Chris@12
|
1 <?php
|
Chris@12
|
2
|
Chris@12
|
3 namespace Drupal\Tests\comment\Functional;
|
Chris@12
|
4
|
Chris@12
|
5 use Drupal\comment\Entity\Comment;
|
Chris@12
|
6 use Drupal\comment\Tests\CommentTestTrait;
|
Chris@12
|
7 use Drupal\node\Entity\NodeType;
|
Chris@12
|
8 use Drupal\Tests\BrowserTestBase;
|
Chris@12
|
9
|
Chris@12
|
10 /**
|
Chris@12
|
11 * Tests comment administration and preview access.
|
Chris@12
|
12 *
|
Chris@12
|
13 * @group comment
|
Chris@12
|
14 */
|
Chris@12
|
15 class CommentAccessTest extends BrowserTestBase {
|
Chris@12
|
16
|
Chris@12
|
17 use CommentTestTrait;
|
Chris@12
|
18
|
Chris@12
|
19 /**
|
Chris@12
|
20 * {@inheritdoc}
|
Chris@12
|
21 */
|
Chris@12
|
22 public static $modules = [
|
Chris@12
|
23 'node',
|
Chris@12
|
24 'comment',
|
Chris@12
|
25 ];
|
Chris@12
|
26
|
Chris@12
|
27 /**
|
Chris@12
|
28 * Node for commenting.
|
Chris@12
|
29 *
|
Chris@12
|
30 * @var \Drupal\node\NodeInterface
|
Chris@12
|
31 */
|
Chris@12
|
32 protected $unpublishedNode;
|
Chris@12
|
33
|
Chris@12
|
34 /**
|
Chris@12
|
35 * {@inheritdoc}
|
Chris@12
|
36 */
|
Chris@12
|
37 protected function setUp() {
|
Chris@12
|
38 parent::setUp();
|
Chris@12
|
39
|
Chris@12
|
40 $node_type = NodeType::create([
|
Chris@12
|
41 'type' => 'article',
|
Chris@12
|
42 'name' => 'Article',
|
Chris@12
|
43 ]);
|
Chris@12
|
44 $node_type->save();
|
Chris@12
|
45 $node_author = $this->drupalCreateUser([
|
Chris@12
|
46 'create article content',
|
Chris@12
|
47 'access comments',
|
Chris@12
|
48 ]);
|
Chris@12
|
49
|
Chris@12
|
50 $this->drupalLogin($this->drupalCreateUser([
|
Chris@12
|
51 'edit own comments',
|
Chris@12
|
52 'skip comment approval',
|
Chris@12
|
53 'post comments',
|
Chris@12
|
54 'access comments',
|
Chris@12
|
55 'access content',
|
Chris@12
|
56 ]));
|
Chris@12
|
57
|
Chris@12
|
58 $this->addDefaultCommentField('node', 'article');
|
Chris@12
|
59 $this->unpublishedNode = $this->createNode([
|
Chris@12
|
60 'title' => 'This is unpublished',
|
Chris@12
|
61 'uid' => $node_author->id(),
|
Chris@12
|
62 'status' => 0,
|
Chris@12
|
63 'type' => 'article',
|
Chris@12
|
64 ]);
|
Chris@12
|
65 $this->unpublishedNode->save();
|
Chris@12
|
66 }
|
Chris@12
|
67
|
Chris@12
|
68 /**
|
Chris@12
|
69 * Tests commenting disabled for access-blocked entities.
|
Chris@12
|
70 */
|
Chris@12
|
71 public function testCannotCommentOnEntitiesYouCannotView() {
|
Chris@12
|
72 $assert = $this->assertSession();
|
Chris@12
|
73
|
Chris@12
|
74 $comment_url = 'comment/reply/node/' . $this->unpublishedNode->id() . '/comment';
|
Chris@12
|
75
|
Chris@12
|
76 // Commenting on an unpublished node results in access denied.
|
Chris@12
|
77 $this->drupalGet($comment_url);
|
Chris@12
|
78 $assert->statusCodeEquals(403);
|
Chris@12
|
79
|
Chris@12
|
80 // Publishing the node grants access.
|
Chris@17
|
81 $this->unpublishedNode->setPublished()->save();
|
Chris@12
|
82 $this->drupalGet($comment_url);
|
Chris@12
|
83 $assert->statusCodeEquals(200);
|
Chris@12
|
84 }
|
Chris@12
|
85
|
Chris@12
|
86 /**
|
Chris@12
|
87 * Tests cannot view comment reply form on entities you cannot view.
|
Chris@12
|
88 */
|
Chris@12
|
89 public function testCannotViewCommentReplyFormOnEntitiesYouCannotView() {
|
Chris@12
|
90 $assert = $this->assertSession();
|
Chris@12
|
91
|
Chris@12
|
92 // Create a comment on an unpublished node.
|
Chris@12
|
93 $comment = Comment::create([
|
Chris@12
|
94 'entity_type' => 'node',
|
Chris@12
|
95 'name' => 'Tony',
|
Chris@12
|
96 'hostname' => 'magic.example.com',
|
Chris@12
|
97 'mail' => 'foo@example.com',
|
Chris@12
|
98 'subject' => 'Comment on unpublished node',
|
Chris@12
|
99 'entity_id' => $this->unpublishedNode->id(),
|
Chris@12
|
100 'comment_type' => 'comment',
|
Chris@12
|
101 'field_name' => 'comment',
|
Chris@12
|
102 'pid' => 0,
|
Chris@12
|
103 'uid' => $this->unpublishedNode->getOwnerId(),
|
Chris@12
|
104 'status' => 1,
|
Chris@12
|
105 ]);
|
Chris@12
|
106 $comment->save();
|
Chris@12
|
107
|
Chris@12
|
108 $comment_url = 'comment/reply/node/' . $this->unpublishedNode->id() . '/comment/' . $comment->id();
|
Chris@12
|
109
|
Chris@12
|
110 // Replying to a comment on an unpublished node results in access denied.
|
Chris@12
|
111 $this->drupalGet($comment_url);
|
Chris@12
|
112 $assert->statusCodeEquals(403);
|
Chris@12
|
113
|
Chris@12
|
114 // Publishing the node grants access.
|
Chris@17
|
115 $this->unpublishedNode->setPublished()->save();
|
Chris@12
|
116 $this->drupalGet($comment_url);
|
Chris@12
|
117 $assert->statusCodeEquals(200);
|
Chris@12
|
118 }
|
Chris@12
|
119
|
Chris@12
|
120 }
|