Skip to content
Snippets Groups Projects
Unverified Commit cb03af10 authored by Alex Pott's avatar Alex Pott
Browse files

Issue #3030477 by Manuel Garcia, Anas_maw: Views filter "Published status or...

Issue #3030477 by Manuel Garcia, Anas_maw: Views filter "Published status or admin user" not checking "View any unpublished content" permission
parent 8a76eeec
No related branches found
No related tags found
2 merge requests!7452Issue #1797438. HTML5 validation is preventing form submit and not fully...,!789Issue #3210310: Adjust Database API to remove deprecated Drupal 9 code in Drupal 10
<?php
/**
* @file
* Provide views runtime hooks for content_moderation.module.
*/
use Drupal\views\ViewExecutable;
/**
* Implements hook_views_query_substitutions().
*/
function content_moderation_views_query_substitutions(ViewExecutable $view) {
$account = \Drupal::currentUser();
return [
'***VIEW_ANY_UNPUBLISHED_NODES***' => intval($account->hasPermission('view any unpublished content')),
];
}
......@@ -24,7 +24,11 @@ public function canExpose() {
public function query() {
$table = $this->ensureMyTable();
$this->query->addWhereExpression($this->options['group'], "$table.status = 1 OR ($table.uid = ***CURRENT_USER*** AND ***CURRENT_USER*** <> 0 AND ***VIEW_OWN_UNPUBLISHED_NODES*** = 1) OR ***BYPASS_NODE_ACCESS*** = 1");
$snippet = "$table.status = 1 OR ($table.uid = ***CURRENT_USER*** AND ***CURRENT_USER*** <> 0 AND ***VIEW_OWN_UNPUBLISHED_NODES*** = 1) OR ***BYPASS_NODE_ACCESS*** = 1";
if ($this->moduleHandler->moduleExists('content_moderation')) {
$snippet .= ' OR ***VIEW_ANY_UNPUBLISHED_NODES*** = 1';
}
$this->query->addWhereExpression($this->options['group'], $snippet);
}
/**
......
......@@ -12,6 +12,11 @@
*/
class StatusExtraTest extends NodeTestBase {
/**
* {@inheritdoc}
*/
public static $modules = ['node_test_views', 'content_moderation'];
/**
* Views used by this test.
*
......@@ -26,6 +31,7 @@ public function testStatusExtra() {
$node_author = $this->drupalCreateUser(['view own unpublished content']);
$node_author_not_unpublished = $this->drupalCreateUser();
$normal_user = $this->drupalCreateUser();
$privileged_user = $this->drupalCreateUser(['view any unpublished content']);
$admin_user = $this->drupalCreateUser(['bypass node access']);
// Create one published and one unpublished node by the admin.
......@@ -47,6 +53,14 @@ public function testStatusExtra() {
$this->assertText($node_unpublished2->label());
$this->assertText($node_unpublished3->label());
// The privileged user should simply see all nodes.
$this->drupalLogin($privileged_user);
$this->drupalGet('test_status_extra');
$this->assertText($node_published->label());
$this->assertText($node_unpublished->label());
$this->assertText($node_unpublished2->label());
$this->assertText($node_unpublished3->label());
// The node author should see the published node and his own node.
$this->drupalLogin($node_author);
$this->drupalGet('test_status_extra');
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment