You are here

public function InlineBlockPrivateFilesTest::testPrivateFiles in Drupal 8

Same name and namespace in other branches
  1. 9 core/modules/layout_builder/tests/src/FunctionalJavascript/InlineBlockPrivateFilesTest.php \Drupal\Tests\layout_builder\FunctionalJavascript\InlineBlockPrivateFilesTest::testPrivateFiles()

Test access to private files added via inline blocks in the layout builder.

File

core/modules/layout_builder/tests/src/FunctionalJavascript/InlineBlockPrivateFilesTest.php, line 63

Class

InlineBlockPrivateFilesTest
Test access to private files in block fields on the Layout Builder.

Namespace

Drupal\Tests\layout_builder\FunctionalJavascript

Code

public function testPrivateFiles() {
  $assert_session = $this
    ->assertSession();
  $this
    ->drupalLogin($this
    ->drupalCreateUser([
    'access contextual links',
    'configure any layout',
    'administer node display',
    'administer node fields',
    'create and edit custom blocks',
  ]));

  // Enable layout builder and overrides.
  $this
    ->drupalPostForm(static::FIELD_UI_PREFIX . '/display/default', [
    'layout[enabled]' => TRUE,
    'layout[allow_custom]' => TRUE,
  ], 'Save');
  $this
    ->drupalLogout();

  // Log in as user you can only configure layouts and access content.
  $this
    ->drupalLogin($this
    ->drupalCreateUser([
    'access contextual links',
    'configure any layout',
    'access content',
    'create and edit custom blocks',
  ]));
  $this
    ->drupalGet('node/1/layout');

  // @todo Occasionally SQLite has database locks here. Waiting seems to
  //   resolve it. https://www.drupal.org/project/drupal/issues/3055983
  $assert_session
    ->assertWaitOnAjaxRequest();
  $file = $this
    ->createPrivateFile('drupal.txt');
  $file_real_path = $this->fileSystem
    ->realpath($file
    ->getFileUri());
  $this
    ->assertFileExists($file_real_path);
  $this
    ->addInlineFileBlockToLayout('The file', $file);
  $this
    ->assertSaveLayout();
  $this
    ->drupalGet('node/1');
  $private_href1 = $this
    ->assertFileAccessibleOnNode($file);

  // Remove the inline block with the private file.
  $this
    ->drupalGet('node/1/layout');
  $this
    ->removeInlineBlockFromLayout();
  $this
    ->assertSaveLayout();
  $this
    ->drupalGet('node/1');
  $assert_session
    ->pageTextNotContains($file
    ->label());

  // Try to access file directly after it has been removed. Since a new
  // revision was not created for the node the inline block is not in the
  // layout of a previous revision of the node.
  $this
    ->drupalGet($private_href1);
  $assert_session
    ->pageTextContains('You are not authorized to access this page');
  $assert_session
    ->pageTextNotContains($this
    ->getFileSecret($file));
  $this
    ->assertFileExists($file_real_path);
  $file2 = $this
    ->createPrivateFile('2ndFile.txt');
  $this
    ->drupalGet('node/1/layout');
  $this
    ->addInlineFileBlockToLayout('Number2', $file2);
  $this
    ->assertSaveLayout();
  $this
    ->drupalGet('node/1');
  $private_href2 = $this
    ->assertFileAccessibleOnNode($file2);
  $this
    ->createNewNodeRevision(1);
  $file3 = $this
    ->createPrivateFile('3rdFile.txt');
  $this
    ->drupalGet('node/1/layout');
  $this
    ->replaceFileInBlock($file3);
  $this
    ->assertSaveLayout();
  $this
    ->drupalGet('node/1');
  $private_href3 = $this
    ->assertFileAccessibleOnNode($file3);

  // $file2 is on a previous revision of the block which is on a previous
  // revision of the node. The user does not have access to view the previous
  // revision of the node.
  $this
    ->drupalGet($private_href2);
  $assert_session
    ->pageTextContains('You are not authorized to access this page');
  $node = Node::load(1);
  $node
    ->setUnpublished();
  $node
    ->save();
  $this
    ->drupalGet('node/1');
  $assert_session
    ->pageTextContains('You are not authorized to access this page');
  $this
    ->drupalGet($private_href3);
  $assert_session
    ->pageTextNotContains($this
    ->getFileSecret($file3));
  $assert_session
    ->pageTextContains('You are not authorized to access this page');
  $this
    ->drupalGet('node/2/layout');
  $file4 = $this
    ->createPrivateFile('drupal_4.txt');
  $this
    ->addInlineFileBlockToLayout('The file', $file4);
  $this
    ->assertSaveLayout();
  $this
    ->drupalGet('node/2');
  $private_href4 = $this
    ->assertFileAccessibleOnNode($file4);
  $this
    ->createNewNodeRevision(2);

  // Remove the inline block with the private file.
  // The inline block will still be attached to the previous revision of the
  // node.
  $this
    ->drupalGet('node/2/layout');
  $this
    ->removeInlineBlockFromLayout();
  $this
    ->assertSaveLayout();

  // Ensure that since the user cannot view the previous revision of the node
  // they can not view the file which is only used on that revision.
  $this
    ->drupalGet($private_href4);
  $assert_session
    ->pageTextContains('You are not authorized to access this page');
}