updated uuid contrib module

sites/all/modules/contrib/admin/uuid/composer.json

@@ -0,0 +1,13 @@
+{
+  "name": "drupal/uuid",
+  "description": "Extends the entity functionality and adds support for universally unique identifiers.",
+  "type": "drupal-module",
+  "license": "GPL-2.0+",
+  "minimum-stability": "dev",
+  "require-dev": {
+    "drupal/ctools": "1.x-dev",
+    "drupal/rest_server": "~3.0",
+    "drupal/services": "~3.0",
+    "drupal/entity": "~1.0"
+  }
+}

sites/all/modules/contrib/admin/uuid/uuid.info

@@ -7,8 +7,8 @@ files[] = uuid.test
 dependencies[] = node
 dependencies[] = user
 
-; Information added by Drupal.org packaging script on 2018-07-19
+; Information added by Drupal.org packaging script on 2019-05-29
-version = "7.x-1.2"
+version = "7.x-1.3"
 core = "7.x"
 project = "uuid"
-datestamp = "1531990689"
+datestamp = "1559150887"

sites/all/modules/contrib/admin/uuid/uuid.test

@@ -6,11 +6,9 @@
  */
 
 /**
- * UUID test helper trait.
+ * Base class with some helper methods.
- *
- * Contains methods that assist with running UUID tests.
  */
-trait UUIDTestHelper {
+abstract class UUIDTestCase extends DrupalWebTestCase {
 
   /**
    * Helper function that asserts a UUID.
@@ -21,15 +19,6 @@ trait UUIDTestHelper {
 
 }
 
-/**
- * Base class with some helper methods.
- */
-abstract class UUIDTestCase extends DrupalWebTestCase {
-
-  use UUIDTestHelper;
-
-}
-
 /**
  * Tests the UUID API functions.
  */
@@ -488,8 +477,6 @@ class UUIDNodeTestCase extends UUIDTestCase {
  */
 class UUIDCommentTestCase extends CommentHelperCase {
 
-  use UUIDTestHelper;
-
   /**
    * {@inheritdoc}
    */
@@ -501,6 +488,13 @@ class UUIDCommentTestCase extends CommentHelperCase {
     );
   }
 
+  /**
+   * Helper function that asserts a UUID.
+   */
+  protected function assertUuid($uuid, $message = NULL) {
+    $this->assertTrue(uuid_is_valid($uuid), $message);
+  }
+
   /**
    * Test CRUD on comments with UUID functions.
    */
@@ -559,8 +553,6 @@ class UUIDCommentTestCase extends CommentHelperCase {
  */
 class UUIDTaxonomyTestCase extends TaxonomyWebTestCase {
 
-  use UUIDTestHelper;
-
   /**
    * {@inheritdoc}
    */
@@ -588,6 +580,13 @@ class UUIDTaxonomyTestCase extends TaxonomyWebTestCase {
     parent::setUp($modules);
   }
 
+  /**
+   * Helper function that asserts a UUID.
+   */
+  protected function assertUuid($uuid, $message = NULL) {
+    $this->assertTrue(uuid_is_valid($uuid), $message);
+  }
+
   /**
    * Test CRUD on comments with UUID functions.
    */

sites/all/modules/contrib/admin/uuid/uuid_path/uuid_path.info

@@ -5,8 +5,8 @@ package = UUID
 dependencies[] = uuid
 
 
-; Information added by Drupal.org packaging script on 2018-07-19
+; Information added by Drupal.org packaging script on 2019-05-29
-version = "7.x-1.2"
+version = "7.x-1.3"
 core = "7.x"
 project = "uuid"
-datestamp = "1531990689"
+datestamp = "1559150887"

sites/all/modules/contrib/admin/uuid/uuid_services/uuid_services.info

@@ -3,6 +3,8 @@ description = Provides integration with the Services module, like exposing a UUI
 core = 7.x
 package = Services - resources
 
+files[] = uuid_services.user_services.test
+
 dependencies[] = services
 dependencies[] = uuid
 dependencies[] = entity
@@ -13,8 +15,8 @@ test_dependencies[] = file
 test_dependencies[] = field
 test_dependencies[] = file_entity
 
-; Information added by Drupal.org packaging script on 2018-07-19
+; Information added by Drupal.org packaging script on 2019-05-29
-version = "7.x-1.2"
+version = "7.x-1.3"
 core = "7.x"
 project = "uuid"
-datestamp = "1531990689"
+datestamp = "1559150887"

sites/all/modules/contrib/admin/uuid/uuid_services/uuid_services.module

@@ -170,6 +170,13 @@ function _uuid_services_entity_update($entity_type, $uuid, $entity) {
         }
       }
     }
+
+    // Sanitize user roles if user is not allowed to modify them.
+    if ($entity_type == 'user' && !empty($entity->roles) && !user_access('administer permissions')) {
+      $original_user = user_load(entity_get_id_by_uuid('user', array($entity->uuid))[$entity->uuid]);
+      $entity->roles = $original_user->roles;
+    }
+
     entity_uuid_save($entity_type, $entity);
     return $entity;
   }
@@ -194,7 +201,7 @@ function _uuid_services_entity_delete($entity_type, $uuid) {
       return TRUE;
     }
 
-    $return = entity_uuid_delete($entity_type, array($uuid)) !== FALSE;
+    $return = entity_uuid_delete($entity_type, $uuid) !== FALSE;
     return $return;
   }
   catch (Exception $exception) {

sites/all/modules/contrib/admin/uuid/uuid_services/uuid_services.user_services.test

@@ -0,0 +1,231 @@
+<?php
+
+/**
+ * @file
+ * Test the UUID User Services integration.
+ */
+
+ /**
+  * Test the UUID User Services integration.
+  */
+class UuidUserServicesTest extends ServicesWebTestCase {
+
+  /**
+   * The endpoint configuration.
+   *
+   * @var object
+   */
+  protected $endpoint = NULL;
+
+  /**
+   * {@inheritdoc}
+   */
+  public static function getInfo() {
+    return array(
+      'name' => 'UUID User Services tests',
+      'description' => 'Test the user services resource UUID methods and actions.',
+      'group' => 'UUID',
+    );
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  public function setUp() {
+    parent::setUp(
+      'ctools',
+      'services',
+      'rest_server',
+      'uuid_services'
+    );
+    $this->endpoint = $this->saveNewEndpoint();
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  public function saveNewEndpoint() {
+    $edit = $this->populateEndpointFAPI();
+    $endpoint = new stdClass();
+    $endpoint->disabled = FALSE;
+    $endpoint->api_version = 3;
+    $endpoint->name = $edit['name'];
+    $endpoint->server = $edit['server'];
+    $endpoint->path = $edit['path'];
+    $endpoint->authentication = array(
+      'services' => 'services',
+    );
+    $endpoint->server_settings = array(
+      'formatters' => array(
+        'json' => TRUE,
+        'bencode' => TRUE,
+        'rss' => TRUE,
+        'plist' => TRUE,
+        'xmlplist' => TRUE,
+        'php' => TRUE,
+        'yaml' => TRUE,
+        'jsonp' => FALSE,
+        'xml' => FALSE,
+      ),
+      'parsers' => array(
+        'application/x-yaml' => TRUE,
+        'application/json' => TRUE,
+        'application/vnd.php.serialized' => TRUE,
+        'application/plist' => TRUE,
+        'application/plist+xml' => TRUE,
+        'application/x-www-form-urlencoded' => TRUE,
+        'multipart/form-data' => TRUE,
+      ),
+    );
+    $endpoint->resources = array(
+      'user' => array(
+        'operations' => array(
+          'create' => array(
+            'enabled' => 1,
+          ),
+          'retrieve' => array(
+            'enabled' => 1,
+          ),
+          'update' => array(
+            'enabled' => 1,
+          ),
+          'delete' => array(
+            'enabled' => 1,
+          ),
+          'index' => array(
+            'enabled' => 1,
+          ),
+        ),
+      ),
+    );
+    $endpoint->debug = 1;
+    $endpoint->export_type = FALSE;
+    services_endpoint_save($endpoint);
+    $endpoint = services_endpoint_load($endpoint->name);
+    $this->assertTrue($endpoint->name == $edit['name'], 'Endpoint successfully created');
+    return $endpoint;
+  }
+
+  /**
+   * Tests user Retrieve.
+   */
+  public function testUserRetrieve() {
+    $admin_user = $this->drupalCreateUser(array(
+      'administer services',
+      'administer users',
+    ));
+    $this->drupalLogin($admin_user);
+    $other_user = $this->drupalCreateUser();
+
+    // Verify user is found.
+    $response = $this->servicesGet($this->endpoint->path . '/user/' . $other_user->uuid);
+    $this->assertTrue($other_user->uuid == $response['body']->uuid,
+      'Successfully received User info');
+  }
+
+  /**
+   * Tests user Update his own account.
+   */
+  public function testUserUpdate() {
+    $admin_user = $this->drupalCreateUser(array(
+      'administer services',
+      'administer users',
+      'administer permissions',
+    ));
+    $this->drupalLogin($admin_user);
+
+    $other_user = $this->drupalCreateUser();
+    $update = array(
+      'uuid' => $other_user->uuid,
+      'roles' => array(
+        '2' => 'authenticated user',
+        '3' => 'administrator',
+      ),
+    );
+    $this->servicesPut($this->endpoint->path . '/user/' . $other_user->uuid, $update);
+    $user_after_update = user_load($other_user->uid, TRUE);
+    $this->assertTrue(in_array('administrator', $user_after_update->roles), 'Administrator role successfully added');
+  }
+
+  /**
+   * Tests user Update another account fail with no permissions.
+   */
+  public function testUserUpdatePermFail() {
+    $user = $this->drupalCreateUser();
+    $this->drupalLogin($user);
+
+    $other_user = $this->drupalCreateUser();
+
+    $update = array(
+      'uuid' => $other_user->uuid,
+      'name' => 'test_edit',
+      'roles' => array(
+        '2' => 'authenticated user',
+        '3' => 'administrator',
+      ),
+    );
+    $response = $this->servicesPut($this->endpoint->path . '/user/' . $other_user->uuid, $update);
+    $user_after_update = user_load($other_user->uid, TRUE);
+    $this->assertNotEqual($update['name'], $user_after_update->name, 'User name was not updated without the needed permissions');
+    $this->assertFalse(in_array('administrator', $user_after_update->roles), 'Administrator role was not added without the needed permissions');
+    $this->assertTrue($response['code'] == 403,
+      'Updating the user failed without the needed permissions');
+  }
+
+  /**
+   * Tests user Update his own account fail with no permissions.
+   */
+  public function testUserOwnUpdatePermFail() {
+    $user = $this->drupalCreateUser([
+      'access user profiles',
+    ]);
+    $this->drupalLogin($user);
+    $user = user_load($user->uid, TRUE);
+
+    $update = array(
+      'uuid' => $user->uuid,
+      'roles' => array(
+        '2' => 'authenticated user',
+        '3' => 'administrator',
+      ),
+    );
+    $this->servicesPut($this->endpoint->path . '/user/' . $user->uuid, $update);
+    $user_after_update = user_load($user->uid, TRUE);
+    $this->assertFalse(in_array('administrator', $user_after_update->roles), 'Administrator role was not added without the needed permissions');
+    $this->assertEqual($user->roles, $user_after_update->roles, 'Existing roles persist after update.');
+  }
+
+  /**
+   * Tests user Delete.
+   */
+  public function testUserDelete() {
+    $admin_user = $this->drupalCreateUser(array(
+      'administer services',
+      'administer users',
+    ));
+    $this->drupalLogin($admin_user);
+
+    $other_user = $this->drupalCreateUser();
+
+    $this->servicesDelete($this->endpoint->path . '/user/' . $other_user->uuid);
+    $user_after_update = user_load($other_user->uid, TRUE);
+    $this->assertTrue(empty($user_after_update), 'User was deleted');
+  }
+
+  /**
+   * Tests user Delete fail with no permissions.
+   */
+  public function testUserDeletePermFail() {
+    $user = $this->drupalCreateUser();
+    $this->drupalLogin($user);
+
+    $other_user = $this->drupalCreateUser();
+
+    $response = $this->servicesDelete($this->endpoint->path . '/user/' . $other_user->uuid);
+    $user_after_update = user_load($other_user->uid, TRUE);
+    $this->assertTrue(!empty($user_after_update), 'User was not deleted without the needed permissions');
+    $this->assertTrue($response['code'] == 403,
+      'Deleting the user failed without the needed permissions');
+  }
+
+}

sites/all/modules/contrib/admin/uuid/uuid_services_example/uuid_services_example.info

@@ -11,8 +11,8 @@ features[ctools][] = services:services:3
 features[features_api][] = api:2
 features[services_endpoint][] = uuid_services_example
 
-; Information added by Drupal.org packaging script on 2018-07-19
+; Information added by Drupal.org packaging script on 2019-05-29
-version = "7.x-1.2"
+version = "7.x-1.3"
 core = "7.x"
 project = "uuid"
-datestamp = "1531990689"
+datestamp = "1559150887"