You are here

public function ContentAccessModuleTest::testDeleteAccess in Content Access 8

Test for deleting nodes.

File

tests/src/Functional/ContentAccessModuleTest.php, line 264

Class

ContentAccessModuleTest
Automated BrowserTest Case for content access module.

Namespace

Drupal\Tests\content_access\Functional

Code

public function testDeleteAccess() {

  // Logout admin and try to delete the node anonymously.
  $this
    ->drupalLogout();
  $this
    ->drupalGet('node/' . $this->node1
    ->id() . '/delete');
  $this
    ->assertSession()
    ->pageTextContains($this
    ->t('Access denied'));

  // Login test user, delete node, access must be denied.
  $this
    ->drupalLogin($this->testUser);
  $this
    ->drupalGet('node/' . $this->node1
    ->id() . '/delete');
  $this
    ->assertSession()
    ->pageTextContains($this
    ->t('Access denied'));

  // Login admin and grant access for deleting to the test user.
  $this
    ->drupalLogin($this->adminUser);
  $this
    ->changeAccessContentTypeKeyword('delete');

  // Logout admin and try to edit the node anonymously
  // access must be denied again.
  $this
    ->drupalLogout();
  $this
    ->drupalGet('node/' . $this->node1
    ->id() . '/delete');
  $this
    ->assertSession()
    ->pageTextContains($this
    ->t('Access denied'));

  // Login test user, delete node, access must be granted.
  $this
    ->drupalLogin($this->testUser);
  $this
    ->drupalPostForm('node/' . $this->node1
    ->id() . '/delete', [], 'Delete');
  $this
    ->assertRaw($this
    ->t('%node has been deleted', [
    '%node' => $this->node1
      ->getTitle(),
  ]), 'Test node was deleted successfully by test user');

  // Login admin and recreate test node1.
  $this
    ->drupalLogin($this->adminUser);
  $this->node1 = $this
    ->drupalCreateNode([
    'type' => $this->contentType
      ->id(),
  ]);

  // Enable per node access.
  $this
    ->changeAccessPerNode();

  // Restrict access for this content type for the test user.
  $this
    ->changeAccessContentTypeKeyword('delete', FALSE);

  // Allow acces for node1 only.
  $this
    ->changeAccessNodeKeyword($this->node1, 'delete');
  $this
    ->changeAccessNodeKeyword($this->node2, 'delete', FALSE);

  // Logout admin and try to delete both nodes anonymously.
  $this
    ->drupalLogout();
  $this
    ->drupalGet('node/' . $this->node1
    ->id() . '/delete');
  $this
    ->assertSession()
    ->pageTextContains($this
    ->t('Access denied'));
  $this
    ->drupalGet('node/' . $this->node2
    ->id() . '/delete');
  $this
    ->assertSession()
    ->pageTextContains($this
    ->t('Access denied'));

  // Login test user, delete node1, access must be granted.
  $this
    ->drupalLogin($this->testUser);
  $this
    ->drupalGet('node/' . $this->node1
    ->id() . '/delete');
  $this
    ->assertSession()
    ->pageTextNotContains($this
    ->t('Access denied'));

  // Delete node2, access must be denied.
  $this
    ->drupalGet('node/' . $this->node2
    ->id() . '/delete');
  $this
    ->assertSession()
    ->pageTextContains($this
    ->t('Access denied'));

  // Login admin, swap permissions between node1 and node2.
  $this
    ->drupalLogin($this->adminUser);

  // Grant delete access to node2.
  $this
    ->changeAccessNodeKeyword($this->node2, 'delete');

  // Restrict delete acces to node1.
  $this
    ->changeAccessNodeKeyword($this->node1, 'delete', FALSE);

  // Logout admin and try to delete both nodes anonymously.
  $this
    ->drupalLogout();
  $this
    ->drupalGet('node/' . $this->node1
    ->id() . '/delete');
  $this
    ->assertSession()
    ->pageTextContains($this
    ->t('Access denied'));
  $this
    ->drupalGet('node/' . $this->node2
    ->id() . '/delete');
  $this
    ->assertSession()
    ->pageTextContains($this
    ->t('Access denied'));

  // Login test user, delete node1, access must be denied.
  $this
    ->drupalLogin($this->testUser);
  $this
    ->drupalGet('node/' . $this->node1
    ->id() . '/delete');
  $this
    ->assertSession()
    ->pageTextContains($this
    ->t('Access denied'));

  // Delete node2, access must be granted.
  $this
    ->drupalGet('node/' . $this->node2
    ->id() . '/delete');
  $this
    ->assertSession()
    ->pageTextNotContains($this
    ->t('Access denied'));
}