Chris@0
|
1 <?php
|
Chris@0
|
2
|
Chris@0
|
3 namespace Drupal\Tests\node\Kernel;
|
Chris@0
|
4
|
Chris@17
|
5 use Drupal\Component\Render\FormattableMarkup;
|
Chris@0
|
6 use Drupal\KernelTests\Core\Entity\EntityKernelTestBase;
|
Chris@0
|
7 use Drupal\node\Entity\Node;
|
Chris@0
|
8 use Drupal\node\Entity\NodeType;
|
Chris@0
|
9
|
Chris@0
|
10 /**
|
Chris@0
|
11 * Tests node field level access.
|
Chris@0
|
12 *
|
Chris@0
|
13 * @group node
|
Chris@0
|
14 */
|
Chris@0
|
15 class NodeFieldAccessTest extends EntityKernelTestBase {
|
Chris@0
|
16
|
Chris@0
|
17 /**
|
Chris@0
|
18 * Modules to enable.
|
Chris@0
|
19 *
|
Chris@0
|
20 * @var array
|
Chris@0
|
21 */
|
Chris@0
|
22 public static $modules = ['node'];
|
Chris@0
|
23
|
Chris@0
|
24 /**
|
Chris@0
|
25 * Fields that only users with administer nodes permissions can change.
|
Chris@0
|
26 *
|
Chris@0
|
27 * @var array
|
Chris@0
|
28 */
|
Chris@0
|
29 protected $administrativeFields = [
|
Chris@0
|
30 'status',
|
Chris@0
|
31 'promote',
|
Chris@0
|
32 'sticky',
|
Chris@0
|
33 'created',
|
Chris@0
|
34 'uid',
|
Chris@0
|
35 ];
|
Chris@0
|
36
|
Chris@0
|
37 /**
|
Chris@0
|
38 * These fields are automatically managed and can not be changed by any user.
|
Chris@0
|
39 *
|
Chris@0
|
40 * @var array
|
Chris@0
|
41 */
|
Chris@0
|
42 protected $readOnlyFields = ['changed', 'revision_uid', 'revision_timestamp'];
|
Chris@0
|
43
|
Chris@0
|
44 /**
|
Chris@0
|
45 * Test permissions on nodes status field.
|
Chris@0
|
46 */
|
Chris@0
|
47 public function testAccessToAdministrativeFields() {
|
Chris@0
|
48
|
Chris@0
|
49 // Create the page node type with revisions disabled.
|
Chris@0
|
50 $page = NodeType::create([
|
Chris@0
|
51 'type' => 'page',
|
Chris@0
|
52 'new_revision' => FALSE,
|
Chris@0
|
53 ]);
|
Chris@0
|
54 $page->save();
|
Chris@0
|
55
|
Chris@0
|
56 // Create the article node type with revisions disabled.
|
Chris@0
|
57 $article = NodeType::create([
|
Chris@0
|
58 'type' => 'article',
|
Chris@0
|
59 'new_revision' => TRUE,
|
Chris@0
|
60 ]);
|
Chris@0
|
61 $article->save();
|
Chris@0
|
62
|
Chris@0
|
63 // An administrator user. No user exists yet, ensure that the first user
|
Chris@0
|
64 // does not have UID 1.
|
Chris@0
|
65 $content_admin_user = $this->createUser(['uid' => 2], ['administer nodes']);
|
Chris@0
|
66
|
Chris@0
|
67 // Two different editor users.
|
Chris@0
|
68 $page_creator_user = $this->createUser([], ['create page content', 'edit own page content', 'delete own page content']);
|
Chris@0
|
69 $page_manager_user = $this->createUser([], ['create page content', 'edit any page content', 'delete any page content']);
|
Chris@0
|
70
|
Chris@0
|
71 // An unprivileged user.
|
Chris@0
|
72 $page_unrelated_user = $this->createUser([], ['access content']);
|
Chris@0
|
73
|
Chris@0
|
74 // List of all users
|
Chris@0
|
75 $test_users = [
|
Chris@0
|
76 $content_admin_user,
|
Chris@0
|
77 $page_creator_user,
|
Chris@0
|
78 $page_manager_user,
|
Chris@0
|
79 $page_unrelated_user,
|
Chris@0
|
80 ];
|
Chris@0
|
81
|
Chris@0
|
82 // Create three "Basic pages". One is owned by our test-user
|
Chris@0
|
83 // "page_creator", one by "page_manager", and one by someone else.
|
Chris@0
|
84 $node1 = Node::create([
|
Chris@0
|
85 'title' => $this->randomMachineName(8),
|
Chris@0
|
86 'uid' => $page_creator_user->id(),
|
Chris@0
|
87 'type' => 'page',
|
Chris@0
|
88 ]);
|
Chris@0
|
89 $node2 = Node::create([
|
Chris@0
|
90 'title' => $this->randomMachineName(8),
|
Chris@0
|
91 'uid' => $page_manager_user->id(),
|
Chris@0
|
92 'type' => 'article',
|
Chris@0
|
93 ]);
|
Chris@0
|
94 $node3 = Node::create([
|
Chris@0
|
95 'title' => $this->randomMachineName(8),
|
Chris@0
|
96 'type' => 'page',
|
Chris@0
|
97 ]);
|
Chris@0
|
98
|
Chris@0
|
99 foreach ($this->administrativeFields as $field) {
|
Chris@0
|
100
|
Chris@0
|
101 // Checks on view operations.
|
Chris@0
|
102 foreach ($test_users as $account) {
|
Chris@0
|
103 $may_view = $node1->{$field}->access('view', $account);
|
Chris@17
|
104 $this->assertTrue($may_view, new FormattableMarkup('Any user may view the field @name.', ['@name' => $field]));
|
Chris@0
|
105 }
|
Chris@0
|
106
|
Chris@0
|
107 // Checks on edit operations.
|
Chris@0
|
108 $may_update = $node1->{$field}->access('edit', $page_creator_user);
|
Chris@17
|
109 $this->assertFalse($may_update, new FormattableMarkup('Users with permission "edit own page content" is not allowed to the field @name.', ['@name' => $field]));
|
Chris@0
|
110 $may_update = $node2->{$field}->access('edit', $page_creator_user);
|
Chris@17
|
111 $this->assertFalse($may_update, new FormattableMarkup('Users with permission "edit own page content" is not allowed to the field @name.', ['@name' => $field]));
|
Chris@0
|
112 $may_update = $node2->{$field}->access('edit', $page_manager_user);
|
Chris@17
|
113 $this->assertFalse($may_update, new FormattableMarkup('Users with permission "edit any page content" is not allowed to the field @name.', ['@name' => $field]));
|
Chris@0
|
114 $may_update = $node1->{$field}->access('edit', $page_manager_user);
|
Chris@17
|
115 $this->assertFalse($may_update, new FormattableMarkup('Users with permission "edit any page content" is not allowed to the field @name.', ['@name' => $field]));
|
Chris@0
|
116 $may_update = $node2->{$field}->access('edit', $page_unrelated_user);
|
Chris@17
|
117 $this->assertFalse($may_update, new FormattableMarkup('Users not having permission "edit any page content" is not allowed to the field @name.', ['@name' => $field]));
|
Chris@0
|
118 $may_update = $node1->{$field}->access('edit', $content_admin_user) && $node3->status->access('edit', $content_admin_user);
|
Chris@17
|
119 $this->assertTrue($may_update, new FormattableMarkup('Users with permission "administer nodes" may edit @name fields on all nodes.', ['@name' => $field]));
|
Chris@0
|
120 }
|
Chris@0
|
121
|
Chris@0
|
122 foreach ($this->readOnlyFields as $field) {
|
Chris@0
|
123 // Check view operation.
|
Chris@0
|
124 foreach ($test_users as $account) {
|
Chris@0
|
125 $may_view = $node1->{$field}->access('view', $account);
|
Chris@17
|
126 $this->assertTrue($may_view, new FormattableMarkup('Any user may view the field @name.', ['@name' => $field]));
|
Chris@0
|
127 }
|
Chris@0
|
128
|
Chris@0
|
129 // Check edit operation.
|
Chris@0
|
130 foreach ($test_users as $account) {
|
Chris@0
|
131 $may_view = $node1->{$field}->access('edit', $account);
|
Chris@17
|
132 $this->assertFalse($may_view, new FormattableMarkup('No user is not allowed to edit the field @name.', ['@name' => $field]));
|
Chris@0
|
133 }
|
Chris@0
|
134 }
|
Chris@0
|
135
|
Chris@0
|
136 // Check the revision_log field on node 1 which has revisions disabled.
|
Chris@0
|
137 $may_update = $node1->revision_log->access('edit', $content_admin_user);
|
Chris@0
|
138 $this->assertTrue($may_update, 'A user with permission "administer nodes" can edit the revision_log field when revisions are disabled.');
|
Chris@0
|
139 $may_update = $node1->revision_log->access('edit', $page_creator_user);
|
Chris@0
|
140 $this->assertFalse($may_update, 'A user without permission "administer nodes" can not edit the revision_log field when revisions are disabled.');
|
Chris@0
|
141
|
Chris@0
|
142 // Check the revision_log field on node 2 which has revisions enabled.
|
Chris@0
|
143 $may_update = $node2->revision_log->access('edit', $content_admin_user);
|
Chris@0
|
144 $this->assertTrue($may_update, 'A user with permission "administer nodes" can edit the revision_log field when revisions are enabled.');
|
Chris@0
|
145 $may_update = $node2->revision_log->access('edit', $page_creator_user);
|
Chris@0
|
146 $this->assertTrue($may_update, 'A user without permission "administer nodes" can edit the revision_log field when revisions are enabled.');
|
Chris@0
|
147 }
|
Chris@0
|
148
|
Chris@0
|
149 }
|