public function GNodeDeleteAccessTests::testOutsiderDeleteAccess in Group 7
Test outsider user's delete access to nodes in a group. This checks via several permissions: the delete any node, delete own node and administer group.
File
- modules/
gnode/ tests/ gnode.test, line 711 - Tests for the gnode module.
Class
- GNodeDeleteAccessTests
- Test for delete access control.
Code
public function testOutsiderDeleteAccess() {
$group_type = $this
->createGroupType('example');
$group = $this
->createGroup('example', 'example');
$node = $this
->createNodeInGroup($group->gid);
$web_user = $this
->drupalCreateUser(array(
'access content',
));
$this
->drupalLogin($web_user);
$this
->assertNodeOperationAccess($node->nid, 'delete', 403, 'Group node is not deletable by outsider without delete any page node permissions');
$group_type->outsider_permissions = array(
'delete any page node',
);
$group_type
->save();
$this
->assertNodeOperationAccess($node->nid, 'delete', 200, 'Group node is deletable by outsider with delete any page node permissions');
$group_type->outsider_permissions = array(
'administer group',
);
$group_type
->save();
$this
->assertNodeOperationAccess($node->nid, 'delete', 200, 'Group node is deletable by outsider with administer group node permissions');
$group_type->outsider_permissions = array(
'delete own page node',
);
$group_type
->save();
$this
->assertNodeOperationAccess($node->nid, 'delete', 403, 'Group node not owned by user is not deletable by outsider with delete own page node permissions');
$node->uid = $web_user->uid;
node_save($node);
$this
->assertNodeOperationAccess($node->nid, 'delete', 200, 'Group node owned by user is deletable by outsider with delete own page node permissions');
$this
->removeNodeFromGroup($node);
$this
->assertNodeOperationAccess($node->nid, 'delete', 403, 'Node not in group is not deletable by outsider with standard access content permission');
}