Chris@0: installConfig(['user', 'comment']); Chris@0: $this->installSchema('comment', ['comment_entity_statistics']); Chris@0: } Chris@0: Chris@0: /** Chris@0: * Test permissions on comment fields. Chris@0: */ Chris@0: public function testAccessToAdministrativeFields() { Chris@0: // Create a comment type. Chris@0: $comment_type = CommentType::create([ Chris@0: 'id' => 'comment', Chris@0: 'label' => 'Default comments', Chris@0: 'description' => 'Default comment field', Chris@0: 'target_entity_type_id' => 'entity_test', Chris@0: ]); Chris@0: $comment_type->save(); Chris@0: Chris@0: // Create a comment against a test entity. Chris@0: $host = EntityTest::create(); Chris@0: $host->save(); Chris@0: Chris@0: // An administrator user. No user exists yet, ensure that the first user Chris@0: // does not have UID 1. Chris@0: $comment_admin_user = $this->createUser(['uid' => 2, 'name' => 'admin'], [ Chris@0: 'administer comments', Chris@0: 'access comments', Chris@0: ]); Chris@0: Chris@0: // Two comment enabled users, one with edit access. Chris@0: $comment_enabled_user = $this->createUser(['name' => 'enabled'], [ Chris@0: 'post comments', Chris@0: 'skip comment approval', Chris@0: 'edit own comments', Chris@0: 'access comments', Chris@0: ]); Chris@0: $comment_no_edit_user = $this->createUser(['name' => 'no edit'], [ Chris@0: 'post comments', Chris@0: 'skip comment approval', Chris@0: 'access comments', Chris@0: ]); Chris@0: Chris@0: // An unprivileged user. Chris@0: $comment_disabled_user = $this->createUser(['name' => 'disabled'], ['access content']); Chris@0: Chris@0: $role = Role::load(RoleInterface::ANONYMOUS_ID); Chris@0: $role->grantPermission('post comments') Chris@0: ->save(); Chris@0: Chris@0: $anonymous_user = new AnonymousUserSession(); Chris@0: Chris@0: // Add two fields. Chris@0: $this->addDefaultCommentField('entity_test', 'entity_test', 'comment'); Chris@0: $this->addDefaultCommentField('entity_test', 'entity_test', 'comment_other'); Chris@0: Chris@0: // Change the second field's anonymous contact setting. Chris@0: $instance = FieldConfig::loadByName('entity_test', 'entity_test', 'comment_other'); Chris@0: // Default is 'May not contact', for this field - they may contact. Chris@18: $instance->setSetting('anonymous', CommentInterface::ANONYMOUS_MAY_CONTACT); Chris@0: $instance->save(); Chris@0: Chris@0: // Create three "Comments". One is owned by our edit-enabled user. Chris@0: $comment1 = Comment::create([ Chris@0: 'entity_type' => 'entity_test', Chris@0: 'name' => 'Tony', Chris@0: 'hostname' => 'magic.example.com', Chris@0: 'mail' => 'tonythemagicalpony@example.com', Chris@0: 'subject' => 'Bruce the Mesopotamian moose', Chris@0: 'entity_id' => $host->id(), Chris@0: 'comment_type' => 'comment', Chris@0: 'field_name' => 'comment', Chris@0: 'pid' => 0, Chris@0: 'uid' => 0, Chris@0: 'status' => 1, Chris@0: ]); Chris@0: $comment1->save(); Chris@0: $comment2 = Comment::create([ Chris@0: 'entity_type' => 'entity_test', Chris@0: 'hostname' => 'magic.example.com', Chris@0: 'subject' => 'Brian the messed up lion', Chris@0: 'entity_id' => $host->id(), Chris@0: 'comment_type' => 'comment', Chris@0: 'field_name' => 'comment', Chris@0: 'status' => 1, Chris@0: 'pid' => 0, Chris@0: 'uid' => $comment_enabled_user->id(), Chris@0: ]); Chris@0: $comment2->save(); Chris@0: $comment3 = Comment::create([ Chris@0: 'entity_type' => 'entity_test', Chris@0: 'hostname' => 'magic.example.com', Chris@0: // Unpublished. Chris@0: 'status' => 0, Chris@0: 'subject' => 'Gail the minky whale', Chris@0: 'entity_id' => $host->id(), Chris@0: 'comment_type' => 'comment', Chris@0: 'field_name' => 'comment_other', Chris@0: 'pid' => $comment2->id(), Chris@0: 'uid' => $comment_no_edit_user->id(), Chris@0: ]); Chris@0: $comment3->save(); Chris@0: // Note we intentionally don't save this comment so it remains 'new'. Chris@0: $comment4 = Comment::create([ Chris@0: 'entity_type' => 'entity_test', Chris@0: 'hostname' => 'magic.example.com', Chris@0: // Unpublished. Chris@0: 'status' => 0, Chris@0: 'subject' => 'Daniel the Cocker-Spaniel', Chris@0: 'entity_id' => $host->id(), Chris@0: 'comment_type' => 'comment', Chris@0: 'field_name' => 'comment_other', Chris@0: 'pid' => 0, Chris@0: 'uid' => $anonymous_user->id(), Chris@0: ]); Chris@0: Chris@0: // Generate permutations. Chris@0: $combinations = [ Chris@0: 'comment' => [$comment1, $comment2, $comment3, $comment4], Chris@17: 'user' => [$comment_admin_user, $comment_enabled_user, $comment_no_edit_user, $comment_disabled_user, $anonymous_user], Chris@0: ]; Chris@0: $permutations = $this->generatePermutations($combinations); Chris@0: Chris@0: // Check access to administrative fields. Chris@0: foreach ($this->administrativeFields as $field) { Chris@0: foreach ($permutations as $set) { Chris@0: $may_view = $set['comment']->{$field}->access('view', $set['user']); Chris@0: $may_update = $set['comment']->{$field}->access('edit', $set['user']); Chris@17: $this->assertTrue($may_view, new FormattableMarkup('User @user can view field @field on comment @comment', [ Chris@18: '@user' => $set['user']->getAccountName(), Chris@0: '@comment' => $set['comment']->getSubject(), Chris@0: '@field' => $field, Chris@0: ])); Chris@17: $this->assertEqual($may_update, $set['user']->hasPermission('administer comments'), new FormattableMarkup('User @user @state update field @field on comment @comment', [ Chris@18: '@user' => $set['user']->getAccountName(), Chris@0: '@state' => $may_update ? 'can' : 'cannot', Chris@0: '@comment' => $set['comment']->getSubject(), Chris@0: '@field' => $field, Chris@0: ])); Chris@0: } Chris@0: } Chris@0: Chris@0: // Check access to normal field. Chris@0: foreach ($permutations as $set) { Chris@0: $may_update = $set['comment']->access('update', $set['user']) && $set['comment']->subject->access('edit', $set['user']); Chris@17: $this->assertEqual($may_update, $set['user']->hasPermission('administer comments') || ($set['user']->hasPermission('edit own comments') && $set['user']->id() == $set['comment']->getOwnerId()), new FormattableMarkup('User @user @state update field subject on comment @comment', [ Chris@18: '@user' => $set['user']->getAccountName(), Chris@0: '@state' => $may_update ? 'can' : 'cannot', Chris@0: '@comment' => $set['comment']->getSubject(), Chris@0: ])); Chris@0: } Chris@0: Chris@0: // Check read-only fields. Chris@0: foreach ($this->readOnlyFields as $field) { Chris@0: // Check view operation. Chris@0: foreach ($permutations as $set) { Chris@0: $may_view = $set['comment']->{$field}->access('view', $set['user']); Chris@0: $may_update = $set['comment']->{$field}->access('edit', $set['user']); Chris@0: // Nobody has access to view the hostname field. Chris@0: if ($field === 'hostname') { Chris@0: $view_access = FALSE; Chris@0: $state = 'cannot'; Chris@0: } Chris@0: else { Chris@0: $view_access = TRUE; Chris@0: $state = 'can'; Chris@0: } Chris@17: $this->assertEqual($may_view, $view_access, new FormattableMarkup('User @user @state view field @field on comment @comment', [ Chris@18: '@user' => $set['user']->getAccountName(), Chris@0: '@comment' => $set['comment']->getSubject(), Chris@0: '@field' => $field, Chris@0: '@state' => $state, Chris@0: ])); Chris@17: $this->assertFalse($may_update, new FormattableMarkup('User @user @state update field @field on comment @comment', [ Chris@18: '@user' => $set['user']->getAccountName(), Chris@0: '@state' => $may_update ? 'can' : 'cannot', Chris@0: '@comment' => $set['comment']->getSubject(), Chris@0: '@field' => $field, Chris@0: ])); Chris@0: } Chris@0: } Chris@0: Chris@0: // Check create-only fields. Chris@0: foreach ($this->createOnlyFields as $field) { Chris@0: // Check view operation. Chris@0: foreach ($permutations as $set) { Chris@0: $may_view = $set['comment']->{$field}->access('view', $set['user']); Chris@0: $may_update = $set['comment']->{$field}->access('edit', $set['user']); Chris@17: $this->assertEqual($may_view, TRUE, new FormattableMarkup('User @user can view field @field on comment @comment', [ Chris@18: '@user' => $set['user']->getAccountName(), Chris@0: '@comment' => $set['comment']->getSubject(), Chris@0: '@field' => $field, Chris@0: ])); Chris@17: $this->assertEqual($may_update, $set['user']->hasPermission('post comments') && $set['comment']->isNew(), new FormattableMarkup('User @user @state update field @field on comment @comment', [ Chris@18: '@user' => $set['user']->getAccountName(), Chris@0: '@state' => $may_update ? 'can' : 'cannot', Chris@0: '@comment' => $set['comment']->getSubject(), Chris@0: '@field' => $field, Chris@0: ])); Chris@0: } Chris@0: } Chris@0: Chris@0: // Check contact fields. Chris@0: foreach ($this->contactFields as $field) { Chris@0: // Check view operation. Chris@0: foreach ($permutations as $set) { Chris@0: $may_update = $set['comment']->{$field}->access('edit', $set['user']); Chris@0: // To edit the 'mail' or 'name' field, either the user has the Chris@0: // "administer comments" permissions or the user is anonymous and Chris@0: // adding a new comment using a field that allows contact details. Chris@0: $this->assertEqual($may_update, $set['user']->hasPermission('administer comments') || ( Chris@0: $set['user']->isAnonymous() && Chris@0: $set['comment']->isNew() && Chris@0: $set['user']->hasPermission('post comments') && Chris@0: $set['comment']->getFieldName() == 'comment_other' Chris@17: ), new FormattableMarkup('User @user @state update field @field on comment @comment', [ Chris@18: '@user' => $set['user']->getAccountName(), Chris@0: '@state' => $may_update ? 'can' : 'cannot', Chris@0: '@comment' => $set['comment']->getSubject(), Chris@0: '@field' => $field, Chris@0: ])); Chris@0: } Chris@0: } Chris@0: foreach ($permutations as $set) { Chris@0: // Check no view-access to mail field for other than admin. Chris@0: $may_view = $set['comment']->mail->access('view', $set['user']); Chris@0: $this->assertEqual($may_view, $set['user']->hasPermission('administer comments')); Chris@0: } Chris@0: } Chris@0: Chris@0: }