Chris@12: 'article', Chris@12: 'name' => 'Article', Chris@12: ]); Chris@12: $node_type->save(); Chris@12: $node_author = $this->drupalCreateUser([ Chris@12: 'create article content', Chris@12: 'access comments', Chris@12: ]); Chris@12: Chris@12: $this->drupalLogin($this->drupalCreateUser([ Chris@12: 'edit own comments', Chris@12: 'skip comment approval', Chris@12: 'post comments', Chris@12: 'access comments', Chris@12: 'access content', Chris@12: ])); Chris@12: Chris@12: $this->addDefaultCommentField('node', 'article'); Chris@12: $this->unpublishedNode = $this->createNode([ Chris@12: 'title' => 'This is unpublished', Chris@12: 'uid' => $node_author->id(), Chris@12: 'status' => 0, Chris@12: 'type' => 'article', Chris@12: ]); Chris@12: $this->unpublishedNode->save(); Chris@12: } Chris@12: Chris@12: /** Chris@12: * Tests commenting disabled for access-blocked entities. Chris@12: */ Chris@12: public function testCannotCommentOnEntitiesYouCannotView() { Chris@12: $assert = $this->assertSession(); Chris@12: Chris@12: $comment_url = 'comment/reply/node/' . $this->unpublishedNode->id() . '/comment'; Chris@12: Chris@12: // Commenting on an unpublished node results in access denied. Chris@12: $this->drupalGet($comment_url); Chris@12: $assert->statusCodeEquals(403); Chris@12: Chris@12: // Publishing the node grants access. Chris@17: $this->unpublishedNode->setPublished()->save(); Chris@12: $this->drupalGet($comment_url); Chris@12: $assert->statusCodeEquals(200); Chris@12: } Chris@12: Chris@12: /** Chris@12: * Tests cannot view comment reply form on entities you cannot view. Chris@12: */ Chris@12: public function testCannotViewCommentReplyFormOnEntitiesYouCannotView() { Chris@12: $assert = $this->assertSession(); Chris@12: Chris@12: // Create a comment on an unpublished node. Chris@12: $comment = Comment::create([ Chris@12: 'entity_type' => 'node', Chris@12: 'name' => 'Tony', Chris@12: 'hostname' => 'magic.example.com', Chris@12: 'mail' => 'foo@example.com', Chris@12: 'subject' => 'Comment on unpublished node', Chris@12: 'entity_id' => $this->unpublishedNode->id(), Chris@12: 'comment_type' => 'comment', Chris@12: 'field_name' => 'comment', Chris@12: 'pid' => 0, Chris@12: 'uid' => $this->unpublishedNode->getOwnerId(), Chris@12: 'status' => 1, Chris@12: ]); Chris@12: $comment->save(); Chris@12: Chris@12: $comment_url = 'comment/reply/node/' . $this->unpublishedNode->id() . '/comment/' . $comment->id(); Chris@12: Chris@12: // Replying to a comment on an unpublished node results in access denied. Chris@12: $this->drupalGet($comment_url); Chris@12: $assert->statusCodeEquals(403); Chris@12: Chris@12: // Publishing the node grants access. Chris@17: $this->unpublishedNode->setPublished()->save(); Chris@12: $this->drupalGet($comment_url); Chris@12: $assert->statusCodeEquals(200); Chris@12: } Chris@12: Chris@12: }