You are here

function FieldPermissionsTestCase::testPermissionsUI in Field Permissions 7

File

./field_permissions.test, line 45
Tests for field_permissions.module.

Class

FieldPermissionsTestCase
Tests the Field Permissions module.

Code

function testPermissionsUI() {

  // This depends on a page node type with a body field, standard install.
  // Could alternatively extend field_ui.test classes, but would be much
  // slower to run. Tradeoffs.
  $field_info = array(
    'admin_path' => 'admin/structure/types/manage/page/fields/body',
    'machine_name' => 'body',
    'add_path' => 'node/add/page',
    'name' => 'Body',
    'form_field' => 'body[und][0][value]',
    'value' => $this
      ->randomName(),
  );

  // Check if we can see the field on the entity creation form.
  $this
    ->drupalGet($field_info['add_path']);
  $this
    ->assertText($field_info['name']);

  // Admin users cannot access field permissions without specifically being
  // granted the permission to do so.
  $this
    ->drupalGet($field_info['admin_path']);
  $this
    ->assertNoText(t('Field visibility and permissions'));

  // Switch to admin user who can see the field permissions UI.
  $this
    ->drupalGet('user/logout');
  $this
    ->drupalLogin($this->admin_user);
  $this
    ->drupalGet($field_info['admin_path']);
  $this
    ->assertText(t('Field visibility and permissions'));

  // == PUBLIC FIELD =========================================================
  $this
    ->assertFieldChecked('edit-field-field-permissions-type-0');

  // Although simpletest could create a node for us, we are doing this directly
  // to ensure we have full control over the process. Given that we work with
  // field permissions.
  $this
    ->drupalGet('user/logout');
  $this
    ->drupalLogin($this->limited_user);
  $node1_values = array(
    'title' => $this
      ->randomName(),
    $field_info['form_field'] => $field_info['value'],
  );
  $this
    ->drupalPost($field_info['add_path'], $node1_values, t('Save'));
  $this
    ->assertText($node1_values['title']);
  $this
    ->assertText($field_info['value']);
  $url = $this
    ->getUrl();
  $nid1 = preg_replace('!^.*node/(\\d+)$!', '\\1', $url);

  // Switch to admin user to check we can see the body.
  $this
    ->drupalGet('user/logout');
  $this
    ->drupalLogin($this->admin_user);
  $this
    ->drupalGet('node/' . $nid1);
  $this
    ->assertText($node1_values['title']);
  $this
    ->assertText($field_info['value']);

  // And we can edit the title and body.
  $this
    ->drupalGet('node/' . $nid1 . '/edit');
  $this
    ->assertText('Title');
  $this
    ->assertText($node1_values['title']);
  $this
    ->assertText($field_info['name']);
  $this
    ->assertText($field_info['value']);

  // == PRIVATE FIELD ========================================================
  // Switch to admin user to set field to private.
  $edit = array(
    'field[field_permissions][type]' => 1,
  );
  $this
    ->drupalPost($field_info['admin_path'], $edit, t('Save settings'));

  // Now we should not have access to see or edit this field.
  $this
    ->drupalGet('node/' . $nid1);
  $this
    ->assertText($node1_values['title']);
  $this
    ->assertNoText($field_info['value']);
  $this
    ->drupalGet($field_info['add_path']);
  $this
    ->assertText('Title');
  $this
    ->assertText($field_info['name']);
  $this
    ->drupalGet('node/' . $nid1 . '/edit');
  $this
    ->assertText('Title');
  $this
    ->assertNoText($field_info['name']);
  $this
    ->assertNoText($field_info['value']);

  // Grant this user the Drupal core administrator role. This will give them
  // the 'access private fields' permission (tested here), and it also means
  // that when custom field permissions are created later on in this test,
  // the admin user will automatically get those permissions granted also.
  $user_admin_rid = variable_get('user_admin_role', 0);
  $edit = array(
    "roles[{$user_admin_rid}]" => TRUE,
  );
  $this
    ->drupalPost('user/' . $this->admin_user->uid . '/edit', $edit, t('Save'));

  // Now we should have access to see or submit or edit this field again.
  $this
    ->drupalGet('node/' . $nid1);
  $this
    ->assertText($node1_values['title']);
  $this
    ->assertText($field_info['value']);
  $this
    ->drupalGet($field_info['add_path']);
  $this
    ->assertText('Title');
  $this
    ->assertText($field_info['name']);
  $this
    ->drupalGet('node/' . $nid1 . '/edit');
  $this
    ->assertText('Title');
  $this
    ->assertText($field_info['name']);
  $this
    ->assertText($field_info['value']);

  // == CUSTOM PERMISSIONS ===================================================
  // Introduce body creation permission.
  $edit = array(
    'field[field_permissions][type]' => 2,
  );
  $this
    ->drupalPost($field_info['admin_path'], $edit, t('Save settings'));
  $this
    ->drupalGet($field_info['admin_path']);
  $this
    ->assertRaw(t('Create own value for field %field', array(
    '%field' => $field_info['name'],
  )));
  $this
    ->assertRaw(t('Edit own value for field %field', array(
    '%field' => $field_info['name'],
  )));
  $this
    ->assertRaw(t("Edit anyone's value for field %field", array(
    '%field' => $field_info['name'],
  )));
  $this
    ->assertRaw(t('View own value for field %field', array(
    '%field' => $field_info['name'],
  )));
  $this
    ->assertRaw(t("View anyone's value for field %field", array(
    '%field' => $field_info['name'],
  )));

  // See if we have that exposed on the permissions UI as well now.
  $this
    ->drupalGet('admin/people/permissions');
  $this
    ->assertText(t('Field Permissions'));
  $this
    ->assertRaw(t('Create own value for field %field', array(
    '%field' => $field_info['machine_name'],
  )));
  $this
    ->assertRaw(t('Edit own value for field %field', array(
    '%field' => $field_info['machine_name'],
  )));
  $this
    ->assertRaw(t("Edit anyone's value for field %field", array(
    '%field' => $field_info['machine_name'],
  )));
  $this
    ->assertRaw(t('View own value for field %field', array(
    '%field' => $field_info['machine_name'],
  )));
  $this
    ->assertRaw(t("View anyone's value for field %field", array(
    '%field' => $field_info['machine_name'],
  )));

  // == CREATE ===============================================================
  // The admin user should have been automatically granted the create
  // permission, but the limited user shouldn't have it yet.
  $this
    ->assertUserHasPermission($this->admin_user, 'create ' . $field_info['machine_name'], t('Admin user does have "create @field" permission.', array(
    '@field' => $field_info['machine_name'],
  )));
  $this
    ->assertUserDoesNotHavePermission($this->limited_user, 'create ' . $field_info['machine_name'], t('Limited user does not have "create @field" permission.', array(
    '@field' => $field_info['machine_name'],
  )));

  // Should not see the field on the entity creation form anymore for limited_user.
  $this
    ->drupalGet('user/logout');
  $this
    ->drupalLogin($this->limited_user);
  $this
    ->drupalGet($field_info['add_path']);
  $this
    ->assertNoText($field_info['name']);

  // Grant body creation permission to limited users too.
  $edit = array(
    $this->limited_rid . '[create ' . $field_info['machine_name'] . ']' => TRUE,
  );
  $this
    ->drupalPost('admin/people/permissions', $edit, t('Save permissions'));
  $this
    ->assertUserHasPermission($this->admin_user, 'create ' . $field_info['machine_name'], t('Admin user does have "create @field" permission.', array(
    '@field' => $field_info['machine_name'],
  )));
  $this
    ->assertUserHasPermission($this->limited_user, 'create ' . $field_info['machine_name'], t('Limited user does have "create @field" permission.', array(
    '@field' => $field_info['machine_name'],
  )));

  // Should see the field again on the entity creation form.
  $this
    ->drupalGet($field_info['add_path']);
  $this
    ->assertText($field_info['name']);

  // Although simpletest could create a node for us, we are doing this directly
  // to ensure we have full control over the process. Given that we work with
  // field permissions.
  $node2_values = array(
    'title' => $this
      ->randomName(),
    $field_info['form_field'] => $field_info['value'],
  );
  $this
    ->drupalPost($field_info['add_path'], $node2_values, t('Save'));
  $this
    ->assertText($node2_values['title']);

  // The body will not yet be visible to this user.
  $this
    ->assertNoText($field_info['value']);
  $url = $this
    ->getUrl();
  $nid2 = preg_replace('!^.*node/(\\d+)$!', '\\1', $url);

  // Switch to admin user and prove she has access to body.
  $this
    ->drupalGet('user/logout');
  $this
    ->drupalLogin($this->admin_user);
  $this
    ->drupalGet('node/' . $nid2);
  $this
    ->assertText($node2_values['title']);
  $this
    ->assertText($field_info['value']);

  // == VIEW =================================================================
  // Grant body view permission to limited users too.
  $edit = array(
    $this->limited_rid . '[view ' . $field_info['machine_name'] . ']' => TRUE,
  );
  $this
    ->drupalPost('admin/people/permissions', $edit, t('Save permissions'));
  $this
    ->assertUserHasPermission($this->admin_user, 'view ' . $field_info['machine_name'], t('Admin user does have "view @field" permission.', array(
    '@field' => $field_info['machine_name'],
  )));
  $this
    ->assertUserHasPermission($this->limited_user, 'view ' . $field_info['machine_name'], t('Limited user does have "view @field" permission.', array(
    '@field' => $field_info['machine_name'],
  )));

  // Limited user can now see the field.
  $this
    ->drupalGet('user/logout');
  $this
    ->drupalLogin($this->limited_user);
  $this
    ->drupalGet('node/' . $nid2);
  $this
    ->assertText($node2_values['title']);
  $this
    ->assertText($field_info['value']);

  // == EDIT =================================================================
  // We still don't have access to edit our field.
  $this
    ->drupalGet('node/' . $nid2 . '/edit');
  $this
    ->assertNoText($field_info['value']);

  // Switch to admin user to configure edit permissions.
  $this
    ->drupalGet('user/logout');
  $this
    ->drupalLogin($this->admin_user);

  // Ensure the editing screen now has the body.
  $this
    ->drupalGet('node/' . $nid2 . '/edit');
  $this
    ->assertText($field_info['value']);

  // Grant body editing permission for the limited role.
  $edit = array(
    $this->limited_rid . '[edit ' . $field_info['machine_name'] . ']' => TRUE,
  );
  $this
    ->drupalPost('admin/people/permissions', $edit, t('Save permissions'));
  $this
    ->assertUserHasPermission($this->admin_user, 'edit ' . $field_info['machine_name'], t('Admin user does have "edit @field" permission.', array(
    '@field' => $field_info['machine_name'],
  )));
  $this
    ->assertUserHasPermission($this->limited_user, 'edit ' . $field_info['machine_name'], t('Limited user does have "edit @field" permission.', array(
    '@field' => $field_info['machine_name'],
  )));

  // Ensure the editing screen still has the body.
  $this
    ->drupalGet('node/' . $nid2 . '/edit');
  $this
    ->assertText($field_info['value']);

  // Switch to limited user to check that we can edit body now.
  $this
    ->drupalGet('user/logout');
  $this
    ->drupalLogin($this->limited_user);
  $this
    ->drupalGet('node/' . $nid2 . '/edit');
  $this
    ->assertText($field_info['value']);
}