You are here

public function NodeAccessTest::testPageAccess in Drupal 8

Same name and namespace in other branches
  1. 9 core/modules/content_moderation/tests/src/Functional/NodeAccessTest.php \Drupal\Tests\content_moderation\Functional\NodeAccessTest::testPageAccess()

Verifies that a non-admin user can still access the appropriate pages.

File

core/modules/content_moderation/tests/src/Functional/NodeAccessTest.php, line 70

Class

NodeAccessTest
Tests permission access control around nodes.

Namespace

Drupal\Tests\content_moderation\Functional

Code

public function testPageAccess() {

  // Initially disable access grant records in
  // node_access_test_node_access_records().
  \Drupal::state()
    ->set('node_access_test.private', TRUE);
  $this
    ->drupalLogin($this->adminUser);

  // Access the node form before moderation is enabled, the publication state
  // should now be visible.
  $this
    ->drupalGet('node/add/moderated_content');
  $this
    ->assertSession()
    ->fieldExists('Published');

  // Now enable the workflow.
  $this
    ->enableModerationThroughUi('moderated_content', 'editorial');

  // Access that the status field is no longer visible.
  $this
    ->drupalGet('node/add/moderated_content');
  $this
    ->assertSession()
    ->fieldNotExists('Published');

  // Create a node to test with.
  $this
    ->drupalPostForm(NULL, [
    'title[0][value]' => 'moderated content',
    'moderation_state[0][state]' => 'draft',
  ], t('Save'));
  $node = $this
    ->getNodeByTitle('moderated content');
  if (!$node) {
    $this
      ->fail('Test node was not saved correctly.');
  }
  $view_path = 'node/' . $node
    ->id();
  $edit_path = 'node/' . $node
    ->id() . '/edit';
  $latest_path = 'node/' . $node
    ->id() . '/latest';

  // Now make a new user and verify that the new user's access is correct.
  $user = $this
    ->createUser([
    'use editorial transition create_new_draft',
    'view latest version',
    'view any unpublished content',
  ]);
  $this
    ->drupalLogin($user);
  $this
    ->drupalGet($edit_path);
  $this
    ->assertSession()
    ->statusCodeEquals(403);
  $this
    ->drupalGet($latest_path);
  $this
    ->assertSession()
    ->statusCodeEquals(403);
  $this
    ->drupalGet($view_path);
  $this
    ->assertSession()
    ->statusCodeEquals(200);

  // Publish the node.
  $this
    ->drupalLogin($this->adminUser);
  $this
    ->drupalPostForm($edit_path, [
    'moderation_state[0][state]' => 'published',
  ], t('Save'));

  // Ensure access works correctly for anonymous users.
  $this
    ->drupalLogout();
  $this
    ->drupalGet($edit_path);
  $this
    ->assertSession()
    ->statusCodeEquals(403);
  $this
    ->drupalGet($latest_path);
  $this
    ->assertSession()
    ->statusCodeEquals(403);
  $this
    ->drupalGet($view_path);
  $this
    ->assertSession()
    ->statusCodeEquals(200);

  // Create a pending revision for the 'Latest revision' tab.
  $this
    ->drupalLogin($this->adminUser);
  $this
    ->drupalPostForm($edit_path, [
    'title[0][value]' => 'moderated content revised',
    'moderation_state[0][state]' => 'draft',
  ], t('Save'));
  $this
    ->drupalLogin($user);
  $this
    ->drupalGet($edit_path);
  $this
    ->assertSession()
    ->statusCodeEquals(403);
  $this
    ->drupalGet($latest_path);
  $this
    ->assertSession()
    ->statusCodeEquals(200);
  $this
    ->drupalGet($view_path);
  $this
    ->assertSession()
    ->statusCodeEquals(200);

  // Now make another user, who should not be able to see pending revisions.
  $user = $this
    ->createUser([
    'use editorial transition create_new_draft',
  ]);
  $this
    ->drupalLogin($user);
  $this
    ->drupalGet($edit_path);
  $this
    ->assertSession()
    ->statusCodeEquals(403);
  $this
    ->drupalGet($latest_path);
  $this
    ->assertSession()
    ->statusCodeEquals(403);
  $this
    ->drupalGet($view_path);
  $this
    ->assertSession()
    ->statusCodeEquals(200);

  // Now create a private node that the user is not granted access to by the
  // node grants, but is granted access via hook_node_access().
  // @see node_access_test_node_access
  $node = $this
    ->createNode([
    'type' => 'moderated_content',
    'private' => TRUE,
    'uid' => $this->adminUser
      ->id(),
  ]);
  $user = $this
    ->createUser([
    'use editorial transition publish',
  ]);
  $this
    ->drupalLogin($user);

  // Grant access to the node via node_access_test_node_access().
  \Drupal::state()
    ->set('node_access_test.allow_uid', $user
    ->id());
  $this
    ->drupalGet($node
    ->toUrl());
  $this
    ->assertSession()
    ->statusCodeEquals(200);

  // Verify the moderation form is in place by publishing the node.
  $this
    ->drupalPostForm(NULL, [], t('Apply'));
  $node = \Drupal::entityTypeManager()
    ->getStorage('node')
    ->loadUnchanged($node
    ->id());
  $this
    ->assertEquals('published', $node->moderation_state->value);
}