FilterFormatAccessTest.php 15.6 KB
Newer Older
1 2 3 4 5 6 7 8 9
<?php

/**
 * @file
 * Definition of Drupal\filter\Tests\FilterFormatAccessTest.
 */

namespace Drupal\filter\Tests;

10
use Drupal\Component\Utility\Unicode;
11
use Drupal\Core\Access\AccessResult;
12 13
use Drupal\simpletest\WebTestBase;

14
/**
15 16
 * Tests access to text formats.
 *
17
 * @group Access
18
 * @group filter
19
 */
20
class FilterFormatAccessTest extends WebTestBase {
21 22 23 24 25 26 27 28

  /**
   * Modules to enable.
   *
   * @var array
   */
  public static $modules = array('filter', 'node');

29 30 31 32 33
  /**
   * A user with administrative permissions.
   *
   * @var object
   */
34
  protected $admin_user;
35 36 37 38 39 40

  /**
   * A user with 'administer filters' permission.
   *
   * @var object
   */
41
  protected $filter_admin_user;
42 43 44 45 46 47

  /**
   * A user with permission to create and edit own content.
   *
   * @var object
   */
48
  protected $web_user;
49 50 51 52 53 54

  /**
   * An object representing an allowed text format.
   *
   * @var object
   */
55
  protected $allowed_format;
56

57 58 59 60 61 62 63
  /**
   * An object representing a secondary allowed text format.
   *
   * @var object
   */
  protected $second_allowed_format;

64 65 66 67 68
  /**
   * An object representing a disallowed text format.
   *
   * @var object
   */
69 70
  protected $disallowed_format;

71
  protected function setUp() {
72 73 74 75 76 77 78 79 80 81 82 83
    parent::setUp();

    $this->drupalCreateContentType(array('type' => 'page', 'name' => 'Basic page'));

    // Create a user who can administer text formats, but does not have
    // specific permission to use any of them.
    $this->filter_admin_user = $this->drupalCreateUser(array(
      'administer filters',
      'create page content',
      'edit any page content',
    ));

84 85
    // Create three text formats. Two text formats are created for all users so
    // that the drop-down list appears for all tests.
86 87
    $this->drupalLogin($this->filter_admin_user);
    $formats = array();
88
    for ($i = 0; $i < 3; $i++) {
89
      $edit = array(
90
        'format' => Unicode::strtolower($this->randomMachineName()),
91
        'name' => $this->randomMachineName(),
92
      );
93
      $this->drupalPostForm('admin/config/content/formats/add', $edit, t('Save configuration'));
94
      $this->resetFilterCaches();
95
      $formats[] = entity_load('filter_format', $edit['format']);
96
    }
97
    list($this->allowed_format, $this->second_allowed_format, $this->disallowed_format) = $formats;
98 99
    $this->drupalLogout();

100
    // Create a regular user with access to two of the formats.
101 102 103
    $this->web_user = $this->drupalCreateUser(array(
      'create page content',
      'edit any page content',
104 105
      $this->allowed_format->getPermissionName(),
      $this->second_allowed_format->getPermissionName(),
106 107
    ));

108
    // Create an administrative user who has access to use all three formats.
109 110 111 112
    $this->admin_user = $this->drupalCreateUser(array(
      'administer filters',
      'create page content',
      'edit any page content',
113 114 115
      $this->allowed_format->getPermissionName(),
      $this->second_allowed_format->getPermissionName(),
      $this->disallowed_format->getPermissionName(),
116 117 118
    ));
  }

119 120 121
  /**
   * Tests the Filter format access permissions functionality.
   */
122
  function testFormatPermissions() {
123 124
    // Make sure that a regular user only has access to the text formats for
    // which they were granted access.
125
    $fallback_format = entity_load('filter_format', filter_fallback_format());
126
    $this->assertTrue($this->allowed_format->access('use', $this->web_user), 'A regular user has access to use a text format they were granted access to.');
127
    $this->assertEqual(AccessResult::allowed()->cachePerRole(), $this->allowed_format->access('use', $this->web_user, TRUE), 'A regular user has access to use a text format they were granted access to.');
128
    $this->assertFalse($this->disallowed_format->access('use', $this->web_user), 'A regular user does not have access to use a text format they were not granted access to.');
129
    $this->assertEqual(AccessResult::neutral(), $this->disallowed_format->access('use', $this->web_user, TRUE)); //, 'A regular user does not have access to use a text format they were not granted access to.');
130
    $this->assertTrue($fallback_format->access('use', $this->web_user), 'A regular user has access to use the fallback format.');
131
    $this->assertEqual(AccessResult::allowed(), $fallback_format->access('use', $this->web_user, TRUE), 'A regular user has access to use the fallback format.');
132 133 134

    // Perform similar checks as above, but now against the entire list of
    // available formats for this user.
135 136
    $this->assertTrue(in_array($this->allowed_format->id(), array_keys(filter_formats($this->web_user))), 'The allowed format appears in the list of available formats for a regular user.');
    $this->assertFalse(in_array($this->disallowed_format->id(), array_keys(filter_formats($this->web_user))), 'The disallowed format does not appear in the list of available formats for a regular user.');
137
    $this->assertTrue(in_array(filter_fallback_format(), array_keys(filter_formats($this->web_user))), 'The fallback format appears in the list of available formats for a regular user.');
138 139 140

    // Make sure that a regular user only has permission to use the format
    // they were granted access to.
141 142
    $this->assertTrue($this->web_user->hasPermission($this->allowed_format->getPermissionName()), 'A regular user has permission to use the allowed text format.');
    $this->assertFalse($this->web_user->hasPermission($this->disallowed_format->getPermissionName()), 'A regular user does not have permission to use the disallowed text format.');
143 144 145 146 147 148

    // Make sure that the allowed format appears on the node form and that
    // the disallowed format does not.
    $this->drupalLogin($this->web_user);
    $this->drupalGet('node/add/page');
    $elements = $this->xpath('//select[@name=:name]/option', array(
149
      ':name' => 'body[0][format]',
150
      ':option' => $this->allowed_format->id(),
151 152 153 154 155
    ));
    $options = array();
    foreach ($elements as $element) {
      $options[(string) $element['value']] = $element;
    }
156 157
    $this->assertTrue(isset($options[$this->allowed_format->id()]), 'The allowed text format appears as an option when adding a new node.');
    $this->assertFalse(isset($options[$this->disallowed_format->id()]), 'The disallowed text format does not appear as an option when adding a new node.');
158
    $this->assertFalse(isset($options[filter_fallback_format()]), 'The fallback format does not appear as an option when adding a new node.');
159 160

    // Check regular user access to the filter tips pages.
161
    $this->drupalGet('filter/tips/' . $this->allowed_format->id());
162
    $this->assertResponse(200);
163
    $this->drupalGet('filter/tips/' . $this->disallowed_format->id());
164 165 166 167 168 169 170 171
    $this->assertResponse(403);
    $this->drupalGet('filter/tips/' . filter_fallback_format());
    $this->assertResponse(200);
    $this->drupalGet('filter/tips/invalid-format');
    $this->assertResponse(404);

    // Check admin user access to the filter tips pages.
    $this->drupalLogin($this->admin_user);
172
    $this->drupalGet('filter/tips/' . $this->allowed_format->id());
173
    $this->assertResponse(200);
174
    $this->drupalGet('filter/tips/' . $this->disallowed_format->id());
175 176 177 178 179
    $this->assertResponse(200);
    $this->drupalGet('filter/tips/' . filter_fallback_format());
    $this->assertResponse(200);
    $this->drupalGet('filter/tips/invalid-format');
    $this->assertResponse(404);
180 181
  }

182 183 184
  /**
   * Tests if text format is available to a role.
   */
185
  function testFormatRoles() {
186
    // Get the role ID assigned to the regular user.
187
    $roles = $this->web_user->getRoles(TRUE);
188
    $rid = $roles[0];
189 190 191 192

    // Check that this role appears in the list of roles that have access to an
    // allowed text format, but does not appear in the list of roles that have
    // access to a disallowed text format.
193 194
    $this->assertTrue(in_array($rid, array_keys(filter_get_roles_by_format($this->allowed_format))), 'A role which has access to a text format appears in the list of roles that have access to that format.');
    $this->assertFalse(in_array($rid, array_keys(filter_get_roles_by_format($this->disallowed_format))), 'A role which does not have access to a text format does not appear in the list of roles that have access to that format.');
195 196 197

    // Check that the correct text format appears in the list of formats
    // available to that role.
198 199
    $this->assertTrue(in_array($this->allowed_format->id(), array_keys(filter_get_formats_by_role($rid))), 'A text format which a role has access to appears in the list of formats available to that role.');
    $this->assertFalse(in_array($this->disallowed_format->id(), array_keys(filter_get_formats_by_role($rid))), 'A text format which a role does not have access to does not appear in the list of formats available to that role.');
200 201

    // Check that the fallback format is always allowed.
202
    $this->assertEqual(filter_get_roles_by_format(entity_load('filter_format', filter_fallback_format())), user_role_names(), 'All roles have access to the fallback format.');
203
    $this->assertTrue(in_array(filter_fallback_format(), array_keys(filter_get_formats_by_role($rid))), 'The fallback format appears in the list of allowed formats for any role.');
204 205 206
  }

  /**
207
   * Tests editing a page using a disallowed text format.
208
   *
209 210 211 212 213
   * Verifies that regular users and administrators are able to edit a page, but
   * not allowed to change the fields which use an inaccessible text format.
   * Also verifies that fields which use a text format that does not exist can
   * be edited by administrators only, but that the administrator is forced to
   * choose a new format before saving the page.
214 215
   */
  function testFormatWidgetPermissions() {
216 217
    $body_value_key = 'body[0][value]';
    $body_format_key = 'body[0][format]';
218 219 220 221

    // Create node to edit.
    $this->drupalLogin($this->admin_user);
    $edit = array();
222 223
    $edit['title[0][value]'] = $this->randomMachineName(8);
    $edit[$body_value_key] = $this->randomMachineName(16);
224
    $edit[$body_format_key] = $this->disallowed_format->id();
225
    $this->drupalPostForm('node/add/page', $edit, t('Save'));
226
    $node = $this->drupalGetNodeByTitle($edit['title[0][value]']);
227 228 229

    // Try to edit with a less privileged user.
    $this->drupalLogin($this->web_user);
230
    $this->drupalGet('node/' . $node->id());
231 232 233
    $this->clickLink(t('Edit'));

    // Verify that body field is read-only and contains replacement value.
234
    $this->assertFieldByXPath("//textarea[@name='$body_value_key' and @disabled='disabled']", t('This field has been disabled because you do not have sufficient permissions to edit it.'), 'Text format access denied message found.');
235 236 237

    // Verify that title can be changed, but preview displays original body.
    $new_edit = array();
238
    $new_edit['title[0][value]'] = $this->randomMachineName(8);
239
    $this->drupalPostForm(NULL, $new_edit, t('Preview'));
240
    $this->assertText($edit[$body_value_key], 'Old body found in preview.');
241 242

    // Save and verify that only the title was changed.
243
    $this->drupalPostForm('node/' . $node->id() . '/edit', $new_edit, t('Save'));
244 245
    $this->assertNoText($edit['title[0][value]'], 'Old title not found.');
    $this->assertText($new_edit['title[0][value]'], 'New title found.');
246
    $this->assertText($edit[$body_value_key], 'Old body found.');
247 248 249 250 251 252 253

    // Check that even an administrator with "administer filters" permission
    // cannot edit the body field if they do not have specific permission to
    // use its stored format. (This must be disallowed so that the
    // administrator is never forced to switch the text format to something
    // else.)
    $this->drupalLogin($this->filter_admin_user);
254
    $this->drupalGet('node/' . $node->id() . '/edit');
255
    $this->assertFieldByXPath("//textarea[@name='$body_value_key' and @disabled='disabled']", t('This field has been disabled because you do not have sufficient permissions to edit it.'), 'Text format access denied message found.');
256 257

    // Disable the text format used above.
258
    $this->disallowed_format->disable()->save();
259 260 261 262 263 264
    $this->resetFilterCaches();

    // Log back in as the less privileged user and verify that the body field
    // is still disabled, since the less privileged user should not be able to
    // edit content that does not have an assigned format.
    $this->drupalLogin($this->web_user);
265
    $this->drupalGet('node/' . $node->id() . '/edit');
266
    $this->assertFieldByXPath("//textarea[@name='$body_value_key' and @disabled='disabled']", t('This field has been disabled because you do not have sufficient permissions to edit it.'), 'Text format access denied message found.');
267 268 269 270

    // Log back in as the filter administrator and verify that the body field
    // can be edited.
    $this->drupalLogin($this->filter_admin_user);
271
    $this->drupalGet('node/' . $node->id() . '/edit');
272 273
    $this->assertNoFieldByXPath("//textarea[@name='$body_value_key' and @disabled='disabled']", NULL, 'Text format access denied message not found.');
    $this->assertFieldByXPath("//select[@name='$body_format_key']", NULL, 'Text format selector found.');
274 275 276

    // Verify that trying to save the node without selecting a new text format
    // produces an error message, and does not result in the node being saved.
277
    $old_title = $new_edit['title[0][value]'];
278
    $new_title = $this->randomMachineName(8);
279 280
    $edit = array();
    $edit['title[0][value]'] = $new_title;
281
    $this->drupalPostForm('node/' . $node->id() . '/edit', $edit, t('Save'));
282
    $this->assertText(t('!name field is required.', array('!name' => t('Text format'))), 'Error message is displayed.');
283
    $this->drupalGet('node/' . $node->id());
284 285
    $this->assertText($old_title, 'Old title found.');
    $this->assertNoText($new_title, 'New title not found.');
286 287 288

    // Now select a new text format and make sure the node can be saved.
    $edit[$body_format_key] = filter_fallback_format();
289
    $this->drupalPostForm('node/' . $node->id() . '/edit', $edit, t('Save'));
290
    $this->assertUrl('node/' . $node->id());
291 292
    $this->assertText($new_title, 'New title found.');
    $this->assertNoText($old_title, 'Old title not found.');
293 294 295 296

    // Switch the text format to a new one, then disable that format and all
    // other formats on the site (leaving only the fallback format).
    $this->drupalLogin($this->admin_user);
297
    $edit = array($body_format_key => $this->allowed_format->id());
298
    $this->drupalPostForm('node/' . $node->id() . '/edit', $edit, t('Save'));
299
    $this->assertUrl('node/' . $node->id());
300
    foreach (filter_formats() as $format) {
301
      if (!$format->isFallbackFormat()) {
302
        $format->disable()->save();
303 304 305 306 307 308 309 310 311 312
      }
    }

    // Since there is now only one available text format, the widget for
    // selecting a text format would normally not display when the content is
    // edited. However, we need to verify that the filter administrator still
    // is forced to make a conscious choice to reassign the text to a different
    // format.
    $this->drupalLogin($this->filter_admin_user);
    $old_title = $new_title;
313
    $new_title = $this->randomMachineName(8);
314 315
    $edit = array();
    $edit['title[0][value]'] = $new_title;
316
    $this->drupalPostForm('node/' . $node->id() . '/edit', $edit, t('Save'));
317
    $this->assertText(t('!name field is required.', array('!name' => t('Text format'))), 'Error message is displayed.');
318
    $this->drupalGet('node/' . $node->id());
319 320
    $this->assertText($old_title, 'Old title found.');
    $this->assertNoText($new_title, 'New title not found.');
321
    $edit[$body_format_key] = filter_fallback_format();
322
    $this->drupalPostForm('node/' . $node->id() . '/edit', $edit, t('Save'));
323
    $this->assertUrl('node/' . $node->id());
324 325
    $this->assertText($new_title, 'New title found.');
    $this->assertNoText($old_title, 'Old title not found.');
326 327 328
  }

  /**
329
   * Rebuilds text format and permission caches in the thread running the tests.
330 331 332 333 334
   */
  protected function resetFilterCaches() {
    filter_formats_reset();
  }
}