Chris@0: set('node_access_test.private', TRUE); Chris@0: } Chris@0: Chris@0: /** Chris@0: * Tests the "private" node access functionality. Chris@0: * Chris@0: * - Create 2 users with "access content" and "create article" permissions. Chris@0: * - Each user creates one private and one not private article. Chris@0: * Chris@0: * - Test that each user can view the other user's non-private article. Chris@0: * - Test that each user cannot view the other user's private article. Chris@0: * - Test that each user finds only appropriate (non-private + own private) Chris@0: * in taxonomy listing. Chris@0: * - Create another user with 'view any private content'. Chris@0: * - Test that user 4 can view all content created above. Chris@0: * - Test that user 4 can view all content on taxonomy listing. Chris@0: */ Chris@0: public function testNodeAccessBasic() { Chris@0: $num_simple_users = 2; Chris@0: $simple_users = []; Chris@0: Chris@0: // Nodes keyed by uid and nid: $nodes[$uid][$nid] = $is_private; Chris@0: $this->nodesByUser = []; Chris@0: // Titles keyed by nid. Chris@0: $titles = []; Chris@0: // Array of nids marked private. Chris@0: $private_nodes = []; Chris@0: for ($i = 0; $i < $num_simple_users; $i++) { Chris@0: $simple_users[$i] = $this->drupalCreateUser(['access content', 'create article content']); Chris@0: } Chris@0: foreach ($simple_users as $this->webUser) { Chris@0: $this->drupalLogin($this->webUser); Chris@0: foreach ([0 => 'Public', 1 => 'Private'] as $is_private => $type) { Chris@0: $edit = [ Chris@18: 'title[0][value]' => t('@private_public Article created by @user', ['@private_public' => $type, '@user' => $this->webUser->getAccountName()]), Chris@0: ]; Chris@0: if ($is_private) { Chris@0: $edit['private[0][value]'] = TRUE; Chris@0: $edit['body[0][value]'] = 'private node'; Chris@0: $edit['field_tags[target_id]'] = 'private'; Chris@0: } Chris@0: else { Chris@0: $edit['body[0][value]'] = 'public node'; Chris@0: $edit['field_tags[target_id]'] = 'public'; Chris@0: } Chris@0: Chris@0: $this->drupalPostForm('node/add/article', $edit, t('Save')); Chris@0: $node = $this->drupalGetNodeByTitle($edit['title[0][value]']); Chris@0: $this->assertEqual($is_private, (int) $node->private->value, 'The private status of the node was properly set in the node_access_test table.'); Chris@0: if ($is_private) { Chris@0: $private_nodes[] = $node->id(); Chris@0: } Chris@0: $titles[$node->id()] = $edit['title[0][value]']; Chris@0: $this->nodesByUser[$this->webUser->id()][$node->id()] = $is_private; Chris@0: } Chris@0: } Chris@0: $this->publicTid = db_query('SELECT tid FROM {taxonomy_term_field_data} WHERE name = :name AND default_langcode = 1', [':name' => 'public'])->fetchField(); Chris@0: $this->privateTid = db_query('SELECT tid FROM {taxonomy_term_field_data} WHERE name = :name AND default_langcode = 1', [':name' => 'private'])->fetchField(); Chris@0: $this->assertTrue($this->publicTid, 'Public tid was found'); Chris@0: $this->assertTrue($this->privateTid, 'Private tid was found'); Chris@0: foreach ($simple_users as $this->webUser) { Chris@0: $this->drupalLogin($this->webUser); Chris@0: // Check own nodes to see that all are readable. Chris@0: foreach ($this->nodesByUser as $uid => $data) { Chris@0: foreach ($data as $nid => $is_private) { Chris@0: $this->drupalGet('node/' . $nid); Chris@0: if ($is_private) { Chris@0: $should_be_visible = $uid == $this->webUser->id(); Chris@0: } Chris@0: else { Chris@0: $should_be_visible = TRUE; Chris@0: } Chris@0: $this->assertResponse($should_be_visible ? 200 : 403, strtr('A %private node by user %uid is %visible for user %current_uid.', [ Chris@0: '%private' => $is_private ? 'private' : 'public', Chris@0: '%uid' => $uid, Chris@0: '%visible' => $should_be_visible ? 'visible' : 'not visible', Chris@0: '%current_uid' => $this->webUser->id(), Chris@0: ])); Chris@0: } Chris@0: } Chris@0: Chris@0: // Check to see that the correct nodes are shown on taxonomy/private Chris@0: // and taxonomy/public. Chris@0: $this->assertTaxonomyPage(FALSE); Chris@0: } Chris@0: Chris@0: // Now test that a user with 'node test view' permissions can view content. Chris@0: $access_user = $this->drupalCreateUser(['access content', 'create article content', 'node test view', 'search content']); Chris@0: $this->drupalLogin($access_user); Chris@0: Chris@0: foreach ($this->nodesByUser as $private_status) { Chris@0: foreach ($private_status as $nid => $is_private) { Chris@0: $this->drupalGet('node/' . $nid); Chris@0: $this->assertResponse(200); Chris@0: } Chris@0: } Chris@0: Chris@0: // This user should be able to see all of the nodes on the relevant Chris@0: // taxonomy pages. Chris@0: $this->assertTaxonomyPage(TRUE); Chris@0: Chris@0: // Rebuild the node access permissions, repeat the test. This is done to Chris@0: // ensure that node access is rebuilt correctly even if the current user Chris@0: // does not have the bypass node access permission. Chris@0: node_access_rebuild(); Chris@0: Chris@0: foreach ($this->nodesByUser as $private_status) { Chris@0: foreach ($private_status as $nid => $is_private) { Chris@0: $this->drupalGet('node/' . $nid); Chris@0: $this->assertResponse(200); Chris@0: } Chris@0: } Chris@0: Chris@0: // This user should be able to see all of the nodes on the relevant Chris@0: // taxonomy pages. Chris@0: $this->assertTaxonomyPage(TRUE); Chris@0: } Chris@0: Chris@0: /** Chris@0: * Checks taxonomy/term listings to ensure only accessible nodes are listed. Chris@0: * Chris@0: * @param $is_admin Chris@0: * A boolean indicating whether the current user is an administrator. If Chris@0: * TRUE, all nodes should be listed. If FALSE, only public nodes and the Chris@0: * user's own private nodes should be listed. Chris@0: */ Chris@0: protected function assertTaxonomyPage($is_admin) { Chris@0: foreach ([$this->publicTid, $this->privateTid] as $tid_is_private => $tid) { Chris@0: $this->drupalGet("taxonomy/term/$tid"); Chris@0: $this->nidsVisible = []; Chris@0: foreach ($this->xpath("//a[text()='Read more']") as $link) { Chris@0: // See also testTranslationRendering() in NodeTranslationUITest. Chris@0: $this->assertTrue(preg_match('|node/(\d+)$|', $link->getAttribute('href'), $matches), 'Read more points to a node'); Chris@0: $this->nidsVisible[$matches[1]] = TRUE; Chris@0: } Chris@0: foreach ($this->nodesByUser as $uid => $data) { Chris@0: foreach ($data as $nid => $is_private) { Chris@0: // Private nodes should be visible on the private term page, Chris@0: // public nodes should be visible on the public term page. Chris@0: $should_be_visible = $tid_is_private == $is_private; Chris@0: // Non-administrators can only see their own nodes on the private Chris@0: // term page. Chris@0: if (!$is_admin && $tid_is_private) { Chris@0: $should_be_visible = $should_be_visible && $uid == $this->webUser->id(); Chris@0: } Chris@0: $this->assertIdentical(isset($this->nidsVisible[$nid]), $should_be_visible, strtr('A %private node by user %uid is %visible for user %current_uid on the %tid_is_private page.', [ Chris@0: '%private' => $is_private ? 'private' : 'public', Chris@0: '%uid' => $uid, Chris@0: '%visible' => isset($this->nidsVisible[$nid]) ? 'visible' : 'not visible', Chris@0: '%current_uid' => $this->webUser->id(), Chris@0: '%tid_is_private' => $tid_is_private ? 'private' : 'public', Chris@0: ])); Chris@0: } Chris@0: } Chris@0: } Chris@0: } Chris@0: Chris@0: }