public function EditorPrivateFileReferenceFilterTest::testEditorPrivateFileReferenceFilter in Drupal 9
Same name and namespace in other branches
- 8 core/modules/editor/tests/src/Functional/EditorPrivateFileReferenceFilterTest.php \Drupal\Tests\editor\Functional\EditorPrivateFileReferenceFilterTest::testEditorPrivateFileReferenceFilter()
- 10 core/modules/editor/tests/src/Functional/EditorPrivateFileReferenceFilterTest.php \Drupal\Tests\editor\Functional\EditorPrivateFileReferenceFilterTest::testEditorPrivateFileReferenceFilter()
Tests the editor file reference filter with private files.
File
- core/
modules/ editor/ tests/ src/ Functional/ EditorPrivateFileReferenceFilterTest.php, line 45
Class
- EditorPrivateFileReferenceFilterTest
- Tests Editor module's file reference filter with private files.
Namespace
Drupal\Tests\editor\FunctionalCode
public function testEditorPrivateFileReferenceFilter() {
$author = $this
->drupalCreateUser();
$this
->drupalLogin($author);
// Create a content type with a body field.
$this
->drupalCreateContentType([
'type' => 'page',
'name' => 'Basic page',
]);
// Create a file in the 'private:// ' stream.
$filename = 'test.png';
$src = '/system/files/' . $filename;
/** @var \Drupal\file\FileInterface $file */
$file = File::create([
'uri' => 'private://' . $filename,
]);
$file
->setTemporary();
$file
->setOwner($author);
// Create the file itself.
file_put_contents($file
->getFileUri(), $this
->randomString());
$file
->save();
// The image should be visible for its author.
$this
->drupalGet($src);
$this
->assertSession()
->statusCodeEquals(200);
// The not-yet-permanent image should NOT be visible for anonymous.
$this
->drupalLogout();
$this
->drupalGet($src);
$this
->assertSession()
->statusCodeEquals(403);
// Resave the file to be permanent.
$file
->setPermanent();
$file
->save();
// Create some nodes to ensure file usage count does not match the ID's
// of the nodes we are going to check.
for ($i = 0; $i < 5; $i++) {
$this
->drupalCreateNode([
'type' => 'page',
'uid' => $author
->id(),
]);
}
// Create a node with its body field properly pointing to the just-created
// file.
$published_node = $this
->drupalCreateNode([
'type' => 'page',
'body' => [
'value' => '<img alt="alt" data-entity-type="file" data-entity-uuid="' . $file
->uuid() . '" src="' . $src . '" />',
'format' => 'private_images',
],
'uid' => $author
->id(),
]);
// Create an unpublished node with its body field properly pointing to the
// just-created file.
$unpublished_node = $this
->drupalCreateNode([
'type' => 'page',
'status' => NodeInterface::NOT_PUBLISHED,
'body' => [
'value' => '<img alt="alt" data-entity-type="file" data-entity-uuid="' . $file
->uuid() . '" src="' . $src . '" />',
'format' => 'private_images',
],
'uid' => $author
->id(),
]);
// Do the actual test. The image should be visible for anonymous users,
// because they can view the published node. Even though they can't view
// the unpublished node.
$this
->drupalGet($published_node
->toUrl());
$this
->assertSession()
->statusCodeEquals(200);
$this
->drupalGet($unpublished_node
->toUrl());
$this
->assertSession()
->statusCodeEquals(403);
$this
->drupalGet($src);
$this
->assertSession()
->statusCodeEquals(200);
// When the published node is also unpublished, the image should also
// become inaccessible to anonymous users.
$published_node
->setUnpublished()
->save();
$this
->drupalGet($published_node
->toUrl());
$this
->assertSession()
->statusCodeEquals(403);
$this
->drupalGet($src);
$this
->assertSession()
->statusCodeEquals(403);
// Disallow anonymous users to view the entity, which then should also
// disallow them to view the image.
$published_node
->setPublished()
->save();
Role::load(RoleInterface::ANONYMOUS_ID)
->revokePermission('access content')
->save();
$this
->drupalGet($published_node
->toUrl());
$this
->assertSession()
->statusCodeEquals(403);
$this
->drupalGet($src);
$this
->assertSession()
->statusCodeEquals(403);
}