From bf95fbc48c99beed969c2033980019c0ce1bb211 Mon Sep 17 00:00:00 2001 From: pookmish Date: Fri, 13 Dec 2024 13:48:02 -0800 Subject: [PATCH] Fix access check for CSV upload form (#99) * Fix access check for CSV upload form * removed access premission check --- src/Form/StanfordMigrateCsvImportForm.php | 22 --------------- stanford_migrate.module | 25 ++++++++++++++--- stanford_migrate.routing.yml | 4 +-- .../Form/StanfordMigrateCsvImportFormTest.php | 27 ------------------- 4 files changed, 23 insertions(+), 55 deletions(-) diff --git a/src/Form/StanfordMigrateCsvImportForm.php b/src/Form/StanfordMigrateCsvImportForm.php index 4361c63..dc4160a 100644 --- a/src/Form/StanfordMigrateCsvImportForm.php +++ b/src/Form/StanfordMigrateCsvImportForm.php @@ -2,13 +2,11 @@ namespace Drupal\stanford_migrate\Form; -use Drupal\Core\Access\AccessResult; use Drupal\Core\Cache\Cache; use Drupal\Core\Entity\EntityForm; use Drupal\Core\Entity\EntityTypeManagerInterface; use Drupal\Core\Form\FormStateInterface; use Drupal\Core\Link; -use Drupal\Core\Session\AccountInterface; use Drupal\Core\State\StateInterface; use Drupal\file\FileUsage\FileUsageInterface; use Drupal\migrate\MigrateMessage; @@ -58,31 +56,11 @@ public static function create(ContainerInterface $container) { */ public function __construct(protected MigrationPluginManagerInterface $migrationManager, protected StateInterface $state, protected FileUsageInterface $fileUsage, EntityTypeManagerInterface $entityTypeManager) { $this->entityTypeManager = $entityTypeManager; - /** @var \Drupal\migrate_plus\Entity\MigrationInterface $migration */ $migration = $this->getRequest()->attributes->get('migration'); $this->migrationPlugin = $this->migrationManager->createInstance($migration->id()); } - /** - * Check if the user should have access to the form. - * - * @param \Drupal\Core\Session\AccountInterface $account - * Current user. - * - * @return \Drupal\Core\Access\AccessResult - * Allowed if the migration is a csv importer. - */ - public function access(AccountInterface $account): AccessResult { - $source_plugin = $this->migrationPlugin->getSourcePlugin(); - // If the migration doesn't import csv, there's no reason to allow the form. - if ($source_plugin->getPluginId() != 'csv') { - return AccessResult::forbidden(); - } - $migration_id = $this->migrationPlugin->id(); - return AccessResult::allowedIfHasPermission($account, "import $migration_id migration"); - } - /** * {@inheritDoc} */ diff --git a/stanford_migrate.module b/stanford_migrate.module index c2f7588..de3742a 100755 --- a/stanford_migrate.module +++ b/stanford_migrate.module @@ -5,17 +5,20 @@ * Contains stanford_migrate.module. */ +use Drupal\Core\Access\AccessResult; use Drupal\Core\Cache\Cache; use Drupal\Core\Entity\Display\EntityFormDisplayInterface; use Drupal\Core\Entity\EntityInterface; use Drupal\Core\Entity\Entity\EntityViewDisplay; use Drupal\Core\Routing\RouteMatchInterface; +use Drupal\Core\Session\AccountInterface; use Drupal\migrate\Plugin\MigrateSourceInterface; use Drupal\migrate\Plugin\MigrationInterface; use Drupal\migrate\Row; use Drupal\migrate_plus\Entity\Migration; use Drupal\node\NodeInterface; use Drupal\ultimate_cron\CronJobInterface; +use Drupal\migrate_plus\Entity\MigrationInterface as MigrationEntityInterface; /** * Implements hook_help(). @@ -59,7 +62,8 @@ function stanford_migrate_migrate_prepare_row(Row $row, MigrateSourceInterface $ * @return array|\Drupal\migrate_plus\Entity\MigrationInterface|mixed * Migration entity or null/false if none found. * - * @deprecated in 8.2.3 and is removed in 9.0.0. Use \Drupal::service('stanford_migrate')->getNodesMigration() instead. + * @deprecated in 8.2.3 and is removed in 9.0.0. Use + * \Drupal::service('stanford_migrate')->getNodesMigration() instead. */ function stanford_migrate_get_migration(NodeInterface $node) { return \Drupal::service('stanford_migrate')->getNodesMigration($node); @@ -150,7 +154,7 @@ function stanford_migrate_entity_form_display_alter(EntityFormDisplayInterface $ * Implements hook_preprocess_HOOK(). */ function stanford_migrate_preprocess_field(&$variables) { - if ($variables['element']['#third_party_settings']['stanford_migrate']['readonly'] ?? false) { + if ($variables['element']['#third_party_settings']['stanford_migrate']['readonly'] ?? FALSE) { // Wrap the readonly form fields with classes so that they can be identified // more easily to the user. $variables['attributes']['class'][] = 'messages'; @@ -205,6 +209,17 @@ function stanford_migrate_entity_type_alter(array &$entity_types) { } } +/** + * Implements hook_ENTITY_TYPE_access(). + */ +function stanford_migrate_migration_access(MigrationEntityInterface $entity, $operation, AccountInterface $account) { + if ($operation != 'csv') { + return AccessResult::neutral(); + } + $migration_id = $entity->id(); + return AccessResult::allowedIfHasPermission($account, "import $migration_id migration"); +} + /** * Implements hook_ENTITY_TYPE_delete(). */ @@ -297,7 +312,8 @@ function stanford_migrate_ultimate_cron_task(CronJobInterface $cron_entity) { * @param bool $batch * Execute the migration using a batch process. * - * @deprecated in 8.2.3 and is removed in 9.0.0. Use \Drupal::service('stanford_migrate')->executeMigration() instead. + * @deprecated in 8.2.3 and is removed in 9.0.0. Use + * \Drupal::service('stanford_migrate')->executeMigration() instead. * * @see \Drupal\migrate_tools\Drush\MigrateToolsCommands::executeMigration() */ @@ -313,7 +329,8 @@ function stanford_migrate_execute_migration(MigrationInterface $migration, strin * An array keyed by migration group, each value containing an array of * migrations or an empty array if no migrations match the input criteria. * - * @deprecated in 8.2.3 and is removed in 9.0.0. Use \Drupal::service('stanford_migrate')->getMigrationList() instead. + * @deprecated in 8.2.3 and is removed in 9.0.0. Use + * \Drupal::service('stanford_migrate')->getMigrationList() instead. * * @see \Drupal\migrate_tools\Drush\MigrateToolsCommands::migrationsList() */ diff --git a/stanford_migrate.routing.yml b/stanford_migrate.routing.yml index 7e03a6e..47865ea 100644 --- a/stanford_migrate.routing.yml +++ b/stanford_migrate.routing.yml @@ -23,7 +23,7 @@ entity.migration.csv_upload: _title: 'Upload CSV' _migrate_group: true requirements: - _custom_access: 'Drupal\stanford_migrate\Form\StanfordMigrateCsvImportForm::access' + _entity_access: 'migration.csv' _module_dependencies: migrate_source_csv options: parameters: @@ -38,7 +38,7 @@ entity.migration.csv_template: _controller: '\Drupal\stanford_migrate\Controller\MigrationCsvTemplate::getEmptyTemplate' _title: 'CSV Template' requirements: - _custom_access: 'Drupal\stanford_migrate\Form\StanfordMigrateCsvImportForm::access' + _entity_access: 'migration.csv' _module_dependencies: migrate_source_csv options: parameters: diff --git a/tests/src/Kernel/Form/StanfordMigrateCsvImportFormTest.php b/tests/src/Kernel/Form/StanfordMigrateCsvImportFormTest.php index 6ed0737..7478257 100644 --- a/tests/src/Kernel/Form/StanfordMigrateCsvImportFormTest.php +++ b/tests/src/Kernel/Form/StanfordMigrateCsvImportFormTest.php @@ -44,33 +44,6 @@ public function setup(): void { $this->installSchema('file', ['file_usage']); } - /** - * Migrations that aren't csv importers are denied access. - */ - public function testNonCsvAccess() { - $this->setMigrationRequest(Migration::load('stanford_migrate')); - - $form_object = \Drupal::entityTypeManager() - ->getFormObject('migration', 'csv-upload'); - $account = $this->createMock(AccountInterface::class); - $this->assertFalse($form_object->access($account)->isAllowed()); - } - - /** - * CSV Importers have permission access. - */ - public function testCsvPermissionAccess() { - $this->setCsvMigrationRequest(); - - $account = $this->createMock(AccountInterface::class); - $form_object = \Drupal::entityTypeManager() - ->getFormObject('migration', 'csv-upload'); - $this->assertFalse($form_object->access($account)->isAllowed()); - - $account->method('hasPermission')->willReturn(TRUE); - $this->assertTrue($form_object->access($account)->isAllowed()); - } - /** * Test the functionality of the form. */