Commit 4ebc6688 authored by webchick's avatar webchick

Issue #2554239 by StryKaizer, stefan.r, David_Rothstein, matt2000, scor,...

Issue #2554239 by StryKaizer, stefan.r, David_Rothstein, matt2000, scor, greggles, meichr, larowlan: Tests for Information Disclosure in Menu Links - Access system fixes from SA-CORE-2015-003
parent 019a759a
<?php
/**
* @file
* Contains \Drupal\node\Tests\NodeAccessMenuLinkTest.
*/
namespace Drupal\node\Tests;
use Drupal\user\RoleInterface;
/**
* Tests the interaction of the node access system with menu links.
*
* @group node
*/
class NodeAccessMenuLinkTest extends NodeTestBase {
/**
* Modules to enable.
*
* @var array
*/
public static $modules = array('menu_ui', 'block');
/**
* A user with permission to manage menu links and create nodes.
*
* @var \Drupal\user\UserInterface
*/
protected $contentAdminUser;
protected function setUp() {
parent::setUp();
$this->drupalPlaceBlock('system_menu_block:main');
$this->contentAdminUser = $this->drupalCreateUser(array(
'access content',
'administer content types',
'administer menu'
));
$this->config('user.role.' . RoleInterface::ANONYMOUS_ID)->set('permissions', array())->save();
}
/**
* SA-CORE-2015-003: Tests menu links to nodes when node access is restricted.
*/
function testNodeAccessMenuLink() {
$menu_link_title = $this->randomString();
$this->drupalLogin($this->contentAdminUser);
$edit = [
'title[0][value]' => $this->randomString(),
'body[0][value]' => $this->randomString(),
'menu[enabled]' => 1,
'menu[title]' => $menu_link_title,
];
$this->drupalPostForm('node/add/page', $edit, t('Save'));
$this->assertLink($menu_link_title);
// Ensure anonymous users without "access content" permission do not see
// this menu link.
$this->drupalLogout();
$this->drupalGet('');
$this->assertNoLink($menu_link_title);
// Ensure anonymous users with "access content" permission see this menu
// link.
$this->config('user.role.' . RoleInterface::ANONYMOUS_ID)->set('permissions', array('access content'))->save();
$this->drupalGet('');
$this->assertLink($menu_link_title);
}
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment