function FieldPermissionsTestCase::testPermissionsUI in Field Permissions 7
File
- ./
field_permissions.test, line 45 - Tests for field_permissions.module.
Class
- FieldPermissionsTestCase
- Tests the Field Permissions module.
Code
function testPermissionsUI() {
// This depends on a page node type with a body field, standard install.
// Could alternatively extend field_ui.test classes, but would be much
// slower to run. Tradeoffs.
$field_info = array(
'admin_path' => 'admin/structure/types/manage/page/fields/body',
'machine_name' => 'body',
'add_path' => 'node/add/page',
'name' => 'Body',
'form_field' => 'body[und][0][value]',
'value' => $this
->randomName(),
);
// Check if we can see the field on the entity creation form.
$this
->drupalGet($field_info['add_path']);
$this
->assertText($field_info['name']);
// Admin users cannot access field permissions without specifically being
// granted the permission to do so.
$this
->drupalGet($field_info['admin_path']);
$this
->assertNoText(t('Field visibility and permissions'));
// Switch to admin user who can see the field permissions UI.
$this
->drupalGet('user/logout');
$this
->drupalLogin($this->admin_user);
$this
->drupalGet($field_info['admin_path']);
$this
->assertText(t('Field visibility and permissions'));
// == PUBLIC FIELD =========================================================
$this
->assertFieldChecked('edit-field-field-permissions-type-0');
// Although simpletest could create a node for us, we are doing this directly
// to ensure we have full control over the process. Given that we work with
// field permissions.
$this
->drupalGet('user/logout');
$this
->drupalLogin($this->limited_user);
$node1_values = array(
'title' => $this
->randomName(),
$field_info['form_field'] => $field_info['value'],
);
$this
->drupalPost($field_info['add_path'], $node1_values, t('Save'));
$this
->assertText($node1_values['title']);
$this
->assertText($field_info['value']);
$url = $this
->getUrl();
$nid1 = preg_replace('!^.*node/(\\d+)$!', '\\1', $url);
// Switch to admin user to check we can see the body.
$this
->drupalGet('user/logout');
$this
->drupalLogin($this->admin_user);
$this
->drupalGet('node/' . $nid1);
$this
->assertText($node1_values['title']);
$this
->assertText($field_info['value']);
// And we can edit the title and body.
$this
->drupalGet('node/' . $nid1 . '/edit');
$this
->assertText('Title');
$this
->assertText($node1_values['title']);
$this
->assertText($field_info['name']);
$this
->assertText($field_info['value']);
// == PRIVATE FIELD ========================================================
// Switch to admin user to set field to private.
$edit = array(
'field[field_permissions][type]' => 1,
);
$this
->drupalPost($field_info['admin_path'], $edit, t('Save settings'));
// Now we should not have access to see or edit this field.
$this
->drupalGet('node/' . $nid1);
$this
->assertText($node1_values['title']);
$this
->assertNoText($field_info['value']);
$this
->drupalGet($field_info['add_path']);
$this
->assertText('Title');
$this
->assertText($field_info['name']);
$this
->drupalGet('node/' . $nid1 . '/edit');
$this
->assertText('Title');
$this
->assertNoText($field_info['name']);
$this
->assertNoText($field_info['value']);
// Grant this user the Drupal core administrator role. This will give them
// the 'access private fields' permission (tested here), and it also means
// that when custom field permissions are created later on in this test,
// the admin user will automatically get those permissions granted also.
$user_admin_rid = variable_get('user_admin_role', 0);
$edit = array(
"roles[{$user_admin_rid}]" => TRUE,
);
$this
->drupalPost('user/' . $this->admin_user->uid . '/edit', $edit, t('Save'));
// Now we should have access to see or submit or edit this field again.
$this
->drupalGet('node/' . $nid1);
$this
->assertText($node1_values['title']);
$this
->assertText($field_info['value']);
$this
->drupalGet($field_info['add_path']);
$this
->assertText('Title');
$this
->assertText($field_info['name']);
$this
->drupalGet('node/' . $nid1 . '/edit');
$this
->assertText('Title');
$this
->assertText($field_info['name']);
$this
->assertText($field_info['value']);
// == CUSTOM PERMISSIONS ===================================================
// Introduce body creation permission.
$edit = array(
'field[field_permissions][type]' => 2,
);
$this
->drupalPost($field_info['admin_path'], $edit, t('Save settings'));
$this
->drupalGet($field_info['admin_path']);
$this
->assertRaw(t('Create own value for field %field', array(
'%field' => $field_info['name'],
)));
$this
->assertRaw(t('Edit own value for field %field', array(
'%field' => $field_info['name'],
)));
$this
->assertRaw(t("Edit anyone's value for field %field", array(
'%field' => $field_info['name'],
)));
$this
->assertRaw(t('View own value for field %field', array(
'%field' => $field_info['name'],
)));
$this
->assertRaw(t("View anyone's value for field %field", array(
'%field' => $field_info['name'],
)));
// See if we have that exposed on the permissions UI as well now.
$this
->drupalGet('admin/people/permissions');
$this
->assertText(t('Field Permissions'));
$this
->assertRaw(t('Create own value for field %field', array(
'%field' => $field_info['machine_name'],
)));
$this
->assertRaw(t('Edit own value for field %field', array(
'%field' => $field_info['machine_name'],
)));
$this
->assertRaw(t("Edit anyone's value for field %field", array(
'%field' => $field_info['machine_name'],
)));
$this
->assertRaw(t('View own value for field %field', array(
'%field' => $field_info['machine_name'],
)));
$this
->assertRaw(t("View anyone's value for field %field", array(
'%field' => $field_info['machine_name'],
)));
// == CREATE ===============================================================
// The admin user should have been automatically granted the create
// permission, but the limited user shouldn't have it yet.
$this
->assertUserHasPermission($this->admin_user, 'create ' . $field_info['machine_name'], t('Admin user does have "create @field" permission.', array(
'@field' => $field_info['machine_name'],
)));
$this
->assertUserDoesNotHavePermission($this->limited_user, 'create ' . $field_info['machine_name'], t('Limited user does not have "create @field" permission.', array(
'@field' => $field_info['machine_name'],
)));
// Should not see the field on the entity creation form anymore for limited_user.
$this
->drupalGet('user/logout');
$this
->drupalLogin($this->limited_user);
$this
->drupalGet($field_info['add_path']);
$this
->assertNoText($field_info['name']);
// Grant body creation permission to limited users too.
$edit = array(
$this->limited_rid . '[create ' . $field_info['machine_name'] . ']' => TRUE,
);
$this
->drupalPost('admin/people/permissions', $edit, t('Save permissions'));
$this
->assertUserHasPermission($this->admin_user, 'create ' . $field_info['machine_name'], t('Admin user does have "create @field" permission.', array(
'@field' => $field_info['machine_name'],
)));
$this
->assertUserHasPermission($this->limited_user, 'create ' . $field_info['machine_name'], t('Limited user does have "create @field" permission.', array(
'@field' => $field_info['machine_name'],
)));
// Should see the field again on the entity creation form.
$this
->drupalGet($field_info['add_path']);
$this
->assertText($field_info['name']);
// Although simpletest could create a node for us, we are doing this directly
// to ensure we have full control over the process. Given that we work with
// field permissions.
$node2_values = array(
'title' => $this
->randomName(),
$field_info['form_field'] => $field_info['value'],
);
$this
->drupalPost($field_info['add_path'], $node2_values, t('Save'));
$this
->assertText($node2_values['title']);
// The body will not yet be visible to this user.
$this
->assertNoText($field_info['value']);
$url = $this
->getUrl();
$nid2 = preg_replace('!^.*node/(\\d+)$!', '\\1', $url);
// Switch to admin user and prove she has access to body.
$this
->drupalGet('user/logout');
$this
->drupalLogin($this->admin_user);
$this
->drupalGet('node/' . $nid2);
$this
->assertText($node2_values['title']);
$this
->assertText($field_info['value']);
// == VIEW =================================================================
// Grant body view permission to limited users too.
$edit = array(
$this->limited_rid . '[view ' . $field_info['machine_name'] . ']' => TRUE,
);
$this
->drupalPost('admin/people/permissions', $edit, t('Save permissions'));
$this
->assertUserHasPermission($this->admin_user, 'view ' . $field_info['machine_name'], t('Admin user does have "view @field" permission.', array(
'@field' => $field_info['machine_name'],
)));
$this
->assertUserHasPermission($this->limited_user, 'view ' . $field_info['machine_name'], t('Limited user does have "view @field" permission.', array(
'@field' => $field_info['machine_name'],
)));
// Limited user can now see the field.
$this
->drupalGet('user/logout');
$this
->drupalLogin($this->limited_user);
$this
->drupalGet('node/' . $nid2);
$this
->assertText($node2_values['title']);
$this
->assertText($field_info['value']);
// == EDIT =================================================================
// We still don't have access to edit our field.
$this
->drupalGet('node/' . $nid2 . '/edit');
$this
->assertNoText($field_info['value']);
// Switch to admin user to configure edit permissions.
$this
->drupalGet('user/logout');
$this
->drupalLogin($this->admin_user);
// Ensure the editing screen now has the body.
$this
->drupalGet('node/' . $nid2 . '/edit');
$this
->assertText($field_info['value']);
// Grant body editing permission for the limited role.
$edit = array(
$this->limited_rid . '[edit ' . $field_info['machine_name'] . ']' => TRUE,
);
$this
->drupalPost('admin/people/permissions', $edit, t('Save permissions'));
$this
->assertUserHasPermission($this->admin_user, 'edit ' . $field_info['machine_name'], t('Admin user does have "edit @field" permission.', array(
'@field' => $field_info['machine_name'],
)));
$this
->assertUserHasPermission($this->limited_user, 'edit ' . $field_info['machine_name'], t('Limited user does have "edit @field" permission.', array(
'@field' => $field_info['machine_name'],
)));
// Ensure the editing screen still has the body.
$this
->drupalGet('node/' . $nid2 . '/edit');
$this
->assertText($field_info['value']);
// Switch to limited user to check that we can edit body now.
$this
->drupalGet('user/logout');
$this
->drupalLogin($this->limited_user);
$this
->drupalGet('node/' . $nid2 . '/edit');
$this
->assertText($field_info['value']);
}