Chris@0: installSchema('system', 'sequences'); Chris@0: $this->installSchema('node', 'node_access'); Chris@0: $this->installEntitySchema('user'); Chris@0: $this->installEntitySchema('node'); Chris@0: $this->installConfig('filter'); Chris@0: $this->installConfig('node'); Chris@0: $this->accessHandler = $this->container->get('entity_type.manager') Chris@0: ->getAccessControlHandler('node'); Chris@0: // Clear permissions for authenticated users. Chris@0: $this->config('user.role.' . RoleInterface::AUTHENTICATED_ID) Chris@0: ->set('permissions', []) Chris@0: ->save(); Chris@0: Chris@0: // Create user 1 who has special permissions. Chris@0: $this->drupalCreateUser(); Chris@0: Chris@0: // Create a node type. Chris@0: $this->drupalCreateContentType([ Chris@0: 'type' => 'page', Chris@0: 'name' => 'Basic page', Chris@0: 'display_submitted' => FALSE, Chris@0: ]); Chris@0: } Chris@0: Chris@0: /** Chris@0: * Runs basic tests for node_access function. Chris@0: */ Chris@0: public function testNodeAccess() { Chris@0: // Ensures user without 'access content' permission can do nothing. Chris@0: $web_user1 = $this->drupalCreateUser([ Chris@0: 'create page content', Chris@0: 'edit any page content', Chris@0: 'delete any page content', Chris@0: ]); Chris@0: $node1 = $this->drupalCreateNode(['type' => 'page']); Chris@0: $this->assertNodeCreateAccess($node1->bundle(), FALSE, $web_user1); Chris@0: $this->assertNodeAccess([ Chris@0: 'view' => FALSE, Chris@0: 'update' => FALSE, Chris@0: 'delete' => FALSE, Chris@0: ], $node1, $web_user1); Chris@0: Chris@0: // Ensures user with 'bypass node access' permission can do everything. Chris@0: $web_user2 = $this->drupalCreateUser(['bypass node access']); Chris@0: $node2 = $this->drupalCreateNode(['type' => 'page']); Chris@0: $this->assertNodeCreateAccess($node2->bundle(), TRUE, $web_user2); Chris@0: $this->assertNodeAccess([ Chris@0: 'view' => TRUE, Chris@0: 'update' => TRUE, Chris@0: 'delete' => TRUE, Chris@0: ], $node2, $web_user2); Chris@0: Chris@0: // User cannot 'view own unpublished content'. Chris@0: $web_user3 = $this->drupalCreateUser(['access content']); Chris@0: $node3 = $this->drupalCreateNode([ Chris@0: 'status' => 0, Chris@0: 'uid' => $web_user3->id(), Chris@0: ]); Chris@0: $this->assertNodeAccess(['view' => FALSE], $node3, $web_user3); Chris@0: Chris@0: // User cannot create content without permission. Chris@0: $this->assertNodeCreateAccess($node3->bundle(), FALSE, $web_user3); Chris@0: Chris@0: // User can 'view own unpublished content', but another user cannot. Chris@0: $web_user4 = $this->drupalCreateUser([ Chris@0: 'access content', Chris@0: 'view own unpublished content', Chris@0: ]); Chris@0: $web_user5 = $this->drupalCreateUser([ Chris@0: 'access content', Chris@0: 'view own unpublished content', Chris@0: ]); Chris@0: $node4 = $this->drupalCreateNode([ Chris@0: 'status' => 0, Chris@0: 'uid' => $web_user4->id(), Chris@0: ]); Chris@0: $this->assertNodeAccess([ Chris@0: 'view' => TRUE, Chris@0: 'update' => FALSE, Chris@0: ], $node4, $web_user4); Chris@0: $this->assertNodeAccess(['view' => FALSE], $node4, $web_user5); Chris@0: Chris@0: // Tests the default access provided for a published node. Chris@0: $node5 = $this->drupalCreateNode(); Chris@0: $this->assertNodeAccess([ Chris@0: 'view' => TRUE, Chris@0: 'update' => FALSE, Chris@0: 'delete' => FALSE, Chris@0: ], $node5, $web_user3); Chris@0: Chris@0: // Tests the "edit any BUNDLE" and "delete any BUNDLE" permissions. Chris@0: $web_user6 = $this->drupalCreateUser([ Chris@0: 'access content', Chris@0: 'edit any page content', Chris@0: 'delete any page content', Chris@0: ]); Chris@0: $node6 = $this->drupalCreateNode(['type' => 'page']); Chris@0: $this->assertNodeAccess([ Chris@0: 'view' => TRUE, Chris@0: 'update' => TRUE, Chris@0: 'delete' => TRUE, Chris@0: ], $node6, $web_user6); Chris@0: Chris@0: // Tests the "edit own BUNDLE" and "delete own BUNDLE" permission. Chris@0: $web_user7 = $this->drupalCreateUser([ Chris@0: 'access content', Chris@0: 'edit own page content', Chris@0: 'delete own page content', Chris@0: ]); Chris@0: // User should not be able to edit or delete nodes they do not own. Chris@0: $this->assertNodeAccess([ Chris@0: 'view' => TRUE, Chris@0: 'update' => FALSE, Chris@0: 'delete' => FALSE, Chris@0: ], $node6, $web_user7); Chris@0: Chris@0: // User should be able to edit or delete nodes they own. Chris@0: $node7 = $this->drupalCreateNode([ Chris@0: 'type' => 'page', Chris@0: 'uid' => $web_user7->id(), Chris@0: ]); Chris@0: $this->assertNodeAccess([ Chris@0: 'view' => TRUE, Chris@0: 'update' => TRUE, Chris@0: 'delete' => TRUE, Chris@0: ], $node7, $web_user7); Chris@0: } Chris@0: Chris@0: /** Chris@0: * Test operations not supported by node grants. Chris@0: */ Chris@0: public function testUnsupportedOperation() { Chris@0: $this->enableModules(['node_access_test_empty']); Chris@0: $web_user = $this->drupalCreateUser(['access content']); Chris@0: $node = $this->drupalCreateNode(); Chris@0: $this->assertNodeAccess(['random_operation' => FALSE], $node, $web_user); Chris@0: } Chris@0: Chris@0: /** Chris@0: * Asserts that node access correctly grants or denies access. Chris@0: * Chris@0: * @param array $ops Chris@0: * An associative array of the expected node access grants for the node Chris@0: * and account, with each key as the name of an operation (e.g. 'view', Chris@0: * 'delete') and each value a Boolean indicating whether access to that Chris@0: * operation should be granted. Chris@0: * @param \Drupal\node\NodeInterface $node Chris@0: * The node object to check. Chris@0: * @param \Drupal\Core\Session\AccountInterface $account Chris@0: * The user account for which to check access. Chris@0: */ Chris@0: public function assertNodeAccess(array $ops, NodeInterface $node, AccountInterface $account) { Chris@0: foreach ($ops as $op => $result) { Chris@0: $this->assertEquals($result, $this->accessHandler->access($node, $op, $account), $this->nodeAccessAssertMessage($op, $result, $node->language() Chris@0: ->getId())); Chris@0: } Chris@0: } Chris@0: Chris@0: /** Chris@0: * Asserts that node create access correctly grants or denies access. Chris@0: * Chris@0: * @param string $bundle Chris@0: * The node bundle to check access to. Chris@0: * @param bool $result Chris@0: * Whether access should be granted or not. Chris@0: * @param \Drupal\Core\Session\AccountInterface $account Chris@0: * The user account for which to check access. Chris@0: * @param string|null $langcode Chris@0: * (optional) The language code indicating which translation of the node Chris@0: * to check. If NULL, the untranslated (fallback) access is checked. Chris@0: */ Chris@0: public function assertNodeCreateAccess($bundle, $result, AccountInterface $account, $langcode = NULL) { Chris@0: $this->assertEquals($result, $this->accessHandler->createAccess($bundle, $account, [ Chris@0: 'langcode' => $langcode, Chris@0: ]), $this->nodeAccessAssertMessage('create', $result, $langcode)); Chris@0: } Chris@0: Chris@0: /** Chris@0: * Constructs an assert message to display which node access was tested. Chris@0: * Chris@0: * @param string $operation Chris@0: * The operation to check access for. Chris@0: * @param bool $result Chris@0: * Whether access should be granted or not. Chris@0: * @param string|null $langcode Chris@0: * (optional) The language code indicating which translation of the node Chris@0: * to check. If NULL, the untranslated (fallback) access is checked. Chris@0: * Chris@0: * @return string Chris@0: * An assert message string which contains information in plain English Chris@0: * about the node access permission test that was performed. Chris@0: */ Chris@0: public function nodeAccessAssertMessage($operation, $result, $langcode = NULL) { Chris@0: return new FormattableMarkup( Chris@0: 'Node access returns @result with operation %op, language code %langcode.', Chris@0: [ Chris@0: '@result' => $result ? 'true' : 'false', Chris@0: '%op' => $operation, Chris@0: '%langcode' => !empty($langcode) ? $langcode : 'empty', Chris@0: ] Chris@0: ); Chris@0: } Chris@0: Chris@0: }