function FilePrivateTest::testPrivateFile

Tests file access for file uploaded to a private node.

File

drupal/core/modules/file/lib/Drupal/file/Tests/FilePrivateTest.php, line 39
Definition of Drupal\file\Tests\FilePrivateTest.

Class

FilePrivateTest
Tests file access on private nodes.

Namespace

Drupal\file\Tests

Code

function testPrivateFile() {

  // Use 'page' instead of 'article', so that the 'article' image field does
  // not conflict with this test. If in the future the 'page' type gets its
  // own default file or image field, this test can be made more robust by
  // using a custom node type.
  $type_name = 'page';
  $field_name = strtolower($this
    ->randomName());
  $this
    ->createFileField($field_name, $type_name, array(
    'uri_scheme' => 'private',
  ));

  // Create a field with no view access - see field_test_field_access().
  $no_access_field_name = 'field_no_view_access';
  $this
    ->createFileField($no_access_field_name, $type_name, array(
    'uri_scheme' => 'private',
  ));
  $test_file = $this
    ->getTestFile('text');
  $nid = $this
    ->uploadNodeFile($test_file, $field_name, $type_name, TRUE, array(
    'private' => TRUE,
  ));
  $node = node_load($nid, TRUE);
  $node_file = file_load($node->{$field_name}[LANGUAGE_NOT_SPECIFIED][0]['fid']);

  // Ensure the file can be downloaded.
  $this
    ->drupalGet(file_create_url($node_file->uri));
  $this
    ->assertResponse(200, t('Confirmed that the generated URL is correct by downloading the shipped file.'));
  $this
    ->drupalLogOut();
  $this
    ->drupalGet(file_create_url($node_file->uri));
  $this
    ->assertResponse(403, t('Confirmed that access is denied for the file without the needed permission.'));

  // Test with the field that should deny access through field access.
  $this
    ->drupalLogin($this->admin_user);
  $nid = $this
    ->uploadNodeFile($test_file, $no_access_field_name, $type_name, TRUE, array(
    'private' => TRUE,
  ));
  $node = node_load($nid, TRUE);
  $node_file = file_load($node->{$no_access_field_name}[LANGUAGE_NOT_SPECIFIED][0]['fid']);

  // Ensure the file cannot be downloaded.
  $this
    ->drupalGet(file_create_url($node_file->uri));
  $this
    ->assertResponse(403, t('Confirmed that access is denied for the file without view field access permission.'));
}