Chris@0: 'view all revisions', Chris@0: 'update' => 'revert all revisions', Chris@0: 'delete' => 'delete all revisions', Chris@0: ]; Chris@0: Chris@0: // Map revision permission names to node type revision access ops. Chris@0: protected $typeMap = [ Chris@0: 'view' => 'view page revisions', Chris@0: 'update' => 'revert page revisions', Chris@0: 'delete' => 'delete page revisions', Chris@0: ]; Chris@0: Chris@0: protected function setUp() { Chris@0: parent::setUp(); Chris@0: Chris@0: $types = ['page', 'article']; Chris@0: Chris@0: foreach ($types as $type) { Chris@0: // Create a node with several revisions. Chris@0: $nodes[$type] = $this->drupalCreateNode(['type' => $type]); Chris@0: $this->nodeRevisions[$type][] = $nodes[$type]; Chris@0: Chris@0: for ($i = 0; $i < 3; $i++) { Chris@0: // Create a revision for the same nid and settings with a random log. Chris@0: $revision = clone $nodes[$type]; Chris@0: $revision->setNewRevision(); Chris@0: $revision->revision_log = $this->randomMachineName(32); Chris@0: $revision->save(); Chris@0: $this->nodeRevisions[$type][] = $revision; Chris@0: } Chris@0: } Chris@0: } Chris@0: Chris@0: /** Chris@0: * Tests general revision access permissions. Chris@0: */ Chris@0: public function testNodeRevisionAccessAnyType() { Chris@0: // Create three users, one with each revision permission. Chris@0: foreach ($this->map as $op => $permission) { Chris@0: // Create the user. Chris@0: $account = $this->drupalCreateUser( Chris@0: [ Chris@0: 'access content', Chris@0: 'edit any page content', Chris@0: 'delete any page content', Chris@0: $permission, Chris@0: ] Chris@0: ); Chris@0: $account->op = $op; Chris@0: $this->accounts[] = $account; Chris@0: } Chris@0: Chris@0: // Create an admin account (returns TRUE for all revision permissions). Chris@0: $admin_account = $this->drupalCreateUser(['access content', 'administer nodes']); Chris@0: $admin_account->is_admin = TRUE; Chris@0: $this->accounts['admin'] = $admin_account; Chris@0: $accounts['admin'] = $admin_account; Chris@0: Chris@0: // Create a normal account (returns FALSE for all revision permissions). Chris@0: $normal_account = $this->drupalCreateUser(); Chris@0: $normal_account->op = FALSE; Chris@0: $this->accounts[] = $normal_account; Chris@0: $accounts[] = $normal_account; Chris@0: $revision = $this->nodeRevisions['page'][1]; Chris@0: Chris@0: $parameters = [ Chris@0: 'op' => array_keys($this->map), Chris@0: 'account' => $this->accounts, Chris@0: ]; Chris@0: Chris@0: $permutations = $this->generatePermutations($parameters); Chris@0: Chris@0: $node_revision_access = \Drupal::service('access_check.node.revision'); Chris@0: foreach ($permutations as $case) { Chris@0: // Skip this test if there are no revisions for the node. Chris@0: if (!($revision->isDefaultRevision() && (db_query('SELECT COUNT(vid) FROM {node_field_revision} WHERE nid = :nid', [':nid' => $revision->id()])->fetchField() == 1 || $case['op'] == 'update' || $case['op'] == 'delete'))) { Chris@0: if (!empty($case['account']->is_admin) || $case['account']->hasPermission($this->map[$case['op']])) { Chris@0: $this->assertTrue($node_revision_access->checkAccess($revision, $case['account'], $case['op']), "{$this->map[$case['op']]} granted."); Chris@0: } Chris@0: else { Chris@0: $this->assertFalse($node_revision_access->checkAccess($revision, $case['account'], $case['op']), "{$this->map[$case['op']]} not granted."); Chris@0: } Chris@0: } Chris@0: } Chris@0: Chris@0: // Test that access is FALSE for a node administrator with an invalid $node Chris@0: // or $op parameters. Chris@0: $admin_account = $accounts['admin']; Chris@0: $this->assertFalse($node_revision_access->checkAccess($revision, $admin_account, 'invalid-op'), 'NodeRevisionAccessCheck() returns FALSE with an invalid op.'); Chris@0: } Chris@0: Chris@0: /** Chris@0: * Tests revision access permissions for a specific content type. Chris@0: */ Chris@0: public function testNodeRevisionAccessPerType() { Chris@0: // Create three users, one with each revision permission. Chris@0: foreach ($this->typeMap as $op => $permission) { Chris@0: // Create the user. Chris@0: $account = $this->drupalCreateUser( Chris@0: [ Chris@0: 'access content', Chris@0: 'edit any page content', Chris@0: 'delete any page content', Chris@0: $permission, Chris@0: ] Chris@0: ); Chris@0: $account->op = $op; Chris@0: $accounts[] = $account; Chris@0: } Chris@0: Chris@0: $parameters = [ Chris@0: 'op' => array_keys($this->typeMap), Chris@0: 'account' => $accounts, Chris@0: ]; Chris@0: Chris@0: // Test that the accounts have access to the corresponding page revision Chris@0: // permissions. Chris@0: $revision = $this->nodeRevisions['page'][1]; Chris@0: Chris@0: $permutations = $this->generatePermutations($parameters); Chris@0: $node_revision_access = \Drupal::service('access_check.node.revision'); Chris@0: foreach ($permutations as $case) { Chris@0: // Skip this test if there are no revisions for the node. Chris@0: if (!($revision->isDefaultRevision() && (db_query('SELECT COUNT(vid) FROM {node_field_revision} WHERE nid = :nid', [':nid' => $revision->id()])->fetchField() == 1 || $case['op'] == 'update' || $case['op'] == 'delete'))) { Chris@17: if (!empty($case['account']->is_admin) || $case['account']->hasPermission($this->typeMap[$case['op']])) { Chris@0: $this->assertTrue($node_revision_access->checkAccess($revision, $case['account'], $case['op']), "{$this->typeMap[$case['op']]} granted."); Chris@0: } Chris@0: else { Chris@0: $this->assertFalse($node_revision_access->checkAccess($revision, $case['account'], $case['op']), "{$this->typeMap[$case['op']]} not granted."); Chris@0: } Chris@0: } Chris@0: } Chris@0: Chris@0: // Test that the accounts have no access to the article revisions. Chris@0: $revision = $this->nodeRevisions['article'][1]; Chris@0: Chris@0: foreach ($permutations as $case) { Chris@0: $this->assertFalse($node_revision_access->checkAccess($revision, $case['account'], $case['op']), "{$this->typeMap[$case['op']]} did not grant revision permission for articles."); Chris@0: } Chris@0: } Chris@0: Chris@0: }