Security update for Core, with self-updated composer

[yaffs-website] / web / core / modules / quickedit / src / Tests / QuickEditLoadingTest.php

diff --git a/web/core/modules/quickedit/src/Tests/QuickEditLoadingTest.php b/web/core/modules/quickedit/src/Tests/QuickEditLoadingTest.php
index a6705f41e88a3418aa32ae79c949a36c0877cc45..6945610db1f69f7595c161e9f59c08d19422710f 100644 (file)
--- a/web/core/modules/quickedit/src/Tests/QuickEditLoadingTest.php
+++ b/web/core/modules/quickedit/src/Tests/QuickEditLoadingTest.php
@@ -42,6 +42,13 @@ class QuickEditLoadingTest extends WebTestBase {
    */
   protected $authorUser;
 
+  /**
+   * A test node.
+   *
+   * @var \Drupal\node\NodeInterface
+   */
+  protected $testNode;
+
   /**
    * A author user with permissions to access in-place editor.
    *
@@ -74,7 +81,7 @@ class QuickEditLoadingTest extends WebTestBase {
     $node_type->save();
 
     // Create one node of the above node type using the above text format.
-    $this->drupalCreateNode([
+    $this->testNode = $this->drupalCreateNode([
       'type' => 'article',
       'body' => [
         0 => [
@@ -115,12 +122,12 @@ class QuickEditLoadingTest extends WebTestBase {
     $this->assertIdentical(Json::encode(['message' => "The 'access in-place editing' permission is required."]), $response);
     $this->assertResponse(403);
 
-    // Quick Edit's JavaScript would SearchRankingTestnever hit these endpoints if the metadata
+    // Quick Edit's JavaScript would never hit these endpoints if the metadata
     // was empty as above, but we need to make sure that malicious users aren't
     // able to use any of the other endpoints either.
     $post = ['editors[0]' => 'form'] + $this->getAjaxPageStatePostData();
     $response = $this->drupalPost('quickedit/attachments', '', $post, ['query' => [MainContentViewSubscriber::WRAPPER_FORMAT => 'drupal_ajax']]);
-    $message = Json::encode(['message' => "A fatal error occurred: The 'access in-place editing' permission is required."]);
+    $message = Json::encode(['message' => "The 'access in-place editing' permission is required."]);
     $this->assertIdentical($message, $response);
     $this->assertResponse(403);
     $post = ['nocssjs' => 'true'] + $this->getAjaxPageStatePostData();
@@ -317,6 +324,34 @@ class QuickEditLoadingTest extends WebTestBase {
     }
   }
 
+  /**
+   * Test quickedit does not appear for entities with pending revisions.
+   */
+  public function testWithPendingRevision() {
+    $this->drupalLogin($this->editorUser);
+
+    // Verify that the preview is loaded correctly.
+    $this->drupalPostForm('node/add/article', ['title[0][value]' => 'foo'], 'Preview');
+    $this->assertResponse(200);
+    // Verify that quickedit is not active on preview.
+    $this->assertNoRaw('data-quickedit-entity-id="node/' . $this->testNode->id() . '"');
+    $this->assertNoRaw('data-quickedit-field-id="node/' . $this->testNode->id() . '/title/' . $this->testNode->language()->getId() . '/full"');
+
+    $this->drupalGet('node/' . $this->testNode->id());
+    $this->assertRaw('data-quickedit-entity-id="node/' . $this->testNode->id() . '"');
+    $this->assertRaw('data-quickedit-field-id="node/' . $this->testNode->id() . '/title/' . $this->testNode->language()->getId() . '/full"');
+
+    $this->testNode->title = 'Updated node';
+    $this->testNode->setNewRevision(TRUE);
+    $this->testNode->isDefaultRevision(FALSE);
+    $this->testNode->save();
+
+    $this->drupalGet('node/' . $this->testNode->id());
+    $this->assertResponse(200);
+    $this->assertNoRaw('data-quickedit-entity-id="node/' . $this->testNode->id() . '"');
+    $this->assertNoRaw('data-quickedit-field-id="node/' . $this->testNode->id() . '/title/' . $this->testNode->language()->getId() . '/full"');
+  }
+
   /**
    * Tests the loading of Quick Edit for the title base field.
    */