View source
<?php
namespace Drupal\Tests\file\Functional;
use Drupal\file\Entity\File;
use Drupal\node\Entity\NodeType;
use Drupal\user\RoleInterface;
class FilePrivateTest extends FileFieldTestBase {
protected static $modules = [
'node_access_test',
'field_test',
];
protected $defaultTheme = 'stark';
protected function setUp() : void {
parent::setUp();
node_access_test_add_field(NodeType::load('article'));
node_access_rebuild();
\Drupal::state()
->set('node_access_test.private', TRUE);
$this
->config('file.settings')
->set('make_unused_managed_files_temporary', TRUE)
->save();
}
public function testPrivateFile() {
$node_storage = $this->container
->get('entity_type.manager')
->getStorage('node');
$file_system = \Drupal::service('file_system');
$type_name = 'article';
$field_name = strtolower($this
->randomMachineName());
$this
->createFileField($field_name, 'node', $type_name, [
'uri_scheme' => 'private',
]);
$test_file = $this
->getTestFile('text');
$nid = $this
->uploadNodeFile($test_file, $field_name, $type_name, TRUE, [
'private' => TRUE,
]);
\Drupal::entityTypeManager()
->getStorage('node')
->resetCache([
$nid,
]);
$node = $node_storage
->load($nid);
$node_file = File::load($node->{$field_name}->target_id);
$this
->drupalGet('node/' . $node
->id());
$this
->assertSession()
->responseContains($node_file
->getFilename());
$this
->drupalGet($node_file
->createFileUrl(FALSE));
$this
->assertSession()
->statusCodeEquals(200);
$this
->drupalLogOut();
$this
->drupalGet($node_file
->createFileUrl(FALSE));
$this
->assertSession()
->statusCodeEquals(403);
$no_access_field_name = 'field_no_view_access';
$this
->createFileField($no_access_field_name, 'node', $type_name, [
'uri_scheme' => 'private',
]);
$this
->drupalLogin($this->adminUser);
$nid = $this
->uploadNodeFile($test_file, $no_access_field_name, $type_name, TRUE, [
'private' => TRUE,
]);
\Drupal::entityTypeManager()
->getStorage('node')
->resetCache([
$nid,
]);
$node = $node_storage
->load($nid);
$node_file = File::load($node->{$no_access_field_name}->target_id);
$file_url = $node_file
->createFileUrl(FALSE);
$this
->drupalGet($file_url);
$this
->assertSession()
->statusCodeEquals(403);
$edit = [];
$edit['title[0][value]'] = $this
->randomMachineName();
$this
->drupalGet('node/add/' . $type_name);
$this
->submitForm($edit, 'Save');
$new_node = $this
->drupalGetNodeByTitle($edit['title[0][value]']);
$this
->drupalGet('node/' . $new_node
->id() . '/edit');
$this
->getSession()
->getPage()
->find('css', 'input[name="' . $field_name . '[0][fids]"]')
->setValue($node_file
->id());
$this
->getSession()
->getPage()
->pressButton(t('Save'));
$this
->assertSession()
->addressEquals('node/' . $new_node
->id());
$new_node = \Drupal::entityTypeManager()
->getStorage('node')
->loadUnchanged($new_node
->id());
$this
->assertTrue($new_node
->get($field_name)
->isEmpty());
$edit = [];
$edit['title[0][value]'] = $this
->randomMachineName();
$this
->drupalGet('node/add/' . $type_name);
$this
->getSession()
->getPage()
->find('css', 'input[name="title[0][value]"]')
->setValue($edit['title[0][value]']);
$this
->getSession()
->getPage()
->find('css', 'input[name="' . $field_name . '[0][fids]"]')
->setValue($node_file
->id());
$this
->getSession()
->getPage()
->pressButton(t('Save'));
$new_node = $this
->drupalGetNodeByTitle($edit['title[0][value]']);
$this
->assertSession()
->addressEquals('node/' . $new_node
->id());
$new_node = \Drupal::entityTypeManager()
->getStorage('node')
->loadUnchanged($new_node
->id());
$this
->assertTrue($new_node
->get($field_name)
->isEmpty());
\Drupal::state()
->set('file_test.allow_all', TRUE);
$node
->delete();
$this
->drupalGet($file_url);
$this
->assertSession()
->statusCodeEquals(200);
$this
->drupalLogout();
$this
->drupalGet($file_url);
$this
->assertSession()
->statusCodeEquals(403);
$account = $this
->drupalCreateUser();
$this
->drupalLogin($account);
$this
->drupalGet($file_url);
$this
->assertSession()
->statusCodeEquals(403);
$this
->drupalLogout();
user_role_change_permissions(RoleInterface::ANONYMOUS_ID, [
"create {$type_name} content" => TRUE,
'access content' => TRUE,
]);
$test_file = $this
->getTestFile('text');
$this
->drupalGet('node/add/' . $type_name);
$edit = [
'files[' . $field_name . '_0]' => $file_system
->realpath($test_file
->getFileUri()),
];
$this
->submitForm($edit, 'Upload');
$file_storage = $this->container
->get('entity_type.manager')
->getStorage('file');
$files = $file_storage
->loadByProperties([
'uid' => 0,
]);
$this
->assertCount(1, $files, 'Loaded one anonymous file.');
$file = end($files);
$this
->assertTrue($file
->isTemporary(), 'File is temporary.');
$usage = $this->container
->get('file.usage')
->listUsage($file);
$this
->assertEmpty($usage, 'No file usage found.');
$file_url = $file
->createFileUrl(FALSE);
$this
->drupalGet($file_url);
$this
->assertSession()
->statusCodeEquals(200);
$this
->getSession()
->reset();
$this
->drupalGet($file_url);
$this
->assertSession()
->statusCodeEquals(403);
$test_file = $this
->getTestFile('text');
$this
->drupalGet('node/add/' . $type_name);
$edit = [];
$edit['title[0][value]'] = $this
->randomMachineName();
$edit['files[' . $field_name . '_0]'] = $file_system
->realpath($test_file
->getFileUri());
$this
->submitForm($edit, 'Save');
$new_node = $this
->drupalGetNodeByTitle($edit['title[0][value]']);
$file_id = $new_node->{$field_name}->target_id;
$file = File::load($file_id);
$this
->assertTrue($file
->isPermanent(), 'File is permanent.');
$new_node->{$field_name} = [];
$new_node
->save();
$file = File::load($file_id);
$this
->assertTrue($file
->isTemporary(), 'File is temporary.');
$usage = $this->container
->get('file.usage')
->listUsage($file);
$this
->assertEmpty($usage, 'No file usage found.');
$file_url = $file
->createFileUrl(FALSE);
$this
->drupalGet($file_url);
$this
->assertSession()
->statusCodeEquals(200);
$this
->getSession()
->reset();
$this
->drupalGet($file_url);
$this
->assertSession()
->statusCodeEquals(403);
$test_file = $this
->getTestFile('text');
$this
->drupalGet('node/add/' . $type_name);
$edit = [];
$edit['title[0][value]'] = $this
->randomMachineName();
$edit['files[' . $field_name . '_0]'] = $file_system
->realpath($test_file
->getFileUri());
$this
->submitForm($edit, 'Save');
$new_node = $this
->drupalGetNodeByTitle($edit['title[0][value]']);
$file = File::load($new_node->{$field_name}->target_id);
$this
->assertTrue($file
->isPermanent(), 'File is permanent.');
$usage = $this->container
->get('file.usage')
->listUsage($file);
$this
->assertCount(1, $usage, 'File usage found.');
$file_url = $file
->createFileUrl(FALSE);
$this
->drupalGet($file_url);
$this
->assertSession()
->statusCodeEquals(200);
$this
->getSession()
->reset();
$this
->drupalGet($file_url);
$this
->assertSession()
->statusCodeEquals(200);
$test_file = $this
->getTestFile('text');
$this
->drupalGet('node/add/' . $type_name);
$edit = [];
$edit['title[0][value]'] = $this
->randomMachineName();
$edit['files[' . $field_name . '_0]'] = $file_system
->realpath($test_file
->getFileUri());
$this
->submitForm($edit, 'Save');
$new_node = $this
->drupalGetNodeByTitle($edit['title[0][value]']);
$new_node
->setUnpublished();
$new_node
->save();
$file = File::load($new_node->{$field_name}->target_id);
$this
->assertTrue($file
->isPermanent(), 'File is permanent.');
$usage = $this->container
->get('file.usage')
->listUsage($file);
$this
->assertCount(1, $usage, 'File usage found.');
$file_url = $file
->createFileUrl(FALSE);
$this
->drupalGet($file_url);
$this
->assertSession()
->statusCodeEquals(403);
$this
->getSession()
->reset();
$this
->drupalGet($file_url);
$this
->assertSession()
->statusCodeEquals(403);
}
}