You are here

public function BulkFormAccessTest::testNodeDeleteAccess in Drupal 10

Same name and namespace in other branches
  1. 8 core/modules/node/tests/src/Functional/Views/BulkFormAccessTest.php \Drupal\Tests\node\Functional\Views\BulkFormAccessTest::testNodeDeleteAccess()
  2. 9 core/modules/node/tests/src/Functional/Views/BulkFormAccessTest.php \Drupal\Tests\node\Functional\Views\BulkFormAccessTest::testNodeDeleteAccess()

Tests if nodes that may not be deleted, can not be deleted in bulk.

File

core/modules/node/tests/src/Functional/Views/BulkFormAccessTest.php, line 144

Class

BulkFormAccessTest
Tests if entity access is respected on a node bulk operations form.

Namespace

Drupal\Tests\node\Functional\Views

Code

public function testNodeDeleteAccess() {

  // Create an account who will be the author of a private node.
  $author = $this
    ->drupalCreateUser();

  // Create a private node (author may view, edit and delete, others may not).
  $private_node = $this
    ->drupalCreateNode([
    'type' => 'article',
    'private' => [
      [
        'value' => TRUE,
      ],
    ],
    'uid' => $author
      ->id(),
  ]);

  // Create an account that may view the private node, but not delete it.
  $account = $this
    ->drupalCreateUser([
    'access content',
    'administer nodes',
    'delete own article content',
    'node test view',
  ]);

  // Create a node that may be deleted too, to ensure the delete confirmation
  // page is shown later. In node_access_test.module, nodes may only be
  // deleted by the author.
  $own_node = $this
    ->drupalCreateNode([
    'type' => 'article',
    'private' => [
      [
        'value' => TRUE,
      ],
    ],
    'uid' => $account
      ->id(),
  ]);
  $this
    ->drupalLogin($account);

  // Ensure that the private node can not be deleted.
  $this
    ->assertFalse($this->accessHandler
    ->access($private_node, 'delete', $account), 'The private node may not be deleted.');

  // Ensure that the public node may be deleted.
  $this
    ->assertTrue($this->accessHandler
    ->access($own_node, 'delete', $account), 'The own node may be deleted.');

  // Try to delete the node using the bulk form.
  $edit = [
    'node_bulk_form[0]' => TRUE,
    'node_bulk_form[1]' => TRUE,
    'action' => 'node_delete_action',
  ];
  $this
    ->drupalGet('test-node-bulk-form');
  $this
    ->submitForm($edit, 'Apply to selected items');
  $this
    ->submitForm([], 'Delete');

  // Ensure the private node still exists.
  $private_node = Node::load($private_node
    ->id());
  $this
    ->assertNotNull($private_node, 'The private node has not been deleted.');

  // Ensure the own node is deleted.
  $own_node = Node::load($own_node
    ->id());
  $this
    ->assertNull($own_node, 'The own node is deleted.');
}