You are here

public function GNodeEditAccessTests::testMemberWithGroupRoleEditAccess in Group 7

Test member with group role user's edit access to nodes in a group. This checks via several permissions: the update any node, update own node and administer group.

File

modules/gnode/tests/gnode.test, line 585
Tests for the gnode module.

Class

GNodeEditAccessTests
Test for edit access control.

Code

public function testMemberWithGroupRoleEditAccess() {
  $group_type = $this
    ->createGroupType('example');
  $group = $this
    ->createGroup('example', 'example');
  $group_role = $this
    ->createRole('example_role', 'example');
  $node = $this
    ->createNodeInGroup($group->gid);
  $web_user = $this
    ->drupalCreateUser(array(
    'access content',
  ));
  $role_details = array(
    'roles' => array(
      'example_role',
    ),
    'added_on' => REQUEST_TIME,
    'added_by' => 1,
  );
  $group
    ->addMember($web_user->uid, $role_details);
  $this
    ->drupalLogin($web_user);
  $this
    ->assertNodeOperationAccess($node->nid, 'edit', 403, 'Group node is not editable by member granted a group role without update any page node permissions');
  $group_role
    ->grantPermissions(array(
    'update any page node',
  ));
  $this
    ->assertNodeOperationAccess($node->nid, 'edit', 200, 'Group node is now editable by member granted a group role with update any page node permissions');
  $group_role
    ->revokePermissions(array(
    'update any page node',
  ));
  $group_role
    ->grantPermissions(array(
    'administer group',
  ));
  $this
    ->assertNodeOperationAccess($node->nid, 'edit', 200, 'Group node is now editable by member granted a group role with administer group permissions');
  $group_role
    ->revokePermissions(array(
    'administer group',
  ));
  $group_role
    ->grantPermissions(array(
    'update own page node',
  ));
  $this
    ->assertNodeOperationAccess($node->nid, 'edit', 403, 'Group node not owned by user is not editable by member granted a group role with update own page node permissions');
  $node->uid = $web_user->uid;
  node_save($node);
  $this
    ->assertNodeOperationAccess($node->nid, 'edit', 200, 'Group node owned by user is editable by member granted a group role with update own page node permissions');
  $this
    ->removeNodeFromGroup($node);
  $this
    ->assertNodeOperationAccess($node->nid, 'edit', 403, 'Node not in group is not editable by member with standard access content permission');
}