Chris@0: <?php
Chris@0: 
Chris@0: namespace Drupal\Tests\node\Kernel;
Chris@0: 
Chris@17: use Drupal\Component\Render\FormattableMarkup;
Chris@0: use Drupal\KernelTests\Core\Entity\EntityKernelTestBase;
Chris@0: use Drupal\node\Entity\Node;
Chris@0: use Drupal\node\Entity\NodeType;
Chris@0: 
Chris@0: /**
Chris@0:  * Tests node field level access.
Chris@0:  *
Chris@0:  * @group node
Chris@0:  */
Chris@0: class NodeFieldAccessTest extends EntityKernelTestBase {
Chris@0: 
Chris@0:   /**
Chris@0:    * Modules to enable.
Chris@0:    *
Chris@0:    * @var array
Chris@0:    */
Chris@0:   public static $modules = ['node'];
Chris@0: 
Chris@0:   /**
Chris@0:    * Fields that only users with administer nodes permissions can change.
Chris@0:    *
Chris@0:    * @var array
Chris@0:    */
Chris@0:   protected $administrativeFields = [
Chris@0:     'status',
Chris@0:     'promote',
Chris@0:     'sticky',
Chris@0:     'created',
Chris@0:     'uid',
Chris@0:   ];
Chris@0: 
Chris@0:   /**
Chris@0:    * These fields are automatically managed and can not be changed by any user.
Chris@0:    *
Chris@0:    * @var array
Chris@0:    */
Chris@0:   protected $readOnlyFields = ['changed', 'revision_uid', 'revision_timestamp'];
Chris@0: 
Chris@0:   /**
Chris@0:    * Test permissions on nodes status field.
Chris@0:    */
Chris@0:   public function testAccessToAdministrativeFields() {
Chris@0: 
Chris@0:     // Create the page node type with revisions disabled.
Chris@0:     $page = NodeType::create([
Chris@0:       'type' => 'page',
Chris@0:         'new_revision' => FALSE,
Chris@0:     ]);
Chris@0:     $page->save();
Chris@0: 
Chris@0:     // Create the article node type with revisions disabled.
Chris@0:     $article = NodeType::create([
Chris@0:       'type' => 'article',
Chris@0:       'new_revision' => TRUE,
Chris@0:     ]);
Chris@0:     $article->save();
Chris@0: 
Chris@0:     // An administrator user. No user exists yet, ensure that the first user
Chris@0:     // does not have UID 1.
Chris@0:     $content_admin_user = $this->createUser(['uid' => 2], ['administer nodes']);
Chris@0: 
Chris@0:     // Two different editor users.
Chris@0:     $page_creator_user = $this->createUser([], ['create page content', 'edit own page content', 'delete own page content']);
Chris@0:     $page_manager_user = $this->createUser([], ['create page content', 'edit any page content', 'delete any page content']);
Chris@0: 
Chris@0:     // An unprivileged user.
Chris@0:     $page_unrelated_user = $this->createUser([], ['access content']);
Chris@0: 
Chris@0:     // List of all users
Chris@0:     $test_users = [
Chris@0:       $content_admin_user,
Chris@0:       $page_creator_user,
Chris@0:       $page_manager_user,
Chris@0:       $page_unrelated_user,
Chris@0:     ];
Chris@0: 
Chris@0:     // Create three "Basic pages". One is owned by our test-user
Chris@0:     // "page_creator", one by "page_manager", and one by someone else.
Chris@0:     $node1 = Node::create([
Chris@0:       'title' => $this->randomMachineName(8),
Chris@0:       'uid' => $page_creator_user->id(),
Chris@0:       'type' => 'page',
Chris@0:     ]);
Chris@0:     $node2 = Node::create([
Chris@0:       'title' => $this->randomMachineName(8),
Chris@0:       'uid' => $page_manager_user->id(),
Chris@0:       'type' => 'article',
Chris@0:     ]);
Chris@0:     $node3 = Node::create([
Chris@0:       'title' => $this->randomMachineName(8),
Chris@0:       'type' => 'page',
Chris@0:     ]);
Chris@0: 
Chris@0:     foreach ($this->administrativeFields as $field) {
Chris@0: 
Chris@0:       // Checks on view operations.
Chris@0:       foreach ($test_users as $account) {
Chris@0:         $may_view = $node1->{$field}->access('view', $account);
Chris@17:         $this->assertTrue($may_view, new FormattableMarkup('Any user may view the field @name.', ['@name' => $field]));
Chris@0:       }
Chris@0: 
Chris@0:       // Checks on edit operations.
Chris@0:       $may_update = $node1->{$field}->access('edit', $page_creator_user);
Chris@17:       $this->assertFalse($may_update, new FormattableMarkup('Users with permission "edit own page content" is not allowed to the field @name.', ['@name' => $field]));
Chris@0:       $may_update = $node2->{$field}->access('edit', $page_creator_user);
Chris@17:       $this->assertFalse($may_update, new FormattableMarkup('Users with permission "edit own page content" is not allowed to the field @name.', ['@name' => $field]));
Chris@0:       $may_update = $node2->{$field}->access('edit', $page_manager_user);
Chris@17:       $this->assertFalse($may_update, new FormattableMarkup('Users with permission "edit any page content" is not allowed to the field @name.', ['@name' => $field]));
Chris@0:       $may_update = $node1->{$field}->access('edit', $page_manager_user);
Chris@17:       $this->assertFalse($may_update, new FormattableMarkup('Users with permission "edit any page content" is not allowed to the field @name.', ['@name' => $field]));
Chris@0:       $may_update = $node2->{$field}->access('edit', $page_unrelated_user);
Chris@17:       $this->assertFalse($may_update, new FormattableMarkup('Users not having permission "edit any page content" is not allowed to the field @name.', ['@name' => $field]));
Chris@0:       $may_update = $node1->{$field}->access('edit', $content_admin_user) && $node3->status->access('edit', $content_admin_user);
Chris@17:       $this->assertTrue($may_update, new FormattableMarkup('Users with permission "administer nodes" may edit @name fields on all nodes.', ['@name' => $field]));
Chris@0:     }
Chris@0: 
Chris@0:     foreach ($this->readOnlyFields as $field) {
Chris@0:       // Check view operation.
Chris@0:       foreach ($test_users as $account) {
Chris@0:         $may_view = $node1->{$field}->access('view', $account);
Chris@17:         $this->assertTrue($may_view, new FormattableMarkup('Any user may view the field @name.', ['@name' => $field]));
Chris@0:       }
Chris@0: 
Chris@0:       // Check edit operation.
Chris@0:       foreach ($test_users as $account) {
Chris@0:         $may_view = $node1->{$field}->access('edit', $account);
Chris@17:         $this->assertFalse($may_view, new FormattableMarkup('No user is not allowed to edit the field @name.', ['@name' => $field]));
Chris@0:       }
Chris@0:     }
Chris@0: 
Chris@0:     // Check the revision_log field on node 1 which has revisions disabled.
Chris@0:     $may_update = $node1->revision_log->access('edit', $content_admin_user);
Chris@0:     $this->assertTrue($may_update, 'A user with permission "administer nodes" can edit the revision_log field when revisions are disabled.');
Chris@0:     $may_update = $node1->revision_log->access('edit', $page_creator_user);
Chris@0:     $this->assertFalse($may_update, 'A user without permission "administer nodes" can not edit the revision_log field when revisions are disabled.');
Chris@0: 
Chris@0:     // Check the revision_log field on node 2 which has revisions enabled.
Chris@0:     $may_update = $node2->revision_log->access('edit', $content_admin_user);
Chris@0:     $this->assertTrue($may_update, 'A user with permission "administer nodes" can edit the revision_log field when revisions are enabled.');
Chris@0:     $may_update = $node2->revision_log->access('edit', $page_creator_user);
Chris@0:     $this->assertTrue($may_update, 'A user without permission "administer nodes" can edit the revision_log field when revisions are enabled.');
Chris@0:   }
Chris@0: 
Chris@0: }