Mercurial > hg > isophonics-drupal-site
comparison core/modules/node/tests/src/Kernel/NodeFieldAccessTest.php @ 0:4c8ae668cc8c
Initial import (non-working)
| author | Chris Cannam |
|---|---|
| date | Wed, 29 Nov 2017 16:09:58 +0000 |
| parents | |
| children | 129ea1e6d783 |
comparison
equal
deleted
inserted
replaced
| -1:000000000000 | 0:4c8ae668cc8c |
|---|---|
| 1 <?php | |
| 2 | |
| 3 namespace Drupal\Tests\node\Kernel; | |
| 4 | |
| 5 use Drupal\Component\Utility\SafeMarkup; | |
| 6 use Drupal\KernelTests\Core\Entity\EntityKernelTestBase; | |
| 7 use Drupal\node\Entity\Node; | |
| 8 use Drupal\node\Entity\NodeType; | |
| 9 | |
| 10 /** | |
| 11 * Tests node field level access. | |
| 12 * | |
| 13 * @group node | |
| 14 */ | |
| 15 class NodeFieldAccessTest extends EntityKernelTestBase { | |
| 16 | |
| 17 /** | |
| 18 * Modules to enable. | |
| 19 * | |
| 20 * @var array | |
| 21 */ | |
| 22 public static $modules = ['node']; | |
| 23 | |
| 24 /** | |
| 25 * Fields that only users with administer nodes permissions can change. | |
| 26 * | |
| 27 * @var array | |
| 28 */ | |
| 29 protected $administrativeFields = [ | |
| 30 'status', | |
| 31 'promote', | |
| 32 'sticky', | |
| 33 'created', | |
| 34 'uid', | |
| 35 ]; | |
| 36 | |
| 37 /** | |
| 38 * These fields are automatically managed and can not be changed by any user. | |
| 39 * | |
| 40 * @var array | |
| 41 */ | |
| 42 protected $readOnlyFields = ['changed', 'revision_uid', 'revision_timestamp']; | |
| 43 | |
| 44 /** | |
| 45 * Test permissions on nodes status field. | |
| 46 */ | |
| 47 public function testAccessToAdministrativeFields() { | |
| 48 | |
| 49 // Create the page node type with revisions disabled. | |
| 50 $page = NodeType::create([ | |
| 51 'type' => 'page', | |
| 52 'new_revision' => FALSE, | |
| 53 ]); | |
| 54 $page->save(); | |
| 55 | |
| 56 // Create the article node type with revisions disabled. | |
| 57 $article = NodeType::create([ | |
| 58 'type' => 'article', | |
| 59 'new_revision' => TRUE, | |
| 60 ]); | |
| 61 $article->save(); | |
| 62 | |
| 63 // An administrator user. No user exists yet, ensure that the first user | |
| 64 // does not have UID 1. | |
| 65 $content_admin_user = $this->createUser(['uid' => 2], ['administer nodes']); | |
| 66 | |
| 67 // Two different editor users. | |
| 68 $page_creator_user = $this->createUser([], ['create page content', 'edit own page content', 'delete own page content']); | |
| 69 $page_manager_user = $this->createUser([], ['create page content', 'edit any page content', 'delete any page content']); | |
| 70 | |
| 71 // An unprivileged user. | |
| 72 $page_unrelated_user = $this->createUser([], ['access content']); | |
| 73 | |
| 74 // List of all users | |
| 75 $test_users = [ | |
| 76 $content_admin_user, | |
| 77 $page_creator_user, | |
| 78 $page_manager_user, | |
| 79 $page_unrelated_user, | |
| 80 ]; | |
| 81 | |
| 82 // Create three "Basic pages". One is owned by our test-user | |
| 83 // "page_creator", one by "page_manager", and one by someone else. | |
| 84 $node1 = Node::create([ | |
| 85 'title' => $this->randomMachineName(8), | |
| 86 'uid' => $page_creator_user->id(), | |
| 87 'type' => 'page', | |
| 88 ]); | |
| 89 $node2 = Node::create([ | |
| 90 'title' => $this->randomMachineName(8), | |
| 91 'uid' => $page_manager_user->id(), | |
| 92 'type' => 'article', | |
| 93 ]); | |
| 94 $node3 = Node::create([ | |
| 95 'title' => $this->randomMachineName(8), | |
| 96 'type' => 'page', | |
| 97 ]); | |
| 98 | |
| 99 foreach ($this->administrativeFields as $field) { | |
| 100 | |
| 101 // Checks on view operations. | |
| 102 foreach ($test_users as $account) { | |
| 103 $may_view = $node1->{$field}->access('view', $account); | |
| 104 $this->assertTrue($may_view, SafeMarkup::format('Any user may view the field @name.', ['@name' => $field])); | |
| 105 } | |
| 106 | |
| 107 // Checks on edit operations. | |
| 108 $may_update = $node1->{$field}->access('edit', $page_creator_user); | |
| 109 $this->assertFalse($may_update, SafeMarkup::format('Users with permission "edit own page content" is not allowed to the field @name.', ['@name' => $field])); | |
| 110 $may_update = $node2->{$field}->access('edit', $page_creator_user); | |
| 111 $this->assertFalse($may_update, SafeMarkup::format('Users with permission "edit own page content" is not allowed to the field @name.', ['@name' => $field])); | |
| 112 $may_update = $node2->{$field}->access('edit', $page_manager_user); | |
| 113 $this->assertFalse($may_update, SafeMarkup::format('Users with permission "edit any page content" is not allowed to the field @name.', ['@name' => $field])); | |
| 114 $may_update = $node1->{$field}->access('edit', $page_manager_user); | |
| 115 $this->assertFalse($may_update, SafeMarkup::format('Users with permission "edit any page content" is not allowed to the field @name.', ['@name' => $field])); | |
| 116 $may_update = $node2->{$field}->access('edit', $page_unrelated_user); | |
| 117 $this->assertFalse($may_update, SafeMarkup::format('Users not having permission "edit any page content" is not allowed to the field @name.', ['@name' => $field])); | |
| 118 $may_update = $node1->{$field}->access('edit', $content_admin_user) && $node3->status->access('edit', $content_admin_user); | |
| 119 $this->assertTrue($may_update, SafeMarkup::format('Users with permission "administer nodes" may edit @name fields on all nodes.', ['@name' => $field])); | |
| 120 } | |
| 121 | |
| 122 foreach ($this->readOnlyFields as $field) { | |
| 123 // Check view operation. | |
| 124 foreach ($test_users as $account) { | |
| 125 $may_view = $node1->{$field}->access('view', $account); | |
| 126 $this->assertTrue($may_view, SafeMarkup::format('Any user may view the field @name.', ['@name' => $field])); | |
| 127 } | |
| 128 | |
| 129 // Check edit operation. | |
| 130 foreach ($test_users as $account) { | |
| 131 $may_view = $node1->{$field}->access('edit', $account); | |
| 132 $this->assertFalse($may_view, SafeMarkup::format('No user is not allowed to edit the field @name.', ['@name' => $field])); | |
| 133 } | |
| 134 } | |
| 135 | |
| 136 // Check the revision_log field on node 1 which has revisions disabled. | |
| 137 $may_update = $node1->revision_log->access('edit', $content_admin_user); | |
| 138 $this->assertTrue($may_update, 'A user with permission "administer nodes" can edit the revision_log field when revisions are disabled.'); | |
| 139 $may_update = $node1->revision_log->access('edit', $page_creator_user); | |
| 140 $this->assertFalse($may_update, 'A user without permission "administer nodes" can not edit the revision_log field when revisions are disabled.'); | |
| 141 | |
| 142 // Check the revision_log field on node 2 which has revisions enabled. | |
| 143 $may_update = $node2->revision_log->access('edit', $content_admin_user); | |
| 144 $this->assertTrue($may_update, 'A user with permission "administer nodes" can edit the revision_log field when revisions are enabled.'); | |
| 145 $may_update = $node2->revision_log->access('edit', $page_creator_user); | |
| 146 $this->assertTrue($may_update, 'A user without permission "administer nodes" can edit the revision_log field when revisions are enabled.'); | |
| 147 } | |
| 148 | |
| 149 } |