public function GNodeEditAccessTests::testOutsiderEditAccess in Group 7
Test outsider user's edit access to nodes in a group. This checks via several permissions: the update any node, update own node and administer group.
File
- modules/
gnode/ tests/ gnode.test, line 516 - Tests for the gnode module.
Class
- GNodeEditAccessTests
- Test for edit access control.
Code
public function testOutsiderEditAccess() {
$group_type = $this
->createGroupType('example');
$group = $this
->createGroup('example', 'example');
$node = $this
->createNodeInGroup($group->gid);
$web_user = $this
->drupalCreateUser(array(
'access content',
));
$this
->drupalLogin($web_user);
$this
->assertNodeOperationAccess($node->nid, 'edit', 403, 'Group node is not editable by outsider without update any page node permissions');
$group_type->outsider_permissions = array(
'update any page node',
);
$group_type
->save();
$this
->assertNodeOperationAccess($node->nid, 'edit', 200, 'Group node is editable by outsider with update any page node permissions');
$group_type->outsider_permissions = array(
'administer group',
);
$group_type
->save();
$this
->assertNodeOperationAccess($node->nid, 'edit', 200, 'Group node is editable by outsider with administer group node permissions');
$group_type->outsider_permissions = array(
'update own page node',
);
$group_type
->save();
$this
->assertNodeOperationAccess($node->nid, 'edit', 403, 'Group node not owned by user is not editable by outsider with update own page node permissions');
$node->uid = $web_user->uid;
node_save($node);
$this
->assertNodeOperationAccess($node->nid, 'edit', 200, 'Group node owned by user is editable by outsider with update own page node permissions');
$this
->removeNodeFromGroup($node);
$this
->assertNodeOperationAccess($node->nid, 'edit', 403, 'Node not in group is not editable by outsider with standard access content permission');
}