Restrict access to user 1 so that Account Admins cannot edit it.
This commit is contained in:
parent
501d573b19
commit
05a3b374bb
|
@ -0,0 +1,22 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* @file
|
||||
* Hooks implemented by the farmOS Account Admin Role module.
|
||||
*/
|
||||
|
||||
use Drupal\Core\Access\AccessResult;
|
||||
use Drupal\Core\Entity\EntityInterface;
|
||||
use Drupal\Core\Session\AccountInterface;
|
||||
|
||||
/**
|
||||
* Implements hook_ENTITY_TYPE_access().
|
||||
*/
|
||||
function farm_role_account_admin_user_access(EntityInterface $entity, $operation, AccountInterface $account) {
|
||||
|
||||
// Only user 1 can access user 1.
|
||||
if ($entity->id() == 1 && $account->id() != 1) {
|
||||
return AccessResult::forbidden();
|
||||
}
|
||||
return AccessResult::neutral();
|
||||
}
|
|
@ -0,0 +1,39 @@
|
|||
<?php
|
||||
|
||||
namespace Drupal\Tests\farm_role_account_admin\Functional;
|
||||
|
||||
use Drupal\Tests\farm_test\Functional\FarmBrowserTestBase;
|
||||
|
||||
/**
|
||||
* Tests access to user 1.
|
||||
*
|
||||
* @group farm
|
||||
*/
|
||||
class UserAccessTest extends FarmBrowserTestBase {
|
||||
|
||||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
protected static $modules = [
|
||||
'farm_role_account_admin',
|
||||
];
|
||||
|
||||
/**
|
||||
* Test user 1 access.
|
||||
*/
|
||||
public function testUser1Access() {
|
||||
|
||||
// Create and login a user with farm_account_admin role.
|
||||
$user = $this->createUser();
|
||||
$user->addRole('farm_account_admin');
|
||||
$user->save();
|
||||
$this->drupalLogin($user);
|
||||
|
||||
// Confirm that the user cannot access user 1.
|
||||
$this->drupalGet('user/1');
|
||||
$this->assertSession()->statusCodeEquals(403);
|
||||
$this->drupalGet('user/1/edit');
|
||||
$this->assertSession()->statusCodeEquals(403);
|
||||
}
|
||||
|
||||
}
|
Loading…
Reference in New Issue