Mercurial > hg > isophonics-drupal-site
diff core/modules/node/tests/src/Kernel/NodeFieldAccessTest.php @ 0:4c8ae668cc8c
Initial import (non-working)
| author | Chris Cannam |
|---|---|
| date | Wed, 29 Nov 2017 16:09:58 +0000 |
| parents | |
| children | 129ea1e6d783 |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/core/modules/node/tests/src/Kernel/NodeFieldAccessTest.php Wed Nov 29 16:09:58 2017 +0000 @@ -0,0 +1,149 @@ +<?php + +namespace Drupal\Tests\node\Kernel; + +use Drupal\Component\Utility\SafeMarkup; +use Drupal\KernelTests\Core\Entity\EntityKernelTestBase; +use Drupal\node\Entity\Node; +use Drupal\node\Entity\NodeType; + +/** + * Tests node field level access. + * + * @group node + */ +class NodeFieldAccessTest extends EntityKernelTestBase { + + /** + * Modules to enable. + * + * @var array + */ + public static $modules = ['node']; + + /** + * Fields that only users with administer nodes permissions can change. + * + * @var array + */ + protected $administrativeFields = [ + 'status', + 'promote', + 'sticky', + 'created', + 'uid', + ]; + + /** + * These fields are automatically managed and can not be changed by any user. + * + * @var array + */ + protected $readOnlyFields = ['changed', 'revision_uid', 'revision_timestamp']; + + /** + * Test permissions on nodes status field. + */ + public function testAccessToAdministrativeFields() { + + // Create the page node type with revisions disabled. + $page = NodeType::create([ + 'type' => 'page', + 'new_revision' => FALSE, + ]); + $page->save(); + + // Create the article node type with revisions disabled. + $article = NodeType::create([ + 'type' => 'article', + 'new_revision' => TRUE, + ]); + $article->save(); + + // An administrator user. No user exists yet, ensure that the first user + // does not have UID 1. + $content_admin_user = $this->createUser(['uid' => 2], ['administer nodes']); + + // Two different editor users. + $page_creator_user = $this->createUser([], ['create page content', 'edit own page content', 'delete own page content']); + $page_manager_user = $this->createUser([], ['create page content', 'edit any page content', 'delete any page content']); + + // An unprivileged user. + $page_unrelated_user = $this->createUser([], ['access content']); + + // List of all users + $test_users = [ + $content_admin_user, + $page_creator_user, + $page_manager_user, + $page_unrelated_user, + ]; + + // Create three "Basic pages". One is owned by our test-user + // "page_creator", one by "page_manager", and one by someone else. + $node1 = Node::create([ + 'title' => $this->randomMachineName(8), + 'uid' => $page_creator_user->id(), + 'type' => 'page', + ]); + $node2 = Node::create([ + 'title' => $this->randomMachineName(8), + 'uid' => $page_manager_user->id(), + 'type' => 'article', + ]); + $node3 = Node::create([ + 'title' => $this->randomMachineName(8), + 'type' => 'page', + ]); + + foreach ($this->administrativeFields as $field) { + + // Checks on view operations. + foreach ($test_users as $account) { + $may_view = $node1->{$field}->access('view', $account); + $this->assertTrue($may_view, SafeMarkup::format('Any user may view the field @name.', ['@name' => $field])); + } + + // Checks on edit operations. + $may_update = $node1->{$field}->access('edit', $page_creator_user); + $this->assertFalse($may_update, SafeMarkup::format('Users with permission "edit own page content" is not allowed to the field @name.', ['@name' => $field])); + $may_update = $node2->{$field}->access('edit', $page_creator_user); + $this->assertFalse($may_update, SafeMarkup::format('Users with permission "edit own page content" is not allowed to the field @name.', ['@name' => $field])); + $may_update = $node2->{$field}->access('edit', $page_manager_user); + $this->assertFalse($may_update, SafeMarkup::format('Users with permission "edit any page content" is not allowed to the field @name.', ['@name' => $field])); + $may_update = $node1->{$field}->access('edit', $page_manager_user); + $this->assertFalse($may_update, SafeMarkup::format('Users with permission "edit any page content" is not allowed to the field @name.', ['@name' => $field])); + $may_update = $node2->{$field}->access('edit', $page_unrelated_user); + $this->assertFalse($may_update, SafeMarkup::format('Users not having permission "edit any page content" is not allowed to the field @name.', ['@name' => $field])); + $may_update = $node1->{$field}->access('edit', $content_admin_user) && $node3->status->access('edit', $content_admin_user); + $this->assertTrue($may_update, SafeMarkup::format('Users with permission "administer nodes" may edit @name fields on all nodes.', ['@name' => $field])); + } + + foreach ($this->readOnlyFields as $field) { + // Check view operation. + foreach ($test_users as $account) { + $may_view = $node1->{$field}->access('view', $account); + $this->assertTrue($may_view, SafeMarkup::format('Any user may view the field @name.', ['@name' => $field])); + } + + // Check edit operation. + foreach ($test_users as $account) { + $may_view = $node1->{$field}->access('edit', $account); + $this->assertFalse($may_view, SafeMarkup::format('No user is not allowed to edit the field @name.', ['@name' => $field])); + } + } + + // Check the revision_log field on node 1 which has revisions disabled. + $may_update = $node1->revision_log->access('edit', $content_admin_user); + $this->assertTrue($may_update, 'A user with permission "administer nodes" can edit the revision_log field when revisions are disabled.'); + $may_update = $node1->revision_log->access('edit', $page_creator_user); + $this->assertFalse($may_update, 'A user without permission "administer nodes" can not edit the revision_log field when revisions are disabled.'); + + // Check the revision_log field on node 2 which has revisions enabled. + $may_update = $node2->revision_log->access('edit', $content_admin_user); + $this->assertTrue($may_update, 'A user with permission "administer nodes" can edit the revision_log field when revisions are enabled.'); + $may_update = $node2->revision_log->access('edit', $page_creator_user); + $this->assertTrue($may_update, 'A user without permission "administer nodes" can edit the revision_log field when revisions are enabled.'); + } + +}