View source
<?php
namespace Drupal\Tests\comment\Functional;
use Drupal\comment\Entity\Comment;
use Drupal\comment\Tests\CommentTestTrait;
use Drupal\node\Entity\NodeType;
use Drupal\Tests\BrowserTestBase;
class CommentAccessTest extends BrowserTestBase {
use CommentTestTrait;
protected static $modules = [
'node',
'comment',
];
protected $defaultTheme = 'stark';
protected $unpublishedNode;
protected function setUp() : void {
parent::setUp();
$node_type = NodeType::create([
'type' => 'article',
'name' => 'Article',
]);
$node_type
->save();
$node_author = $this
->drupalCreateUser([
'create article content',
'access comments',
]);
$this
->drupalLogin($this
->drupalCreateUser([
'edit own comments',
'skip comment approval',
'post comments',
'access comments',
'access content',
]));
$this
->addDefaultCommentField('node', 'article');
$this->unpublishedNode = $this
->createNode([
'title' => 'This is unpublished',
'uid' => $node_author
->id(),
'status' => 0,
'type' => 'article',
]);
$this->unpublishedNode
->save();
}
public function testCannotCommentOnEntitiesYouCannotView() {
$assert = $this
->assertSession();
$comment_url = 'comment/reply/node/' . $this->unpublishedNode
->id() . '/comment';
$this
->drupalGet($comment_url);
$assert
->statusCodeEquals(403);
$this->unpublishedNode
->setPublished()
->save();
$this
->drupalGet($comment_url);
$assert
->statusCodeEquals(200);
}
public function testCannotViewCommentReplyFormOnEntitiesYouCannotView() {
$assert = $this
->assertSession();
$comment = Comment::create([
'entity_type' => 'node',
'name' => 'Tony',
'hostname' => 'magic.example.com',
'mail' => 'foo@example.com',
'subject' => 'Comment on unpublished node',
'entity_id' => $this->unpublishedNode
->id(),
'comment_type' => 'comment',
'field_name' => 'comment',
'pid' => 0,
'uid' => $this->unpublishedNode
->getOwnerId(),
'status' => 1,
]);
$comment
->save();
$comment_url = 'comment/reply/node/' . $this->unpublishedNode
->id() . '/comment/' . $comment
->id();
$this
->drupalGet($comment_url);
$assert
->statusCodeEquals(403);
$this->unpublishedNode
->setPublished()
->save();
$this
->drupalGet($comment_url);
$assert
->statusCodeEquals(200);
}
}