Chris@0
|
1 <?php
|
Chris@0
|
2
|
Chris@0
|
3 namespace Drupal\Tests\taxonomy\Functional;
|
Chris@0
|
4
|
Chris@0
|
5 use Drupal\field\Entity\FieldConfig;
|
Chris@0
|
6 use Drupal\Tests\TestFileCreationTrait;
|
Chris@0
|
7 use Drupal\user\RoleInterface;
|
Chris@0
|
8 use Drupal\file\Entity\File;
|
Chris@0
|
9 use Drupal\field\Entity\FieldStorageConfig;
|
Chris@0
|
10
|
Chris@0
|
11 /**
|
Chris@0
|
12 * Tests access checks of private image fields.
|
Chris@0
|
13 *
|
Chris@0
|
14 * @group taxonomy
|
Chris@0
|
15 */
|
Chris@0
|
16 class TaxonomyImageTest extends TaxonomyTestBase {
|
Chris@0
|
17
|
Chris@0
|
18 use TestFileCreationTrait {
|
Chris@0
|
19 getTestFiles as drupalGetTestFiles;
|
Chris@0
|
20 compareFiles as drupalCompareFiles;
|
Chris@0
|
21 }
|
Chris@0
|
22
|
Chris@0
|
23 /**
|
Chris@0
|
24 * Used taxonomy vocabulary.
|
Chris@0
|
25 *
|
Chris@0
|
26 * @var \Drupal\taxonomy\VocabularyInterface
|
Chris@0
|
27 */
|
Chris@0
|
28 protected $vocabulary;
|
Chris@0
|
29
|
Chris@0
|
30 /**
|
Chris@0
|
31 * Modules to enable.
|
Chris@0
|
32 *
|
Chris@0
|
33 * @var array
|
Chris@0
|
34 */
|
Chris@0
|
35 public static $modules = ['image'];
|
Chris@0
|
36
|
Chris@0
|
37 protected function setUp() {
|
Chris@0
|
38 parent::setUp();
|
Chris@0
|
39
|
Chris@0
|
40 // Remove access content permission from registered users.
|
Chris@0
|
41 user_role_revoke_permissions(RoleInterface::AUTHENTICATED_ID, ['access content']);
|
Chris@0
|
42
|
Chris@0
|
43 $this->vocabulary = $this->createVocabulary();
|
Chris@0
|
44 // Add a field to the vocabulary.
|
Chris@0
|
45 $entity_type = 'taxonomy_term';
|
Chris@0
|
46 $name = 'field_test';
|
Chris@0
|
47 FieldStorageConfig::create([
|
Chris@0
|
48 'field_name' => $name,
|
Chris@0
|
49 'entity_type' => $entity_type,
|
Chris@0
|
50 'type' => 'image',
|
Chris@0
|
51 'settings' => [
|
Chris@0
|
52 'uri_scheme' => 'private',
|
Chris@0
|
53 ],
|
Chris@0
|
54 ])->save();
|
Chris@0
|
55 FieldConfig::create([
|
Chris@0
|
56 'field_name' => $name,
|
Chris@0
|
57 'entity_type' => $entity_type,
|
Chris@0
|
58 'bundle' => $this->vocabulary->id(),
|
Chris@0
|
59 'settings' => [],
|
Chris@0
|
60 ])->save();
|
Chris@0
|
61 entity_get_display($entity_type, $this->vocabulary->id(), 'default')
|
Chris@0
|
62 ->setComponent($name, [
|
Chris@0
|
63 'type' => 'image',
|
Chris@0
|
64 'settings' => [],
|
Chris@0
|
65 ])
|
Chris@0
|
66 ->save();
|
Chris@0
|
67 entity_get_form_display($entity_type, $this->vocabulary->id(), 'default')
|
Chris@0
|
68 ->setComponent($name, [
|
Chris@0
|
69 'type' => 'image_image',
|
Chris@0
|
70 'settings' => [],
|
Chris@0
|
71 ])
|
Chris@0
|
72 ->save();
|
Chris@0
|
73 }
|
Chris@0
|
74
|
Chris@0
|
75 public function testTaxonomyImageAccess() {
|
Chris@0
|
76 $user = $this->drupalCreateUser(['administer site configuration', 'administer taxonomy', 'access user profiles']);
|
Chris@0
|
77 $this->drupalLogin($user);
|
Chris@0
|
78
|
Chris@0
|
79 // Create a term and upload the image.
|
Chris@0
|
80 $files = $this->drupalGetTestFiles('image');
|
Chris@0
|
81 $image = array_pop($files);
|
Chris@0
|
82 $edit['name[0][value]'] = $this->randomMachineName();
|
Chris@14
|
83 $edit['files[field_test_0]'] = \Drupal::service('file_system')->realpath($image->uri);
|
Chris@0
|
84 $this->drupalPostForm('admin/structure/taxonomy/manage/' . $this->vocabulary->id() . '/add', $edit, t('Save'));
|
Chris@0
|
85 $this->drupalPostForm(NULL, ['field_test[0][alt]' => $this->randomMachineName()], t('Save'));
|
Chris@0
|
86 $terms = entity_load_multiple_by_properties('taxonomy_term', ['name' => $edit['name[0][value]']]);
|
Chris@0
|
87 $term = reset($terms);
|
Chris@0
|
88 $this->assertText(t('Created new term @name.', ['@name' => $term->getName()]));
|
Chris@0
|
89
|
Chris@0
|
90 // Create a user that should have access to the file and one that doesn't.
|
Chris@0
|
91 $access_user = $this->drupalCreateUser(['access content']);
|
Chris@0
|
92 $no_access_user = $this->drupalCreateUser();
|
Chris@0
|
93 $image = File::load($term->field_test->target_id);
|
Chris@0
|
94 $this->drupalLogin($access_user);
|
Chris@0
|
95 $this->drupalGet(file_create_url($image->getFileUri()));
|
Chris@0
|
96 $this->assertResponse(200, 'Private image on term is accessible with right permission');
|
Chris@0
|
97
|
Chris@0
|
98 $this->drupalLogin($no_access_user);
|
Chris@0
|
99 $this->drupalGet(file_create_url($image->getFileUri()));
|
Chris@0
|
100 $this->assertResponse(403, 'Private image on term not accessible without right permission');
|
Chris@0
|
101 }
|
Chris@0
|
102
|
Chris@0
|
103 }
|