public function BulkFormAccessTest::testNodeEditAccess in Drupal 8
Same name and namespace in other branches
- 9 core/modules/node/tests/src/Functional/Views/BulkFormAccessTest.php \Drupal\Tests\node\Functional\Views\BulkFormAccessTest::testNodeEditAccess()
Tests if nodes that may not be edited, can not be edited in bulk.
File
- core/
modules/ node/ tests/ src/ Functional/ Views/ BulkFormAccessTest.php, line 69
Class
- BulkFormAccessTest
- Tests if entity access is respected on a node bulk operations form.
Namespace
Drupal\Tests\node\Functional\ViewsCode
public function testNodeEditAccess() {
// Create an account who will be the author of a private node.
$author = $this
->drupalCreateUser();
// Create a private node (author may view, edit and delete, others may not).
$node = $this
->drupalCreateNode([
'type' => 'article',
'private' => [
[
'value' => TRUE,
],
],
'uid' => $author
->id(),
]);
// Create an account that may view the private node, but not edit it.
$account = $this
->drupalCreateUser([
'node test view',
]);
$this
->drupalLogin($account);
// Ensure the node is published.
$this
->assertTrue($node
->isPublished(), 'Node is initially published.');
// Ensure that the node can not be edited.
$this
->assertEqual(FALSE, $this->accessHandler
->access($node, 'update', $account), 'The node may not be edited.');
// Test editing the node using the bulk form.
$edit = [
'node_bulk_form[0]' => TRUE,
'action' => 'node_unpublish_action',
];
$this
->drupalPostForm('test-node-bulk-form', $edit, t('Apply to selected items'));
$this
->assertRaw(new FormattableMarkup('No access to execute %action on the @entity_type_label %entity_label.', [
'%action' => 'Unpublish content',
'@entity_type_label' => 'Content',
'%entity_label' => $node
->label(),
]));
// Re-load the node and check the status.
$node = Node::load($node
->id());
$this
->assertTrue($node
->isPublished(), 'The node is still published.');
// Create an account that may view the private node, but can update the
// status.
$account = $this
->drupalCreateUser([
'administer nodes',
'node test view',
]);
$this
->drupalLogin($account);
// Ensure the node is published.
$this
->assertTrue($node
->isPublished(), 'Node is initially published.');
// Ensure that the private node can not be edited.
$this
->assertEqual(FALSE, $node
->access('update', $account), 'The node may not be edited.');
$this
->assertEqual(TRUE, $node->status
->access('edit', $account), 'The node status can be edited.');
// Test editing the node using the bulk form.
$edit = [
'node_bulk_form[0]' => TRUE,
'action' => 'node_unpublish_action',
];
$this
->drupalPostForm('test-node-bulk-form', $edit, t('Apply to selected items'));
// Test that the action message isn't shown.
$this
->assertNoRaw(new FormattableMarkup('%action was applied to 1 item.', [
'%action' => 'Unpublish content',
]));
// Re-load the node and check the status.
$node = Node::load($node
->id());
$this
->assertTrue($node
->isPublished(), 'The node is still published.');
// Try to delete the node and check that we are not redirected to the
// conformation form but stay on the content view.
$this
->assertNotEmpty($this
->cssSelect('#views-form-test-node-bulk-form-page-1'));
$edit = [
'node_bulk_form[0]' => TRUE,
'action' => 'node_delete_action',
];
$this
->drupalPostForm('test-node-bulk-form', $edit, t('Apply to selected items'));
// Test that the action message isn't shown.
$this
->assertRaw(new FormattableMarkup('No access to execute %action on the @entity_type_label %entity_label.', [
'%action' => 'Delete content',
'@entity_type_label' => 'Content',
'%entity_label' => $node
->label(),
]));
$this
->assertNotEmpty($this
->cssSelect('#views-form-test-node-bulk-form-page-1'));
}