Commit 3761c6ab authored by Chris Johnson's avatar Chris Johnson

Modified mechanism used for determining access to ajax rendering of block

parent d7b4afab
......@@ -104,3 +104,14 @@ function hook_context_load_alter(&$context) {
);
}
}
/**
* Allows for finer grained access mechanisms to using the json
* rendering capabilities of the block reaction when a user isn't
* granted the administer contexts or context ajax block access
* permission
* @param $block_id
* ID of block in module-delta format
*/
function hook_context_allow_ajax_block_access($block_id) {
}
......@@ -273,3 +273,10 @@ function context_ui_settings(&$form_state) {
function context_ui_settings_submit($form, &$form_state) {
variable_set('menu_rebuild_needed', TRUE);
}
/**
* Implements hook_perm
*/
function context_perm() {
return array('context ajax block access');
}
......@@ -532,7 +532,7 @@ class context_reaction_block extends context_reaction {
list($bid, $context) = explode(',', $param);
list($module, $delta) = explode('-', $bid, 2);
// Check token to make sure user has access to block.
if (empty($_GET['context_token']) || $_GET['context_token'] != drupal_get_token($bid)) {
if (!(user_access('context ajax block access') || $this->context_block_ajax_rendering_allowed($bid))) {
echo drupal_to_js(array('status' => 0));
exit;
}
......@@ -576,4 +576,18 @@ class context_reaction_block extends context_reaction {
echo drupal_to_js(array('status' => 0));
exit;
}
/**
* Allow modules to selectively allow ajax rendering of a specific block
*/
private function context_block_ajax_rendering_allowed($bid) {
$allowed = FALSE;
foreach (module_invoke_all('context_allow_ajax_block_access', $bid) as $module_allow) {
$allowed = $allow || $module_allow;
if ($allowed) {
break;
}
}
return $allowed;
}
}
......@@ -242,11 +242,6 @@ DrupalContextBlockEditor.prototype.addBlock = function(event, ui, editor, contex
// Construct query params for our AJAX block request.
var params = Drupal.settings.contextBlockEditor.params;
params.context_block = bid + ',' + context;
if (!Drupal.settings.contextBlockEditor.block_tokens || !Drupal.settings.contextBlockEditor.block_tokens[bid]) {
alert(Drupal.t('An error occurred trying to retrieve block content. Please contact a site administer.'));
return;
}
params.context_token = Drupal.settings.contextBlockEditor.block_tokens[bid];
// Replace item with loading block.
var blockLoading = $('<div class="context-block-item context-block-loading"><span class="icon"></span></div>');
......
......@@ -54,6 +54,8 @@ class ContextReactionBlockAjaxTest extends DrupalWebTestCase {
function setUp() {
parent::setUp('context', 'ctools');
$admin_user = $this->drupalCreateUser(array('context ajax block access'));
$this->drupalLogin($admin_user);
}
function test() {
......@@ -66,6 +68,28 @@ class ContextReactionBlockAjaxTest extends DrupalWebTestCase {
}
}
class ContextReactionBlockAjaxAccessTest extends DrupalWebTestCase {
function getInfo() {
return array(
'name' => t('Reaction: block ajax access'),
'description' => t('Test block reaction ajax access behavior.'),
'group' => t('Context'),
);
}
function setUp() {
parent::setUp('context', 'context_ui', 'ctools');
}
function test() {
$this->drupalGet('node', array(
'query' => array('context_block' => 'user-3,testcontext')
));
$this->assertText('"status": 0');
}
}
class ContextReactionMenuTest extends DrupalWebTestCase {
function getInfo() {
return array(
......
......@@ -91,13 +91,8 @@ function template_preprocess_context_block_browser(&$vars) {
* Preprocessor for theme('context_block_browser_item').
*/
function template_preprocess_context_block_browser_item(&$vars) {
static $added = array();
$vars['bid'] = $vars['block']->bid;
$vars['info'] = check_plain($vars['block']->info);
if (empty($added[$vars['bid']])) {
drupal_add_js(array('contextBlockEditor' => array('block_tokens' => array($vars['bid'] => drupal_get_token($vars['bid'])))), 'setting');
$added[$vars['bid']] = TRUE;
}
}
/**
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment