You are here

Home » API reference » Privatemsg 7 » privatemsg.test » PrivatemsgTestCase

function PrivatemsgTestCase::testPrivatemsgReadPrivatemsgPermission in Privatemsg 7

Same name and namespace in other branches
  1. 6.2 privatemsg.test \PrivatemsgTestCase::testPrivatemsgReadPrivatemsgPermission()
  2. 6 privatemsg.test \PrivatemsgTestCase::testPrivatemsgReadPrivatemsgPermission()
  3. 7.2 privatemsg.test \PrivatemsgTestCase::testPrivatemsgReadPrivatemsgPermission()

Test user access to /messages Create user with no 'read privatemsg' permission. Try to access mailbox and see if it gives access denied error Create user with 'read privatemsg' permission. Try to access mailbox and see if it gives allows access

File

./privatemsg.test, line 78
Test file for privatemsg.module

Class

PrivatemsgTestCase

Code

function testPrivatemsgReadPrivatemsgPermission() {
  $user_no_read_msg = $this
    ->drupalCreateUser();

  // set up user with default permissions (meaning: no read privatemsg permission
  $author = $this
    ->drupalCreateUser(array(
    'write privatemsg',
    'read privatemsg',
  ));
  $recipient = $this
    ->drupalCreateUser(array(
    'read privatemsg',
  ));
  $no_recipient = $this
    ->drupalCreateUser(array(
    'read privatemsg',
  ));
  $subject = $this
    ->randomName(20);
  $body = $this
    ->randomName(50);

  // Make sure that $no_recipient is involved in another thread to assert that
  // no unrelated messages are displayed.
  // @see https://drupal.org/node/2033161
  $unrelated = privatemsg_new_thread(array(
    $no_recipient,
  ), $subject, $body, array(
    'author' => $author,
  ));
  $response = privatemsg_new_thread(array(
    $recipient,
  ), $subject, $body, array(
    'author' => $author,
  ));
  $this
    ->drupalLogin($user_no_read_msg);
  $this
    ->drupalGet('messages');
  $this
    ->assertResponse(403, t('HTTP Response 403: Access to mailbox was blocked to user without "<em>read privatemsg</em>" permission'));
  $this
    ->drupalLogin($no_recipient);
  $this
    ->drupalGet('messages');
  $this
    ->assertResponse(200, t('HTTP Response 200: Access to mailbox was authorized to user with "<em>read privatemsg</em>" permission'));
  $this
    ->drupalGet('messages/view/' . $response['message']->thread_id);
  $this
    ->assertResponse(403, t('HTTP Response 403: Access to thread is blocked for non-recipients.'));
  $this
    ->drupalLogin($recipient);
  $this
    ->drupalGet('messages/view/' . $response['message']->thread_id);
  $this
    ->assertText($subject, t('Access to thread for recipient allowed.'));
  $this
    ->drupalGet('messages/view/' . $response['message']->thread_id + 1);
  $this
    ->assertResponse(404, t('Non-existing thread lead to HTTP Response 404.'));
}