Issue #2918149 by harpreet16, tim.plunkett, raman.b, anil.gangwal, dalin,...

Issue #2918149 by harpreet16, tim.plunkett, raman.b, anil.gangwal, dalin, grndlvl, nikunjkotecha, kalyansamanta, paulocs, ranjith_kumar_k_u, froboy: "This block is broken or missing..." should only be shown to users that have access to do something about it

Issue #2918149 by harpreet16, tim.plunkett, raman.b, anil.gangwal, dalin,...
8e416f13 · Alex Pott · 39777109 · 8e416f13 · 8e416f13 · 8e416f13
Unverified Commit 8e416f13 authored 4 years ago by Alex Pott
--- a/core/lib/Drupal/Core/Block/Plugin/Block/Broken.php
+++ b/core/lib/Drupal/Core/Block/Plugin/Block/Broken.php
@@ -7,6 +7,9 @@
 use Drupal\Core\Cache\CacheableDependencyTrait;
 use Drupal\Core\Form\FormStateInterface;
 use Drupal\Core\Plugin\PluginBase;
+use Drupal\Core\Plugin\ContainerFactoryPluginInterface;
+use Drupal\Core\Session\AccountInterface;
+use Symfony\Component\DependencyInjection\ContainerInterface;

 /**
 * Defines a fallback plugin for missing block plugins.
@@ -17,16 +20,56 @@
 *   category = @Translation("Block"),
 * )
 */
-class Broken extends PluginBase implements BlockPluginInterface {
+class Broken extends PluginBase implements BlockPluginInterface, ContainerFactoryPluginInterface {

  use BlockPluginTrait;
  use CacheableDependencyTrait;

+  /**
+   * The current user.
+   *
+   * @var \Drupal\Core\Session\AccountInterface
+   */
+  protected $currentUser;
+
+  /**
+   * Creates a Broken Block instance.
+   *
+   * @param array $configuration
+   *   A configuration array containing information about the plugin instance.
+   * @param string $plugin_id
+   *   The plugin ID for the plugin instance.
+   * @param mixed $plugin_definition
+   *   The plugin implementation definition.
+   * @param \Drupal\Core\Session\AccountInterface $current_user
+   *   The current user.
+   */
+  public function __construct(array $configuration, $plugin_id, $plugin_definition, AccountInterface $current_user) {
+    parent::__construct($configuration, $plugin_id, $plugin_definition);
+    $this->currentUser = $current_user;
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  public static function create(ContainerInterface $container, array $configuration, $plugin_id, $plugin_definition) {
+    return new static(
+      $configuration,
+      $plugin_id,
+      $plugin_definition,
+      $container->get('current_user')
+    );
+  }
+
  /**
   * {@inheritdoc}
   */
  public function build() {
-    return $this->brokenMessage();
+    $build = [];
+    if ($this->currentUser->hasPermission('administer blocks')) {
+      $build += $this->brokenMessage();
+    }
+    return $build;
  }

  /**

--- a/core/modules/block/tests/src/Functional/BlockUiTest.php
+++ b/core/modules/block/tests/src/Functional/BlockUiTest.php
@@ -382,4 +382,35 @@ public function testRouteProtection() {
    $this->assertSession()->statusCodeEquals(403);
  }

+  /**
+   * Tests that users without permission are not able to view broken blocks.
+   */
+  public function testBrokenBlockVisibility() {
+    $assert_session = $this->assertSession();
+
+    $this->drupalPlaceBlock('broken');
+
+    // Login as an admin user to the site.
+    $this->drupalLogin($this->adminUser);
+    $this->drupalGet('');
+    $assert_session->statusCodeEquals(200);
+    // Check that this user can view the Broken Block message.
+    $assert_session->pageTextContains('This block is broken or missing. You may be missing content or you might need to enable the original module.');
+    $this->drupalLogout();
+
+    // Visit the same page as anonymous.
+    $this->drupalGet('');
+    $assert_session->statusCodeEquals(200);
+    // Check that this user cannot view the Broken Block message.
+    $assert_session->pageTextNotContains('This block is broken or missing. You may be missing content or you might need to enable the original module.');
+
+    // Visit same page as an authorized user that does not have access to
+    // administer blocks.
+    $this->drupalLogin($this->drupalCreateUser(['access administration pages']));
+    $this->drupalGet('');
+    $assert_session->statusCodeEquals(200);
+    // Check that this user cannot view the Broken Block message.
+    $assert_session->pageTextNotContains('This block is broken or missing. You may be missing content or you might need to enable the original module.');
+  }
+
 }
--- a/core/modules/layout_builder/tests/modules/layout_builder_element_test/src/EventSubscriber/TestPrepareLayout.php
+++ b/core/modules/layout_builder/tests/modules/layout_builder_element_test/src/EventSubscriber/TestPrepareLayout.php
@@ -81,6 +81,7 @@ public function onBeforePrepareLayout(PrepareLayoutEvent $event) {
          'id' => 'static_block',
          'label' => 'Test static block title',
          'label_display' => 'visible',
+          'provider' => 'fake_provider',
        ]));
        $section_storage->appendSection($section);
      }
@@ -113,6 +114,7 @@ public function onAfterPrepareLayout(PrepareLayoutEvent $event) {
          'id' => 'static_block_two',
          'label' => 'Test second static block title',
          'label_display' => 'visible',
+          'provider' => 'fake_provider',
        ]));
        $section_storage->appendSection($section);
      }

--- a/core/modules/layout_builder/tests/src/Functional/LayoutBuilderPrepareLayoutTest.php
+++ b/core/modules/layout_builder/tests/src/Functional/LayoutBuilderPrepareLayoutTest.php
@@ -78,6 +78,7 @@ public function testAlterPrepareLayout() {

    $this->drupalLogin($this->drupalCreateUser([
      'access content',
+      'administer blocks',
      'configure any layout',
      'administer node display',
      'configure all bundle_with_section_field node layout overrides',

--- a/core/tests/Drupal/Tests/Core/Block/BlockManagerTest.php
+++ b/core/tests/Drupal/Tests/Core/Block/BlockManagerTest.php
@@ -7,8 +7,10 @@
 use Drupal\Core\Block\Plugin\Block\Broken;
 use Drupal\Core\Cache\CacheBackendInterface;
 use Drupal\Core\Extension\ModuleHandlerInterface;
+use Drupal\Core\Session\AccountInterface;
 use Drupal\Tests\UnitTestCase;
 use Psr\Log\LoggerInterface;
+use Drupal\Core\DependencyInjection\ContainerBuilder;

 /**
 * @coversDefaultClass \Drupal\Core\Block\BlockManager
@@ -37,6 +39,11 @@ class BlockManagerTest extends UnitTestCase {
  protected function setUp(): void {
    parent::setUp();

+    $container = new ContainerBuilder();
+    $current_user = $this->prophesize(AccountInterface::class);
+    $container->set('current_user', $current_user->reveal());
+    \Drupal::setContainer($container);
+
    $cache_backend = $this->prophesize(CacheBackendInterface::class);
    $module_handler = $this->prophesize(ModuleHandlerInterface::class);
    $this->logger = $this->prophesize(LoggerInterface::class);