function RestfulEntityAndPropertyAccessTestCase::testViewAccess in RESTful 7
Same name and namespace in other branches
- 7.2 tests/RestfulEntityAndPropertyAccessTestCase.test \RestfulEntityAndPropertyAccessTestCase::testViewAccess()
Test access control for viewing an entity.
File
- tests/
RestfulEntityAndPropertyAccessTestCase.test, line 130 - Contains RestfulEntityAndPropertyAccessTestCase
Class
- RestfulEntityAndPropertyAccessTestCase
- @file Contains RestfulEntityAndPropertyAccessTestCase
Code
function testViewAccess() {
$user1 = $this
->drupalCreateUser();
$label = $this
->randomName();
$settings = array(
'type' => 'article',
'title' => $label,
'uid' => $user1->uid,
);
$node1 = $this
->drupalCreateNode($settings);
$wrapper = entity_metadata_wrapper('node', $node1);
$text1 = $this
->randomName();
$wrapper->body
->set(array(
'value' => $text1,
));
$wrapper
->save();
$handler = restful_get_restful_handler('test_articles');
// Privileged user.
$handler
->setAccount($user1);
$response = $handler
->get($node1->nid, array());
$result = $response[0];
$this
->assertTrue($result['body'], 'Privileged user can view entity.');
// Privileged user, with limited access to property.
restful_test_deny_access_field();
$handler
->setAccount($user1);
$result = $handler
->get($node1->nid, array());
$this
->assertTrue(!isset($result['body']), 'Privileged user can view entity but without unaccessible properties.');
restful_test_clear_access_field();
// Non-privileged user (Revoke "access content" permission).
user_role_revoke_permissions(DRUPAL_ANONYMOUS_RID, array(
'access content',
));
$user2 = drupal_anonymous_user();
try {
$handler
->setAccount($user2);
$handler
->get($node1->nid, array());
$this
->fail('Non-privileged user can view entity.');
} catch (Exception $e) {
$this
->pass('Non-privileged user cannot view entity.');
}
}