public function GNodeDeleteAccessTests::testMemberDeleteAccess in Group 7
Test member user's delete access to nodes in a group. This checks via several permissions: the delete any node, delete own node and administer group.
File
- modules/
gnode/ tests/ gnode.test, line 745 - Tests for the gnode module.
Class
- GNodeDeleteAccessTests
- Test for delete access control.
Code
public function testMemberDeleteAccess() {
$group_type = $this
->createGroupType('example');
$group = $this
->createGroup('example', 'example');
$node = $this
->createNodeInGroup($group->gid);
$web_user = $this
->drupalCreateUser(array(
'access content',
));
$group
->addMember($web_user->uid);
$this
->drupalLogin($web_user);
$this
->assertNodeOperationAccess($node->nid, 'delete', 403, 'Group node is not deletable by member without delete any page node permissions');
$group_type->member_permissions = array(
'delete any page node',
);
$group_type
->save();
$this
->assertNodeOperationAccess($node->nid, 'delete', 200, 'Group node is deletable by member with delete any page node permissions');
$group_type->member_permissions = array(
'administer group',
);
$group_type
->save();
$this
->assertNodeOperationAccess($node->nid, 'delete', 200, 'Group node is deletable by member with administer group node permissions');
$group_type->member_permissions = array(
'delete own page node',
);
$group_type
->save();
$this
->assertNodeOperationAccess($node->nid, 'delete', 403, 'Group node not owned by user is not deletable by member with delete own page node permissions');
$node->uid = $web_user->uid;
node_save($node);
$this
->assertNodeOperationAccess($node->nid, 'delete', 200, 'Group node owned by user is deletable by member with delete own page node permissions');
$this
->removeNodeFromGroup($node);
$this
->assertNodeOperationAccess($node->nid, 'delete', 403, 'Node not in group is not deletable by member with standard access content permission');
}