From 8086aabf0a8e32b8d8e18dc590b7660c679b420f Mon Sep 17 00:00:00 2001
From: Josh Taylor <joshuataylorx@gmail.com>
Date: Tue, 28 Apr 2015 00:22:11 +1000
Subject: [PATCH] Issue #2478141 - Non admin users can see
 admin/commerce/products

---
 .../install/views.view.commerce_products.yml  | 22 +++++--------------
 .../product/src/Tests/ProductAdminTest.php    | 21 ++++++++++++++++++
 2 files changed, 27 insertions(+), 16 deletions(-)

diff --git a/modules/product/config/install/views.view.commerce_products.yml b/modules/product/config/install/views.view.commerce_products.yml
index aafc1729e6..1173e8c7c4 100644
--- a/modules/product/config/install/views.view.commerce_products.yml
+++ b/modules/product/config/install/views.view.commerce_products.yml
@@ -1,9 +1,9 @@
-uuid: 21999112-ce61-45c2-b306-6ee3864956df
 langcode: en
 status: true
 dependencies:
   module:
     - commerce_product
+    - user
 id: commerce_products
 label: Products
 module: views
@@ -20,8 +20,9 @@ display:
     position: 0
     display_options:
       access:
-        type: none
-        options: {  }
+        type: perm
+        options:
+          perm: 'administer products'
       cache:
         type: none
         options: {  }
@@ -381,17 +382,6 @@ display:
       display_extenders: {  }
     cache_metadata:
       contexts:
-        - languages
-      cacheable: false
-  page_1:
-    display_plugin: page
-    id: page_1
-    display_title: Page
-    position: 1
-    display_options:
-      display_extenders: {  }
-      path: admin/commerce/products
-    cache_metadata:
-      contexts:
-        - languages
+        - 'languages:language_content'
+        - 'languages:language_interface'
       cacheable: false
diff --git a/modules/product/src/Tests/ProductAdminTest.php b/modules/product/src/Tests/ProductAdminTest.php
index 431ef790fb..f85a41f48c 100644
--- a/modules/product/src/Tests/ProductAdminTest.php
+++ b/modules/product/src/Tests/ProductAdminTest.php
@@ -151,4 +151,25 @@ protected function testAddCommerceProductFieldAdmin() {
 
     return $fields;
   }
+
+  /**
+   * Tests that anonymous users cannot see the admin/commerce/products page.
+   */
+  protected function testAdminCommerceProducts() {
+    // First test that the current admin user can see the page
+    $this->drupalGet('admin/commerce/products');
+    $this->assertResponse(200);
+    $this->assertNoText("You are not authorized to access this page.");
+    $this->assertLink("Add a new product");
+
+    // Logout and check that anonymous users cannot see the products page
+    // and receieve a 403 error code.
+    $this->drupalLogout();
+
+    $this->drupalGet('admin/commerce/products');
+    $this->assertResponse(403);
+    $this->assertText("You are not authorized to access this page.");
+    $this->assertNoLink("Add a new product");
+  }
+
 }