public function NodeAccessTest::testPageAccess in Drupal 10
Same name and namespace in other branches
- 8 core/modules/content_moderation/tests/src/Functional/NodeAccessTest.php \Drupal\Tests\content_moderation\Functional\NodeAccessTest::testPageAccess()
- 9 core/modules/content_moderation/tests/src/Functional/NodeAccessTest.php \Drupal\Tests\content_moderation\Functional\NodeAccessTest::testPageAccess()
Verifies that a non-admin user can still access the appropriate pages.
File
- core/
modules/ content_moderation/ tests/ src/ Functional/ NodeAccessTest.php, line 70
Class
- NodeAccessTest
- Tests permission access control around nodes.
Namespace
Drupal\Tests\content_moderation\FunctionalCode
public function testPageAccess() {
// Initially disable access grant records in
// node_access_test_node_access_records().
\Drupal::state()
->set('node_access_test.private', TRUE);
$this
->drupalLogin($this->adminUser);
// Access the node form before moderation is enabled, the publication state
// should now be visible.
$this
->drupalGet('node/add/moderated_content');
$this
->assertSession()
->fieldExists('Published');
// Now enable the workflow.
$this
->enableModerationThroughUi('moderated_content', 'editorial');
// Access that the status field is no longer visible.
$this
->drupalGet('node/add/moderated_content');
$this
->assertSession()
->fieldNotExists('Published');
// Create a node to test with.
$this
->submitForm([
'title[0][value]' => 'moderated content',
'moderation_state[0][state]' => 'draft',
], 'Save');
$node = $this
->getNodeByTitle('moderated content');
if (!$node) {
$this
->fail('Test node was not saved correctly.');
}
$view_path = 'node/' . $node
->id();
$edit_path = 'node/' . $node
->id() . '/edit';
$latest_path = 'node/' . $node
->id() . '/latest';
// Now make a new user and verify that the new user's access is correct.
$user = $this
->createUser([
'use editorial transition create_new_draft',
'view latest version',
'view any unpublished content',
]);
$this
->drupalLogin($user);
$this
->drupalGet($edit_path);
$this
->assertSession()
->statusCodeEquals(403);
$this
->drupalGet($latest_path);
$this
->assertSession()
->statusCodeEquals(403);
$this
->drupalGet($view_path);
$this
->assertSession()
->statusCodeEquals(200);
// Publish the node.
$this
->drupalLogin($this->adminUser);
$this
->drupalGet($edit_path);
$this
->submitForm([
'moderation_state[0][state]' => 'published',
], 'Save');
// Ensure access works correctly for anonymous users.
$this
->drupalLogout();
$this
->drupalGet($edit_path);
$this
->assertSession()
->statusCodeEquals(403);
$this
->drupalGet($latest_path);
$this
->assertSession()
->statusCodeEquals(403);
$this
->drupalGet($view_path);
$this
->assertSession()
->statusCodeEquals(200);
// Create a pending revision for the 'Latest revision' tab.
$this
->drupalLogin($this->adminUser);
$this
->drupalGet($edit_path);
$this
->submitForm([
'title[0][value]' => 'moderated content revised',
'moderation_state[0][state]' => 'draft',
], 'Save');
$this
->drupalLogin($user);
$this
->drupalGet($edit_path);
$this
->assertSession()
->statusCodeEquals(403);
$this
->drupalGet($latest_path);
$this
->assertSession()
->statusCodeEquals(200);
$this
->drupalGet($view_path);
$this
->assertSession()
->statusCodeEquals(200);
// Now make another user, who should not be able to see pending revisions.
$user = $this
->createUser([
'use editorial transition create_new_draft',
]);
$this
->drupalLogin($user);
$this
->drupalGet($edit_path);
$this
->assertSession()
->statusCodeEquals(403);
$this
->drupalGet($latest_path);
$this
->assertSession()
->statusCodeEquals(403);
$this
->drupalGet($view_path);
$this
->assertSession()
->statusCodeEquals(200);
// Now create a private node that the user is not granted access to by the
// node grants, but is granted access via hook_node_access().
// @see node_access_test_node_access
$node = $this
->createNode([
'type' => 'moderated_content',
'private' => TRUE,
'uid' => $this->adminUser
->id(),
]);
$user = $this
->createUser([
'use editorial transition publish',
]);
$this
->drupalLogin($user);
// Grant access to the node via node_access_test_node_access().
\Drupal::state()
->set('node_access_test.allow_uid', $user
->id());
$this
->drupalGet($node
->toUrl());
$this
->assertSession()
->statusCodeEquals(200);
// Verify the moderation form is in place by publishing the node.
$this
->submitForm([], 'Apply');
$node = \Drupal::entityTypeManager()
->getStorage('node')
->loadUnchanged($node
->id());
$this
->assertEquals('published', $node->moderation_state->value);
}