View source
<?php
namespace Drupal\Tests\search\Functional;
use Behat\Mink\Exception\ResponseTextException;
use Drupal\comment\Plugin\Field\FieldType\CommentItemInterface;
use Drupal\comment\Tests\CommentTestTrait;
use Drupal\field\Entity\FieldConfig;
use Drupal\Tests\BrowserTestBase;
use Drupal\Tests\Traits\Core\CronRunTrait;
use Drupal\user\RoleInterface;
use Drupal\filter\Entity\FilterFormat;
class SearchCommentTest extends BrowserTestBase {
use CommentTestTrait;
use CronRunTrait;
protected static $modules = [
'filter',
'node',
'comment',
'search',
];
protected $defaultTheme = 'stark';
protected $commentSubject;
protected $adminRole;
protected $adminUser;
protected $node;
protected function setUp() : void {
parent::setUp();
$this
->drupalCreateContentType([
'type' => 'page',
'name' => 'Basic page',
]);
$this
->drupalCreateContentType([
'type' => 'article',
'name' => 'Article',
]);
$full_html_format = FilterFormat::create([
'format' => 'full_html',
'name' => 'Full HTML',
'weight' => 1,
'filters' => [],
]);
$full_html_format
->save();
$permissions = [
'administer filters',
$full_html_format
->getPermissionName(),
'administer permissions',
'create page content',
'post comments',
'skip comment approval',
'access comments',
];
$this->adminUser = $this
->drupalCreateUser($permissions);
$this
->drupalLogin($this->adminUser);
$this
->addDefaultCommentField('node', 'article');
}
public function testSearchResultsComment() {
$node_storage = $this->container
->get('entity_type.manager')
->getStorage('node');
$basic_html_format = FilterFormat::create([
'format' => 'basic_html',
'name' => 'Basic HTML',
'weight' => 1,
'filters' => [
'filter_html_escape' => [
'status' => 1,
],
],
'roles' => [
RoleInterface::AUTHENTICATED_ID,
],
]);
$basic_html_format
->save();
$comment_body = 'Test comment body';
$field = FieldConfig::loadByName('node', 'article', 'comment');
$field
->setSetting('preview', DRUPAL_OPTIONAL);
$field
->save();
$edit = [
RoleInterface::ANONYMOUS_ID . '[search content]' => 1,
RoleInterface::ANONYMOUS_ID . '[access comments]' => 1,
RoleInterface::ANONYMOUS_ID . '[post comments]' => 1,
];
$this
->drupalGet('admin/people/permissions');
$this
->submitForm($edit, 'Save permissions');
$node = $this
->drupalCreateNode([
'type' => 'article',
]);
$edit_comment = [];
$edit_comment['subject[0][value]'] = 'Test comment subject';
$edit_comment['comment_body[0][value]'] = '<h1>' . $comment_body . '</h1>';
$full_html_format_id = 'full_html';
$edit_comment['comment_body[0][format]'] = $full_html_format_id;
$this
->drupalGet('comment/reply/node/' . $node
->id() . '/comment');
$this
->submitForm($edit_comment, 'Save');
$edit_comment2 = [];
$edit_comment2['subject[0][value]'] = "<script>alert('subjectkeyword');</script>";
$edit_comment2['comment_body[0][value]'] = "nearbykeyword<script>alert('somethinggeneric');</script>";
$edit_comment2['comment_body[0][format]'] = $full_html_format_id;
$this
->drupalGet('comment/reply/node/' . $node
->id() . '/comment');
$this
->submitForm($edit_comment2, 'Save');
$edit_comment3 = [];
$edit_comment3['subject[0][value]'] = 'a subject';
$edit_comment3['comment_body[0][value]'] = "<script>alert('insidekeyword');</script>";
$edit_comment3['comment_body[0][format]'] = $full_html_format_id;
$this
->drupalGet('comment/reply/node/' . $node
->id() . '/comment');
$this
->submitForm($edit_comment3, 'Save');
$this
->drupalLogout();
$this
->cronRun();
$edit = [
'keys' => "'" . $edit_comment['subject[0][value]'] . "'",
];
$this
->drupalGet('search/node');
$this
->submitForm($edit, 'Search');
$node_storage
->resetCache([
$node
->id(),
]);
$node2 = $node_storage
->load($node
->id());
$this
->assertSession()
->pageTextContains($node2
->label());
$this
->assertSession()
->pageTextContains($edit_comment['subject[0][value]']);
$edit = [
'keys' => "'" . $comment_body . "'",
];
$this
->submitForm($edit, 'Search');
$this
->assertSession()
->pageTextContains($node2
->label());
$this
->assertSession()
->pageTextContains($comment_body);
$this
->assertSession()
->pageTextNotContains('n/a');
$this
->assertSession()
->assertNoEscaped($edit_comment['comment_body[0][value]']);
$edit = [
'keys' => 'subjectkeyword',
];
$this
->drupalGet('search/node');
$this
->submitForm($edit, 'Search');
$this
->assertSession()
->responseContains('<script>alert('<strong>subjectkeyword</strong>');');
$this
->assertSession()
->responseNotContains('<script>');
$edit = [
'keys' => 'nearbykeyword',
];
$this
->drupalGet('search/node');
$this
->submitForm($edit, 'Search');
$this
->assertSession()
->responseContains('<strong>nearbykeyword</strong>');
$this
->assertSession()
->responseNotContains('<script>');
$edit = [
'keys' => 'insidekeyword',
];
$this
->drupalGet('search/node');
$this
->submitForm($edit, 'Search');
$this
->assertSession()
->responseNotContains('<script>');
$this
->drupalLogin($this->adminUser);
$node
->set('comment', CommentItemInterface::HIDDEN);
$node
->save();
$this
->drupalLogout();
$this
->cronRun();
$this
->drupalGet('search/node');
$this
->submitForm($edit, 'Search');
$this
->assertSession()
->pageTextContains('Your search yielded no results.');
}
public function testSearchResultsCommentAccess() {
$comment_body = 'Test comment body';
$this->commentSubject = 'Test comment subject';
$roles = $this->adminUser
->getRoles(TRUE);
$this->adminRole = $roles[0];
$field = FieldConfig::loadByName('node', 'article', 'comment');
$field
->setSetting('preview', DRUPAL_OPTIONAL);
$field
->save();
$this->node = $this
->drupalCreateNode([
'type' => 'article',
]);
$edit_comment = [];
$edit_comment['subject[0][value]'] = $this->commentSubject;
$edit_comment['comment_body[0][value]'] = '<h1>' . $comment_body . '</h1>';
$this
->drupalGet('comment/reply/node/' . $this->node
->id() . '/comment');
$this
->submitForm($edit_comment, 'Save');
$this
->drupalLogout();
$this
->setRolePermissions(RoleInterface::ANONYMOUS_ID);
$this
->assertCommentAccess(FALSE, 'Anon user has search permission but no access comments permission, comments should not be indexed');
$this
->setRolePermissions(RoleInterface::ANONYMOUS_ID, TRUE);
$this
->assertCommentAccess(TRUE, 'Anon user has search permission and access comments permission, comments should be indexed');
$this
->drupalLogin($this->adminUser);
$this
->drupalGet('admin/people/permissions');
$this
->setRolePermissions(RoleInterface::AUTHENTICATED_ID, FALSE, FALSE);
$this
->setRolePermissions($this->adminRole);
$this
->assertCommentAccess(FALSE, 'Admin user has search permission but no access comments permission, comments should not be indexed');
$this
->drupalGet('node/' . $this->node
->id());
$this
->setRolePermissions($this->adminRole, TRUE);
$this
->assertCommentAccess(TRUE, 'Admin user has search permission and access comments permission, comments should be indexed');
$this
->setRolePermissions(RoleInterface::AUTHENTICATED_ID);
$this
->assertCommentAccess(FALSE, 'Authenticated user has search permission but no access comments permission, comments should not be indexed');
$this
->setRolePermissions(RoleInterface::AUTHENTICATED_ID, TRUE);
$this
->assertCommentAccess(TRUE, 'Authenticated user has search permission and access comments permission, comments should be indexed');
$this
->setRolePermissions(RoleInterface::AUTHENTICATED_ID, TRUE, FALSE);
$this
->setRolePermissions($this->adminRole);
$this
->assertCommentAccess(TRUE, 'Admin user has search permission and no access comments permission, but comments should be indexed because admin user inherits authenticated user\'s permission to access comments');
$this
->setRolePermissions(RoleInterface::AUTHENTICATED_ID, TRUE, TRUE);
$this
->setRolePermissions($this->adminRole, TRUE, FALSE);
$this
->assertCommentAccess(TRUE, 'Admin user has access comments permission and no search permission, but comments should be indexed because admin user inherits authenticated user\'s permission to search');
}
public function setRolePermissions($rid, $access_comments = FALSE, $search_content = TRUE) {
$permissions = [
'access comments' => $access_comments,
'search content' => $search_content,
];
user_role_change_permissions($rid, $permissions);
}
public function assertCommentAccess(bool $assume_access, string $message) : void {
\Drupal::service('search.index')
->markForReindex('node_search', $this->node
->id());
$this
->cronRun();
$edit = [
'keys' => "'" . $this->commentSubject . "'",
];
$this
->drupalGet('search/node');
$this
->submitForm($edit, 'Search');
try {
if ($assume_access) {
$this
->assertSession()
->pageTextContains($this->node
->label());
$this
->assertSession()
->pageTextContains($this->commentSubject);
}
else {
$this
->assertSession()
->pageTextContains('Your search yielded no results.');
}
} catch (ResponseTextException $exception) {
$this
->fail($message);
}
}
public function testAddNewComment() {
$settings = [
'type' => 'article',
'title' => 'short title',
'body' => [
[
'value' => 'short body text',
],
],
];
$user = $this
->drupalCreateUser([
'search content',
'create article content',
'access content',
'post comments',
'access comments',
]);
$this
->drupalLogin($user);
$node = $this
->drupalCreateNode($settings);
$this
->drupalGet('node/' . $node
->id());
$this
->assertSession()
->pageTextContains('Add new comment');
$this
->drupalLogout();
$this
->cronRun();
$this
->drupalLogin($user);
$this
->drupalGet('search/node');
$this
->submitForm([
'keys' => 'comment',
], 'Search');
$this
->assertSession()
->pageTextContains('Your search yielded no results');
$this
->drupalGet('search/node');
$this
->submitForm([
'keys' => 'short',
], 'Search');
$this
->assertSession()
->pageTextContains($node
->label());
$this
->assertSession()
->pageTextNotContains('Add new comment');
}
}