diff --git a/fillpdf.module b/fillpdf.module
index 6b6c52c77a96720c78ba59b2f59663dd91dedad8..fdab05cec7e7796488a6c37543b47ddeb6ea21ca 100644
--- a/fillpdf.module
+++ b/fillpdf.module
@@ -225,6 +225,21 @@ function fillpdf_file_download($uri) {
return NULL;
}
+/**
+ * Implements hook_file_download_access_alter().
+ */
+function fillpdf_file_download_access_alter(&$grants, $file_item, $entity_type, $entity) {
+ // If the user has the Publish All PDFs permission but does not have access,
+ // to the entity used to generate the file, another module might have denied
+ // them access in hook_file_download(). However, if they have Publish All
+ // PDFs, then we would have allowed them to generate the file anwyay. We
+ // therefore do a second check here and grant access definitively.
+ if (user_access('publish all pdfs') && !!fillpdf_file_download($file_item['uri'])) {
+ $grants['fillpdf'] = TRUE;
+ return;
+ }
+}
+
/**
* Gets a link to the printable PDF, merged with the passed-in data.
*
@@ -1140,6 +1155,9 @@ function fillpdf_execute_merge($method, $fields, $fillpdf, $mode = 'url', $flatt
}
file_unmanaged_delete($xfdffile);
break;
+
+ case 'test':
+ $data = file_get_contents(drupal_get_path('module', 'fillpdf') . '/tests/fillpdf_test_v4.pdf');
}
if ($data) {
return $data;
@@ -1300,6 +1318,26 @@ function fillpdf_execute_parse($method, $fillpdf, $mode = 'url') {
}
}
break;
+
+ case 'test':
+ $fields = array(
+ 0 => array(
+ 'name' => 'ImageField',
+ 'value' => '',
+ 'type' => 'Pushbutton',
+ ),
+ 1 => array(
+ 'name' => 'Button',
+ 'value' => '',
+ 'type' => 'Pushbutton',
+ ),
+ 2 => array(
+ 'name' => 'TextField',
+ 'value' => '',
+ 'type' => 'Text',
+ ),
+ );
+ break;
}
if ($mode == 'stream') {
file_unmanaged_delete($filename);
diff --git a/tests/fillpdf.test b/tests/fillpdf.test
index 3af7f6c20ea600a4d23ffbc292398f89574aa044..60f42422eb86a335c03b629eea85e9fc380d3bac 100644
--- a/tests/fillpdf.test
+++ b/tests/fillpdf.test
@@ -10,8 +10,9 @@
*
* @todo Add a test based on an Acrobat-created PDF.
*/
-class FillPdfWebTestCase extends DrupalWebTestCase {
+class FillPdfWebTestCase extends FileFieldTestCase {
protected $privileged_user;
+ protected $nonPrivilegedUser;
/**
*
@@ -31,7 +32,7 @@ class FillPdfWebTestCase extends DrupalWebTestCase {
public function setUp() {
// Enable any modules required for the test. This should be an array of
// module names.
- parent::setUp(array('fillpdf'));
+ parent::setUp(array('fillpdf_test'));
// Create and log in our privileged user.
$this->privileged_user = $this->drupalCreateUser(array(
@@ -39,6 +40,11 @@ class FillPdfWebTestCase extends DrupalWebTestCase {
'administer pdfs',
'publish all pdfs',
));
+
+ $this->nonPrivilegedUser = $this->drupalCreateUser(array(
+ 'access content',
+ ));
+
$this->drupalLogin($this->privileged_user);
}
@@ -109,4 +115,59 @@ class FillPdfWebTestCase extends DrupalWebTestCase {
$this->assertEqual($expected_link2, $actual_link2, 'fillpdf_context_to_link() generates a link with multiple Webforms correctly.');
}
+ /**
+ * Make sure that file access works properly.
+ */
+ public function testFileAccess() {
+ $this->createFileField('field_pdf', 'page');
+
+ // Make a basic page.
+ $new_node = new stdClass();
+ $new_node->type = 'page';
+ $new_node->title = t('Test node');
+ $new_node->field_body = array(
+ LANGUAGE_NONE => array(
+ 0 => array(
+ 'value' => 'This is test text.',
+ ),
+ ),
+ );
+ $new_node->uid = 1;
+ node_save($new_node);
+
+ variable_set('fillpdf_service', 'test');
+ variable_set('fillpdf_scheme', 'private');
+
+ // Upload a template.
+ $this->drupalPost('admin/structure/fillpdf', array(
+ 'files[upload_pdf]' => drupal_realpath(drupal_get_path('module', 'fillpdf') . '/tests/fillpdf_test_v4.pdf'),
+ ), t('Upload'));
+
+ $this->drupalGet('node/1');
+ $this->assertResponse(403, 'Access properly denied for non-admin.');
+
+ db_update('fillpdf_forms')
+ ->fields(array('destination_path' => 'output'))
+ ->condition('fid', 1)
+ ->execute();
+
+ $fillpdf_object = fillpdf_merge_pdf(1, array(1), NULL, NULL, FALSE, FALSE, TRUE, FALSE);
+ $saved_file = fillpdf_action_save_to_file($fillpdf_object, 'fillpdf_test_v4.pdf', FALSE, FALSE);
+ $saved_file->display = 1;
+
+ $new_node->field_pdf = array(
+ LANGUAGE_NONE => array(
+ 0 => (array) $saved_file,
+ ),
+ );
+ node_save($new_node);
+
+ $this->drupalGet('system/files/fillpdf/output/fillpdf_test_v4.pdf');
+ $this->assertResponse(200, 'User can generate and access PDF from any data when they have the Publish All PDFs permission.');
+
+ $this->drupalLogin($this->nonPrivilegedUser);
+ $this->drupalGet('system/files/fillpdf/output/fillpdf_test_v4.pdf');
+ $this->assertResponse(403, 'User without Administer PDFs and without Publish All PDFs cannot access PDF they cannot view the node for.');
+ }
+
}
diff --git a/tests/fillpdf_test_v4.pdf b/tests/fillpdf_test_v4.pdf
new file mode 100644
index 0000000000000000000000000000000000000000..234d07010d652133406508fe5013e8205f4272e0
Binary files /dev/null and b/tests/fillpdf_test_v4.pdf differ
diff --git a/tests/modules/fillpdf_test.info b/tests/modules/fillpdf_test.info
new file mode 100644
index 0000000000000000000000000000000000000000..03eb789847c04473f513b7e0f8bf73dcd01a9300
--- /dev/null
+++ b/tests/modules/fillpdf_test.info
@@ -0,0 +1,8 @@
+name = FillPDF Testing
+description = Supports FillPDF tests. Do not enable manually.
+core = 7.x
+package = Other
+dependencies[] = fillpdf
+
+; This is a test module.
+hidden = TRUE
diff --git a/tests/modules/fillpdf_test.module b/tests/modules/fillpdf_test.module
new file mode 100644
index 0000000000000000000000000000000000000000..ef590fa2b7d9b117c3146c522777eee777e861d3
--- /dev/null
+++ b/tests/modules/fillpdf_test.module
@@ -0,0 +1,20 @@
+<?php
+/**
+ * Implements hook_node_access().
+ */
+function fillpdf_test_node_access($node, $op, $account) {
+ if (is_string($node)) {
+ $node = new stdClass();
+ $node->type = $node;
+ }
+
+ if ($node->type !== 'page') {
+ return NODE_ACCESS_IGNORE;
+ }
+
+ if (!empty($account->uid) && (int) $account->uid === 1) {
+ return NODE_ACCESS_ALLOW;
+ }
+
+ return NODE_ACCESS_DENY;
+}