public function ParagraphsAccessTest::testParagraphAccessCheck in Paragraphs 8
Same name in this branch
- 8 tests/src/Functional/WidgetLegacy/ParagraphsAccessTest.php \Drupal\Tests\paragraphs\Functional\WidgetLegacy\ParagraphsAccessTest::testParagraphAccessCheck()
- 8 tests/src/Functional/WidgetStable/ParagraphsAccessTest.php \Drupal\Tests\paragraphs\Functional\WidgetStable\ParagraphsAccessTest::testParagraphAccessCheck()
Tests the paragraph translation.
File
- tests/
src/ Functional/ WidgetLegacy/ ParagraphsAccessTest.php, line 84
Class
- ParagraphsAccessTest
- Tests the access check of paragraphs.
Namespace
Drupal\Tests\paragraphs\Functional\WidgetLegacyCode
public function testParagraphAccessCheck() {
$admin_user = [
'administer site configuration',
'administer node display',
'administer paragraph display',
'create paragraphed_content_demo content',
'edit any paragraphed_content_demo content',
];
$this
->loginAsAdmin($admin_user);
// Remove the "access content" for anonymous users. That results in
// anonymous users not being able to "view" the host entity.
/* @var \Drupal\user\Entity\Role $role */
$role = \Drupal::entityTypeManager()
->getStorage('user_role')
->load(RoleInterface::ANONYMOUS_ID);
$role
->revokePermission('access content');
$role
->save();
// Set field_images from demo to private file storage.
$edit = array(
'settings[uri_scheme]' => 'private',
);
$this
->drupalGet('admin/structure/paragraphs_type/images/fields/paragraph.images.field_images_demo/storage');
$this
->submitForm($edit, 'Save field settings');
// Set the form display to legacy.
$form_display = EntityFormDisplay::load('node.paragraphed_content_demo.default')
->setComponent('field_paragraphs_demo', [
'type' => 'entity_reference_paragraphs',
]);
$form_display
->save();
// Create a new demo node.
$this
->drupalGet('node/add/paragraphed_content_demo');
// Add a new paragraphs images item.
$this
->submitForm([], 'Add images');
$images = $this
->getTestFiles('image');
$file_system = \Drupal::service('file_system');
// Create a file, upload it.
$file_system
->copy($images[0]->uri, 'temporary://privateImage.jpg');
$file_path = $this->container
->get('file_system')
->realpath('temporary://privateImage.jpg');
// Create a file, upload it.
$file_system
->copy($images[1]->uri, 'temporary://privateImage2.jpg');
$file_path_2 = $this->container
->get('file_system')
->realpath('temporary://privateImage2.jpg');
$edit = array(
'title[0][value]' => 'Security test node',
'files[field_paragraphs_demo_0_subform_field_images_demo_0][]' => $file_path,
);
$this
->submitForm($edit, 'Upload');
$edit = array(
'files[field_paragraphs_demo_0_subform_field_images_demo_1][]' => $file_path_2,
);
$this
->submitForm($edit, 'Preview');
$image_style = ImageStyle::load('medium');
$img1_url = $image_style
->buildUrl('private://' . date('Y-m') . '/privateImage.jpg');
$image_url = file_url_transform_relative($img1_url);
$this
->assertSession()
->responseContains($image_url);
$this
->clickLink('Back to content editing');
$this
->submitForm([], 'Save');
$node = $this
->drupalGetNodeByTitle('Security test node');
$this
->drupalGet('node/' . $node
->id());
// Check the text and image after publish.
$this
->assertSession()
->responseContains($image_url);
$this
->drupalGet($img1_url);
$this
->assertSession()
->statusCodeEquals(200);
// Logout to become anonymous.
$this
->drupalLogout();
// @todo Requesting the same $img_url again triggers a caching problem on
// drupal.org test bot, thus we request a different file here.
$img_url = $image_style
->buildUrl('private://' . date('Y-m') . '/privateImage2.jpg');
$image_url = file_url_transform_relative($img_url);
// Check the text and image after publish. Anonymous should not see content.
$this
->assertSession()
->responseNotContains($image_url);
$this
->drupalGet($img_url);
$this
->assertSession()
->statusCodeEquals(403);
// Login as admin with no delete permissions.
$this
->loginAsAdmin($admin_user);
// Create a new demo node.
$this
->drupalGet('node/add/paragraphed_content_demo');
$this
->submitForm([], 'Add text');
$this
->assertSession()
->pageTextContains('Text');
$edit = [
'title[0][value]' => 'delete_permissions',
'field_paragraphs_demo[0][subform][field_text_demo][0][value]' => 'Test',
];
$this
->submitForm($edit, 'Save');
// Edit the node.
$this
->clickLink('Edit');
// Check the remove button is present.
$this
->assertNotNull($this
->xpath('//*[@name="field_paragraphs_demo_0_remove"]'));
// Delete the Paragraph and save.
$this
->submitForm([], 'field_paragraphs_demo_0_remove');
$this
->submitForm([], 'field_paragraphs_demo_0_confirm_remove');
$this
->submitForm([], 'Save');
$node = $this
->getNodeByTitle('delete_permissions');
$this
->assertSession()
->addressEquals('node/' . $node
->id());
}