Contrib.social

Add user access checks to 'more' link

Open on Drupal.org →
Created on 29 July 2013, about 11 years ago
Updated 6 March 2023, over 1 year ago

Problem/Motivation

when a custom URL under "Link display" is used for a given display, there is not anything in views to check user access to these links.

@dawehner suggested using the access system provided by the routing system.

this was discovered in #2020393-11: Convert "Recent content" block to a View , when a "More" link was being added.

Steps to reproduce

Instructions to reproduce the issue:

  1. Install fresh Drupal (standard profile)
  2. Go to /admin/structure/views/add, to add new view
    1. Name the view as "Admin only"
    2. Select "Create a page"
    3. Click "Save and edit"
    4. Under "Page Settings" choose a link after "Access: Permissions". By default it's "View published content".
    5. Choose "Administer blocks"
    6. Save the view
  3. Go to /admin/structure/views/add, to add new view.
    1. Name the view as "Public"
    2. Select "Create a block"
    3. Click "Save and edit"
    4. Under "Pager" choose link after "More link:". By default it's no.
    5. Select "Create more link" and "Always display the more link"
    6. Click "Apply"
    7. Under "Pager" choose link after "Link display:". By default it's "none".
    8. Select "Custom URL" and enter "admin-only" to the field
    9. Click "Apply"
    10. Click "No Results Behavior" -> Add
    11. Choose "Global: Text area"
    12. Click "Apply"
    13. Write "This is a public view" to the textfield
    14. Click "Apply"
    15. Save the view
  4. Go to /admin/structure/block/add/views_block%3Apublic-block_1/bartik
    1. Select "Sidebar first" from the "Region" dropdown menu
    2. Click "Save Block"
  5. Log out
  6. Go to the front page
  7. Link "more" is showing on a public block.

Proposed resolution

Check if user has access to the read more link.

Remaining tasks

Code review

User interface changes

NA

API changes

NA

Data model changes

NA

Release notes snippet

NA

Feature request
Status

Needs work

Version

11.0 🔥

Component
Node system 

Last updated less than a minute ago

No maintainer
Created by

🇺🇸United States bdone

Live updates comments and jobs are added and updated live.
  • VDC

    Related to the Views in Drupal Core initiative.

Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Comment over 1 year ago
    🇳🇿New Zealand quietone New Zealand

    The Issue Summary has steps to reproduce for Drupal 8. Is this still valid? Let's get an issue summary update, including a proposed resolution, and a set of the latest screenshots. And let's put the steps to reproduce under the correct heading. Adding tag for an issue summary update.

    I took a very brief view of the patch.

    1. +++ b/core/modules/views/tests/src/Functional/Plugin/DisplayTest.php
@@ -294,6 +294,13 @@ public function testReadMoreCustomURL() {
+    // Test if user doesn't have permission to link read more doesn't display.

      This sentence does not make sense to me. For one there are two negatives. And there should be quotes around 'read more'. 

    2. +++ b/core/modules/views/tests/src/Functional/Plugin/DisplayTest.php
@@ -294,6 +294,13 @@ public function testReadMoreCustomURL() {
+    $this->assertStringNotContainsString('/admin/content', $output, 'The read more link with href "/admin/content" was not found.');

      This is testing the absence of something. Do we have a test for the presence of 'read more' link when it should be visible? 

    3. +++ b/core/modules/views/src/Plugin/views/display/DisplayPluginBase.php
@@ -2115,12 +2115,26 @@ public function renderMoreLink() {
+      // Add cache metadata with the link target page.

      I keep reading reading this sentence and expect a final prepositional phrase, as in, "Add cache metadata with the link target page to ....". Can this be clearer?

  • Status changed to Needs review over 1 year ago
  • Comment over 1 year ago
    🇺🇸United States smustgrave

    #34.1 updated
    #34.2 a few lines above it's testing for the link
    #34.3 updated

    Updated issue summary.

  • Status changed to RTBC over 1 year ago
  • Comment over 1 year ago
    🇮🇳India Ranjit1032002

    Patch #35 applied successfully and working as expected.

  • Status changed to Needs work over 1 year ago
contrib.social Blog FAQ Discussions
Production build 0.71.5 2024