Mercurial > hg > isophonics-drupal-site

comparison core/modules/comment/tests/src/Functional/CommentAccessTest.php @ 12:7a779792577d

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Update Drupal core to v8.4.5 (via Composer)
author Chris Cannam
date Fri, 23 Feb 2018 15:52:07 +0000
parents
children 129ea1e6d783
comparison
equal deleted inserted replaced
11:bfffd8d7479a 12:7a779792577d
1 <?php
2
3 namespace Drupal\Tests\comment\Functional;
4
5 use Drupal\comment\Entity\Comment;
6 use Drupal\comment\Tests\CommentTestTrait;
7 use Drupal\node\Entity\NodeType;
8 use Drupal\Tests\BrowserTestBase;
9
10 /**
11 * Tests comment administration and preview access.
12 *
13 * @group comment
14 */
15 class CommentAccessTest extends BrowserTestBase {
16
17 use CommentTestTrait;
18
19 /**
20 * {@inheritdoc}
21 */
22 public static $modules = [
23 'node',
24 'comment',
25 ];
26
27 /**
28 * Node for commenting.
29 *
30 * @var \Drupal\node\NodeInterface
31 */
32 protected $unpublishedNode;
33
34 /**
35 * {@inheritdoc}
36 */
37 protected function setUp() {
38 parent::setUp();
39
40 $node_type = NodeType::create([
41 'type' => 'article',
42 'name' => 'Article',
43 ]);
44 $node_type->save();
45 $node_author = $this->drupalCreateUser([
46 'create article content',
47 'access comments',
48 ]);
49
50 $this->drupalLogin($this->drupalCreateUser([
51 'edit own comments',
52 'skip comment approval',
53 'post comments',
54 'access comments',
55 'access content',
56 ]));
57
58 $this->addDefaultCommentField('node', 'article');
59 $this->unpublishedNode = $this->createNode([
60 'title' => 'This is unpublished',
61 'uid' => $node_author->id(),
62 'status' => 0,
63 'type' => 'article',
64 ]);
65 $this->unpublishedNode->save();
66 }
67
68 /**
69 * Tests commenting disabled for access-blocked entities.
70 */
71 public function testCannotCommentOnEntitiesYouCannotView() {
72 $assert = $this->assertSession();
73
74 $comment_url = 'comment/reply/node/' . $this->unpublishedNode->id() . '/comment';
75
76 // Commenting on an unpublished node results in access denied.
77 $this->drupalGet($comment_url);
78 $assert->statusCodeEquals(403);
79
80 // Publishing the node grants access.
81 $this->unpublishedNode->setPublished(TRUE)->save();
82 $this->drupalGet($comment_url);
83 $assert->statusCodeEquals(200);
84 }
85
86 /**
87 * Tests cannot view comment reply form on entities you cannot view.
88 */
89 public function testCannotViewCommentReplyFormOnEntitiesYouCannotView() {
90 $assert = $this->assertSession();
91
92 // Create a comment on an unpublished node.
93 $comment = Comment::create([
94 'entity_type' => 'node',
95 'name' => 'Tony',
96 'hostname' => 'magic.example.com',
97 'mail' => 'foo@example.com',
98 'subject' => 'Comment on unpublished node',
99 'entity_id' => $this->unpublishedNode->id(),
100 'comment_type' => 'comment',
101 'field_name' => 'comment',
102 'pid' => 0,
103 'uid' => $this->unpublishedNode->getOwnerId(),
104 'status' => 1,
105 ]);
106 $comment->save();
107
108 $comment_url = 'comment/reply/node/' . $this->unpublishedNode->id() . '/comment/' . $comment->id();
109
110 // Replying to a comment on an unpublished node results in access denied.
111 $this->drupalGet($comment_url);
112 $assert->statusCodeEquals(403);
113
114 // Publishing the node grants access.
115 $this->unpublishedNode->setPublished(TRUE)->save();
116 $this->drupalGet($comment_url);
117 $assert->statusCodeEquals(200);
118 }
119
120 }