public function RestWSTestCase::testBadInputFormat in RESTful Web Services 7
Same name and namespace in other branches
- 7.2 restws.test \RestWSTestCase::testBadInputFormat()
Tests access to restricted input formats.
File
- ./
restws.test, line 97 - RESTful web services tests.
Class
- RestWSTestCase
- @file RESTful web services tests.
Code
public function testBadInputFormat() {
module_enable(array(
'php',
));
// Reset the cache of valid permissions so that the PHP code format
// permission exists.
$this
->checkPermissions(array(), TRUE);
// Assure that users can't create nodes with unauthorized input formats.
$unprivileged_account = $this
->drupalCreateUser(array(
'bypass node access',
'access resource node',
));
$title = $this
->randomName(8);
$new_node = array(
'body' => array(
'value' => $this
->randomName(30),
'format' => 'php_code',
),
'title' => $title,
'type' => 'page',
);
$json = drupal_json_encode($new_node);
$result = $this
->httpRequest('node', 'PUT', $unprivileged_account, $json);
$this
->assertResponse('403');
$this
->assertEqual($result, '403 Forbidden: Not authorized to set property body');
$node = entity_load('node', FALSE, array(
'title' => $title,
));
$this
->assertEqual(count($node), 0, "Node with unauthorized input format wasn't created");
// Check that the format is allowed if the permission is present.
$privileged_account = $this
->drupalCreateUser(array(
'bypass node access',
'access resource node',
'use text format php_code',
));
$this
->httpRequest('node', 'PUT', $privileged_account, $json);
$this
->assertResponse('201');
$node = entity_load('node', FALSE, array(
'title' => $title,
));
$this
->assertEqual(count($node), 1, "Node was created");
$node = reset($node);
$this
->assertEqual($node->body[LANGUAGE_NONE][0]['value'], $new_node['body']['value'], 'The new node body has the correct value');
$this
->assertEqual($node->body[LANGUAGE_NONE][0]['format'], 'php_code', 'The new node has the correct format');
// Check that users can't update nodes with unauthorized input formats.
$node->body[LANGUAGE_NONE][0]['format'] = 'filtered_html';
node_save($node);
$new_body = $this
->randomName(30);
$update = array(
'body' => array(
'value' => $new_body,
'format' => 'php_code',
),
);
$json = drupal_json_encode($update);
$result = $this
->httpRequest('node/1', 'POST', $unprivileged_account, $json);
$this
->assertResponse('403');
$this
->assertEqual($result, '403 Forbidden: Not authorized to set property body');
$node = node_load(1, NULL, TRUE);
$this
->assertNotEqual($node->body[LANGUAGE_NONE][0]['value'], $new_body);
$this
->assertEqual($node->body[LANGUAGE_NONE][0]['format'], 'filtered_html');
// Check that the format is allowed if the permission is present.
$this
->httpRequest('node/1', 'POST', $privileged_account, $json);
$this
->assertResponse('200');
$node = node_load(1, NULL, TRUE);
$this
->assertEqual($node->body[LANGUAGE_NONE][0]['value'], $new_body);
$this
->assertEqual($node->body[LANGUAGE_NONE][0]['format'], 'php_code');
}