_no_view_access
+          plugin_id: field
       cache:
         type: none
       exposed_form:
diff --git a/core/modules/views/src/Plugin/views/ViewsHandlerInterface.php b/core/modules/views/src/Plugin/views/ViewsHandlerInterface.php
index 826b77b11fcf..9e814b2740c6 100644
--- a/core/modules/views/src/Plugin/views/ViewsHandlerInterface.php
+++ b/core/modules/views/src/Plugin/views/ViewsHandlerInterface.php
@@ -47,11 +47,13 @@ public function broken();
   public function ensureMyTable();
 
   /**
-   * Check whether current user has access to this handler.
+   * Check whether given user has access to this handler.
    *
    * @param AccountInterface $account
+   *   The user account to check.
    *
-   * @return boolean
+   * @return bool
+   *   TRUE if the user has access to the handler, FALSE otherwise.
    */
   public function access(AccountInterface $account);
 
-- 
GitLab