You are here

public function NodeAccessTest::testNodeAccess in Drupal 9

Same name and namespace in other branches
  1. 8 core/modules/node/tests/src/Kernel/NodeAccessTest.php \Drupal\Tests\node\Kernel\NodeAccessTest::testNodeAccess()

Runs basic tests for node_access function.

File

core/modules/node/tests/src/Kernel/NodeAccessTest.php, line 15

Class

NodeAccessTest
Tests basic node_access functionality.

Namespace

Drupal\Tests\node\Kernel

Code

public function testNodeAccess() {

  // Ensures user without 'access content' permission can do nothing.
  $web_user1 = $this
    ->drupalCreateUser([
    'create page content',
    'edit any page content',
    'delete any page content',
  ]);
  $node1 = $this
    ->drupalCreateNode([
    'type' => 'page',
  ]);
  $this
    ->assertNodeCreateAccess($node1
    ->bundle(), FALSE, $web_user1);
  $this
    ->assertNodeAccess([
    'view' => FALSE,
    'update' => FALSE,
    'delete' => FALSE,
  ], $node1, $web_user1);

  // Ensures user with 'bypass node access' permission can do everything.
  $web_user2 = $this
    ->drupalCreateUser([
    'bypass node access',
  ]);
  $node2 = $this
    ->drupalCreateNode([
    'type' => 'page',
  ]);
  $this
    ->assertNodeCreateAccess($node2
    ->bundle(), TRUE, $web_user2);
  $this
    ->assertNodeAccess([
    'view' => TRUE,
    'update' => TRUE,
    'delete' => TRUE,
  ], $node2, $web_user2);

  // User cannot 'view own unpublished content'.
  $web_user3 = $this
    ->drupalCreateUser([
    'access content',
  ]);
  $node3 = $this
    ->drupalCreateNode([
    'status' => 0,
    'uid' => $web_user3
      ->id(),
  ]);
  $this
    ->assertNodeAccess([
    'view' => FALSE,
  ], $node3, $web_user3);

  // User cannot create content without permission.
  $this
    ->assertNodeCreateAccess($node3
    ->bundle(), FALSE, $web_user3);

  // User can 'view own unpublished content', but another user cannot.
  $web_user4 = $this
    ->drupalCreateUser([
    'access content',
    'view own unpublished content',
  ]);
  $web_user5 = $this
    ->drupalCreateUser([
    'access content',
    'view own unpublished content',
  ]);
  $node4 = $this
    ->drupalCreateNode([
    'status' => 0,
    'uid' => $web_user4
      ->id(),
  ]);
  $this
    ->assertNodeAccess([
    'view' => TRUE,
    'update' => FALSE,
  ], $node4, $web_user4);
  $this
    ->assertNodeAccess([
    'view' => FALSE,
  ], $node4, $web_user5);

  // Tests the default access provided for a published node.
  $node5 = $this
    ->drupalCreateNode();
  $this
    ->assertNodeAccess([
    'view' => TRUE,
    'update' => FALSE,
    'delete' => FALSE,
  ], $node5, $web_user3);

  // Tests the "edit any BUNDLE" and "delete any BUNDLE" permissions.
  $web_user6 = $this
    ->drupalCreateUser([
    'access content',
    'edit any page content',
    'delete any page content',
  ]);
  $node6 = $this
    ->drupalCreateNode([
    'type' => 'page',
  ]);
  $this
    ->assertNodeAccess([
    'view' => TRUE,
    'update' => TRUE,
    'delete' => TRUE,
  ], $node6, $web_user6);

  // Tests the "edit own BUNDLE" and "delete own BUNDLE" permission.
  $web_user7 = $this
    ->drupalCreateUser([
    'access content',
    'edit own page content',
    'delete own page content',
  ]);

  // User should not be able to edit or delete nodes they do not own.
  $this
    ->assertNodeAccess([
    'view' => TRUE,
    'update' => FALSE,
    'delete' => FALSE,
  ], $node6, $web_user7);

  // User should be able to edit or delete nodes they own.
  $node7 = $this
    ->drupalCreateNode([
    'type' => 'page',
    'uid' => $web_user7
      ->id(),
  ]);
  $this
    ->assertNodeAccess([
    'view' => TRUE,
    'update' => TRUE,
    'delete' => TRUE,
  ], $node7, $web_user7);
}