Contrib.social

Add user access checks to 'more' link

Open on Drupal.org →
Created on 29 July 2013, over 11 years ago
Updated 2 February 2023, about 2 years ago

Problem/Motivation

when a custom URL under "Link display" is used for a given display, there is not anything in views to check user access to these links.

@dawehner suggested using the access system provided by the routing system.

this was discovered in #2020393-11: Convert "Recent content" block to a View , when a "More" link was being added.

Instructions to reproduce the issue:

  1. Install fresh D8 (standard profile)
  2. Go to /admin/structure/views/add, to add new view
    1. Name the view as "Admin only"
    2. Select "Create a page"
    3. Click "Save and edit"
    4. Under "Page Settings" choose a link after "Access: Permissions". By default it's "View published content".
    5. Choose "Administer blocks"
    6. Save the view
  3. Go to /admin/structure/views/add, to add new view.
    1. Name the view as "Public"
    2. Select "Create a block"
    3. Click "Save and edit"
    4. Under "Pager" choose link after "More link:". By default it's no.
    5. Select "Create more link" and "Always display the more link"
    6. Click "Apply"
    7. Under "Pager" choose link after "Link display:". By default it's "none".
    8. Select "Custom URL" and enter "admin-only" to the field
    9. Click "Apply"
    10. Click "No Results Behavior" -> Add
    11. Choose "Global: Text area"
    12. Click "Apply"
    13. Write "This is a public view" to the textfield
    14. Click "Apply"
    15. Save the view
  4. Go to /admin/structure/block/add/views_block%3Apublic-block_1/bartik
    1. Select "Sidebar first" from the "Region" dropdown menu
    2. Click "Save Block"
  5. Log out
  6. Go to the front page
  7. Link "more" is showing on a public block.

Steps to reproduce

Proposed resolution

Remaining tasks

User interface changes

API changes

Data model changes

Release notes snippet

Feature request
Status

Needs work

Version

10.1

Component
Node system 

Last updated about 14 hours ago

No maintainer
Created by

🇺🇸United States bdone

Live updates comments and jobs are added and updated live.
  • VDC

    Related to the Views in Drupal Core initiative.

  • Needs issue summary update

    Issue summaries save everyone time if they are kept up-to-date. See Update issue summary task instructions.

Sign in to follow issues

Merge Requests

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Comment about 2 years ago
    🇳🇿New Zealand quietone

    The Issue Summary has steps to reproduce for Drupal 8. Is this still valid? Let's get an issue summary update, including a proposed resolution, and a set of the latest screenshots. And let's put the steps to reproduce under the correct heading. Adding tag for an issue summary update.

    I took a very brief view of the patch.

    1. +++ b/core/modules/views/tests/src/Functional/Plugin/DisplayTest.php
@@ -294,6 +294,13 @@ public function testReadMoreCustomURL() {
+    // Test if user doesn't have permission to link read more doesn't display.

      This sentence does not make sense to me. For one there are two negatives. And there should be quotes around 'read more'. 

    2. +++ b/core/modules/views/tests/src/Functional/Plugin/DisplayTest.php
@@ -294,6 +294,13 @@ public function testReadMoreCustomURL() {
+    $this->assertStringNotContainsString('/admin/content', $output, 'The read more link with href "/admin/content" was not found.');

      This is testing the absence of something. Do we have a test for the presence of 'read more' link when it should be visible? 

    3. +++ b/core/modules/views/src/Plugin/views/display/DisplayPluginBase.php
@@ -2115,12 +2115,26 @@ public function renderMoreLink() {
+      // Add cache metadata with the link target page.

      I keep reading reading this sentence and expect a final prepositional phrase, as in, "Add cache metadata with the link target page to ....". Can this be clearer?

  • Status changed to Needs review about 2 years ago
  • Comment about 2 years ago
    🇺🇸United States smustgrave

    #34.1 updated
    #34.2 a few lines above it's testing for the link
    #34.3 updated

    Updated issue summary.

  • Status changed to RTBC about 2 years ago
  • Comment about 2 years ago
    🇮🇳India Ranjit1032002

    Patch #35 applied successfully and working as expected.

  • Status changed to Needs work about 2 years ago
  • First commit to issue fork.
  • Merge request !11590Issue #2053015: Add user access checks to 'more' link → (Open) created by acbramley
  • Comment 12 days ago
    🇦🇺Australia acbramley

    Rolled a new solution into an MR with the test coverage from #35

    Re #37.3 this test case is specifically testing the output of the read more link, nothing more. There's plenty of other assertions there to ensure it's working in other scenarios and there's nothing else in the output to add a positive assertion to.

    Worked on this as part of node issue triage before realising this is not node related at all

  • Pipeline finished with Success
    12 days ago
    Total: 518s
    #455784
  • Comment 12 days ago
    🇬🇧United Kingdom MrDaleSmith

    LGTM

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024