You are here

public function GNodeEditAccessTests::testOutsiderEditAccess in Group 7

Test outsider user's edit access to nodes in a group. This checks via several permissions: the update any node, update own node and administer group.

File

modules/gnode/tests/gnode.test, line 516
Tests for the gnode module.

Class

GNodeEditAccessTests
Test for edit access control.

Code

public function testOutsiderEditAccess() {
  $group_type = $this
    ->createGroupType('example');
  $group = $this
    ->createGroup('example', 'example');
  $node = $this
    ->createNodeInGroup($group->gid);
  $web_user = $this
    ->drupalCreateUser(array(
    'access content',
  ));
  $this
    ->drupalLogin($web_user);
  $this
    ->assertNodeOperationAccess($node->nid, 'edit', 403, 'Group node is not editable by outsider without update any page node permissions');
  $group_type->outsider_permissions = array(
    'update any page node',
  );
  $group_type
    ->save();
  $this
    ->assertNodeOperationAccess($node->nid, 'edit', 200, 'Group node is editable by outsider with update any page node permissions');
  $group_type->outsider_permissions = array(
    'administer group',
  );
  $group_type
    ->save();
  $this
    ->assertNodeOperationAccess($node->nid, 'edit', 200, 'Group node is editable by outsider with administer group node permissions');
  $group_type->outsider_permissions = array(
    'update own page node',
  );
  $group_type
    ->save();
  $this
    ->assertNodeOperationAccess($node->nid, 'edit', 403, 'Group node not owned by user is not editable by outsider with update own page node permissions');
  $node->uid = $web_user->uid;
  node_save($node);
  $this
    ->assertNodeOperationAccess($node->nid, 'edit', 200, 'Group node owned by user is editable by outsider with update own page node permissions');
  $this
    ->removeNodeFromGroup($node);
  $this
    ->assertNodeOperationAccess($node->nid, 'edit', 403, 'Node not in group is not editable by outsider with standard access content permission');
}