public function OpignoPollAppWebTestCase::testAccessControl in Opigno Poll App 7
Test permissions.
Opigno Poll App hijacks some of core Poll access controls. Make sure they work as expected.
File
- tests/
OpignoPollAppWebTestCase.test, line 92 - Defines the unit tests for Opigno Poll.
Class
- OpignoPollAppWebTestCase
- @file Defines the unit tests for Opigno Poll.
Code
public function testAccessControl() {
// Test vote permissions.
// A user with a global "vote on poll" permission will have access to both
// "global" polls as well as polls belonging to a course.
// A user with only a course "vote on poll" permission will not be able
// to vote on global polls.
$non_member = $this
->drupalCreateUser(array(
'access content',
'vote on polls',
));
$member = $this
->drupalCreateUser(array(
'access content',
));
// Create a course and add the member.
$course = $this
->createCourse();
$this
->addMemberToCourse($course, $member->uid, array(
'member',
'can vote',
));
// Create a global poll.
$global_poll = $this
->createPoll('Global poll 1');
// Only the non-member should see the vote form.
$this
->drupalLogin($non_member);
$this
->drupalGet('node/' . $global_poll->nid);
$this
->assertFieldById('edit-vote', '', 'Found the "Vote" button.');
$this
->drupalLogin($member);
$this
->drupalGet('node/' . $global_poll->nid);
$this
->assertNoFieldById('edit-vote', '', 'Did not find the "Vote" button.');
// Close the voting. No-one should see the vote form.
$global_poll->active = 0;
node_save($global_poll);
$this
->drupalLogin($non_member);
$this
->drupalGet('node/' . $global_poll->nid);
$this
->assertNoFieldById('edit-vote', '', 'Did not find the "Vote" button.');
$this
->drupalLogin($member);
$this
->drupalGet('node/' . $global_poll->nid);
$this
->assertNoFieldById('edit-vote', '', 'Did not find the "Vote" button.');
// Create a poll for the course (the course is public).
$course_poll = $this
->createPoll('Course poll 1', $course->nid);
// Both users should see the vote form.
$this
->drupalLogin($non_member);
$this
->drupalGet('node/' . $course_poll->nid);
$this
->assertFieldById('edit-vote', '', 'Found the "Vote" button.');
$this
->drupalLogin($member);
$this
->drupalGet('node/' . $course_poll->nid);
$this
->assertFieldById('edit-vote', '', 'Found the "Vote" button.');
// Close the voting. No-one should see the vote form.
$course_poll->active = 0;
poll_update($course_poll);
$this
->drupalLogin($non_member);
$this
->drupalGet('node/' . $course_poll->nid);
$this
->assertNoFieldById('edit-vote', '', 'Did not find the "Vote" button.');
$this
->drupalLogin($member);
$this
->drupalGet('node/' . $course_poll->nid);
$this
->assertNoFieldById('edit-vote', '', 'Did not find the "Vote" button.');
// Accessing votes page is not allowed.
$this
->drupalLogin($non_member);
$this
->drupalGet('node/' . $course_poll->nid . '/votes');
$this
->assertText('Access denied', "User is not allowed to see the poll votes.");
$this
->drupalLogin($member);
$this
->drupalGet('node/' . $course_poll->nid . '/votes');
$this
->assertText('Access denied', "User is not allowed to see the poll votes.");
// A user with a global "inspect all votes" permission will have access to both
// "global" poll results as well as poll results belonging to a course.
// A user with only a course "inspect all votes" permission will not be able
// to see global poll results.
$non_member = $this
->drupalCreateUser(array(
'access content',
'vote on polls',
'inspect all votes',
'cancel own vote',
));
$member = $this
->drupalCreateUser(array(
'access content',
));
$this
->addMemberToCourse($course, $member->uid, array(
'member',
'can vote',
'can see all',
'can cancel',
));
// Only non-member should be allowed to see all results.
$this
->drupalLogin($non_member);
$this
->drupalGet('node/' . $global_poll->nid . '/votes');
$this
->assertNoText('Access denied', "User is allowed to see the poll votes.");
$this
->drupalLogin($member);
$this
->drupalGet('node/' . $global_poll->nid . '/votes');
$this
->assertText('Access denied', "User is not allowed to see the poll votes.");
// Both user should see votes.
$this
->drupalLogin($non_member);
$this
->drupalGet('node/' . $course_poll->nid . '/votes');
$this
->assertNoText('Access denied', "User is allowed to see the poll votes.");
$this
->drupalLogin($member);
$this
->drupalGet('node/' . $course_poll->nid . '/votes');
$this
->assertNoText('Access denied', "User is allowed to see the poll votes.");
// A user with a global "cancel own vote" and "vote on poll" permissions will
// have access to vote and cancel on both "global" polls as well as polls
// belonging to a course.
// A user with only a course "cancel own vote" and "vote on poll" permissions
// will not be able to vote or cancel on global polls.
// We already checked voting access above. We only care about the actual voting
// storage and canceling.
$global_poll->active = 1;
poll_update($global_poll);
$course_poll->active = 1;
poll_update($course_poll);
$this
->drupalLogin($non_member);
$this
->drupalPost('node/' . $global_poll->nid, array(
'choice' => current(array_keys($global_poll->choice)),
), t("Vote"));
$this
->assertRaw(t("Cancel your vote"), "Found the cancel button.");
$this
->drupalPost('node/' . $course_poll->nid, array(
'choice' => current(array_keys($course_poll->choice)),
), t("Vote"));
$this
->assertRaw(t("Cancel your vote"), "Found the cancel button.");
$this
->drupalLogin($member);
$this
->drupalPost('node/' . $course_poll->nid, array(
'choice' => current(array_keys($course_poll->choice)),
), t("Vote"));
$this
->assertRaw(t("Cancel your vote"), "Found the cancel button.");
}