You are here

Home » API reference » Group 7 » gnode.test » GNodeDeleteAccessTests

public function GNodeDeleteAccessTests::testMemberWithGroupRoleDeleteAccess in Group 7

Test member with group role user's delete access to nodes in a group. This checks via several permissions: the delete any node, delete own node and administer group.

File

modules/gnode/tests/gnode.test, line 782
Tests for the gnode module.

Class

GNodeDeleteAccessTests
Test for delete access control.

Code

public function testMemberWithGroupRoleDeleteAccess() {
  $group_type = $this
    ->createGroupType('example');
  $group = $this
    ->createGroup('example', 'example');
  $group_role = $this
    ->createRole('example_role', 'example');
  $node = $this
    ->createNodeInGroup($group->gid);
  $web_user = $this
    ->drupalCreateUser(array(
    'access content',
  ));
  $role_details = array(
    'roles' => array(
      'example_role',
    ),
    'added_on' => REQUEST_TIME,
    'added_by' => 1,
  );
  $group
    ->addMember($web_user->uid, $role_details);
  $this
    ->drupalLogin($web_user);
  $this
    ->assertNodeOperationAccess($node->nid, 'delete', 403, 'Group node is not deletable by member granted a group role without delete any page node permissions');
  $group_role
    ->grantPermissions(array(
    'delete any page node',
  ));
  $this
    ->assertNodeOperationAccess($node->nid, 'delete', 200, 'Group node is now deletable by member granted a group role with delete any page node permissions');
  $group_role
    ->revokePermissions(array(
    'delete any page node',
  ));
  $group_role
    ->grantPermissions(array(
    'administer group',
  ));
  $this
    ->assertNodeOperationAccess($node->nid, 'delete', 200, 'Group node is now deletable by member granted a group role with administer group permissions');
  $group_role
    ->revokePermissions(array(
    'administer group',
  ));
  $group_role
    ->grantPermissions(array(
    'delete own page node',
  ));
  $this
    ->assertNodeOperationAccess($node->nid, 'delete', 403, 'Group node not owned by user is not deletable by member granted a group role with delete own page node permissions');
  $node->uid = $web_user->uid;
  node_save($node);
  $this
    ->assertNodeOperationAccess($node->nid, 'delete', 200, 'Group node owned by user is deletable by member granted a group role with delete own page node permissions');
  $this
    ->removeNodeFromGroup($node);
  $this
    ->assertNodeOperationAccess($node->nid, 'delete', 403, 'Node not in group is not deletable by member with standard access content permission');
}