public function EntityAccessComplexTest::testMemberViewOwnUnpublishedAccess in Group 8
Same name and namespace in other branches
- 2.0.x tests/src/Kernel/EntityAccessComplexTest.php \Drupal\Tests\group\Kernel\EntityAccessComplexTest::testMemberViewOwnUnpublishedAccess()
Tests the viewing of own unpublished grouped entities for members.
File
- tests/
src/ Kernel/ EntityAccessComplexTest.php, line 530
Class
- EntityAccessComplexTest
- Tests that Group properly checks access for "complex" grouped entities.
Namespace
Drupal\Tests\group\KernelCode
public function testMemberViewOwnUnpublishedAccess() {
$account = $this
->createUser([], $this->permissions);
$node_1 = $this
->createNode([
'type' => 'page',
'status' => 0,
]);
$node_2 = $this
->createNode([
'type' => 'page',
'status' => 0,
'uid' => $account
->id(),
]);
$node_3 = $this
->createNode([
'type' => 'page',
'status' => 0,
]);
// Sanity check: Verify that we don't touch published nodes.
$node_4 = $this
->createNode([
'type' => 'page',
]);
$group_a = $this
->createGroup([
'type' => $this->groupTypeA
->id(),
]);
$group_a
->addContent($node_1, 'node_as_content:page');
$group_a
->addContent($node_4, 'node_as_content:page');
$group_a
->addMember($this
->getCurrentUser());
$group_a
->addMember($account);
$group_b = $this
->createGroup([
'type' => $this->groupTypeB
->id(),
]);
$group_b
->addContent($node_2, 'node_as_content:page');
$group_b
->addMember($this
->getCurrentUser());
$group_b
->addMember($account);
$this
->assertFalse($this->accessControlHandler
->access($node_1, 'view'), 'Members cannot see their own unpublished grouped nodes without permission.');
$this
->assertFalse($this->accessControlHandler
->access($node_2, 'view'), 'Members cannot see unpublished grouped nodes they do not own.');
$this
->assertTrue($this->accessControlHandler
->access($node_3, 'view'), 'The unpublished node can be viewed by the owner.');
$this
->assertFalse($this->accessControlHandler
->access($node_4, 'view'), 'The published grouped node cannot be viewed.');
$this->groupTypeA
->getMemberRole()
->grantPermission('view own unpublished node_as_content:page entity')
->save();
$this->groupTypeB
->getMemberRole()
->grantPermission('view own unpublished node_as_content:page entity')
->save();
$this->accessControlHandler
->resetCache();
$this
->assertTrue($this->accessControlHandler
->access($node_1, 'view'), 'Members can see their own unpublished grouped nodes.');
$this
->assertFalse($this->accessControlHandler
->access($node_2, 'view'), 'Members cannot see unpublished grouped nodes they do not own.');
$this
->assertTrue($this->accessControlHandler
->access($node_3, 'view'), 'The unpublished node can be viewed by the owner.');
$this
->assertFalse($this->accessControlHandler
->access($node_4, 'view'), 'The published grouped node cannot be viewed.');
$this
->setCurrentUser($account);
$this
->assertFalse($this->accessControlHandler
->access($node_1, 'view'), 'Members cannot see unpublished grouped nodes they do not own.');
$this
->assertTrue($this->accessControlHandler
->access($node_2, 'view'), 'Members can see their own unpublished grouped nodes.');
$this
->assertFalse($this->accessControlHandler
->access($node_3, 'view'), 'The unpublished node cannot be viewed.');
$this
->assertFalse($this->accessControlHandler
->access($node_4, 'view'), 'The published grouped node cannot be viewed.');
$this
->setCurrentUser($this
->createUser([], $this->permissions));
$this
->assertFalse($this->accessControlHandler
->access($node_1, 'view'), 'Members cannot see unpublished grouped nodes.');
$this
->assertFalse($this->accessControlHandler
->access($node_2, 'view'), 'Members cannot see unpublished grouped nodes.');
$this
->assertFalse($this->accessControlHandler
->access($node_3, 'view'), 'The unpublished node cannot be viewed.');
$this
->assertFalse($this->accessControlHandler
->access($node_4, 'view'), 'The published grouped node cannot be viewed.');
}