NodeAccessBaseTableTest.php

Definition of Drupal\node\Tests\NodeAccessBaseTableTest.

Namespace

Drupal\node\Tests

File

drupal/core/modules/node/lib/Drupal/node/Tests/NodeAccessBaseTableTest.php
View source
<?php

/**
 * @file
 * Definition of Drupal\node\Tests\NodeAccessBaseTableTest.
 */
namespace Drupal\node\Tests;


/**
 * Tests for Node Access with a non-node base table.
 */
class NodeAccessBaseTableTest extends NodeTestBase {

  /**
   * Modules to enable.
   *
   * @var array
   */
  public static $modules = array(
    'node_access_test',
  );

  /**
   * The installation profile to use with this test.
   *
   * This test class requires the "tags" taxonomy field.
   *
   * @var string
   */
  protected $profile = 'standard';
  public static function getInfo() {
    return array(
      'name' => 'Node access on any table',
      'description' => 'Checks behavior of the node access subsystem if the base table is not node.',
      'group' => 'Node',
    );
  }
  public function setUp() {
    parent::setUp();
    node_access_rebuild();
    \Drupal::state()
      ->set('node_access_test.private', TRUE);
  }

  /**
   * Tests the "private" node access functionality.
   *
   * - Create 2 users with "access content" and "create article" permissions.
   * - Each user creates one private and one not private article.
   *
   * - Test that each user can view the other user's non-private article.
   * - Test that each user cannot view the other user's private article.
   * - Test that each user finds only appropriate (non-private + own private)
   *   in taxonomy listing.
   * - Create another user with 'view any private content'.
   * - Test that user 4 can view all content created above.
   * - Test that user 4 can view all content on taxonomy listing.
   */
  function testNodeAccessBasic() {
    $num_simple_users = 2;
    $simple_users = array();

    // nodes keyed by uid and nid: $nodes[$uid][$nid] = $is_private;
    $this->nodesByUser = array();
    $titles = array();

    // Titles keyed by nid
    $private_nodes = array();

    // Array of nids marked private.
    for ($i = 0; $i < $num_simple_users; $i++) {
      $simple_users[$i] = $this
        ->drupalCreateUser(array(
        'access content',
        'create article content',
      ));
    }
    foreach ($simple_users as $this->webUser) {
      $this
        ->drupalLogin($this->webUser);
      foreach (array(
        0 => 'Public',
        1 => 'Private',
      ) as $is_private => $type) {
        $edit = array(
          'title' => t('@private_public Article created by @user', array(
            '@private_public' => $type,
            '@user' => $this->webUser->name,
          )),
        );
        if ($is_private) {
          $edit['private'] = TRUE;
          $edit['body[und][0][value]'] = 'private node';
          $edit['field_tags[und]'] = 'private';
        }
        else {
          $edit['body[und][0][value]'] = 'public node';
          $edit['field_tags[und]'] = 'public';
        }
        $this
          ->drupalPost('node/add/article', $edit, t('Save'));
        $nid = db_query('SELECT nid FROM {node_field_data} WHERE title = :title', array(
          ':title' => $edit['title'],
        ))
          ->fetchField();
        $private_status = db_query('SELECT private FROM {node_access_test} where nid = :nid', array(
          ':nid' => $nid,
        ))
          ->fetchField();
        $this
          ->assertTrue($is_private == $private_status, 'The private status of the node was properly set in the node_access_test table.');
        if ($is_private) {
          $private_nodes[] = $nid;
        }
        $titles[$nid] = $edit['title'];
        $this->nodesByUser[$this->webUser->uid][$nid] = $is_private;
      }
    }
    $this->publicTid = db_query('SELECT tid FROM {taxonomy_term_data} WHERE name = :name', array(
      ':name' => 'public',
    ))
      ->fetchField();
    $this->privateTid = db_query('SELECT tid FROM {taxonomy_term_data} WHERE name = :name', array(
      ':name' => 'private',
    ))
      ->fetchField();
    $this
      ->assertTrue($this->publicTid, 'Public tid was found');
    $this
      ->assertTrue($this->privateTid, 'Private tid was found');
    foreach ($simple_users as $this->webUser) {
      $this
        ->drupalLogin($this->webUser);

      // Check own nodes to see that all are readable.
      foreach ($this->nodesByUser as $uid => $data) {
        foreach ($data as $nid => $is_private) {
          $this
            ->drupalGet('node/' . $nid);
          if ($is_private) {
            $should_be_visible = $uid == $this->webUser->uid;
          }
          else {
            $should_be_visible = TRUE;
          }
          $this
            ->assertResponse($should_be_visible ? 200 : 403, strtr('A %private node by user %uid is %visible for user %current_uid.', array(
            '%private' => $is_private ? 'private' : 'public',
            '%uid' => $uid,
            '%visible' => $should_be_visible ? 'visible' : 'not visible',
            '%current_uid' => $this->webUser->uid,
          )));
        }
      }

      // Check to see that the correct nodes are shown on taxonomy/private
      // and taxonomy/public.
      $this
        ->assertTaxonomyPage(FALSE);
    }

    // Now test that a user with 'access any private content' can view content.
    $access_user = $this
      ->drupalCreateUser(array(
      'access content',
      'create article content',
      'node test view',
      'search content',
    ));
    $this
      ->drupalLogin($access_user);
    foreach ($this->nodesByUser as $uid => $private_status) {
      foreach ($private_status as $nid => $is_private) {
        $this
          ->drupalGet('node/' . $nid);
        $this
          ->assertResponse(200);
      }
    }

    // This user should be able to see all of the nodes on the relevant
    // taxonomy pages.
    $this
      ->assertTaxonomyPage(TRUE);
  }

  /**
   * Checks taxonomy/term listings to ensure only accessible nodes are listed.
   *
   * @param $is_admin
   *   A boolean indicating whether the current user is an administrator. If
   *   TRUE, all nodes should be listed. If FALSE, only public nodes and the
   *   user's own private nodes should be listed.
   */
  protected function assertTaxonomyPage($is_admin) {
    foreach (array(
      $this->publicTid,
      $this->privateTid,
    ) as $tid_is_private => $tid) {
      $this
        ->drupalGet("taxonomy/term/{$tid}");
      $this->nids_visible = array();
      foreach ($this
        ->xpath("//a[text()='Read more']") as $link) {
        $this
          ->assertTrue(preg_match('|node/(\\d+)$|', (string) $link['href'], $matches), 'Read more points to a node');
        $this->nids_visible[$matches[1]] = TRUE;
      }
      foreach ($this->nodesByUser as $uid => $data) {
        foreach ($data as $nid => $is_private) {

          // Private nodes should be visible on the private term page,
          // public nodes should be visible on the public term page.
          $should_be_visible = $tid_is_private == $is_private;

          // Non-administrators can only see their own nodes on the private
          // term page.
          if (!$is_admin && $tid_is_private) {
            $should_be_visible = $should_be_visible && $uid == $this->webUser->uid;
          }
          $this
            ->assertIdentical(isset($this->nids_visible[$nid]), $should_be_visible, strtr('A %private node by user %uid is %visible for user %current_uid on the %tid_is_private page.', array(
            '%private' => $is_private ? 'private' : 'public',
            '%uid' => $uid,
            '%visible' => isset($this->nids_visible[$nid]) ? 'visible' : 'not visible',
            '%current_uid' => $this->webUser->uid,
            '%tid_is_private' => $tid_is_private ? 'private' : 'public',
          )));
        }
      }
    }
  }

}

Classes

Namesort descending Description
NodeAccessBaseTableTest Tests for Node Access with a non-node base table.