annotate core/modules/node/tests/src/Functional/NodeAccessRebuildNodeGrantsTest.php @ 19:fa3358dc1485 tip

Add ndrum files
author Chris Cannam
date Wed, 28 Aug 2019 13:14:47 +0100
parents 129ea1e6d783
children
rev   line source
Chris@0 1 <?php
Chris@0 2
Chris@0 3 namespace Drupal\Tests\node\Functional;
Chris@0 4
Chris@0 5 use Drupal\node\Entity\NodeType;
Chris@0 6
Chris@0 7 /**
Chris@0 8 * Ensures that node access rebuild functions work correctly even
Chris@0 9 * when other modules implements hook_node_grants().
Chris@0 10 *
Chris@0 11 * @group node
Chris@0 12 */
Chris@0 13 class NodeAccessRebuildNodeGrantsTest extends NodeTestBase {
Chris@0 14
Chris@0 15 /**
Chris@0 16 * A user to create nodes that only it has access to.
Chris@0 17 *
Chris@0 18 * @var \Drupal\user\UserInterface
Chris@0 19 */
Chris@0 20 protected $webUser;
Chris@0 21
Chris@0 22 /**
Chris@0 23 * A user to test the rebuild nodes feature which can't access the nodes.
Chris@0 24 *
Chris@0 25 * @var \Drupal\user\UserInterface
Chris@0 26 */
Chris@0 27 protected $adminUser;
Chris@0 28
Chris@0 29 /**
Chris@0 30 * {@inheritdoc}
Chris@0 31 */
Chris@0 32 protected function setUp() {
Chris@0 33 parent::setUp();
Chris@0 34
Chris@0 35 $this->adminUser = $this->drupalCreateUser(['administer site configuration', 'access administration pages', 'access site reports']);
Chris@0 36 $this->drupalLogin($this->adminUser);
Chris@0 37
Chris@0 38 $this->webUser = $this->drupalCreateUser();
Chris@0 39 }
Chris@0 40
Chris@0 41 /**
Chris@0 42 * Tests rebuilding the node access permissions table with content.
Chris@0 43 */
Chris@0 44 public function testNodeAccessRebuildNodeGrants() {
Chris@0 45 \Drupal::service('module_installer')->install(['node_access_test']);
Chris@0 46 \Drupal::state()->set('node_access_test.private', TRUE);
Chris@0 47 node_access_test_add_field(NodeType::load('page'));
Chris@0 48 $this->resetAll();
Chris@0 49
Chris@0 50 // Create 30 nodes so that _node_access_rebuild_batch_operation() has to run
Chris@0 51 // more than once.
Chris@0 52 for ($i = 0; $i < 30; $i++) {
Chris@0 53 $nodes[] = $this->drupalCreateNode([
Chris@0 54 'uid' => $this->webUser->id(),
Chris@17 55 'private' => [['value' => 1]],
Chris@0 56 ]);
Chris@0 57 }
Chris@0 58
Chris@0 59 /** @var \Drupal\node\NodeGrantDatabaseStorageInterface $grant_storage */
Chris@0 60 $grant_storage = \Drupal::service('node.grant_storage');
Chris@0 61 // Default realm access and node records are present.
Chris@0 62 foreach ($nodes as $node) {
Chris@0 63 $this->assertTrue($node->private->value);
Chris@0 64 $this->assertTrue($grant_storage->access($node, 'view', $this->webUser)->isAllowed(), 'Prior to rebuilding node access the grant storage returns allowed for the node author.');
Chris@0 65 $this->assertTrue($grant_storage->access($node, 'view', $this->adminUser)->isAllowed(), 'Prior to rebuilding node access the grant storage returns allowed for the admin user.');
Chris@0 66 }
Chris@0 67
Chris@0 68 $this->assertEqual(1, \Drupal::service('node.grant_storage')->checkAll($this->webUser), 'There is an all realm access record');
Chris@0 69 $this->assertTrue(\Drupal::state()->get('node.node_access_needs_rebuild'), 'Node access permissions need to be rebuilt');
Chris@0 70
Chris@0 71 // Rebuild permissions.
Chris@0 72 $this->drupalGet('admin/reports/status');
Chris@0 73 $this->clickLink(t('Rebuild permissions'));
Chris@0 74 $this->drupalPostForm(NULL, [], t('Rebuild permissions'));
Chris@0 75 $this->assertText(t('The content access permissions have been rebuilt.'));
Chris@0 76
Chris@0 77 // Test if the rebuild by user that cannot bypass node access and does not
Chris@0 78 // have access to the nodes has been successful.
Chris@0 79 $this->assertFalse($this->adminUser->hasPermission('bypass node access'));
Chris@0 80 $this->assertNull(\Drupal::state()->get('node.node_access_needs_rebuild'), 'Node access permissions have been rebuilt');
Chris@0 81 foreach ($nodes as $node) {
Chris@0 82 $this->assertTrue($grant_storage->access($node, 'view', $this->webUser)->isAllowed(), 'After rebuilding node access the grant storage returns allowed for the node author.');
Chris@0 83 $this->assertFalse($grant_storage->access($node, 'view', $this->adminUser)->isForbidden(), 'After rebuilding node access the grant storage returns forbidden for the admin user.');
Chris@0 84 }
Chris@0 85 $this->assertFalse(\Drupal::service('node.grant_storage')->checkAll($this->webUser), 'There is no all realm access record');
Chris@0 86
Chris@0 87 // Test an anonymous node access rebuild from code.
Chris@0 88 $this->drupalLogout();
Chris@0 89 node_access_rebuild();
Chris@0 90 foreach ($nodes as $node) {
Chris@0 91 $this->assertTrue($grant_storage->access($node, 'view', $this->webUser)->isAllowed(), 'After rebuilding node access the grant storage returns allowed for the node author.');
Chris@0 92 $this->assertFalse($grant_storage->access($node, 'view', $this->adminUser)->isForbidden(), 'After rebuilding node access the grant storage returns forbidden for the admin user.');
Chris@0 93 }
Chris@0 94 $this->assertFalse(\Drupal::service('node.grant_storage')->checkAll($this->webUser), 'There is no all realm access record');
Chris@0 95 }
Chris@0 96
Chris@0 97 /**
Chris@0 98 * Tests rebuilding the node access permissions table with no content.
Chris@0 99 */
Chris@0 100 public function testNodeAccessRebuildNoAccessModules() {
Chris@0 101 // Default realm access is present.
Chris@0 102 $this->assertEqual(1, \Drupal::service('node.grant_storage')->count(), 'There is an all realm access record');
Chris@0 103
Chris@0 104 // No need to rebuild permissions.
Chris@0 105 $this->assertFalse(\Drupal::state()->get('node.node_access_needs_rebuild'), 'Node access permissions need to be rebuilt');
Chris@0 106
Chris@0 107 // Rebuild permissions.
Chris@0 108 $this->drupalGet('admin/reports/status');
Chris@0 109 $this->clickLink(t('Rebuild permissions'));
Chris@0 110 $this->drupalPostForm(NULL, [], t('Rebuild permissions'));
Chris@0 111 $this->assertText(t('Content permissions have been rebuilt.'));
Chris@0 112 $this->assertNull(\Drupal::state()->get('node.node_access_needs_rebuild'), 'Node access permissions have been rebuilt');
Chris@0 113
Chris@0 114 // Default realm access is still present.
Chris@0 115 $this->assertEqual(1, \Drupal::service('node.grant_storage')->count(), 'There is an all realm access record');
Chris@0 116 }
Chris@0 117
Chris@0 118 }