function FileEntityAccessTestCase::testFileEntityPageAccess in File Entity (fieldable files) 7.2

Same name and namespace in other branches
7.3 file_entity.test \FileEntityAccessTestCase::testFileEntityPageAccess()
Tests page access.
Verifies the privileges required to access the following pages: file/add file/%/view file/%/download file/%/edit file/%/usage file/%/delete
File

./file_entity.test, line 1387: Test integration for the file_entity module.
Class

FileEntityAccessTestCase: Tests the file entity access API.
Code

function testFileEntityPageAccess() {

  // Test creating files without permission.
  $web_user = $this
    ->drupalCreateUser();
  $this
    ->drupalLogin($web_user);
  $this
    ->drupalGet('file/add');
  $this
    ->assertResponse(403, 'Users without access can not access the file add page');

  // Test creating files with permission.
  user_role_change_permissions(DRUPAL_AUTHENTICATED_RID, array(
    'create files' => TRUE,
  ));
  $this
    ->drupalGet('file/add');
  $this
    ->assertResponse(200, 'Users with access can access the file add page');
  $file = $this
    ->createFileEntity(array(
    'type' => 'document',
    'uid' => $web_user->uid,
  ));

  // Test viewing own files without permission.
  $this
    ->drupalGet("file/{$file->fid}/view");
  $this
    ->assertResponse(403, 'Users without access can not view their own files');

  // Test viewing own files with permission.
  user_role_change_permissions(DRUPAL_AUTHENTICATED_RID, array(
    'view own files' => TRUE,
  ));
  $this
    ->drupalGet("file/{$file->fid}/view");
  $this
    ->assertResponse(200, 'Users with access can view their own files');

  // Test viewing any files without permission.
  $file->uid = 1;
  file_save($file);
  $this
    ->drupalGet("file/{$file->fid}/view");
  $this
    ->assertResponse(403, 'Users with access can not view any file');

  // Test viewing any files with permission.
  user_role_change_permissions(DRUPAL_AUTHENTICATED_RID, array(
    'view files' => TRUE,
  ));
  $this
    ->drupalGet("file/{$file->fid}/view");
  $this
    ->assertResponse(200, 'Users with access can view any file');

  // Test downloading own files without permission.
  $file->uid = $web_user->uid;
  file_save($file);
  $url = "file/{$file->fid}/download";
  $this
    ->drupalGet($url, array(
    'query' => array(
      'token' => file_entity_get_download_token($file),
    ),
  ));
  $this
    ->assertResponse(403, 'Users without access can not download their own files');

  // Test downloading own files with permission.
  user_role_change_permissions(DRUPAL_AUTHENTICATED_RID, array(
    'download own document files' => TRUE,
  ));
  $this
    ->drupalGet($url, array(
    'query' => array(
      'token' => file_entity_get_download_token($file),
    ),
  ));
  $this
    ->assertResponse(200, 'Users with access can download their own files');

  // Test downloading any files without permission.
  $file->uid = 1;
  file_save($file);
  $url = "file/{$file->fid}/download";
  $this
    ->drupalGet($url, array(
    'query' => array(
      'token' => file_entity_get_download_token($file),
    ),
  ));
  $this
    ->assertResponse(403, 'Users without access can not download any file');

  // Test downloading any files with permission.
  user_role_change_permissions(DRUPAL_AUTHENTICATED_RID, array(
    'download any document files' => TRUE,
  ));
  $this
    ->drupalGet($url, array(
    'query' => array(
      'token' => file_entity_get_download_token($file),
    ),
  ));
  $this
    ->assertResponse(200, 'Users with access can download any file');

  // Test downloading files with an invalid token.
  $this
    ->drupalGet($url, array(
    'query' => array(
      'token' => 'invalid-token',
    ),
  ));
  $this
    ->assertResponse(403, 'Cannot download file with an invalid token.');

  // Test downloading files without a token.
  $this
    ->drupalGet($url);
  $this
    ->assertResponse(403, 'Cannot download file without a token.');
  variable_set('file_entity_allow_insecure_download', TRUE);

  // Test downloading files with permission but without a token when insecure
  // downloads are enabled.
  $this
    ->drupalGet($url);
  $this
    ->assertResponse(200, 'Users with access can download the file without a token when file_entity_allow_insecure_download is set.');

  // Tests editing own files without permission.
  $file->uid = $web_user->uid;
  file_save($file);
  $this
    ->drupalGet("file/{$file->fid}/edit");
  $this
    ->assertResponse(403, 'Users without access can not edit own files');

  // Tests checking the usage of their own files without permission.
  $this
    ->drupalGet("file/{$file->fid}/usage");
  $this
    ->assertResponse(403, 'Users without access can not check the usage of their own files');

  // Tests editing own files with permission.
  user_role_change_permissions(DRUPAL_AUTHENTICATED_RID, array(
    'edit own document files' => TRUE,
  ));
  $this
    ->drupalGet("file/{$file->fid}/edit");
  $this
    ->assertResponse(200, 'Users with access can edit own files');

  // Tests checking the usage of their own files without permission.
  $this
    ->drupalGet("file/{$file->fid}/usage");
  $this
    ->assertResponse(200, 'Users with access can check the usage of their own files');

  // Tests editing any files without permission.
  $file->uid = 1;
  file_save($file);
  $this
    ->drupalGet("file/{$file->fid}/edit");
  $this
    ->assertResponse(403, 'Users without access can not edit any file');

  // Tests checking the usage of any files without permission.
  $this
    ->drupalGet("file/{$file->fid}/usage");
  $this
    ->assertResponse(403, 'Users without access can not check the usage of any file');

  // Tests editing any files with permission.
  user_role_change_permissions(DRUPAL_AUTHENTICATED_RID, array(
    'edit any document files' => TRUE,
  ));
  $this
    ->drupalGet("file/{$file->fid}/edit");
  $this
    ->assertResponse(200, 'Users with access can edit any file');

  // Tests checking the usage of any files with permission.
  $this
    ->drupalGet("file/{$file->fid}/usage");
  $this
    ->assertResponse(200, 'Users with access can check the usage of any file');

  // Tests deleting own files without permission.
  $file->uid = $web_user->uid;
  file_save($file);
  $this
    ->drupalGet("file/{$file->fid}/delete");
  $this
    ->assertResponse(403, 'Users without access can not delete their own files');

  // Tests deleting own files with permission.
  user_role_change_permissions(DRUPAL_AUTHENTICATED_RID, array(
    'delete own document files' => TRUE,
  ));
  $this
    ->drupalGet("file/{$file->fid}/delete");
  $this
    ->assertResponse(200, 'Users with access can delete their own files');

  // Tests deleting any files without permission.
  $file->uid = 1;
  file_save($file);
  $this
    ->drupalGet("file/{$file->fid}/delete");
  $this
    ->assertResponse(403, 'Users without access can not delete any file');

  // Tests deleting any files with permission.
  user_role_change_permissions(DRUPAL_AUTHENTICATED_RID, array(
    'delete any document files' => TRUE,
  ));
  $this
    ->drupalGet("file/{$file->fid}/delete");
  $this
    ->assertResponse(200, 'Users with access can delete any file');
}
You are here

function FileEntityAccessTestCase::testFileEntityPageAccess in File Entity (fieldable files) 7.2

File

Class

Code

API Navigation
