public function NodeAccessBaseTableTest::testNodeAccessBasic in Drupal 9
Same name and namespace in other branches
- 8 core/modules/node/tests/src/Functional/NodeAccessBaseTableTest.php \Drupal\Tests\node\Functional\NodeAccessBaseTableTest::testNodeAccessBasic()
Tests the "private" node access functionality.
- Create 2 users with "access content" and "create article" permissions.
- Each user creates one private and one not private article.
- Test that each user can view the other user's non-private article.
- Test that each user cannot view the other user's private article.
- Test that each user finds only appropriate (non-private + own private) in taxonomy listing.
- Create another user with 'view any private content'.
- Test that user 4 can view all content created above.
- Test that user 4 can view all content on taxonomy listing.
File
- core/
modules/ node/ tests/ src/ Functional/ NodeAccessBaseTableTest.php, line 91
Class
- NodeAccessBaseTableTest
- Tests behavior of the node access subsystem if the base table is not node.
Namespace
Drupal\Tests\node\FunctionalCode
public function testNodeAccessBasic() {
$num_simple_users = 2;
$simple_users = [];
// Nodes keyed by uid and nid: $nodes[$uid][$nid] = $is_private;
$this->nodesByUser = [];
// Titles keyed by nid.
$titles = [];
// Array of nids marked private.
$private_nodes = [];
for ($i = 0; $i < $num_simple_users; $i++) {
$simple_users[$i] = $this
->drupalCreateUser([
'access content',
'create article content',
]);
}
foreach ($simple_users as $this->webUser) {
$this
->drupalLogin($this->webUser);
foreach ([
0 => 'Public',
1 => 'Private',
] as $is_private => $type) {
$edit = [
'title[0][value]' => t('@private_public Article created by @user', [
'@private_public' => $type,
'@user' => $this->webUser
->getAccountName(),
]),
];
if ($is_private) {
$edit['private[0][value]'] = TRUE;
$edit['body[0][value]'] = 'private node';
$edit['field_tags[target_id]'] = 'private';
}
else {
$edit['body[0][value]'] = 'public node';
$edit['field_tags[target_id]'] = 'public';
}
$this
->drupalGet('node/add/article');
$this
->submitForm($edit, 'Save');
$node = $this
->drupalGetNodeByTitle($edit['title[0][value]']);
$this
->assertEquals($is_private, (int) $node->private->value, 'The private status of the node was properly set in the node_access_test table.');
if ($is_private) {
$private_nodes[] = $node
->id();
}
$titles[$node
->id()] = $edit['title[0][value]'];
$this->nodesByUser[$this->webUser
->id()][$node
->id()] = $is_private;
}
}
$public_tids = \Drupal::entityQuery('taxonomy_term')
->accessCheck(FALSE)
->condition('name', 'public')
->condition('default_langcode', 1)
->execute();
$this->publicTid = reset($public_tids);
$private_tids = \Drupal::entityQuery('taxonomy_term')
->accessCheck(FALSE)
->condition('name', 'private')
->condition('default_langcode', 1)
->execute();
$this->privateTid = reset($private_tids);
$this
->assertNotEmpty($this->publicTid, 'Public tid was found');
$this
->assertNotEmpty($this->privateTid, 'Private tid was found');
foreach ($simple_users as $this->webUser) {
$this
->drupalLogin($this->webUser);
// Check own nodes to see that all are readable.
foreach ($this->nodesByUser as $uid => $data) {
foreach ($data as $nid => $is_private) {
$this
->drupalGet('node/' . $nid);
if ($is_private) {
$should_be_visible = $uid == $this->webUser
->id();
}
else {
$should_be_visible = TRUE;
}
$this
->assertSession()
->statusCodeEquals($should_be_visible ? 200 : 403);
}
}
// Check to see that the correct nodes are shown on taxonomy/private
// and taxonomy/public.
$this
->assertTaxonomyPage(FALSE);
}
// Now test that a user with 'node test view' permissions can view content.
$access_user = $this
->drupalCreateUser([
'access content',
'create article content',
'node test view',
'search content',
]);
$this
->drupalLogin($access_user);
foreach ($this->nodesByUser as $private_status) {
foreach ($private_status as $nid => $is_private) {
$this
->drupalGet('node/' . $nid);
$this
->assertSession()
->statusCodeEquals(200);
}
}
// This user should be able to see all of the nodes on the relevant
// taxonomy pages.
$this
->assertTaxonomyPage(TRUE);
// Rebuild the node access permissions, repeat the test. This is done to
// ensure that node access is rebuilt correctly even if the current user
// does not have the bypass node access permission.
node_access_rebuild();
foreach ($this->nodesByUser as $private_status) {
foreach ($private_status as $nid => $is_private) {
$this
->drupalGet('node/' . $nid);
$this
->assertSession()
->statusCodeEquals(200);
}
}
// This user should be able to see all of the nodes on the relevant
// taxonomy pages.
$this
->assertTaxonomyPage(TRUE);
}