You are here

public function CommentAccessTest::testCannotViewCommentReplyFormOnEntitiesYouCannotView in Drupal 8

Same name and namespace in other branches
  1. 9 core/modules/comment/tests/src/Functional/CommentAccessTest.php \Drupal\Tests\comment\Functional\CommentAccessTest::testCannotViewCommentReplyFormOnEntitiesYouCannotView()

Tests cannot view comment reply form on entities you cannot view.

File

core/modules/comment/tests/src/Functional/CommentAccessTest.php, line 94

Class

CommentAccessTest
Tests comment administration and preview access.

Namespace

Drupal\Tests\comment\Functional

Code

public function testCannotViewCommentReplyFormOnEntitiesYouCannotView() {
  $assert = $this
    ->assertSession();

  // Create a comment on an unpublished node.
  $comment = Comment::create([
    'entity_type' => 'node',
    'name' => 'Tony',
    'hostname' => 'magic.example.com',
    'mail' => 'foo@example.com',
    'subject' => 'Comment on unpublished node',
    'entity_id' => $this->unpublishedNode
      ->id(),
    'comment_type' => 'comment',
    'field_name' => 'comment',
    'pid' => 0,
    'uid' => $this->unpublishedNode
      ->getOwnerId(),
    'status' => 1,
  ]);
  $comment
    ->save();
  $comment_url = 'comment/reply/node/' . $this->unpublishedNode
    ->id() . '/comment/' . $comment
    ->id();

  // Replying to a comment on an unpublished node results in access denied.
  $this
    ->drupalGet($comment_url);
  $assert
    ->statusCodeEquals(403);

  // Publishing the node grants access.
  $this->unpublishedNode
    ->setPublished()
    ->save();
  $this
    ->drupalGet($comment_url);
  $assert
    ->statusCodeEquals(200);
}