You are here

function OgFieldAccessTestCase::testOgFieldAccess in Organic groups 7

Same name and namespace in other branches
  1. 7.2 og_field_access/og_field_access.test \OgFieldAccessTestCase::testOgFieldAccess()

Group with access field.

File

og_field_access/og_field_access.test, line 29
Test organic groups field access module.

Class

OgFieldAccessTestCase
Test OG access.

Code

function testOgFieldAccess() {
  $user1 = $this
    ->drupalCreateUser();
  $user2 = $this
    ->drupalCreateUser();
  $this
    ->drupalLogin($user1);
  $global_roles = og_get_global_roles();

  // Set global permissions.
  $anon_rid = array_search(OG_ANONYMOUS_ROLE, $global_roles);
  $permissions = array(
    'view body field' => 0,
    'update body field' => 0,
    // Allow non-members to edit the group, so we can test the node-edit page.
    'update group' => 1,
  );
  og_role_change_permissions($anon_rid, $permissions);

  // Create group and group content node types.
  $group_type = $this
    ->drupalCreateContentType();
  og_create_field(OG_GROUP_FIELD, 'node', $group_type->type);
  $group_content_type = $this
    ->drupalCreateContentType();
  og_create_field(OG_AUDIENCE_FIELD, 'node', $group_content_type->type);
  $this
    ->drupalLogin($user1);

  // Create a group node.
  $settings = array();
  $settings['type'] = $group_type->type;
  $settings[OG_GROUP_FIELD][LANGUAGE_NONE][0]['value'] = 1;
  $settings['body'][LANGUAGE_NONE][0]['value'] = $this
    ->randomName();
  $node = $this
    ->drupalCreateNode($settings);
  $group = og_get_group('node', $node->nid);

  // Assert another user is not a group member.
  $this
    ->drupalLogin($user2);
  $this
    ->assertFalse(og_is_member($group->gid, 'user', $user2), t('User is not a group member.'));

  // Assert user can't view the field.
  $this
    ->drupalGet('node/' . $node->nid);
  $this
    ->assertResponse('200', t('Non group member can view node.'));
  $this
    ->assertNoText($node->body[LANGUAGE_NONE][0]['value'], t('Non group member can not view field.'));

  // Change permissions and assert user can view the field.
  $permissions['view body field'] = 1;
  og_role_change_permissions($anon_rid, $permissions);
  $this
    ->drupalGet('node/' . $node->nid);
  $this
    ->assertText($node->body[LANGUAGE_NONE][0]['value'], t('Non group member can now view field.'));

  // Assert user can't edit the field.
  $this
    ->drupalGet('node/' . $node->nid . '/edit');
  $this
    ->assertResponse('200', t('Non group member can edit node.'));
  $this
    ->assertNoText($node->body[LANGUAGE_NONE][0]['value'], t('Non group member can not edit field.'));

  // Change permissions and assert user can view the field.
  $permissions['update body field'] = 1;
  og_role_change_permissions($anon_rid, $permissions);
  $this
    ->drupalGet('node/' . $node->nid . '/edit');
  $langcode = LANGUAGE_NONE;
  $this
    ->assertFieldByName("body[{$langcode}][0][value]", $node->body[LANGUAGE_NONE][0]['value'], t('Non group member can now edit field.'));

  // Assert field permissions on group content.
  $permissions['view body field'] = 0;
  og_role_change_permissions($anon_rid, $permissions);
  $settings = array();
  $settings['uid'] = $user1->uid;
  $settings['type'] = $group_content_type->type;
  $settings[OG_AUDIENCE_FIELD][LANGUAGE_NONE][0]['gid'] = $group->gid;
  $settings['body'][LANGUAGE_NONE][0]['value'] = $this
    ->randomName();
  $node = $this
    ->drupalCreateNode($settings);
  $this
    ->drupalLogin($user1);
  $this
    ->drupalGet('node/' . $node->nid);
  $this
    ->assertText($node->body[LANGUAGE_NONE][0]['value'], t('Group member can view field of a group content.'));
  $this
    ->drupalLogin($user2);
  $this
    ->drupalGet('node/' . $node->nid);
  $this
    ->assertNoText($node->body[LANGUAGE_NONE][0]['value'], t('Non member can not view field of a group content.'));

  // Assert field permissions on orphan group content.
  $settings = array();
  $settings['type'] = $group_content_type->type;
  $settings['uid'] = $user1->uid;
  $node = $this
    ->drupalCreateNode($settings);
  $this
    ->drupalGet('node/' . $node->nid);
  $this
    ->assertText($node->body[LANGUAGE_NONE][0]['value'], t('Non member can view field of an orphan group content.'));

  // Assert fields of nodes not related to OG are not being restricted.
  $user3 = $this
    ->drupalCreateUser(array(
    'access content',
    'create page content',
    'edit any page content',
  ));
  $this
    ->drupalLogin($user3);
  $node = $this
    ->drupalCreateNode();
  $this
    ->drupalGet('node/' . $node->nid);
  $this
    ->assertText($node->body[LANGUAGE_NONE][0]['value'], t('User can view field of content not related to Organic groups.'));
  $this
    ->drupalGet('node/' . $node->nid . '/edit');
  $this
    ->assertText($node->body[LANGUAGE_NONE][0]['value'], t('User can edit field of content not related to Organic groups.'));
}