annotate core/modules/node/tests/src/Kernel/NodeFieldAccessTest.php @ 19:fa3358dc1485 tip

Add ndrum files
author Chris Cannam
date Wed, 28 Aug 2019 13:14:47 +0100
parents 129ea1e6d783
children
rev   line source
Chris@0 1 <?php
Chris@0 2
Chris@0 3 namespace Drupal\Tests\node\Kernel;
Chris@0 4
Chris@17 5 use Drupal\Component\Render\FormattableMarkup;
Chris@0 6 use Drupal\KernelTests\Core\Entity\EntityKernelTestBase;
Chris@0 7 use Drupal\node\Entity\Node;
Chris@0 8 use Drupal\node\Entity\NodeType;
Chris@0 9
Chris@0 10 /**
Chris@0 11 * Tests node field level access.
Chris@0 12 *
Chris@0 13 * @group node
Chris@0 14 */
Chris@0 15 class NodeFieldAccessTest extends EntityKernelTestBase {
Chris@0 16
Chris@0 17 /**
Chris@0 18 * Modules to enable.
Chris@0 19 *
Chris@0 20 * @var array
Chris@0 21 */
Chris@0 22 public static $modules = ['node'];
Chris@0 23
Chris@0 24 /**
Chris@0 25 * Fields that only users with administer nodes permissions can change.
Chris@0 26 *
Chris@0 27 * @var array
Chris@0 28 */
Chris@0 29 protected $administrativeFields = [
Chris@0 30 'status',
Chris@0 31 'promote',
Chris@0 32 'sticky',
Chris@0 33 'created',
Chris@0 34 'uid',
Chris@0 35 ];
Chris@0 36
Chris@0 37 /**
Chris@0 38 * These fields are automatically managed and can not be changed by any user.
Chris@0 39 *
Chris@0 40 * @var array
Chris@0 41 */
Chris@0 42 protected $readOnlyFields = ['changed', 'revision_uid', 'revision_timestamp'];
Chris@0 43
Chris@0 44 /**
Chris@0 45 * Test permissions on nodes status field.
Chris@0 46 */
Chris@0 47 public function testAccessToAdministrativeFields() {
Chris@0 48
Chris@0 49 // Create the page node type with revisions disabled.
Chris@0 50 $page = NodeType::create([
Chris@0 51 'type' => 'page',
Chris@0 52 'new_revision' => FALSE,
Chris@0 53 ]);
Chris@0 54 $page->save();
Chris@0 55
Chris@0 56 // Create the article node type with revisions disabled.
Chris@0 57 $article = NodeType::create([
Chris@0 58 'type' => 'article',
Chris@0 59 'new_revision' => TRUE,
Chris@0 60 ]);
Chris@0 61 $article->save();
Chris@0 62
Chris@0 63 // An administrator user. No user exists yet, ensure that the first user
Chris@0 64 // does not have UID 1.
Chris@0 65 $content_admin_user = $this->createUser(['uid' => 2], ['administer nodes']);
Chris@0 66
Chris@0 67 // Two different editor users.
Chris@0 68 $page_creator_user = $this->createUser([], ['create page content', 'edit own page content', 'delete own page content']);
Chris@0 69 $page_manager_user = $this->createUser([], ['create page content', 'edit any page content', 'delete any page content']);
Chris@0 70
Chris@0 71 // An unprivileged user.
Chris@0 72 $page_unrelated_user = $this->createUser([], ['access content']);
Chris@0 73
Chris@0 74 // List of all users
Chris@0 75 $test_users = [
Chris@0 76 $content_admin_user,
Chris@0 77 $page_creator_user,
Chris@0 78 $page_manager_user,
Chris@0 79 $page_unrelated_user,
Chris@0 80 ];
Chris@0 81
Chris@0 82 // Create three "Basic pages". One is owned by our test-user
Chris@0 83 // "page_creator", one by "page_manager", and one by someone else.
Chris@0 84 $node1 = Node::create([
Chris@0 85 'title' => $this->randomMachineName(8),
Chris@0 86 'uid' => $page_creator_user->id(),
Chris@0 87 'type' => 'page',
Chris@0 88 ]);
Chris@0 89 $node2 = Node::create([
Chris@0 90 'title' => $this->randomMachineName(8),
Chris@0 91 'uid' => $page_manager_user->id(),
Chris@0 92 'type' => 'article',
Chris@0 93 ]);
Chris@0 94 $node3 = Node::create([
Chris@0 95 'title' => $this->randomMachineName(8),
Chris@0 96 'type' => 'page',
Chris@0 97 ]);
Chris@0 98
Chris@0 99 foreach ($this->administrativeFields as $field) {
Chris@0 100
Chris@0 101 // Checks on view operations.
Chris@0 102 foreach ($test_users as $account) {
Chris@0 103 $may_view = $node1->{$field}->access('view', $account);
Chris@17 104 $this->assertTrue($may_view, new FormattableMarkup('Any user may view the field @name.', ['@name' => $field]));
Chris@0 105 }
Chris@0 106
Chris@0 107 // Checks on edit operations.
Chris@0 108 $may_update = $node1->{$field}->access('edit', $page_creator_user);
Chris@17 109 $this->assertFalse($may_update, new FormattableMarkup('Users with permission "edit own page content" is not allowed to the field @name.', ['@name' => $field]));
Chris@0 110 $may_update = $node2->{$field}->access('edit', $page_creator_user);
Chris@17 111 $this->assertFalse($may_update, new FormattableMarkup('Users with permission "edit own page content" is not allowed to the field @name.', ['@name' => $field]));
Chris@0 112 $may_update = $node2->{$field}->access('edit', $page_manager_user);
Chris@17 113 $this->assertFalse($may_update, new FormattableMarkup('Users with permission "edit any page content" is not allowed to the field @name.', ['@name' => $field]));
Chris@0 114 $may_update = $node1->{$field}->access('edit', $page_manager_user);
Chris@17 115 $this->assertFalse($may_update, new FormattableMarkup('Users with permission "edit any page content" is not allowed to the field @name.', ['@name' => $field]));
Chris@0 116 $may_update = $node2->{$field}->access('edit', $page_unrelated_user);
Chris@17 117 $this->assertFalse($may_update, new FormattableMarkup('Users not having permission "edit any page content" is not allowed to the field @name.', ['@name' => $field]));
Chris@0 118 $may_update = $node1->{$field}->access('edit', $content_admin_user) && $node3->status->access('edit', $content_admin_user);
Chris@17 119 $this->assertTrue($may_update, new FormattableMarkup('Users with permission "administer nodes" may edit @name fields on all nodes.', ['@name' => $field]));
Chris@0 120 }
Chris@0 121
Chris@0 122 foreach ($this->readOnlyFields as $field) {
Chris@0 123 // Check view operation.
Chris@0 124 foreach ($test_users as $account) {
Chris@0 125 $may_view = $node1->{$field}->access('view', $account);
Chris@17 126 $this->assertTrue($may_view, new FormattableMarkup('Any user may view the field @name.', ['@name' => $field]));
Chris@0 127 }
Chris@0 128
Chris@0 129 // Check edit operation.
Chris@0 130 foreach ($test_users as $account) {
Chris@0 131 $may_view = $node1->{$field}->access('edit', $account);
Chris@17 132 $this->assertFalse($may_view, new FormattableMarkup('No user is not allowed to edit the field @name.', ['@name' => $field]));
Chris@0 133 }
Chris@0 134 }
Chris@0 135
Chris@0 136 // Check the revision_log field on node 1 which has revisions disabled.
Chris@0 137 $may_update = $node1->revision_log->access('edit', $content_admin_user);
Chris@0 138 $this->assertTrue($may_update, 'A user with permission "administer nodes" can edit the revision_log field when revisions are disabled.');
Chris@0 139 $may_update = $node1->revision_log->access('edit', $page_creator_user);
Chris@0 140 $this->assertFalse($may_update, 'A user without permission "administer nodes" can not edit the revision_log field when revisions are disabled.');
Chris@0 141
Chris@0 142 // Check the revision_log field on node 2 which has revisions enabled.
Chris@0 143 $may_update = $node2->revision_log->access('edit', $content_admin_user);
Chris@0 144 $this->assertTrue($may_update, 'A user with permission "administer nodes" can edit the revision_log field when revisions are enabled.');
Chris@0 145 $may_update = $node2->revision_log->access('edit', $page_creator_user);
Chris@0 146 $this->assertTrue($may_update, 'A user without permission "administer nodes" can edit the revision_log field when revisions are enabled.');
Chris@0 147 }
Chris@0 148
Chris@0 149 }