Chris@0: drupalCreateNode(); Chris@0: $this->drupalCreateNode(); Chris@0: $this->drupalCreateNode(); Chris@0: $this->drupalCreateNode(); Chris@0: Chris@0: // Create user with simple node access permission. The 'node test view' Chris@0: // permission is implemented and granted by the node_access_test module. Chris@0: $this->accessUser = $this->drupalCreateUser(['access content overview', 'access content', 'node test view']); Chris@0: $this->noAccessUser = $this->drupalCreateUser(['access content overview', 'access content']); Chris@0: $this->noAccessUser2 = $this->drupalCreateUser(['access content overview', 'access content']); Chris@0: } Chris@0: Chris@0: /** Chris@0: * Tests 'node_access' query alter, for user with access. Chris@0: * Chris@0: * Verifies that a non-standard table alias can be used, and that a user with Chris@0: * node access can view the nodes. Chris@0: */ Chris@0: public function testNodeQueryAlterLowLevelWithAccess() { Chris@0: // User with access should be able to view 4 nodes. Chris@0: try { Chris@18: $query = Database::getConnection()->select('node', 'mytab') Chris@0: ->fields('mytab'); Chris@0: $query->addTag('node_access'); Chris@0: $query->addMetaData('op', 'view'); Chris@0: $query->addMetaData('account', $this->accessUser); Chris@0: Chris@0: $result = $query->execute()->fetchAll(); Chris@0: $this->assertEqual(count($result), 4, 'User with access can see correct nodes'); Chris@0: } Chris@0: catch (\Exception $e) { Chris@0: $this->fail(t('Altered query is malformed')); Chris@0: } Chris@0: } Chris@0: Chris@0: /** Chris@0: * Tests 'node_access' query alter with revision-enabled nodes. Chris@0: */ Chris@0: public function testNodeQueryAlterWithRevisions() { Chris@0: // Execute a query that only deals with the 'node_revision' table. Chris@0: try { Chris@0: $query = \Drupal::entityTypeManager()->getStorage('node')->getQuery(); Chris@0: $result = $query Chris@0: ->allRevisions() Chris@0: ->execute(); Chris@0: Chris@0: $this->assertEqual(count($result), 4, 'User with access can see correct nodes'); Chris@0: } Chris@0: catch (\Exception $e) { Chris@0: $this->fail('Altered query is malformed'); Chris@0: } Chris@0: } Chris@0: Chris@0: /** Chris@0: * Tests 'node_access' query alter, for user without access. Chris@0: * Chris@0: * Verifies that a non-standard table alias can be used, and that a user Chris@0: * without node access cannot view the nodes. Chris@0: */ Chris@0: public function testNodeQueryAlterLowLevelNoAccess() { Chris@0: // User without access should be able to view 0 nodes. Chris@0: try { Chris@18: $query = Database::getConnection()->select('node', 'mytab') Chris@0: ->fields('mytab'); Chris@0: $query->addTag('node_access'); Chris@0: $query->addMetaData('op', 'view'); Chris@0: $query->addMetaData('account', $this->noAccessUser); Chris@0: Chris@0: $result = $query->execute()->fetchAll(); Chris@0: $this->assertEqual(count($result), 0, 'User with no access cannot see nodes'); Chris@0: } Chris@0: catch (\Exception $e) { Chris@0: $this->fail(t('Altered query is malformed')); Chris@0: } Chris@0: } Chris@0: Chris@0: /** Chris@0: * Tests 'node_access' query alter, for edit access. Chris@0: * Chris@0: * Verifies that a non-standard table alias can be used, and that a user with Chris@0: * view-only node access cannot edit the nodes. Chris@0: */ Chris@0: public function testNodeQueryAlterLowLevelEditAccess() { Chris@0: // User with view-only access should not be able to edit nodes. Chris@0: try { Chris@18: $query = Database::getConnection()->select('node', 'mytab') Chris@0: ->fields('mytab'); Chris@0: $query->addTag('node_access'); Chris@0: $query->addMetaData('op', 'update'); Chris@0: $query->addMetaData('account', $this->accessUser); Chris@0: Chris@0: $result = $query->execute()->fetchAll(); Chris@0: $this->assertEqual(count($result), 0, 'User with view-only access cannot edit nodes'); Chris@0: } Chris@0: catch (\Exception $e) { Chris@0: $this->fail($e->getMessage()); Chris@0: $this->fail((string) $query); Chris@0: $this->fail(t('Altered query is malformed')); Chris@0: } Chris@0: } Chris@0: Chris@0: /** Chris@0: * Tests 'node_access' query alter override. Chris@0: * Chris@0: * Verifies that node_access_view_all_nodes() is called from Chris@0: * node_query_node_access_alter(). We do this by checking that a user who Chris@0: * normally would not have view privileges is able to view the nodes when we Chris@0: * add a record to {node_access} paired with a corresponding privilege in Chris@0: * hook_node_grants(). Chris@0: */ Chris@0: public function testNodeQueryAlterOverride() { Chris@0: $record = [ Chris@0: 'nid' => 0, Chris@0: 'gid' => 0, Chris@0: 'realm' => 'node_access_all', Chris@0: 'grant_view' => 1, Chris@0: 'grant_update' => 0, Chris@0: 'grant_delete' => 0, Chris@0: ]; Chris@18: $connection = Database::getConnection(); Chris@18: $connection->insert('node_access')->fields($record)->execute(); Chris@0: Chris@0: // Test that the noAccessUser still doesn't have the 'view' Chris@0: // privilege after adding the node_access record. Chris@0: drupal_static_reset('node_access_view_all_nodes'); Chris@0: try { Chris@18: $query = $connection->select('node', 'mytab') Chris@0: ->fields('mytab'); Chris@0: $query->addTag('node_access'); Chris@0: $query->addMetaData('op', 'view'); Chris@0: $query->addMetaData('account', $this->noAccessUser); Chris@0: Chris@0: $result = $query->execute()->fetchAll(); Chris@0: $this->assertEqual(count($result), 0, 'User view privileges are not overridden'); Chris@0: } Chris@0: catch (\Exception $e) { Chris@0: $this->fail(t('Altered query is malformed')); Chris@0: } Chris@0: Chris@0: // Have node_test_node_grants return a node_access_all privilege, Chris@0: // to grant the noAccessUser 'view' access. To verify that Chris@0: // node_access_view_all_nodes is properly checking the specified Chris@0: // $account instead of the current user, we will log in as Chris@0: // noAccessUser2. Chris@0: $this->drupalLogin($this->noAccessUser2); Chris@0: \Drupal::state()->set('node_access_test.no_access_uid', $this->noAccessUser->id()); Chris@0: drupal_static_reset('node_access_view_all_nodes'); Chris@0: try { Chris@18: $query = $connection->select('node', 'mytab') Chris@0: ->fields('mytab'); Chris@0: $query->addTag('node_access'); Chris@0: $query->addMetaData('op', 'view'); Chris@0: $query->addMetaData('account', $this->noAccessUser); Chris@0: Chris@0: $result = $query->execute()->fetchAll(); Chris@0: $this->assertEqual(count($result), 4, 'User view privileges are overridden'); Chris@0: } Chris@0: catch (\Exception $e) { Chris@0: $this->fail(t('Altered query is malformed')); Chris@0: } Chris@0: \Drupal::state()->delete('node_access_test.no_access_uid'); Chris@0: } Chris@0: Chris@0: }