You are here

Home » API reference » File Entity (fieldable files) 8.2 » FileEntityAdminTest.php » FileEntityAdminTest

public function FileEntityAdminTest::testFilesAdminPages in File Entity (fieldable files) 8.2

Tests files overview with different user permissions.

File

tests/src/Functional/FileEntityAdminTest.php, line 120

Class

FileEntityAdminTest
Test file administration page functionality.

Namespace

Drupal\Tests\file_entity\Functional

Code

public function testFilesAdminPages() {
  $this
    ->drupalLogin($this->userAdmin);

  /** @var FileEntity[] $files */
  $files['public_image'] = $this
    ->createFileEntity(array(
    'scheme' => 'public',
    'uid' => $this->userBasic
      ->id(),
    'type' => 'image',
  ));
  $files['public_document'] = $this
    ->createFileEntity(array(
    'scheme' => 'public',
    'uid' => $this->userViewOwn
      ->id(),
    'type' => 'document',
  ));
  $files['private_image'] = $this
    ->createFileEntity(array(
    'scheme' => 'private',
    'uid' => $this->userBasic
      ->id(),
    'type' => 'image',
  ));
  $files['private_document'] = $this
    ->createFileEntity(array(
    'scheme' => 'private',
    'uid' => $this->userViewOwn
      ->id(),
    'type' => 'document',
  ));

  // Verify view, edit, and delete links for any file.
  $this
    ->drupalGet('admin/content/files');
  $this
    ->assertResponse(200);
  $i = 0;
  foreach ($files as $file) {
    $this
      ->assertLinkByHref('file/' . $file
      ->id());
    $this
      ->assertLinkByHref('file/' . $file
      ->id() . '/edit');
    $this
      ->assertLinkByHref('file/' . $file
      ->id() . '/delete');

    // Verify tableselect.
    $this
      ->assertFieldByName("bulk_form[{$i}]", NULL, 'Bulk form checkbox found.');
  }

  // Verify no operation links beside download are displayed for regular
  // users.
  $this
    ->drupalLogout();
  $this
    ->drupalLogin($this->userBasic);
  $this
    ->drupalGet('admin/content/files');
  $this
    ->assertResponse(200);
  $this
    ->assertLinkByHref('file/' . $files['public_image']
    ->id());
  $this
    ->assertLinkByHref('file/' . $files['public_document']
    ->id());

  // Download access of public files is always allowed.
  $this
    ->assertLinkByHref('file/' . $files['public_document']
    ->id() . '/download');
  $this
    ->assertLinkByHref('file/' . $files['public_document']
    ->id() . '/download');
  $this
    ->assertNoLinkByHref('file/' . $files['public_image']
    ->id() . '/edit');
  $this
    ->assertNoLinkByHref('file/' . $files['public_image']
    ->id() . '/delete');
  $this
    ->assertNoLinkByHref('file/' . $files['public_document']
    ->id() . '/edit');
  $this
    ->assertNoLinkByHref('file/' . $files['public_document']
    ->id() . '/delete');

  // Verify no tableselect.
  // @todo Drupal 8 always shows bulk selection, test specific actions
  //   instead.
  // $this->assertNoFieldByName('bulk_form[' . $files['public_image']->id() . ']', '', 'No bulk form checkbox found.');
  // Verify private file is displayed with permission.
  $this
    ->drupalLogout();
  $this
    ->drupalLogin($this->userViewOwn);
  $this
    ->drupalGet('admin/content/files');
  $this
    ->assertResponse(200);
  $this
    ->assertLinkByHref($files['private_document']
    ->toUrl()
    ->toString());

  // Verify no operation links are displayed.
  $this
    ->drupalGet($files['private_document']
    ->toUrl('edit-form'));
  $this
    ->assertResponse(403, 'User doesn\'t have permission to edit files');
  $this
    ->drupalGet($files['private_document']
    ->toUrl('delete-form'));
  $this
    ->assertResponse(403, 'User doesn\'t have permission to delete files');

  // Verify user cannot see private file of other users.
  $this
    ->assertNoLinkByHref($files['private_image']
    ->toUrl()
    ->toString());
  $this
    ->assertNoLinkByHref($files['private_image']
    ->toUrl('edit-form')
    ->toString());
  $this
    ->assertNoLinkByHref($files['private_image']
    ->toUrl('delete-form')
    ->toString());
  $this
    ->assertNoLinkByHref($files['private_image']
    ->downloadUrl()
    ->toString());

  // Verify no tableselect.
  $this
    ->assertNoFieldByName('bulk_form[' . $files['private_document']
    ->id() . ']', '', 'No bulk form checkbox found.');

  // Verify private file is displayed with permission.
  $this
    ->drupalLogout();
  $this
    ->drupalLogin($this->userViewPrivate);
  $this
    ->drupalGet('admin/content/files');
  $this
    ->assertResponse(200);

  // Verify user can see private file of other users.
  $this
    ->assertLinkByHref('file/' . $files['private_document']
    ->id());
  $this
    ->assertLinkByHref('file/' . $files['private_image']
    ->id());

  // Verify operation links are displayed for users with appropriate
  // permission.
  $this
    ->drupalLogout();
  $this
    ->drupalLogin($this->userEditDelete);
  $this
    ->drupalGet('admin/content/files');
  $this
    ->assertResponse(200);
  foreach ($files as $file) {
    $this
      ->assertLinkByHref('file/' . $file
      ->id());
    $this
      ->assertLinkByHref('file/' . $file
      ->id() . '/edit');
    $this
      ->assertLinkByHref('file/' . $file
      ->id() . '/delete');
    $this
      ->assertLinkByHref('file/' . $file
      ->id() . '/delete');
  }

  // Verify file access can be bypassed.
  $this
    ->drupalLogout();
  $this
    ->drupalLogin($this->userAdmin);
  $this
    ->drupalGet('admin/content/files');
  $this
    ->assertResponse(200);
  foreach ($files as $file) {
    $this
      ->assertLinkByHref('file/' . $file
      ->id());
    $this
      ->assertLinkByHref('file/' . $file
      ->id() . '/edit');
    $this
      ->assertLinkByHref('file/' . $file
      ->id() . '/delete');
    $this
      ->assertLinkByHref('file/' . $file
      ->id() . '/download');
  }
}