diff options
| author | Lee Rowlands <lee.rowlands@previousnext.com.au> | 2024-11-30 07:21:53 +1000 |
|---|---|---|
| committer | Lee Rowlands <lee.rowlands@previousnext.com.au> | 2024-11-30 07:21:53 +1000 |
| commit | a3127db64ff9e9660a3c13960d48eb8cfb50305c (patch) | |
| tree | 03332babf8faedc1295c104fcf41c4746167138e /core/modules/jsonapi | |
| parent | 25ac783ca4a8acbc3ccf857b3b96bc1e18b93b2a (diff) | |
| download | drupal-a3127db64ff9e9660a3c13960d48eb8cfb50305c.tar.gz drupal-a3127db64ff9e9660a3c13960d48eb8cfb50305c.zip | |
Issue #3278759 by mxr576, kristiaanvandeneynde, acbramley, danflanagan8, larowlan, bbrala: Access cacheability is not correct when "view own unpublished content" is in use
Diffstat (limited to 'core/modules/jsonapi')
| -rw-r--r-- | core/modules/jsonapi/tests/src/Functional/NodeTest.php | 31 |
1 files changed, 25 insertions, 6 deletions
diff --git a/core/modules/jsonapi/tests/src/Functional/NodeTest.php b/core/modules/jsonapi/tests/src/Functional/NodeTest.php index c40b95ae5853..f10b97f0cbc5 100644 --- a/core/modules/jsonapi/tests/src/Functional/NodeTest.php +++ b/core/modules/jsonapi/tests/src/Functional/NodeTest.php @@ -346,17 +346,13 @@ class NodeTest extends ResourceTestBase { ['4xx-response', 'http_response', 'node:1'], ['url.query_args', 'url.site', 'user.permissions'], 'UNCACHEABLE (request policy)', - 'MISS' + TRUE ); // 200 after granting permission. $this->grantPermissionsToTestedRole(['view own unpublished content']); $response = $this->request('GET', $url, $request_options); - // The response varies by 'user', causing the 'user.permissions' cache - // context to be optimized away. - $expected_cache_contexts = Cache::mergeContexts($this->getExpectedCacheContexts(), ['user']); - $expected_cache_contexts = array_diff($expected_cache_contexts, ['user.permissions']); - $this->assertResourceResponse(200, FALSE, $response, $this->getExpectedCacheTags(), $expected_cache_contexts, 'UNCACHEABLE (request policy)', 'UNCACHEABLE (poor cacheability)'); + $this->assertResourceResponse(200, FALSE, $response, $this->getExpectedCacheTags(), $this->getExpectedCacheContexts(), 'UNCACHEABLE (request policy)', TRUE); } /** @@ -416,6 +412,29 @@ class NodeTest extends ResourceTestBase { /** * {@inheritdoc} */ + protected function getExpectedCacheContexts(?array $sparse_fieldset = NULL) { + // \Drupal\Tests\jsonapi\Functional\ResourceTestBase::testRevisions() + // loads different revisions via query parameters, we do our best + // here to react to those directly, or indirectly. + $cache_contexts = parent::getExpectedCacheContexts($sparse_fieldset); + + // This is bubbled up by + // \Drupal\node\NodeAccessControlHandler::checkAccess() directly. + if ($this->entity->isPublished()) { + return $cache_contexts; + } + if (!\Drupal::currentUser()->isAuthenticated()) { + return Cache::mergeContexts($cache_contexts, ['user.roles:authenticated']); + } + if (\Drupal::currentUser()->hasPermission('view own unpublished content')) { + return Cache::mergeContexts($cache_contexts, ['user']); + } + return $cache_contexts; + } + + /** + * {@inheritdoc} + */ protected static function getIncludePermissions(): array { return [ 'uid.node_type' => ['administer users'], |