Tests node_query_node_access_alter().
Expanded class hierarchy of NodeQueryAlter
class NodeQueryAlter extends DrupalWebTestCase {
public static function getInfo() {
return array(
'name' => 'Node query alter',
'description' => 'Test that node access queries are properly altered by the node module.',
'group' => 'Node',
);
}
/**
* User with permission to view content.
*
* @var object
*/
protected $accessUser;
/**
* User without permission to view content.
*
* @var object
*/
protected $noAccessUser;
function setUp() {
parent::setUp('node_access_test');
node_access_rebuild();
// Create some content.
$this
->drupalCreateNode();
$this
->drupalCreateNode();
$this
->drupalCreateNode();
$this
->drupalCreateNode();
// Create user with simple node access permission. The 'node test view'
// permission is implemented and granted by the node_access_test module.
$this->accessUser = $this
->drupalCreateUser(array(
'access content overview',
'access content',
'node test view',
));
$this->noAccessUser = $this
->drupalCreateUser(array(
'access content overview',
'access content',
));
$this->noAccessUser2 = $this
->drupalCreateUser(array(
'access content overview',
'access content',
));
}
/**
* Tests that node access permissions are followed.
*/
function testNodeQueryAlterWithUI() {
// Verify that a user with access permission can see at least one node.
$this
->drupalLogin($this->accessUser);
$this
->drupalGet('node_access_test_page');
$this
->assertText('Yes, 4 nodes', "4 nodes were found for access user");
$this
->assertNoText('Exception', "No database exception");
// Test the content overview page.
$this
->drupalGet('admin/content');
$table_rows = $this
->xpath('//tbody/tr');
$this
->assertEqual(4, count($table_rows), "4 nodes were found for access user");
// Verify that a user with no access permission cannot see nodes.
$this
->drupalLogin($this->noAccessUser);
$this
->drupalGet('node_access_test_page');
$this
->assertText('No nodes', "No nodes were found for no access user");
$this
->assertNoText('Exception', "No database exception");
$this
->drupalGet('admin/content');
$this
->assertText(t('No content available.'));
}
/**
* Tests 'node_access' query alter, for user with access.
*
* Verifies that a non-standard table alias can be used, and that a user with
* node access can view the nodes.
*/
function testNodeQueryAlterLowLevelWithAccess() {
// User with access should be able to view 4 nodes.
try {
$query = db_select('node', 'mytab')
->fields('mytab');
$query
->addTag('node_access');
$query
->addMetaData('op', 'view');
$query
->addMetaData('account', $this->accessUser);
$result = $query
->execute()
->fetchAll();
$this
->assertEqual(count($result), 4, 'User with access can see correct nodes');
} catch (Exception $e) {
$this
->fail(t('Altered query is malformed'));
}
}
/**
* Tests 'node_access' query alter, for user without access.
*
* Verifies that a non-standard table alias can be used, and that a user
* without node access cannot view the nodes.
*/
function testNodeQueryAlterLowLevelNoAccess() {
// User without access should be able to view 0 nodes.
try {
$query = db_select('node', 'mytab')
->fields('mytab');
$query
->addTag('node_access');
$query
->addMetaData('op', 'view');
$query
->addMetaData('account', $this->noAccessUser);
$result = $query
->execute()
->fetchAll();
$this
->assertEqual(count($result), 0, 'User with no access cannot see nodes');
} catch (Exception $e) {
$this
->fail(t('Altered query is malformed'));
}
}
/**
* Tests 'node_access' query alter, for edit access.
*
* Verifies that a non-standard table alias can be used, and that a user with
* view-only node access cannot edit the nodes.
*/
function testNodeQueryAlterLowLevelEditAccess() {
// User with view-only access should not be able to edit nodes.
try {
$query = db_select('node', 'mytab')
->fields('mytab');
$query
->addTag('node_access');
$query
->addMetaData('op', 'update');
$query
->addMetaData('account', $this->accessUser);
$result = $query
->execute()
->fetchAll();
$this
->assertEqual(count($result), 0, 'User with view-only access cannot edit nodes');
} catch (Exception $e) {
$this
->fail($e
->getMessage());
$this
->fail((string) $query);
$this
->fail(t('Altered query is malformed'));
}
}
/**
* Tests 'node_access' query alter override.
*
* Verifies that node_access_view_all_nodes() is called from
* node_query_node_access_alter(). We do this by checking that a user who
* normally would not have view privileges is able to view the nodes when we
* add a record to {node_access} paired with a corresponding privilege in
* hook_node_grants().
*/
function testNodeQueryAlterOverride() {
$record = array(
'nid' => 0,
'gid' => 0,
'realm' => 'node_access_all',
'grant_view' => 1,
'grant_update' => 0,
'grant_delete' => 0,
);
drupal_write_record('node_access', $record);
// Test that the noAccessUser still doesn't have the 'view'
// privilege after adding the node_access record.
drupal_static_reset('node_access_view_all_nodes');
try {
$query = db_select('node', 'mytab')
->fields('mytab');
$query
->addTag('node_access');
$query
->addMetaData('op', 'view');
$query
->addMetaData('account', $this->noAccessUser);
$result = $query
->execute()
->fetchAll();
$this
->assertEqual(count($result), 0, 'User view privileges are not overridden');
} catch (Exception $e) {
$this
->fail(t('Altered query is malformed'));
}
// Have node_test_node_grants return a node_access_all privilege,
// to grant the noAccessUser 'view' access. To verify that
// node_access_view_all_nodes is properly checking the specified
// $account instead of the global $user, we will log in as
// noAccessUser2.
$this
->drupalLogin($this->noAccessUser2);
variable_set('node_test_node_access_all_uid', $this->noAccessUser->uid);
drupal_static_reset('node_access_view_all_nodes');
try {
$query = db_select('node', 'mytab')
->fields('mytab');
$query
->addTag('node_access');
$query
->addMetaData('op', 'view');
$query
->addMetaData('account', $this->noAccessUser);
$result = $query
->execute()
->fetchAll();
$this
->assertEqual(count($result), 4, 'User view privileges are overridden');
} catch (Exception $e) {
$this
->fail(t('Altered query is malformed'));
}
variable_del('node_test_node_access_all_uid');
}
}
Name | Modifiers | Type | Description | Overrides |
---|---|---|---|---|
NodeQueryAlter:: |
function | Tests that node access permissions are followed. | ||
NodeQueryAlter:: |
function | Tests 'node_access' query alter override. | ||
NodeQueryAlter:: |
function | Tests 'node_access' query alter, for user with access. | ||
NodeQueryAlter:: |
function | Tests 'node_access' query alter, for user without access. | ||
NodeQueryAlter:: |
function | Tests 'node_access' query alter, for edit access. | ||
NodeQueryAlter:: |
function |
Sets up a Drupal site for running functional and integration tests. Overrides DrupalWebTestCase:: |
||
NodeQueryAlter:: |
public static | function | ||
NodeQueryAlter:: |
protected | property | User without permission to view content. | |
NodeQueryAlter:: |
protected | property | User with permission to view content. | |
DrupalWebTestCase:: |
function |
Constructor for DrupalWebTestCase. Overrides DrupalTestCase:: |
1 | |
DrupalWebTestCase:: |
protected | function | Perform an xpath search on the contents of the internal browser. The search is relative to the root element (HTML tag normally) of the page. | |
DrupalWebTestCase:: |
protected | function | Outputs to verbose the most recent $count emails sent. | |
DrupalWebTestCase:: |
protected | function | Delete created files and temporary files directory, delete the tables created by setUp(), and reset the database prefix. | 6 |
DrupalWebTestCase:: |
protected | function | Reset all data structures after having enabled new modules. | |
DrupalWebTestCase:: |
protected | function | Refresh the in-memory set of variables. Useful after a page request is made that changes a variable in a different thread. | 1 |
DrupalWebTestCase:: |
protected | function | Prepares the current environment for running the test. | |
DrupalWebTestCase:: |
protected | function | Generates a database prefix for running tests. | |
DrupalWebTestCase:: |
protected | function | Preload the registry from the testing site. | |
DrupalWebTestCase:: |
protected | function | Parse content returned from curlExec using DOM and SimpleXML. | |
DrupalWebTestCase:: |
protected | function | Handle form input related to drupalPost(). Ensure that the specified fields exist and attempt to create POST data in the correct manner for the particular field type. | |
DrupalWebTestCase:: |
protected | function | Get the current URL from the cURL handler. | |
DrupalWebTestCase:: |
protected | function | Get the selected value from a select field. | |
DrupalWebTestCase:: |
protected | function | Get all option elements, including nested options, in a select. | |
DrupalWebTestCase:: |
protected | function | Takes a path and returns an absolute path. | |
DrupalWebTestCase:: |
protected | function | Sets the value of the Drupal.settings JavaScript variable for the currently loaded page. | |
DrupalWebTestCase:: |
protected | function | Sets the raw HTML content. This can be useful when a page has been fetched outside of the internal browser and assertions need to be made on the returned page. | |
DrupalWebTestCase:: |
protected | function | Execute an Ajax submission. | |
DrupalWebTestCase:: |
protected | function | Execute a POST request on a Drupal page. It will be done as usual POST request with SimpleBrowser. | |
DrupalWebTestCase:: |
protected | function | ||
DrupalWebTestCase:: |
protected | function | Log in a user with the internal browser. | |
DrupalWebTestCase:: |
protected | function | Retrieves only the headers for a Drupal path or an absolute path. | |
DrupalWebTestCase:: |
protected | function | Generate a token for the currently logged in user. | |
DrupalWebTestCase:: |
protected | function | Get a list files that can be used in tests. | |
DrupalWebTestCase:: |
protected | function | Gets the value of the Drupal.settings JavaScript variable for the currently loaded page. | |
DrupalWebTestCase:: |
function | Get a node from the database based on its title. | ||
DrupalWebTestCase:: |
protected | function | Gets an array containing all e-mails sent during this test case. | |
DrupalWebTestCase:: |
protected | function | Gets the HTTP response headers of the requested page. Normally we are only interested in the headers returned by the last request. However, if a page is redirected or HTTP authentication is in use, multiple requests will be required to retrieve the… | |
DrupalWebTestCase:: |
protected | function | Gets the value of an HTTP response header. If multiple requests were required to retrieve the page, only the headers from the last request will be checked by default. However, if TRUE is passed as the second argument, all requests will be processed… | |
DrupalWebTestCase:: |
protected | function | Gets the current raw HTML of requested page. | |
DrupalWebTestCase:: |
protected | function | Retrieve a Drupal path or an absolute path and JSON decode the result. | |
DrupalWebTestCase:: |
protected | function | Retrieves a Drupal path or an absolute path. | |
DrupalWebTestCase:: |
protected | function | Create a user with a given set of permissions. | |
DrupalWebTestCase:: |
protected | function | Creates a role with specified permissions. | |
DrupalWebTestCase:: |
protected | function | Creates a node based on default settings. | |
DrupalWebTestCase:: |
protected | function | Creates a custom content type based on default settings. | |
DrupalWebTestCase:: |
protected | function | Compare two files based on size and file name. | |
DrupalWebTestCase:: |
protected | function | Initializes the cURL connection. | |
DrupalWebTestCase:: |
protected | function | Reads headers and registers errors received from the tested site. | |
DrupalWebTestCase:: |
protected | function | Initializes and executes a cURL request. | |
DrupalWebTestCase:: |
protected | function | Close the cURL handler and unset the handler. | |
DrupalWebTestCase:: |
protected | function | Runs cron in the Drupal installed by Simpletest. | |
DrupalWebTestCase:: |
protected | function | Helper function: construct an XPath for the given set of attributes and value. | |
DrupalWebTestCase:: |
protected | function | Follows a link by name. | |
DrupalWebTestCase:: |
protected | function | Check to make sure that the array of permissions are valid. | |
DrupalWebTestCase:: |
protected | function | Check for meta refresh tag and if found call drupalGet() recursively. This function looks for the http-equiv attribute to be set to "Refresh" and is case-sensitive. | |
DrupalWebTestCase:: |
protected | function | Changes the database connection to the prefixed one. | |
DrupalWebTestCase:: |
protected | function | Builds an XPath query. | |
DrupalWebTestCase:: |
protected | function | Pass if the internal browser's URL matches the given path. | |
DrupalWebTestCase:: |
protected | function | Helper for assertUniqueText and assertNoUniqueText. | |
DrupalWebTestCase:: |
protected | function | Pass if the text is found ONLY ONCE on the text version of the page. | |
DrupalWebTestCase:: |
protected | function | Pass if the page title is the given string. | |
DrupalWebTestCase:: |
protected | function | Asserts themed output. | |
DrupalWebTestCase:: |
protected | function | Helper for assertText and assertNoText. | |
DrupalWebTestCase:: |
protected | function | Pass if the text IS found on the text version of the page. The text version is the equivalent of what a user would see when viewing through a web browser. In other words the HTML has been filtered out of the contents. | |
DrupalWebTestCase:: |
protected | function | Asserts the page responds with the specified response code. | |
DrupalWebTestCase:: |
protected | function | Pass if the raw text IS found on the loaded page, fail otherwise. Raw text refers to the raw HTML that the page generated. | |
DrupalWebTestCase:: |
protected | function | Will trigger a pass if the Perl regex pattern is found in the raw content. | |
DrupalWebTestCase:: |
protected | function | Asserts that a select option in the current page is checked. | |
DrupalWebTestCase:: |
protected | function | Pass if the text is found MORE THAN ONCE on the text version of the page. | |
DrupalWebTestCase:: |
protected | function | Pass if the page title is not the given string. | |
DrupalWebTestCase:: |
protected | function | Pass if the text is NOT found on the text version of the page. The text version is the equivalent of what a user would see when viewing through a web browser. In other words the HTML has been filtered out of the contents. | |
DrupalWebTestCase:: |
protected | function | Asserts the page did not return the specified response code. | |
DrupalWebTestCase:: |
protected | function | Pass if the raw text is NOT found on the loaded page, fail otherwise. Raw text refers to the raw HTML that the page generated. | |
DrupalWebTestCase:: |
protected | function | Will trigger a pass if the perl regex pattern is not present in raw content. | |
DrupalWebTestCase:: |
protected | function | Asserts that a select option in the current page is not checked. | |
DrupalWebTestCase:: |
protected | function | Pass if a link containing a given href (part) is not found. | |
DrupalWebTestCase:: |
protected | function | Pass if a link with the specified label is not found. | |
DrupalWebTestCase:: |
protected | function | Asserts that a checkbox field in the current page is not checked. | |
DrupalWebTestCase:: |
protected | function | Asserts that a field doesn't exist or its value doesn't match, by XPath. | |
DrupalWebTestCase:: |
protected | function | Asserts that a field does not exist with the given name and value. | |
DrupalWebTestCase:: |
protected | function | Asserts that a field does not exist with the given ID and value. | |
DrupalWebTestCase:: |
protected | function | Asserts that a field does not exist with the given name or ID. | |
DrupalWebTestCase:: |
protected | function | Asserts that each HTML ID is used for just a single element. | |
DrupalWebTestCase:: |
protected | function | Asserts that the most recently sent e-mail message has the string in it. | |
DrupalWebTestCase:: |
protected | function | Asserts that the most recently sent e-mail message has the pattern in it. | |
DrupalWebTestCase:: |
protected | function | Asserts that the most recently sent e-mail message has the given value. | |
DrupalWebTestCase:: |
protected | function | Pass if a link containing a given href (part) is found. | |
DrupalWebTestCase:: |
protected | function | Pass if a link with the specified label is found, and optional with the specified index. | |
DrupalWebTestCase:: |
protected | function | Asserts that a checkbox field in the current page is checked. | |
DrupalWebTestCase:: |
protected | function | Asserts that a field exists in the current page by the given XPath. | |
DrupalWebTestCase:: |
protected | function | Asserts that a field exists in the current page with the given name and value. | |
DrupalWebTestCase:: |
protected | function | Asserts that a field exists in the current page with the given ID and value. | |
DrupalWebTestCase:: |
protected | function | Asserts that a field exists with the given name or ID. | |
DrupalWebTestCase:: |
protected | property | The URL currently loaded in the internal browser. | |
DrupalWebTestCase:: |
protected | property | The current session name, if available. | |
DrupalWebTestCase:: |
protected | property | The current session ID, if available. | |
DrupalWebTestCase:: |
protected | property | The number of redirects followed during the handling of a request. | |
DrupalWebTestCase:: |
protected | property | The profile to install as a basis for testing. | 20 |
DrupalWebTestCase:: |
protected | property | The content of the page currently loaded in the internal browser (plain text version). | |
DrupalWebTestCase:: |
protected | property | The original user, before it was changed to a clean uid = 1 for testing purposes. | |
DrupalWebTestCase:: |
protected | property | The original shutdown handlers array, before it was cleaned for testing purposes. | |
DrupalWebTestCase:: |
protected | property | The current user logged in using the internal browser. | |
DrupalWebTestCase:: |
protected | property | HTTP authentication method | |
DrupalWebTestCase:: |
protected | property | HTTP authentication credentials (<username>:<password>). | |
DrupalWebTestCase:: |
protected | property | The headers of the page currently loaded in the internal browser. | |
DrupalWebTestCase:: |
protected | property | Whether the files were copied to the test files directory. | |
DrupalWebTestCase:: |
protected | property | The parsed version of the page. | |
DrupalWebTestCase:: |
protected | property | The value of the Drupal.settings JavaScript variable for the page currently loaded in the internal browser. | |
DrupalWebTestCase:: |
protected | property | The handle of the current cURL connection. | |
DrupalWebTestCase:: |
protected | property | The cookies of the page currently loaded in the internal browser. | |
DrupalWebTestCase:: |
protected | property | The current cookie file used by cURL. | |
DrupalWebTestCase:: |
protected | property | The content of the page currently loaded in the internal browser. | |
DrupalWebTestCase:: |
protected | property | Additional cURL options. | |
DrupalTestCase:: |
protected | function | Logs a verbose message in a text file. | |
DrupalTestCase:: |
public | function | Run all tests in this class. | |
DrupalTestCase:: |
public static | function | Generates a random string of ASCII characters of codes 32 to 126. | |
DrupalTestCase:: |
public static | function | Generates a random string containing letters and numbers. | |
DrupalTestCase:: |
protected | function | Fire an assertion that is always positive. | |
DrupalTestCase:: |
public static | function | Store an assertion from outside the testing context. | |
DrupalTestCase:: |
public static | function | Returns the database connection to the site running Simpletest. | |
DrupalTestCase:: |
protected | function | Cycles through backtrace until the first non-assertion method is found. | |
DrupalTestCase:: |
public static | function | Converts a list of possible parameters into a stack of permutations. | |
DrupalTestCase:: |
protected | function | Fire an assertion that is always negative. | |
DrupalTestCase:: |
protected | function | Handle exceptions. | |
DrupalTestCase:: |
public | function | Handle errors during test runs. | 1 |
DrupalTestCase:: |
protected | function | Fire an error assertion. | 1 |
DrupalTestCase:: |
public static | function | Delete an assertion record by message ID. | |
DrupalTestCase:: |
protected | function | Check to see if a value is not false (not an empty string, 0, NULL, or FALSE). | |
DrupalTestCase:: |
protected | function | Check to see if a value is NULL. | |
DrupalTestCase:: |
protected | function | Check to see if a value is not NULL. | |
DrupalTestCase:: |
protected | function | Check to see if two values are not identical. | |
DrupalTestCase:: |
protected | function | Check to see if two values are not equal. | |
DrupalTestCase:: |
protected | function | Check to see if two values are identical. | |
DrupalTestCase:: |
protected | function | Check to see if a value is false (an empty string, 0, NULL, or FALSE). | |
DrupalTestCase:: |
protected | function | Check to see if two values are equal. | |
DrupalTestCase:: |
protected | function | Internal helper: stores the assert. | |
DrupalTestCase:: |
protected | property | URL to the verbose output file directory. | |
DrupalTestCase:: |
protected | property | Time limit for the test. | |
DrupalTestCase:: |
protected | property | The test run ID. | |
DrupalTestCase:: |
protected | property | This class is skipped when looking for the source of an assertion. | |
DrupalTestCase:: |
protected | property | ||
DrupalTestCase:: |
protected | property | ||
DrupalTestCase:: |
protected | property | Flag to indicate whether the test has been set up. | |
DrupalTestCase:: |
public | property | Current results of this test case. | |
DrupalTestCase:: |
protected | property | The original file directory, before it was changed for testing purposes. | |
DrupalTestCase:: |
protected | property | The database prefix of this test run. | |
DrupalTestCase:: |
protected | property | Assertions thrown in that test case. |