FilePrivateTest.php

<?php

/**
 * @file
 * Definition of Drupal\file\Tests\FilePrivateTest.
 */
namespace Drupal\file\Tests;


/**
 * Tests file access on private nodes.
 */
class FilePrivateTest extends FileFieldTestBase {

  /**
   * Modules to enable.
   *
   * @var array
   */
  public static $modules = array(
    'node_access_test',
    'field_test',
  );
  public static function getInfo() {
    return array(
      'name' => 'Private file test',
      'description' => 'Uploads a test to a private node and checks access.',
      'group' => 'File',
    );
  }
  public function setUp() {
    parent::setUp();
    node_access_rebuild();
    state()
      ->set('node_access_test.private', TRUE);
  }

  /**
   * Tests file access for file uploaded to a private node.
   */
  function testPrivateFile() {

    // Use 'page' instead of 'article', so that the 'article' image field does
    // not conflict with this test. If in the future the 'page' type gets its
    // own default file or image field, this test can be made more robust by
    // using a custom node type.
    $type_name = 'page';
    $field_name = strtolower($this
      ->randomName());
    $this
      ->createFileField($field_name, $type_name, array(
      'uri_scheme' => 'private',
    ));

    // Create a field with no view access - see field_test_field_access().
    $no_access_field_name = 'field_no_view_access';
    $this
      ->createFileField($no_access_field_name, $type_name, array(
      'uri_scheme' => 'private',
    ));
    $test_file = $this
      ->getTestFile('text');
    $nid = $this
      ->uploadNodeFile($test_file, $field_name, $type_name, TRUE, array(
      'private' => TRUE,
    ));
    $node = node_load($nid, TRUE);
    $node_file = file_load($node->{$field_name}[LANGUAGE_NOT_SPECIFIED][0]['fid']);

    // Ensure the file can be downloaded.
    $this
      ->drupalGet(file_create_url($node_file->uri));
    $this
      ->assertResponse(200, t('Confirmed that the generated URL is correct by downloading the shipped file.'));
    $this
      ->drupalLogOut();
    $this
      ->drupalGet(file_create_url($node_file->uri));
    $this
      ->assertResponse(403, t('Confirmed that access is denied for the file without the needed permission.'));

    // Test with the field that should deny access through field access.
    $this
      ->drupalLogin($this->admin_user);
    $nid = $this
      ->uploadNodeFile($test_file, $no_access_field_name, $type_name, TRUE, array(
      'private' => TRUE,
    ));
    $node = node_load($nid, TRUE);
    $node_file = file_load($node->{$no_access_field_name}[LANGUAGE_NOT_SPECIFIED][0]['fid']);

    // Ensure the file cannot be downloaded.
    $this
      ->drupalGet(file_create_url($node_file->uri));
    $this
      ->assertResponse(403, t('Confirmed that access is denied for the file without view field access permission.'));
  }

}