NodeAccessTest.php 3.51 KB
Newer Older
1 2 3 4
<?php

namespace Drupal\node\Tests;

5 6
use Drupal\user\RoleInterface;

7
/**
8 9 10 11
 * Tests basic node_access functionality.
 *
 * Note that hook_node_access_records() is covered in another test class.
 *
12
 * @group node
13 14 15
 * @todo Cover hook_node_access in a separate test class.
 */
class NodeAccessTest extends NodeTestBase {
16
  protected function setUp() {
17 18
    parent::setUp();
    // Clear permissions for authenticated users.
19
    $this->config('user.role.' . RoleInterface::AUTHENTICATED_ID)->set('permissions', array())->save();
20 21 22 23 24 25 26 27 28
  }

  /**
   * Runs basic tests for node_access function.
   */
  function testNodeAccess() {
    // Ensures user without 'access content' permission can do nothing.
    $web_user1 = $this->drupalCreateUser(array('create page content', 'edit any page content', 'delete any page content'));
    $node1 = $this->drupalCreateNode(array('type' => 'page'));
29
    $this->assertNodeCreateAccess($node1->bundle(), FALSE, $web_user1);
30 31 32 33 34
    $this->assertNodeAccess(array('view' => FALSE, 'update' => FALSE, 'delete' => FALSE), $node1, $web_user1);

    // Ensures user with 'bypass node access' permission can do everything.
    $web_user2 = $this->drupalCreateUser(array('bypass node access'));
    $node2 = $this->drupalCreateNode(array('type' => 'page'));
35
    $this->assertNodeCreateAccess($node2->bundle(), TRUE, $web_user2);
36 37 38 39
    $this->assertNodeAccess(array('view' => TRUE, 'update' => TRUE, 'delete' => TRUE), $node2, $web_user2);

    // User cannot 'view own unpublished content'.
    $web_user3 = $this->drupalCreateUser(array('access content'));
40
    $node3 = $this->drupalCreateNode(array('status' => 0, 'uid' => $web_user3->id()));
41 42 43
    $this->assertNodeAccess(array('view' => FALSE), $node3, $web_user3);

    // User cannot create content without permission.
44
    $this->assertNodeCreateAccess($node3->bundle(), FALSE, $web_user3);
45 46 47 48

    // User can 'view own unpublished content', but another user cannot.
    $web_user4 = $this->drupalCreateUser(array('access content', 'view own unpublished content'));
    $web_user5 = $this->drupalCreateUser(array('access content', 'view own unpublished content'));
49
    $node4 = $this->drupalCreateNode(array('status' => 0, 'uid' => $web_user4->id()));
50 51 52 53 54 55
    $this->assertNodeAccess(array('view' => TRUE, 'update' => FALSE), $node4, $web_user4);
    $this->assertNodeAccess(array('view' => FALSE), $node4, $web_user5);

    // Tests the default access provided for a published node.
    $node5 = $this->drupalCreateNode();
    $this->assertNodeAccess(array('view' => TRUE, 'update' => FALSE, 'delete' => FALSE), $node5, $web_user3);
56 57 58 59 60 61 62 63 64 65 66 67 68 69

    // Tests the "edit any BUNDLE" and "delete any BUNDLE" permissions.
    $web_user6 = $this->drupalCreateUser(array('access content', 'edit any page content', 'delete any page content'));
    $node6 = $this->drupalCreateNode(array('type' => 'page'));
    $this->assertNodeAccess(array('view' => TRUE, 'update' => TRUE, 'delete' => TRUE), $node6, $web_user6);

    // Tests the "edit own BUNDLE" and "delete own BUNDLE" permission.
    $web_user7 = $this->drupalCreateUser(array('access content', 'edit own page content', 'delete own page content'));
    // User should not be able to edit or delete nodes they do not own.
    $this->assertNodeAccess(array('view' => TRUE, 'update' => FALSE, 'delete' => FALSE), $node6, $web_user7);

    // User should be able to edit or delete nodes they own.
    $node7 = $this->drupalCreateNode(array('type' => 'page', 'uid' => $web_user7->id()));
    $this->assertNodeAccess(array('view' => TRUE, 'update' => TRUE, 'delete' => TRUE), $node7, $web_user7);
70
  }
71

72
}