Modified mechanism used for determining access to ajax rendering of block

3761c6ab · Chris Johnson · d7b4afab · 3761c6ab · 3761c6ab · 3761c6ab
Commit 3761c6ab authored Oct 16, 2013 by Chris Johnson
6 changed files
--- a/context.api.php
+++ b/context.api.php
@@ -104,3 +104,14 @@ function hook_context_load_alter(&$context) {
    );
  }
 }
+
+/**
+ * Allows for finer grained access mechanisms to using the json
+ * rendering capabilities of the block reaction when a user isn't
+ * granted the administer contexts or context ajax block access
+ * permission
+ * @param $block_id
+ *   ID of block in module-delta format
+ */
+function hook_context_allow_ajax_block_access($block_id) {
+}
--- a/context_ui/context_ui.module
+++ b/context_ui/context_ui.module
@@ -273,3 +273,10 @@ function context_ui_settings(&$form_state) {
 function context_ui_settings_submit($form, &$form_state) {
  variable_set('menu_rebuild_needed', TRUE);
 }
+
+/**
+ * Implements hook_perm
+ */
+function context_perm() {
+  return array('context ajax block access');
+}
--- a/plugins/context_reaction_block.inc
+++ b/plugins/context_reaction_block.inc
@@ -532,7 +532,7 @@ class context_reaction_block extends context_reaction {
      list($bid, $context) = explode(',', $param);
      list($module, $delta) = explode('-', $bid, 2);
      // Check token to make sure user has access to block.
-      if (empty($_GET['context_token']) || $_GET['context_token'] != drupal_get_token($bid)) {
+      if (!(user_access('context ajax block access') || $this->context_block_ajax_rendering_allowed($bid))) {
        echo drupal_to_js(array('status' => 0));
        exit;
      }
@@ -576,4 +576,18 @@ class context_reaction_block extends context_reaction {
    echo drupal_to_js(array('status' => 0));
    exit;
  }
+
+  /**
+   * Allow modules to selectively allow ajax rendering of a specific block
+   */
+  private function context_block_ajax_rendering_allowed($bid) {
+    $allowed = FALSE;
+    foreach (module_invoke_all('context_allow_ajax_block_access', $bid) as $module_allow) {
+      $allowed = $allow || $module_allow;
+      if ($allowed) {
+        break;
+      }
+    }
+    return $allowed;
+  }
 }
--- a/plugins/context_reaction_block.js
+++ b/plugins/context_reaction_block.js
@@ -242,11 +242,6 @@ DrupalContextBlockEditor.prototype.addBlock = function(event, ui, editor, contex
    // Construct query params for our AJAX block request.
    var params = Drupal.settings.contextBlockEditor.params;
    params.context_block = bid + ',' + context;
-    if (!Drupal.settings.contextBlockEditor.block_tokens || !Drupal.settings.contextBlockEditor.block_tokens[bid]) {
-      alert(Drupal.t('An error occurred trying to retrieve block content. Please contact a site administer.'));
-      return;
-    }
-    params.context_token = Drupal.settings.contextBlockEditor.block_tokens[bid];

    // Replace item with loading block.
    var blockLoading = $('<div class="context-block-item context-block-loading"><span class="icon"></span></div>');

--- a/tests/context.reactions.test
+++ b/tests/context.reactions.test
@@ -54,6 +54,8 @@ class ContextReactionBlockAjaxTest extends DrupalWebTestCase {

  function setUp() {
    parent::setUp('context', 'ctools');
+    $admin_user = $this->drupalCreateUser(array('context ajax block access'));
+    $this->drupalLogin($admin_user);
  }

  function test() {
@@ -66,6 +68,28 @@ class ContextReactionBlockAjaxTest extends DrupalWebTestCase {
  }
 }

+class ContextReactionBlockAjaxAccessTest extends DrupalWebTestCase {
+  function getInfo() {
+    return array(
+      'name' => t('Reaction: block ajax access'),
+      'description' => t('Test block reaction ajax access behavior.'),
+      'group' => t('Context'),
+    );
+  }
+
+  function setUp() {
+    parent::setUp('context', 'context_ui', 'ctools');
+  }
+
+  function test() {
+    $this->drupalGet('node', array(
+      'query' => array('context_block' => 'user-3,testcontext')
+    ));
+
+    $this->assertText('"status": 0');
+  }
+}
+
 class ContextReactionMenuTest extends DrupalWebTestCase {
  function getInfo() {
    return array(

--- a/theme/context_reaction_block.theme.inc
+++ b/theme/context_reaction_block.theme.inc
@@ -91,13 +91,8 @@ function template_preprocess_context_block_browser(&$vars) {
 * Preprocessor for theme('context_block_browser_item').
 */
 function template_preprocess_context_block_browser_item(&$vars) {
-  static $added = array();
  $vars['bid'] = $vars['block']->bid;
  $vars['info'] = check_plain($vars['block']->info);
-  if (empty($added[$vars['bid']])) {
-    drupal_add_js(array('contextBlockEditor' => array('block_tokens' => array($vars['bid'] => drupal_get_token($vars['bid'])))), 'setting');
-    $added[$vars['bid']] = TRUE;
-  }
 }

 /**