Chris@12: <?php
Chris@12: 
Chris@12: namespace Drupal\Tests\comment\Functional;
Chris@12: 
Chris@12: use Drupal\comment\Entity\Comment;
Chris@12: use Drupal\comment\Tests\CommentTestTrait;
Chris@12: use Drupal\node\Entity\NodeType;
Chris@12: use Drupal\Tests\BrowserTestBase;
Chris@12: 
Chris@12: /**
Chris@12:  * Tests comment administration and preview access.
Chris@12:  *
Chris@12:  * @group comment
Chris@12:  */
Chris@12: class CommentAccessTest extends BrowserTestBase {
Chris@12: 
Chris@12:   use CommentTestTrait;
Chris@12: 
Chris@12:   /**
Chris@12:    * {@inheritdoc}
Chris@12:    */
Chris@12:   public static $modules = [
Chris@12:     'node',
Chris@12:     'comment',
Chris@12:   ];
Chris@12: 
Chris@12:   /**
Chris@12:    * Node for commenting.
Chris@12:    *
Chris@12:    * @var \Drupal\node\NodeInterface
Chris@12:    */
Chris@12:   protected $unpublishedNode;
Chris@12: 
Chris@12:   /**
Chris@12:    * {@inheritdoc}
Chris@12:    */
Chris@12:   protected function setUp() {
Chris@12:     parent::setUp();
Chris@12: 
Chris@12:     $node_type = NodeType::create([
Chris@12:       'type' => 'article',
Chris@12:       'name' => 'Article',
Chris@12:     ]);
Chris@12:     $node_type->save();
Chris@12:     $node_author = $this->drupalCreateUser([
Chris@12:       'create article content',
Chris@12:       'access comments',
Chris@12:     ]);
Chris@12: 
Chris@12:     $this->drupalLogin($this->drupalCreateUser([
Chris@12:       'edit own comments',
Chris@12:       'skip comment approval',
Chris@12:       'post comments',
Chris@12:       'access comments',
Chris@12:       'access content',
Chris@12:     ]));
Chris@12: 
Chris@12:     $this->addDefaultCommentField('node', 'article');
Chris@12:     $this->unpublishedNode = $this->createNode([
Chris@12:       'title' => 'This is unpublished',
Chris@12:       'uid' => $node_author->id(),
Chris@12:       'status' => 0,
Chris@12:       'type' => 'article',
Chris@12:     ]);
Chris@12:     $this->unpublishedNode->save();
Chris@12:   }
Chris@12: 
Chris@12:   /**
Chris@12:    * Tests commenting disabled for access-blocked entities.
Chris@12:    */
Chris@12:   public function testCannotCommentOnEntitiesYouCannotView() {
Chris@12:     $assert = $this->assertSession();
Chris@12: 
Chris@12:     $comment_url = 'comment/reply/node/' . $this->unpublishedNode->id() . '/comment';
Chris@12: 
Chris@12:     // Commenting on an unpublished node results in access denied.
Chris@12:     $this->drupalGet($comment_url);
Chris@12:     $assert->statusCodeEquals(403);
Chris@12: 
Chris@12:     // Publishing the node grants access.
Chris@17:     $this->unpublishedNode->setPublished()->save();
Chris@12:     $this->drupalGet($comment_url);
Chris@12:     $assert->statusCodeEquals(200);
Chris@12:   }
Chris@12: 
Chris@12:   /**
Chris@12:    * Tests cannot view comment reply form on entities you cannot view.
Chris@12:    */
Chris@12:   public function testCannotViewCommentReplyFormOnEntitiesYouCannotView() {
Chris@12:     $assert = $this->assertSession();
Chris@12: 
Chris@12:     // Create a comment on an unpublished node.
Chris@12:     $comment = Comment::create([
Chris@12:       'entity_type' => 'node',
Chris@12:       'name' => 'Tony',
Chris@12:       'hostname' => 'magic.example.com',
Chris@12:       'mail' => 'foo@example.com',
Chris@12:       'subject' => 'Comment on unpublished node',
Chris@12:       'entity_id' => $this->unpublishedNode->id(),
Chris@12:       'comment_type' => 'comment',
Chris@12:       'field_name' => 'comment',
Chris@12:       'pid' => 0,
Chris@12:       'uid' => $this->unpublishedNode->getOwnerId(),
Chris@12:       'status' => 1,
Chris@12:     ]);
Chris@12:     $comment->save();
Chris@12: 
Chris@12:     $comment_url = 'comment/reply/node/' . $this->unpublishedNode->id() . '/comment/' . $comment->id();
Chris@12: 
Chris@12:     // Replying to a comment on an unpublished node results in access denied.
Chris@12:     $this->drupalGet($comment_url);
Chris@12:     $assert->statusCodeEquals(403);
Chris@12: 
Chris@12:     // Publishing the node grants access.
Chris@17:     $this->unpublishedNode->setPublished()->save();
Chris@12:     $this->drupalGet($comment_url);
Chris@12:     $assert->statusCodeEquals(200);
Chris@12:   }
Chris@12: 
Chris@12: }