Browse Source

Added entity access check.

8.x-1.x
Chi 8 years ago
parent
commit
69f8d4b664
  1. 63
      src/TwigExtension.php
  2. 2
      tests/src/Functional/TwigTweakTest.php
  3. 16
      tests/twig_tweak_test/config/install/block.block.powered_by_drupal.yml
  4. 2
      tests/twig_tweak_test/templates/twig-tweak-test.html.twig

63
src/TwigExtension.php

@ -5,6 +5,7 @@ namespace Drupal\twig_tweak;
use Drupal\Core\Block\TitleBlockPluginInterface; use Drupal\Core\Block\TitleBlockPluginInterface;
use Drupal\Core\Config\ConfigFactoryInterface; use Drupal\Core\Config\ConfigFactoryInterface;
use Drupal\Core\Controller\TitleResolverInterface; use Drupal\Core\Controller\TitleResolverInterface;
use Drupal\Core\Entity\EntityInterface;
use Drupal\Core\Entity\EntityTypeManagerInterface; use Drupal\Core\Entity\EntityTypeManagerInterface;
use Drupal\Core\Form\FormBuilderInterface; use Drupal\Core\Form\FormBuilderInterface;
use Drupal\Core\Menu\MenuLinkTreeInterface; use Drupal\Core\Menu\MenuLinkTreeInterface;
@ -176,8 +177,10 @@ class TwigExtension extends \Twig_Extension {
*/ */
public function drupalBlock($id) { public function drupalBlock($id) {
$block = $this->entityTypeManager->getStorage('block')->load($id); $block = $this->entityTypeManager->getStorage('block')->load($id);
return $block ? if ($block && $this->entityAccess($block)) {
$this->entityTypeManager->getViewBuilder('block')->view($block) : ''; return $this->entityTypeManager->getViewBuilder('block')->view($block);
}
return NULL;
} }
/** /**
@ -201,20 +204,19 @@ class TwigExtension extends \Twig_Extension {
$view_builder = $this->entityTypeManager->getViewBuilder('block'); $view_builder = $this->entityTypeManager->getViewBuilder('block');
$build = []; $build = [];
/* @var $blocks \Drupal\block\BlockInterface[] */ /* @var $blocks \Drupal\block\BlockInterface[] */
foreach ($blocks as $id => $block) { foreach ($blocks as $id => $block) {
// Should the block be displayed? (follow rules from block layout page). if ($this->entityAccess($block)) {
if (!$block->access('view')) { $block_plugin = $block->getPlugin();
continue; if ($block_plugin instanceof TitleBlockPluginInterface) {
} $request = $this->requestStack->getCurrentRequest();
$block_plugin = $block->getPlugin(); if ($route = $request->attributes->get(RouteObjectInterface::ROUTE_OBJECT)) {
if ($block_plugin instanceof TitleBlockPluginInterface) { $block_plugin->setTitle($this->titleResolver->getTitle($request, $route));
$request = $this->requestStack->getCurrentRequest(); }
if ($route = $request->attributes->get(RouteObjectInterface::ROUTE_OBJECT)) {
$block_plugin->setTitle($this->titleResolver->getTitle($request, $route));
} }
$build[$id] = $view_builder->view($block);
} }
$build[$id] = $view_builder->view($block);
} }
return $build; return $build;
@ -240,7 +242,7 @@ class TwigExtension extends \Twig_Extension {
$entity = $id ? $entity = $id ?
$this->entityTypeManager->getStorage($entity_type)->load($id) : $this->entityTypeManager->getStorage($entity_type)->load($id) :
$this->routeMatch->getParameter($entity_type); $this->routeMatch->getParameter($entity_type);
if ($entity) { if ($entity && $this->entityAccess($entity)) {
$render_controller = $this->entityTypeManager->getViewBuilder($entity_type); $render_controller = $this->entityTypeManager->getViewBuilder($entity_type);
return $render_controller->view($entity, $view_mode, $langcode); return $render_controller->view($entity, $view_mode, $langcode);
} }
@ -265,14 +267,16 @@ class TwigExtension extends \Twig_Extension {
* A render array for the field or NULL if the value does not exist. * A render array for the field or NULL if the value does not exist.
*/ */
public function drupalField($field_name, $entity_type, $id = NULL, $view_mode = 'default', $langcode = NULL) { public function drupalField($field_name, $entity_type, $id = NULL, $view_mode = 'default', $langcode = NULL) {
$entity = $id ? $entity = $id
$this->entityTypeManager->getStorage($entity_type)->load($id) : ? $this->entityTypeManager->getStorage($entity_type)->load($id)
$this->routeMatch->getParameter($entity_type); : $this->routeMatch->getParameter($entity_type);
if ($langcode && $entity->hasTranslation($langcode)) { if ($entity && $this->entityAccess($entity)) {
$entity = $entity->getTranslation($langcode); if ($langcode && $entity->hasTranslation($langcode)) {
} $entity = $entity->getTranslation($langcode);
if (isset($entity->{$field_name})) { }
return $entity->{$field_name}->view($view_mode); if (isset($entity->{$field_name})) {
return $entity->{$field_name}->view($view_mode);
}
} }
return NULL; return NULL;
} }
@ -492,4 +496,21 @@ class TwigExtension extends \Twig_Extension {
return $output; return $output;
} }
/**
* Checks view access to a given entity.
*
* @param \Drupal\Core\Entity\EntityInterface $entity
* Entity to check access.
*
* @return bool
* The access check result.
*
* @TODO Remove "check_access" option in 9.x.
*/
protected function entityAccess(EntityInterface $entity) {
// Prior version 8.x-1.7 entity access was not checked. The "check_access"
// option provides a workaround for possible BC issues.
return !Settings::get('twig_tweak_check_access', TRUE) || $entity->access('view');
}
} }

2
tests/src/Functional/TwigTweakTest.php

@ -66,7 +66,7 @@ class TwigTweakTest extends BrowserTestBase {
// Test block. // Test block.
$xpath = '//div[@class = "tt-block"]'; $xpath = '//div[@class = "tt-block"]';
$xpath .= '/div[@id="block-powered-by-drupal"]/span[contains(., "Powered by Drupal")]'; $xpath .= '/div[@id="block-classy-powered-by-drupal"]/span[contains(., "Powered by Drupal")]';
$this->assertByXpath($xpath); $this->assertByXpath($xpath);
// Test region. // Test region.

16
tests/twig_tweak_test/config/install/block.block.powered_by_drupal.yml

@ -1,16 +0,0 @@
langcode: en
status: true
dependencies:
module:
- system
id: powered_by_drupal
region: main
weight: 10
provider: null
plugin: system_powered_by_block
settings:
id: system_powered_by_block
label: 'Powered by Drupal'
provider: system
label_display: '0'
visibility: { }

2
tests/twig_tweak_test/templates/twig-tweak-test.html.twig

@ -19,7 +19,7 @@
<div class="tt-view-default">{{ drupal_view('twig_tweak_test') }}</div> <div class="tt-view-default">{{ drupal_view('twig_tweak_test') }}</div>
<div class="tt-view-page_1">{{ drupal_view('twig_tweak_test', 'page_1') }}</div> <div class="tt-view-page_1">{{ drupal_view('twig_tweak_test', 'page_1') }}</div>
<div class="tt-view-page_1-with-argument">{{ drupal_view('twig_tweak_test', 'page_1', 1) }}</div> <div class="tt-view-page_1-with-argument">{{ drupal_view('twig_tweak_test', 'page_1', 1) }}</div>
<div class="tt-block">{{ drupal_block('powered_by_drupal') }}</div> <div class="tt-block">{{ drupal_block('classy_powered_by_drupal') }}</div>
<div class="tt-region">{{ drupal_region('sidebar_first') }}</div> <div class="tt-region">{{ drupal_region('sidebar_first') }}</div>
<div class="tt-entity-default">{{ drupal_entity('node', 1) }}</div> <div class="tt-entity-default">{{ drupal_entity('node', 1) }}</div>
<div class="tt-entity-teaser">{{ drupal_entity('node', 1, 'teaser') }}</div> <div class="tt-entity-teaser">{{ drupal_entity('node', 1, 'teaser') }}</div>

Loading…
Cancel
Save