og_access.test in Organic groups 7.2
Same filename and directory in other branches
Test organic groups access module.
File
og_access/og_access.testView source
<?php
/**
* @file
* Test organic groups access module.
*/
/**
* Test OG access.
*/
class OgAccessTestCase extends DrupalWebTestCase {
public static function getInfo() {
return array(
'name' => 'OG access',
'description' => 'Test the visibility of nodes that are handled by OG access.',
'group' => 'Organic groups access',
);
}
function setUp() {
parent::setUp('og_access');
node_access_rebuild();
$this->user1 = $this
->drupalCreateUser();
$this->user2 = $this
->drupalCreateUser(array(
'access content',
));
// Create group and group content node types.
$this->group_type = $this
->drupalCreateContentType()->type;
og_create_field(OG_GROUP_FIELD, 'node', $this->group_type);
og_create_field(OG_ACCESS_FIELD, 'node', $this->group_type);
$this->group_content_type = $this
->drupalCreateContentType()->type;
og_create_field(OG_AUDIENCE_FIELD, 'node', $this->group_content_type);
// Create a group node and enable access.
$settings = array();
$settings['type'] = $this->group_type;
$settings[OG_GROUP_FIELD][LANGUAGE_NONE][0]['value'] = 1;
$settings[OG_ACCESS_FIELD][LANGUAGE_NONE][0]['value'] = 1;
$settings['uid'] = $this->user1->uid;
$this->group_node = $this
->drupalCreateNode($settings);
}
/**
* Test if group content privacy is changing when group privacy is changed.
*/
function testAccessChangeBatchApi() {
$settings = array(
'type' => $this->group_content_type,
'uid' => $this->user1->uid,
);
// Create group content.
$node1 = $this
->drupalCreateNode($settings);
$values = array(
'entity_type' => 'node',
'entity' => $node1,
);
og_group('node', $this->group_node, $values);
$node1 = node_load($node1->nid);
$this
->assertFalse(node_access('view', $this->group_node, $this->user2), 'Other user should not see the group');
// Group is private. We are changing it to public.
$this
->drupalLogin($this->user1);
$edit = array(
'group_access[und]' => 0,
);
$this
->drupalPost('node/' . $this->group_node->nid . '/edit', $edit, 'Save');
drupal_static_reset();
$this
->assertTrue(node_access('view', $node1, $this->user2), 'Other user should be able to see the node');
$this
->assertTrue(node_access('view', $this->group_node, $this->user2), 'Other user should be able to see the group');
// Group is public. We are changing it to private.
$this
->drupalLogin($this->user1);
$edit = array(
'group_access[und]' => 1,
);
$this
->drupalPost('node/' . $this->group_node->nid . '/edit', $edit, 'Save');
$this->group_node = node_load($this->group_node->nid);
drupal_static_reset();
$this
->assertFalse(node_access('view', $node1, $this->user2), 'Other user should not see the node');
$this
->assertFalse(node_access('view', $this->group_node, $this->user2), 'Other user should not see the group');
}
/**
* Testing special case in which a group is also group content, and it is
* inside another group. When those groups are set to private (either when
* set specifically or given from the group defaults), it should be verified
* groups are accessible, even for members.
*/
function testSubGroupContentAccess() {
$subgroup_content_type = $this
->drupalCreateContentType()->type;
og_create_field(OG_AUDIENCE_FIELD, 'node', $subgroup_content_type);
og_create_field(OG_GROUP_FIELD, 'node', $subgroup_content_type);
og_create_field(OG_ACCESS_FIELD, 'node', $subgroup_content_type);
og_create_field(OG_CONTENT_ACCESS_FIELD, 'node', $subgroup_content_type);
// Create a subgroup node and enable access.
$settings = array();
$settings['type'] = $subgroup_content_type;
$settings['uid'] = $this->user1->uid;
$settings[OG_GROUP_FIELD][LANGUAGE_NONE][0]['value'] = 1;
$settings[OG_ACCESS_FIELD][LANGUAGE_NONE][0]['value'] = 1;
$settings[OG_AUDIENCE_FIELD][LANGUAGE_NONE][0]['target_id'] = $this->group_node->nid;
$settings[OG_CONTENT_ACCESS_FIELD][LANGUAGE_NONE][0]['value'] = OG_CONTENT_ACCESS_DEFAULT;
$subgroup_node = $this
->drupalCreateNode($settings);
// Add another user to group.
og_group('node', $this->group_node->nid, array(
'entity' => $this->user2,
));
$this
->drupalLogin($this->user1);
// Assert the user can view the group.
// Assert the user is a group member.
$this
->assertTrue(og_is_member('node', $this->group_node->nid, 'user', $this->user1), 'User is a group member.');
$this
->drupalGet('node/' . $subgroup_node->nid);
$this
->assertResponse('200', 'Group member can view subgroup.');
// Assert another user is a group member.
$this
->drupalLogin($this->user2);
$this
->assertTrue(og_is_member('node', $this->group_node->nid, 'user', $this->user2), 'User is a group member.');
// Assert the member can see the subgroup.
$this
->drupalGet('node/' . $subgroup_node->nid);
$this
->assertResponse('200', 'Group member can view subgroup.');
}
/**
* Group with access field.
*/
function testGroupAccess() {
$this
->drupalLogin($this->user1);
$nid = $this->group_node->nid;
// Assert the user is a group member.
$this
->assertTrue(og_is_member('node', $nid, 'user', $this->user1), t('User is a group member.'));
// Assert the user can view the group.
$this
->drupalGet('node/' . $nid);
$this
->assertResponse('200', t('Group member can view group node.'));
// Assert another user is not a group member.
$this
->drupalLogin($this->user2);
$this
->assertFalse(og_is_member('node', $nid, 'user', $this->user2), t('User is not a group member.'));
// Assert non-member can't view the group.
$this
->drupalGet('node/' . $nid);
$this
->assertResponse('403', t('Non group member can not view group node.'));
}
/**
* Group with access field and group content with default definition.
*/
function testGroupContentAccessDefault() {
og_create_field(OG_CONTENT_ACCESS_FIELD, 'node', $this->group_content_type);
$this
->drupalLogin($this->user1);
$nid = $this->group_node->nid;
// Create a group content node and set default access.
$settings = array();
$settings['type'] = $this->group_content_type;
$settings[OG_AUDIENCE_FIELD][LANGUAGE_NONE][0]['target_id'] = $nid;
$settings[OG_CONTENT_ACCESS_FIELD][LANGUAGE_NONE][0]['value'] = OG_CONTENT_ACCESS_DEFAULT;
$group_content_node = $this
->drupalCreateNode($settings);
// Assert the user can view the group.
// Assert the user is a group member.
$this
->assertTrue(og_is_member('node', $nid, 'user', $this->user1), t('User is a group member.'));
$this
->drupalGet('node/' . $group_content_node->nid);
$this
->assertResponse('200', t('Group member can view group node.'));
// Assert another user is not a group member.
$this
->drupalLogin($this->user2);
$this
->assertFalse(og_is_member('node', $nid, 'user', $this->user2), t('User is not a group member.'));
// Assert non-member can't view the group.
$this
->drupalGet('node/' . $group_content_node->nid);
$this
->assertResponse('403', t('Non group member can not view group node.'));
}
/**
* Group with access field and group content with different definition
* from the group.
*/
function testGroupContentAccessNotDefault() {
og_create_field(OG_CONTENT_ACCESS_FIELD, 'node', $this->group_content_type);
// Test group content access, one time when the group is set to be
// public, and one time set to private.
foreach (array(
0,
1,
) as $state) {
// Make sure user1 is logged in.
$this
->drupalLogin($this->user1);
// Create a group node and enable access.
$settings = array();
$settings['type'] = $this->group_type;
$settings[OG_GROUP_FIELD][LANGUAGE_NONE][0]['value'] = 1;
$settings[OG_ACCESS_FIELD][LANGUAGE_NONE][0]['value'] = $state;
$group_node = $this
->drupalCreateNode($settings);
$nid = $group_node->nid;
// Create a group content node and set public access.
$settings = array();
$settings['type'] = $this->group_content_type;
$settings[OG_AUDIENCE_FIELD][LANGUAGE_NONE][0]['target_id'] = $nid;
$settings[OG_CONTENT_ACCESS_FIELD][LANGUAGE_NONE][0]['value'] = OG_CONTENT_ACCESS_PUBLIC;
$public_node = $this
->drupalCreateNode($settings);
// Create a group content node and set private access.
$settings[OG_CONTENT_ACCESS_FIELD][LANGUAGE_NONE][0]['value'] = OG_CONTENT_ACCESS_PRIVATE;
$private_node = $this
->drupalCreateNode($settings);
// Assert the user can view the group.
$this
->assertTrue(og_is_member('node', $nid, 'user', $this->user1), t('User is a group member.'));
$this
->drupalGet('node/' . $public_node->nid);
$this
->assertResponse('200', t('Group member can view public group content node.'));
$this
->drupalGet('node/' . $private_node->nid);
$this
->assertResponse('200', t('Group member can view private group content node.'));
// Assert another user is not a group member.
$this
->drupalLogin($this->user2);
$this
->assertFalse(og_is_member('node', $nid, 'user', $this->user2), t('User is not a group member.'));
// Assert non-member can't view the group.
$this
->drupalGet('node/' . $public_node->nid);
$this
->assertResponse('200', t('Non group member can view public group content node.'));
$this
->drupalGet('node/' . $private_node->nid);
$this
->assertResponse('403', t('Non group member can not view private group content node.'));
}
}
/**
* Test group content without access field.
*/
function testGroupContentAccessNotExist() {
$this
->drupalLogin($this->user1);
$nid = $this->group_node->nid;
// Create a group content node and set default access.
$settings = array();
$settings['type'] = $this->group_content_type;
$settings[OG_AUDIENCE_FIELD][LANGUAGE_NONE][0]['target_id'] = $nid;
$group_content_node = $this
->drupalCreateNode($settings);
// Assert the user can view the group.
// Assert the user is a group member.
$this
->assertTrue(og_is_member('node', $nid, 'user', $this->user1), t('User is a group member.'));
$this
->drupalGet('node/' . $group_content_node->nid);
$this
->assertResponse('200', t('Group member can view group node.'));
// Assert another user is not a group member.
$this
->drupalLogin($this->user2);
$this
->assertFalse(og_is_member('node', $nid, 'user', $this->user2), t('User is not a group member.'));
// Assert non-member can't view the group.
$this
->drupalGet('node/' . $group_content_node->nid);
$this
->assertResponse('403', t('Non group member can not view group node.'));
}
/**
* Test a group content that belongs to a private and non-private group
* results in a private group content.
*/
function testOgStrictPrivate() {
$this
->drupalLogin($this->user1);
// Create a group node and set as private.
$settings = array();
$settings['type'] = $this->group_type;
$settings[OG_GROUP_FIELD][LANGUAGE_NONE][0]['value'] = 1;
$settings[OG_ACCESS_FIELD][LANGUAGE_NONE][0]['value'] = 1;
$group_node1 = $this
->drupalCreateNode($settings);
// Create a group node and set as public.
$settings[OG_ACCESS_FIELD][LANGUAGE_NONE][0]['value'] = 0;
$group_node2 = $this
->drupalCreateNode($settings);
// Create a group content node and set default access.
$settings = array();
$settings['type'] = $this->group_content_type;
$settings[OG_AUDIENCE_FIELD][LANGUAGE_NONE][0]['target_id'] = $group_node1->nid;
$settings[OG_AUDIENCE_FIELD][LANGUAGE_NONE][1]['target_id'] = $group_node2->nid;
$settings[OG_CONTENT_ACCESS_FIELD][LANGUAGE_NONE][0]['value'] = OG_CONTENT_ACCESS_DEFAULT;
$node = $this
->drupalCreateNode($settings);
// Assert the user can view the group.
$this
->assertTrue(og_is_member('node', $group_node1->nid, 'user', $this->user1), t('User is a group member.'));
$this
->drupalGet('node/' . $node->nid);
$this
->assertResponse('200', t('Group member can view public group node.'));
// Assert another user is not a group member.
$this
->drupalLogin($this->user2);
$this
->assertFalse(og_is_member('node', $group_node1->nid, 'user', $this->user2), t('User is not a group member.'));
$this
->drupalGet('node/' . $node->nid);
$this
->assertResponse('403', t('Non group member can not view group content node.'));
// Assert all groups were registered in {node_access}.
$records = db_query('SELECT realm, gid FROM {node_access} WHERE nid = :nid', array(
':nid' => $node->nid,
))
->fetchAll();
$this
->assertEqual(count($records), 2, t('Returned the correct number of rows.'));
$this
->assertEqual($records[0]->realm, 'og_access:node', t('Grant realm is correct for public group content.'));
$this
->assertEqual($records[0]->gid, $group_node1->nid, t('First gid is the first group ID.'));
$this
->assertEqual($records[1]->gid, $group_node2->nid, t('Second gid is the second group ID.'));
}
/**
* Test unpublished node.
*/
function testUnpublishedNode() {
$user1 = $this->user1;
$user2 = $this->user2;
$this
->drupalLogin($user1);
// Create a group node and set as private.
$settings = array();
$settings['type'] = $this->group_type;
$settings[OG_GROUP_FIELD][LANGUAGE_NONE][0]['value'] = 1;
$settings[OG_ACCESS_FIELD][LANGUAGE_NONE][0]['value'] = 1;
$group_node1 = $this
->drupalCreateNode($settings);
// Create a group content node and set default access.
$settings = array();
$settings['type'] = $this->group_content_type;
$settings[OG_AUDIENCE_FIELD][LANGUAGE_NONE][0]['target_id'] = $group_node1->nid;
$node = $this
->drupalCreateNode($settings);
// Add another user to group.
og_group('node', $group_node1->nid, array(
'entity' => $user2,
));
$this
->assertTrue(node_access('view', $node, $user2), 'Group member can view published node.');
$node->status = NODE_NOT_PUBLISHED;
node_save($node);
drupal_static_reset('node_access');
$this
->assertFalse(node_access('view', $node, $user2), 'Group member can not view unpublished node.');
}
}
/**
* Test "Use group defaults".
*/
class OgAccessUseGroupDefaultsTestCase extends DrupalWebTestCase {
public static function getInfo() {
return array(
'name' => 'Use group defaults',
'description' => "Verify for an exception when OG access field is missing from the group, but exists on the group content.",
'group' => 'Organic groups access',
);
}
function setUp() {
parent::setUp('og_access');
node_access_rebuild();
// Create group and group content node types.
$this->group_type = $this
->drupalCreateContentType()->type;
og_create_field(OG_GROUP_FIELD, 'node', $this->group_type);
$this->group_content_type = $this
->drupalCreateContentType()->type;
og_create_field(OG_AUDIENCE_FIELD, 'node', $this->group_content_type);
og_create_field(OG_CONTENT_ACCESS_FIELD, 'node', $this->group_content_type);
// Create a group node.
$settings = array();
$settings['type'] = $this->group_type;
$settings[OG_GROUP_FIELD][LANGUAGE_NONE][0]['value'] = TRUE;
$settings['uid'] = 1;
$this->group_node = $this
->drupalCreateNode($settings);
}
/**
* Create a group content with group content access field when the group
* doesn't have an access field, and the "Use group defaults" is selected.
*/
function testCatchException() {
$settings = array(
'type' => $this->group_content_type,
);
$settings[OG_AUDIENCE_FIELD][LANGUAGE_NONE][0]['target_id'] = $this->group_node->nid;
$settings[OG_CONTENT_ACCESS_FIELD][LANGUAGE_NONE][0]['value'] = OG_CONTENT_ACCESS_DEFAULT;
try {
$this
->drupalCreateNode($settings);
$this
->fail("Can set node visibility when access field is missing from the group.");
} catch (OgException $e) {
$this
->pass("Cannot set node visibility when access field is missing from the group.");
}
// Attach the OG access field to the group bundle and try to create a
// group content.
og_create_field(OG_ACCESS_FIELD, 'node', $this->group_type);
$node = $this
->drupalCreateNode($settings);
$this
->assertTrue($node, 'A group content has been created successfully.');
}
}
/**
* Tests moderated group memberships.
*/
class OgAccessModeratedGroup extends DrupalWebTestCase {
public static function getInfo() {
return array(
'name' => 'OG moderated group membership',
'description' => 'Test groups that require membership approval.',
'group' => 'Organic groups access',
);
}
public function setUp() {
parent::setUp(array(
'og',
'og_access',
'og_ui',
));
node_access_rebuild();
// Creating the content type and the necessary fields for this test.
$content_type = $this
->drupalCreateContentType();
og_create_field(OG_GROUP_FIELD, 'node', $content_type->type);
og_create_field(OG_ACCESS_FIELD, 'node', $content_type->type);
// Creating a private group, and a user.
$this->group = $this
->drupalCreateNode(array(
'type' => $content_type->type,
));
$wrapper = entity_metadata_wrapper('node', $this->group);
$wrapper->{OG_GROUP_FIELD}
->set(TRUE);
$wrapper->{OG_ACCESS_FIELD}
->set(1);
$wrapper
->save();
$this->user = $this
->drupalCreateUser();
// Remove ability to apply without approval, but still allow them to subscribe.
$roles = og_roles('node', $this->group->type);
og_role_revoke_permissions(array_search(OG_ANONYMOUS_ROLE, $roles), array(
'subscribe without approval',
));
og_role_grant_permissions(array_search(OG_ANONYMOUS_ROLE, $roles), array(
'subscribe',
));
$this
->drupalLogin($this->user);
}
/**
* Test membership creation attempt made via direct API calls, by non-admins.
*/
public function testMembershipRequest() {
// The call of drupalLogin() in setUp() is not effective for API calls,
// switching users here to test the permission check.
global $user;
$current_user = $user;
$user = $this->user;
// Save user as a member of the group, without passing state.
$this->user->og_user_node[LANGUAGE_NONE][0]['target_id'] = $this->group->nid;
user_save($this->user);
$user = $current_user;
// User's membership should not exist.
$membership = og_get_membership('node', $this->group->nid, 'user', $this->user->uid);
$this
->assertFalse(is_object($membership), t('Non-admins cannot add members to private groups.'));
}
/**
* Test that membership requests made via direct API calls that include
* membership state result in proper active status for private groups that
* require approval.
*/
public function testMemberShipRequestStatusWithState() {
// Save user as a member of the group, passing the state.
$this->user->og_user_node[LANGUAGE_NONE][0]['target_id'] = $this->group->nid;
$this->user->og_user_node[LANGUAGE_NONE][0]['state'] = OG_STATE_ACTIVE;
user_save($this->user);
// User's membership should be active.
$membership = og_get_membership('node', $this->group->nid, 'user', $this->user->uid);
$this
->assertEqual($membership->state, OG_STATE_ACTIVE, t('User membership is active.'));
}
}Classes
Name |
Description |
|---|---|
| OgAccessModeratedGroup | Tests moderated group memberships. |
| OgAccessTestCase | Test OG access. |
| OgAccessUseGroupDefaultsTestCase | Test "Use group defaults". |