public function NodeAccessTest::testNodeAccess in Drupal 8
Same name and namespace in other branches
- 9 core/modules/node/tests/src/Kernel/NodeAccessTest.php \Drupal\Tests\node\Kernel\NodeAccessTest::testNodeAccess()
Runs basic tests for node_access function.
File
- core/
modules/ node/ tests/ src/ Kernel/ NodeAccessTest.php, line 15
Class
- NodeAccessTest
- Tests basic node_access functionality.
Namespace
Drupal\Tests\node\KernelCode
public function testNodeAccess() {
// Ensures user without 'access content' permission can do nothing.
$web_user1 = $this
->drupalCreateUser([
'create page content',
'edit any page content',
'delete any page content',
]);
$node1 = $this
->drupalCreateNode([
'type' => 'page',
]);
$this
->assertNodeCreateAccess($node1
->bundle(), FALSE, $web_user1);
$this
->assertNodeAccess([
'view' => FALSE,
'update' => FALSE,
'delete' => FALSE,
], $node1, $web_user1);
// Ensures user with 'bypass node access' permission can do everything.
$web_user2 = $this
->drupalCreateUser([
'bypass node access',
]);
$node2 = $this
->drupalCreateNode([
'type' => 'page',
]);
$this
->assertNodeCreateAccess($node2
->bundle(), TRUE, $web_user2);
$this
->assertNodeAccess([
'view' => TRUE,
'update' => TRUE,
'delete' => TRUE,
], $node2, $web_user2);
// User cannot 'view own unpublished content'.
$web_user3 = $this
->drupalCreateUser([
'access content',
]);
$node3 = $this
->drupalCreateNode([
'status' => 0,
'uid' => $web_user3
->id(),
]);
$this
->assertNodeAccess([
'view' => FALSE,
], $node3, $web_user3);
// User cannot create content without permission.
$this
->assertNodeCreateAccess($node3
->bundle(), FALSE, $web_user3);
// User can 'view own unpublished content', but another user cannot.
$web_user4 = $this
->drupalCreateUser([
'access content',
'view own unpublished content',
]);
$web_user5 = $this
->drupalCreateUser([
'access content',
'view own unpublished content',
]);
$node4 = $this
->drupalCreateNode([
'status' => 0,
'uid' => $web_user4
->id(),
]);
$this
->assertNodeAccess([
'view' => TRUE,
'update' => FALSE,
], $node4, $web_user4);
$this
->assertNodeAccess([
'view' => FALSE,
], $node4, $web_user5);
// Tests the default access provided for a published node.
$node5 = $this
->drupalCreateNode();
$this
->assertNodeAccess([
'view' => TRUE,
'update' => FALSE,
'delete' => FALSE,
], $node5, $web_user3);
// Tests the "edit any BUNDLE" and "delete any BUNDLE" permissions.
$web_user6 = $this
->drupalCreateUser([
'access content',
'edit any page content',
'delete any page content',
]);
$node6 = $this
->drupalCreateNode([
'type' => 'page',
]);
$this
->assertNodeAccess([
'view' => TRUE,
'update' => TRUE,
'delete' => TRUE,
], $node6, $web_user6);
// Tests the "edit own BUNDLE" and "delete own BUNDLE" permission.
$web_user7 = $this
->drupalCreateUser([
'access content',
'edit own page content',
'delete own page content',
]);
// User should not be able to edit or delete nodes they do not own.
$this
->assertNodeAccess([
'view' => TRUE,
'update' => FALSE,
'delete' => FALSE,
], $node6, $web_user7);
// User should be able to edit or delete nodes they own.
$node7 = $this
->drupalCreateNode([
'type' => 'page',
'uid' => $web_user7
->id(),
]);
$this
->assertNodeAccess([
'view' => TRUE,
'update' => TRUE,
'delete' => TRUE,
], $node7, $web_user7);
}