View source
<?php
namespace Drupal\Tests\photos\Functional;
use Drupal\photos\Entity\PhotosImage;
use Drupal\Tests\BrowserTestBase;
class PhotosAccessTest extends BrowserTestBase {
protected static $modules = [
'field_ui',
'node',
'file',
'image',
'comment',
'photos',
'photos_access',
'photos_views_test',
'views',
'views_ui',
];
protected $defaultTheme = 'stark';
protected $account;
protected $accountEditOwnPhotosRole;
protected $accountViewPhotosOnly;
protected $album;
protected function setUp() {
parent::setUp();
$this->account = $this
->drupalCreateUser([
'access administration pages',
'access content',
'administer display modes',
'administer nodes',
'administer site configuration',
'administer views',
'create photo',
'create photos content',
'delete own photo',
'edit own photo',
'edit own photos content',
'view photo',
]);
$this
->drupalLogin($this->account);
$edit = [
'photos_access_photos' => 1,
'photos_clean_title' => TRUE,
];
$this
->drupalGet('/admin/config/media/photos');
$this
->submitForm($edit, 'Save configuration');
$edit = [
'access[type]' => 'photos_access',
];
$this
->drupalGet('/admin/structure/views/nojs/display/photos_test_view/page_1/access');
$this
->submitForm($edit, 'Apply');
$this
->submitForm([], 'Save');
node_access_rebuild();
$this->accountViewPhotosOnly = $this
->drupalCreateUser([
'access content',
'view photo',
]);
$this
->drupalCreateRole([
'access content',
'view photo',
'edit own photo',
], 'role_access_test', '<em>role_access_test</em>');
$this->accountEditOwnPhotosRole = $this
->drupalCreateUser([]);
$this->accountEditOwnPhotosRole
->addRole('role_access_test');
$this->accountEditOwnPhotosRole
->save();
$storage = $this->container
->get('entity_type.manager')
->getStorage('node');
$this
->drupalGet('/node/add/photos');
$this
->assertSession()
->statusCodeEquals(200);
$edit = [
'title[0][value]' => $this
->randomMachineName(),
'photos_privacy[viewid]' => 1,
];
$this
->submitForm($edit, 'Save');
$storage
->resetCache([
1,
]);
$storage = $this->container
->get('entity_type.manager')
->getStorage('node');
$this->album = $storage
->load(1);
$this
->assertNotNull($this->album->photos_privacy);
$this
->assertEquals($this->album->photos_privacy['viewid'], 1, 'Album is set to locked.');
$fileSystem = \Drupal::service('file_system');
$testImageFile = drupal_get_path('module', 'photos') . '/tests/images/photos-test-picture.jpg';
$edit = [
'files[images_0]' => $fileSystem
->realpath($testImageFile),
];
$this
->drupalGet('node/' . $this->album
->id() . '/photos');
$this
->assertSession()
->statusCodeEquals(200);
$this
->submitForm($edit, 'Confirm upload');
}
public function testAlbumPrivacySettings() {
$photosImage = $this->container
->get('entity_type.manager')
->getStorage('photos_image')
->load(1);
$file = $this->container
->get('entity_type.manager')
->getStorage('file')
->load($photosImage->field_image->target_id);
$this
->checkAlbumAccess($photosImage, 200, 200, $file
->createFileUrl());
$this
->drupalLogin($this->accountViewPhotosOnly);
$this
->checkAlbumAccess($photosImage, 403, 403, $file
->createFileUrl());
$edit = [
'photos_privacy[viewid]' => 0,
];
$this
->updateAlbumPrivacySettings($edit);
$file = $this->container
->get('entity_type.manager')
->getStorage('file')
->load($photosImage->field_image->target_id);
$this
->drupalLogin($this->accountViewPhotosOnly);
$this
->checkAlbumAccess($photosImage, 200, 403, $file
->createFileUrl());
$edit = [
'photos_privacy[viewid]' => 3,
'photos_privacy[pass]' => 'test',
];
$this
->updateAlbumPrivacySettings($edit);
$file = $this->container
->get('entity_type.manager')
->getStorage('file')
->load($photosImage->field_image->target_id);
$this
->drupalLogin($this->accountViewPhotosOnly);
$this
->drupalGet('node/' . $photosImage
->getAlbumId());
$this
->assertSession()
->statusCodeEquals(200);
$this
->assertSession()
->responseContains('Please enter password');
$this
->drupalGet('photos/' . $photosImage
->getAlbumId() . '/' . $photosImage
->id());
$this
->assertSession()
->statusCodeEquals(200);
$this
->assertSession()
->responseContains('Please enter password');
$this
->drupalGet($file
->createFileUrl());
$this
->assertSession()
->statusCodeEquals(200);
$this
->assertSession()
->responseContains('Please enter password');
$this
->drupalGet('photos/views-test/' . $photosImage
->getAlbumId());
$this
->assertSession()
->statusCodeEquals(200);
$this
->assertSession()
->responseContains('Please enter password');
$edit = [
'pass' => 'wrong password',
];
$this
->submitForm($edit, 'Submit');
$this
->assertSession()
->responseContains('Password required');
$edit = [
'pass' => 'test',
];
$this
->submitForm($edit, 'Submit');
$this
->assertSession()
->statusCodeEquals(200);
$this
->assertSession()
->responseContains($this->album
->getTitle());
$this
->drupalGet('node/' . $photosImage
->getAlbumId() . '/edit');
$this
->assertSession()
->statusCodeEquals(403);
$edit = [
'photos_privacy[viewid]' => 4,
'photos_privacy[roles][role_access_test]' => TRUE,
];
$this
->updateAlbumPrivacySettings($edit);
$file = $this->container
->get('entity_type.manager')
->getStorage('file')
->load($photosImage->field_image->target_id);
$this
->drupalLogin($this->accountViewPhotosOnly);
$this
->checkAlbumAccess($photosImage, 403, 403, $file
->createFileUrl());
$this
->drupalLogin($this->accountEditOwnPhotosRole);
$this
->checkAlbumAccess($photosImage, 200, 200, $file
->createFileUrl());
$edit = [
'photos_privacy[viewid]' => 1,
'photos_privacy[updateuser]' => $this->accountViewPhotosOnly
->getAccountName() . ' (' . $this->accountViewPhotosOnly
->id() . ')',
];
$this
->updateAlbumPrivacySettings($edit);
$file = $this->container
->get('entity_type.manager')
->getStorage('file')
->load($photosImage->field_image->target_id);
$this
->drupalLogin($this->accountViewPhotosOnly);
$this
->checkAlbumAccess($photosImage, 200, 200, $file
->createFileUrl());
$edit = [
'photos_privacy[updateremove][' . $this->accountViewPhotosOnly
->id() . ']' => TRUE,
];
$this
->updateAlbumPrivacySettings($edit);
$this
->drupalLogin($this->accountViewPhotosOnly);
$this
->checkAlbumAccess($photosImage, 403, 403, $file
->createFileUrl());
$edit = [
'photos_privacy[updateuser]' => $this->accountEditOwnPhotosRole
->getAccountName() . ' (' . $this->accountEditOwnPhotosRole
->id() . ')',
];
$this
->updateAlbumPrivacySettings($edit);
$this
->drupalLogin($this->accountViewPhotosOnly);
$this
->checkAlbumAccess($photosImage, 403, 403, $file
->createFileUrl());
}
protected function updateAlbumPrivacySettings(array $edit = []) {
$this
->drupalLogin($this->account);
$this
->drupalGet('node/' . $this->album
->id() . '/edit');
if (isset($edit['photos_privacy[viewid]']) && $edit['photos_privacy[viewid]'] == 4) {
$this
->assertSession()
->responseContains('Role access');
}
$this
->submitForm($edit, 'Save');
$storage = $this->container
->get('entity_type.manager')
->getStorage('node');
$storage
->resetCache([
$this->album
->id(),
]);
$this->container
->get('entity_type.manager')
->getStorage('file')
->resetCache();
$this->album = $storage
->load($this->album
->id());
if (isset($edit['photos_privacy[viewid]'])) {
$this
->assertEquals($this->album->photos_privacy['viewid'], $edit['photos_privacy[viewid]'], 'Album privacy settings updated successfully.');
}
}
protected function checkAlbumAccess(PhotosImage $photosImage, $viewCode = 200, $editCode = 403, $fileUrl = NULL) {
if ($fileUrl) {
$this
->drupalGet($fileUrl);
$this
->assertSession()
->statusCodeEquals($viewCode);
}
$this
->drupalGet('photos/' . $photosImage
->getAlbumId() . '/' . $photosImage
->id());
$this
->assertSession()
->statusCodeEquals($viewCode);
$this
->drupalGet('photos/views-test/' . $photosImage
->getAlbumId());
$this
->assertSession()
->statusCodeEquals($viewCode);
$this
->drupalGet('node/' . $photosImage
->getAlbumId());
$this
->assertSession()
->statusCodeEquals($viewCode);
$this
->drupalGet('node/' . $photosImage
->getAlbumId() . '/edit');
$this
->assertSession()
->statusCodeEquals($editCode);
}
}