Chris@0
|
1 <?php
|
Chris@0
|
2
|
Chris@0
|
3 namespace Drupal\Tests\node\Functional;
|
Chris@0
|
4
|
Chris@0
|
5 use Drupal\node\Entity\NodeType;
|
Chris@0
|
6
|
Chris@0
|
7 /**
|
Chris@0
|
8 * Ensures that node access rebuild functions work correctly even
|
Chris@0
|
9 * when other modules implements hook_node_grants().
|
Chris@0
|
10 *
|
Chris@0
|
11 * @group node
|
Chris@0
|
12 */
|
Chris@0
|
13 class NodeAccessRebuildNodeGrantsTest extends NodeTestBase {
|
Chris@0
|
14
|
Chris@0
|
15 /**
|
Chris@0
|
16 * A user to create nodes that only it has access to.
|
Chris@0
|
17 *
|
Chris@0
|
18 * @var \Drupal\user\UserInterface
|
Chris@0
|
19 */
|
Chris@0
|
20 protected $webUser;
|
Chris@0
|
21
|
Chris@0
|
22 /**
|
Chris@0
|
23 * A user to test the rebuild nodes feature which can't access the nodes.
|
Chris@0
|
24 *
|
Chris@0
|
25 * @var \Drupal\user\UserInterface
|
Chris@0
|
26 */
|
Chris@0
|
27 protected $adminUser;
|
Chris@0
|
28
|
Chris@0
|
29 /**
|
Chris@0
|
30 * {@inheritdoc}
|
Chris@0
|
31 */
|
Chris@0
|
32 protected function setUp() {
|
Chris@0
|
33 parent::setUp();
|
Chris@0
|
34
|
Chris@0
|
35 $this->adminUser = $this->drupalCreateUser(['administer site configuration', 'access administration pages', 'access site reports']);
|
Chris@0
|
36 $this->drupalLogin($this->adminUser);
|
Chris@0
|
37
|
Chris@0
|
38 $this->webUser = $this->drupalCreateUser();
|
Chris@0
|
39 }
|
Chris@0
|
40
|
Chris@0
|
41 /**
|
Chris@0
|
42 * Tests rebuilding the node access permissions table with content.
|
Chris@0
|
43 */
|
Chris@0
|
44 public function testNodeAccessRebuildNodeGrants() {
|
Chris@0
|
45 \Drupal::service('module_installer')->install(['node_access_test']);
|
Chris@0
|
46 \Drupal::state()->set('node_access_test.private', TRUE);
|
Chris@0
|
47 node_access_test_add_field(NodeType::load('page'));
|
Chris@0
|
48 $this->resetAll();
|
Chris@0
|
49
|
Chris@0
|
50 // Create 30 nodes so that _node_access_rebuild_batch_operation() has to run
|
Chris@0
|
51 // more than once.
|
Chris@0
|
52 for ($i = 0; $i < 30; $i++) {
|
Chris@0
|
53 $nodes[] = $this->drupalCreateNode([
|
Chris@0
|
54 'uid' => $this->webUser->id(),
|
Chris@17
|
55 'private' => [['value' => 1]],
|
Chris@0
|
56 ]);
|
Chris@0
|
57 }
|
Chris@0
|
58
|
Chris@0
|
59 /** @var \Drupal\node\NodeGrantDatabaseStorageInterface $grant_storage */
|
Chris@0
|
60 $grant_storage = \Drupal::service('node.grant_storage');
|
Chris@0
|
61 // Default realm access and node records are present.
|
Chris@0
|
62 foreach ($nodes as $node) {
|
Chris@0
|
63 $this->assertTrue($node->private->value);
|
Chris@0
|
64 $this->assertTrue($grant_storage->access($node, 'view', $this->webUser)->isAllowed(), 'Prior to rebuilding node access the grant storage returns allowed for the node author.');
|
Chris@0
|
65 $this->assertTrue($grant_storage->access($node, 'view', $this->adminUser)->isAllowed(), 'Prior to rebuilding node access the grant storage returns allowed for the admin user.');
|
Chris@0
|
66 }
|
Chris@0
|
67
|
Chris@0
|
68 $this->assertEqual(1, \Drupal::service('node.grant_storage')->checkAll($this->webUser), 'There is an all realm access record');
|
Chris@0
|
69 $this->assertTrue(\Drupal::state()->get('node.node_access_needs_rebuild'), 'Node access permissions need to be rebuilt');
|
Chris@0
|
70
|
Chris@0
|
71 // Rebuild permissions.
|
Chris@0
|
72 $this->drupalGet('admin/reports/status');
|
Chris@0
|
73 $this->clickLink(t('Rebuild permissions'));
|
Chris@0
|
74 $this->drupalPostForm(NULL, [], t('Rebuild permissions'));
|
Chris@0
|
75 $this->assertText(t('The content access permissions have been rebuilt.'));
|
Chris@0
|
76
|
Chris@0
|
77 // Test if the rebuild by user that cannot bypass node access and does not
|
Chris@0
|
78 // have access to the nodes has been successful.
|
Chris@0
|
79 $this->assertFalse($this->adminUser->hasPermission('bypass node access'));
|
Chris@0
|
80 $this->assertNull(\Drupal::state()->get('node.node_access_needs_rebuild'), 'Node access permissions have been rebuilt');
|
Chris@0
|
81 foreach ($nodes as $node) {
|
Chris@0
|
82 $this->assertTrue($grant_storage->access($node, 'view', $this->webUser)->isAllowed(), 'After rebuilding node access the grant storage returns allowed for the node author.');
|
Chris@0
|
83 $this->assertFalse($grant_storage->access($node, 'view', $this->adminUser)->isForbidden(), 'After rebuilding node access the grant storage returns forbidden for the admin user.');
|
Chris@0
|
84 }
|
Chris@0
|
85 $this->assertFalse(\Drupal::service('node.grant_storage')->checkAll($this->webUser), 'There is no all realm access record');
|
Chris@0
|
86
|
Chris@0
|
87 // Test an anonymous node access rebuild from code.
|
Chris@0
|
88 $this->drupalLogout();
|
Chris@0
|
89 node_access_rebuild();
|
Chris@0
|
90 foreach ($nodes as $node) {
|
Chris@0
|
91 $this->assertTrue($grant_storage->access($node, 'view', $this->webUser)->isAllowed(), 'After rebuilding node access the grant storage returns allowed for the node author.');
|
Chris@0
|
92 $this->assertFalse($grant_storage->access($node, 'view', $this->adminUser)->isForbidden(), 'After rebuilding node access the grant storage returns forbidden for the admin user.');
|
Chris@0
|
93 }
|
Chris@0
|
94 $this->assertFalse(\Drupal::service('node.grant_storage')->checkAll($this->webUser), 'There is no all realm access record');
|
Chris@0
|
95 }
|
Chris@0
|
96
|
Chris@0
|
97 /**
|
Chris@0
|
98 * Tests rebuilding the node access permissions table with no content.
|
Chris@0
|
99 */
|
Chris@0
|
100 public function testNodeAccessRebuildNoAccessModules() {
|
Chris@0
|
101 // Default realm access is present.
|
Chris@0
|
102 $this->assertEqual(1, \Drupal::service('node.grant_storage')->count(), 'There is an all realm access record');
|
Chris@0
|
103
|
Chris@0
|
104 // No need to rebuild permissions.
|
Chris@0
|
105 $this->assertFalse(\Drupal::state()->get('node.node_access_needs_rebuild'), 'Node access permissions need to be rebuilt');
|
Chris@0
|
106
|
Chris@0
|
107 // Rebuild permissions.
|
Chris@0
|
108 $this->drupalGet('admin/reports/status');
|
Chris@0
|
109 $this->clickLink(t('Rebuild permissions'));
|
Chris@0
|
110 $this->drupalPostForm(NULL, [], t('Rebuild permissions'));
|
Chris@0
|
111 $this->assertText(t('Content permissions have been rebuilt.'));
|
Chris@0
|
112 $this->assertNull(\Drupal::state()->get('node.node_access_needs_rebuild'), 'Node access permissions have been rebuilt');
|
Chris@0
|
113
|
Chris@0
|
114 // Default realm access is still present.
|
Chris@0
|
115 $this->assertEqual(1, \Drupal::service('node.grant_storage')->count(), 'There is an all realm access record');
|
Chris@0
|
116 }
|
Chris@0
|
117
|
Chris@0
|
118 }
|