public function BulkFormAccessTest::testNodeDeleteAccess in Drupal 8
Same name and namespace in other branches
- 9 core/modules/node/tests/src/Functional/Views/BulkFormAccessTest.php \Drupal\Tests\node\Functional\Views\BulkFormAccessTest::testNodeDeleteAccess()
Tests if nodes that may not be deleted, can not be deleted in bulk.
File
- core/
modules/ node/ tests/ src/ Functional/ Views/ BulkFormAccessTest.php, line 152
Class
- BulkFormAccessTest
- Tests if entity access is respected on a node bulk operations form.
Namespace
Drupal\Tests\node\Functional\ViewsCode
public function testNodeDeleteAccess() {
// Create an account who will be the author of a private node.
$author = $this
->drupalCreateUser();
// Create a private node (author may view, edit and delete, others may not).
$private_node = $this
->drupalCreateNode([
'type' => 'article',
'private' => [
[
'value' => TRUE,
],
],
'uid' => $author
->id(),
]);
// Create an account that may view the private node, but not delete it.
$account = $this
->drupalCreateUser([
'access content',
'administer nodes',
'delete own article content',
'node test view',
]);
// Create a node that may be deleted too, to ensure the delete confirmation
// page is shown later. In node_access_test.module, nodes may only be
// deleted by the author.
$own_node = $this
->drupalCreateNode([
'type' => 'article',
'private' => [
[
'value' => TRUE,
],
],
'uid' => $account
->id(),
]);
$this
->drupalLogin($account);
// Ensure that the private node can not be deleted.
$this
->assertEqual(FALSE, $this->accessHandler
->access($private_node, 'delete', $account), 'The private node may not be deleted.');
// Ensure that the public node may be deleted.
$this
->assertEqual(TRUE, $this->accessHandler
->access($own_node, 'delete', $account), 'The own node may be deleted.');
// Try to delete the node using the bulk form.
$edit = [
'node_bulk_form[0]' => TRUE,
'node_bulk_form[1]' => TRUE,
'action' => 'node_delete_action',
];
$this
->drupalPostForm('test-node-bulk-form', $edit, t('Apply to selected items'));
$this
->drupalPostForm(NULL, [], t('Delete'));
// Ensure the private node still exists.
$private_node = Node::load($private_node
->id());
$this
->assertNotNull($private_node, 'The private node has not been deleted.');
// Ensure the own node is deleted.
$own_node = Node::load($own_node
->id());
$this
->assertNull($own_node, 'The own node is deleted.');
}