diff --git a/sites/all/modules/contrib/admin/uuid/composer.json b/sites/all/modules/contrib/admin/uuid/composer.json new file mode 100644 index 00000000..306e4964 --- /dev/null +++ b/sites/all/modules/contrib/admin/uuid/composer.json @@ -0,0 +1,13 @@ +{ + "name": "drupal/uuid", + "description": "Extends the entity functionality and adds support for universally unique identifiers.", + "type": "drupal-module", + "license": "GPL-2.0+", + "minimum-stability": "dev", + "require-dev": { + "drupal/ctools": "1.x-dev", + "drupal/rest_server": "~3.0", + "drupal/services": "~3.0", + "drupal/entity": "~1.0" + } +} diff --git a/sites/all/modules/contrib/admin/uuid/uuid.info b/sites/all/modules/contrib/admin/uuid/uuid.info index cefaf291..08f429c2 100644 --- a/sites/all/modules/contrib/admin/uuid/uuid.info +++ b/sites/all/modules/contrib/admin/uuid/uuid.info @@ -7,8 +7,8 @@ files[] = uuid.test dependencies[] = node dependencies[] = user -; Information added by Drupal.org packaging script on 2018-07-19 -version = "7.x-1.2" +; Information added by Drupal.org packaging script on 2019-05-29 +version = "7.x-1.3" core = "7.x" project = "uuid" -datestamp = "1531990689" +datestamp = "1559150887" diff --git a/sites/all/modules/contrib/admin/uuid/uuid.test b/sites/all/modules/contrib/admin/uuid/uuid.test index 6c1481a3..26f3c839 100644 --- a/sites/all/modules/contrib/admin/uuid/uuid.test +++ b/sites/all/modules/contrib/admin/uuid/uuid.test @@ -6,11 +6,9 @@ */ /** - * UUID test helper trait. - * - * Contains methods that assist with running UUID tests. + * Base class with some helper methods. */ -trait UUIDTestHelper { +abstract class UUIDTestCase extends DrupalWebTestCase { /** * Helper function that asserts a UUID. @@ -21,15 +19,6 @@ trait UUIDTestHelper { } -/** - * Base class with some helper methods. - */ -abstract class UUIDTestCase extends DrupalWebTestCase { - - use UUIDTestHelper; - -} - /** * Tests the UUID API functions. */ @@ -488,8 +477,6 @@ class UUIDNodeTestCase extends UUIDTestCase { */ class UUIDCommentTestCase extends CommentHelperCase { - use UUIDTestHelper; - /** * {@inheritdoc} */ @@ -501,6 +488,13 @@ class UUIDCommentTestCase extends CommentHelperCase { ); } + /** + * Helper function that asserts a UUID. + */ + protected function assertUuid($uuid, $message = NULL) { + $this->assertTrue(uuid_is_valid($uuid), $message); + } + /** * Test CRUD on comments with UUID functions. */ @@ -559,8 +553,6 @@ class UUIDCommentTestCase extends CommentHelperCase { */ class UUIDTaxonomyTestCase extends TaxonomyWebTestCase { - use UUIDTestHelper; - /** * {@inheritdoc} */ @@ -588,6 +580,13 @@ class UUIDTaxonomyTestCase extends TaxonomyWebTestCase { parent::setUp($modules); } + /** + * Helper function that asserts a UUID. + */ + protected function assertUuid($uuid, $message = NULL) { + $this->assertTrue(uuid_is_valid($uuid), $message); + } + /** * Test CRUD on comments with UUID functions. */ diff --git a/sites/all/modules/contrib/admin/uuid/uuid_path/uuid_path.info b/sites/all/modules/contrib/admin/uuid/uuid_path/uuid_path.info index 77ad15c3..e37d9279 100644 --- a/sites/all/modules/contrib/admin/uuid/uuid_path/uuid_path.info +++ b/sites/all/modules/contrib/admin/uuid/uuid_path/uuid_path.info @@ -5,8 +5,8 @@ package = UUID dependencies[] = uuid -; Information added by Drupal.org packaging script on 2018-07-19 -version = "7.x-1.2" +; Information added by Drupal.org packaging script on 2019-05-29 +version = "7.x-1.3" core = "7.x" project = "uuid" -datestamp = "1531990689" +datestamp = "1559150887" diff --git a/sites/all/modules/contrib/admin/uuid/uuid_services/uuid_services.info b/sites/all/modules/contrib/admin/uuid/uuid_services/uuid_services.info index dd1ae423..65ddd3b6 100644 --- a/sites/all/modules/contrib/admin/uuid/uuid_services/uuid_services.info +++ b/sites/all/modules/contrib/admin/uuid/uuid_services/uuid_services.info @@ -3,6 +3,8 @@ description = Provides integration with the Services module, like exposing a UUI core = 7.x package = Services - resources +files[] = uuid_services.user_services.test + dependencies[] = services dependencies[] = uuid dependencies[] = entity @@ -13,8 +15,8 @@ test_dependencies[] = file test_dependencies[] = field test_dependencies[] = file_entity -; Information added by Drupal.org packaging script on 2018-07-19 -version = "7.x-1.2" +; Information added by Drupal.org packaging script on 2019-05-29 +version = "7.x-1.3" core = "7.x" project = "uuid" -datestamp = "1531990689" +datestamp = "1559150887" diff --git a/sites/all/modules/contrib/admin/uuid/uuid_services/uuid_services.module b/sites/all/modules/contrib/admin/uuid/uuid_services/uuid_services.module index 5a0e6289..eee362d0 100644 --- a/sites/all/modules/contrib/admin/uuid/uuid_services/uuid_services.module +++ b/sites/all/modules/contrib/admin/uuid/uuid_services/uuid_services.module @@ -170,6 +170,13 @@ function _uuid_services_entity_update($entity_type, $uuid, $entity) { } } } + + // Sanitize user roles if user is not allowed to modify them. + if ($entity_type == 'user' && !empty($entity->roles) && !user_access('administer permissions')) { + $original_user = user_load(entity_get_id_by_uuid('user', array($entity->uuid))[$entity->uuid]); + $entity->roles = $original_user->roles; + } + entity_uuid_save($entity_type, $entity); return $entity; } @@ -194,7 +201,7 @@ function _uuid_services_entity_delete($entity_type, $uuid) { return TRUE; } - $return = entity_uuid_delete($entity_type, array($uuid)) !== FALSE; + $return = entity_uuid_delete($entity_type, $uuid) !== FALSE; return $return; } catch (Exception $exception) { diff --git a/sites/all/modules/contrib/admin/uuid/uuid_services/uuid_services.user_services.test b/sites/all/modules/contrib/admin/uuid/uuid_services/uuid_services.user_services.test new file mode 100644 index 00000000..b7f327ca --- /dev/null +++ b/sites/all/modules/contrib/admin/uuid/uuid_services/uuid_services.user_services.test @@ -0,0 +1,231 @@ + 'UUID User Services tests', + 'description' => 'Test the user services resource UUID methods and actions.', + 'group' => 'UUID', + ); + } + + /** + * {@inheritdoc} + */ + public function setUp() { + parent::setUp( + 'ctools', + 'services', + 'rest_server', + 'uuid_services' + ); + $this->endpoint = $this->saveNewEndpoint(); + } + + /** + * {@inheritdoc} + */ + public function saveNewEndpoint() { + $edit = $this->populateEndpointFAPI(); + $endpoint = new stdClass(); + $endpoint->disabled = FALSE; + $endpoint->api_version = 3; + $endpoint->name = $edit['name']; + $endpoint->server = $edit['server']; + $endpoint->path = $edit['path']; + $endpoint->authentication = array( + 'services' => 'services', + ); + $endpoint->server_settings = array( + 'formatters' => array( + 'json' => TRUE, + 'bencode' => TRUE, + 'rss' => TRUE, + 'plist' => TRUE, + 'xmlplist' => TRUE, + 'php' => TRUE, + 'yaml' => TRUE, + 'jsonp' => FALSE, + 'xml' => FALSE, + ), + 'parsers' => array( + 'application/x-yaml' => TRUE, + 'application/json' => TRUE, + 'application/vnd.php.serialized' => TRUE, + 'application/plist' => TRUE, + 'application/plist+xml' => TRUE, + 'application/x-www-form-urlencoded' => TRUE, + 'multipart/form-data' => TRUE, + ), + ); + $endpoint->resources = array( + 'user' => array( + 'operations' => array( + 'create' => array( + 'enabled' => 1, + ), + 'retrieve' => array( + 'enabled' => 1, + ), + 'update' => array( + 'enabled' => 1, + ), + 'delete' => array( + 'enabled' => 1, + ), + 'index' => array( + 'enabled' => 1, + ), + ), + ), + ); + $endpoint->debug = 1; + $endpoint->export_type = FALSE; + services_endpoint_save($endpoint); + $endpoint = services_endpoint_load($endpoint->name); + $this->assertTrue($endpoint->name == $edit['name'], 'Endpoint successfully created'); + return $endpoint; + } + + /** + * Tests user Retrieve. + */ + public function testUserRetrieve() { + $admin_user = $this->drupalCreateUser(array( + 'administer services', + 'administer users', + )); + $this->drupalLogin($admin_user); + $other_user = $this->drupalCreateUser(); + + // Verify user is found. + $response = $this->servicesGet($this->endpoint->path . '/user/' . $other_user->uuid); + $this->assertTrue($other_user->uuid == $response['body']->uuid, + 'Successfully received User info'); + } + + /** + * Tests user Update his own account. + */ + public function testUserUpdate() { + $admin_user = $this->drupalCreateUser(array( + 'administer services', + 'administer users', + 'administer permissions', + )); + $this->drupalLogin($admin_user); + + $other_user = $this->drupalCreateUser(); + $update = array( + 'uuid' => $other_user->uuid, + 'roles' => array( + '2' => 'authenticated user', + '3' => 'administrator', + ), + ); + $this->servicesPut($this->endpoint->path . '/user/' . $other_user->uuid, $update); + $user_after_update = user_load($other_user->uid, TRUE); + $this->assertTrue(in_array('administrator', $user_after_update->roles), 'Administrator role successfully added'); + } + + /** + * Tests user Update another account fail with no permissions. + */ + public function testUserUpdatePermFail() { + $user = $this->drupalCreateUser(); + $this->drupalLogin($user); + + $other_user = $this->drupalCreateUser(); + + $update = array( + 'uuid' => $other_user->uuid, + 'name' => 'test_edit', + 'roles' => array( + '2' => 'authenticated user', + '3' => 'administrator', + ), + ); + $response = $this->servicesPut($this->endpoint->path . '/user/' . $other_user->uuid, $update); + $user_after_update = user_load($other_user->uid, TRUE); + $this->assertNotEqual($update['name'], $user_after_update->name, 'User name was not updated without the needed permissions'); + $this->assertFalse(in_array('administrator', $user_after_update->roles), 'Administrator role was not added without the needed permissions'); + $this->assertTrue($response['code'] == 403, + 'Updating the user failed without the needed permissions'); + } + + /** + * Tests user Update his own account fail with no permissions. + */ + public function testUserOwnUpdatePermFail() { + $user = $this->drupalCreateUser([ + 'access user profiles', + ]); + $this->drupalLogin($user); + $user = user_load($user->uid, TRUE); + + $update = array( + 'uuid' => $user->uuid, + 'roles' => array( + '2' => 'authenticated user', + '3' => 'administrator', + ), + ); + $this->servicesPut($this->endpoint->path . '/user/' . $user->uuid, $update); + $user_after_update = user_load($user->uid, TRUE); + $this->assertFalse(in_array('administrator', $user_after_update->roles), 'Administrator role was not added without the needed permissions'); + $this->assertEqual($user->roles, $user_after_update->roles, 'Existing roles persist after update.'); + } + + /** + * Tests user Delete. + */ + public function testUserDelete() { + $admin_user = $this->drupalCreateUser(array( + 'administer services', + 'administer users', + )); + $this->drupalLogin($admin_user); + + $other_user = $this->drupalCreateUser(); + + $this->servicesDelete($this->endpoint->path . '/user/' . $other_user->uuid); + $user_after_update = user_load($other_user->uid, TRUE); + $this->assertTrue(empty($user_after_update), 'User was deleted'); + } + + /** + * Tests user Delete fail with no permissions. + */ + public function testUserDeletePermFail() { + $user = $this->drupalCreateUser(); + $this->drupalLogin($user); + + $other_user = $this->drupalCreateUser(); + + $response = $this->servicesDelete($this->endpoint->path . '/user/' . $other_user->uuid); + $user_after_update = user_load($other_user->uid, TRUE); + $this->assertTrue(!empty($user_after_update), 'User was not deleted without the needed permissions'); + $this->assertTrue($response['code'] == 403, + 'Deleting the user failed without the needed permissions'); + } + +} diff --git a/sites/all/modules/contrib/admin/uuid/uuid_services_example/uuid_services_example.info b/sites/all/modules/contrib/admin/uuid/uuid_services_example/uuid_services_example.info index 5874051f..f8e88d17 100644 --- a/sites/all/modules/contrib/admin/uuid/uuid_services_example/uuid_services_example.info +++ b/sites/all/modules/contrib/admin/uuid/uuid_services_example/uuid_services_example.info @@ -11,8 +11,8 @@ features[ctools][] = services:services:3 features[features_api][] = api:2 features[services_endpoint][] = uuid_services_example -; Information added by Drupal.org packaging script on 2018-07-19 -version = "7.x-1.2" +; Information added by Drupal.org packaging script on 2019-05-29 +version = "7.x-1.3" core = "7.x" project = "uuid" -datestamp = "1531990689" +datestamp = "1559150887"