You are here

Home » API reference » Workbench Moderation 8 » NodeAccessTest.php » NodeAccessTest

public function NodeAccessTest::testPageAccess in Workbench Moderation 8

Verifies that a non-admin user can still access the appropriate pages.

File

tests/src/Functional/NodeAccessTest.php, line 29

Class

NodeAccessTest
Tests permission access control around nodes.

Namespace

Drupal\Tests\workbench_moderation\Functional

Code

public function testPageAccess() {
  $this
    ->drupalLogin($this->adminUser);

  // Create a node to test with.
  $this
    ->drupalPostForm('node/add/moderated_content', [
    'title[0][value]' => 'moderated content',
  ], t('Save and Create New Draft'));
  $nodes = \Drupal::entityTypeManager()
    ->getStorage('node')
    ->loadByProperties([
    'title' => 'moderated content',
  ]);
  if (!$nodes) {
    $this
      ->fail('Test node was not saved correctly.');
    return;
  }

  /** @var \Drupal\node\NodeInterface $node */
  $node = reset($nodes);
  $view_path = 'node/' . $node
    ->id();
  $edit_path = 'node/' . $node
    ->id() . '/edit';
  $latest_path = 'node/' . $node
    ->id() . '/latest';

  // Publish the node.
  $this
    ->drupalPostForm($edit_path, [], t('Save and Request Review'));
  $this
    ->drupalPostForm($edit_path, [], t('Save and Publish'));

  // Ensure access works correctly for anonymous users.
  $this
    ->drupalLogout();
  $this
    ->drupalGet($edit_path);
  $this
    ->assertSession()
    ->statusCodeEquals(403);
  $this
    ->drupalGet($latest_path);
  $this
    ->assertSession()
    ->statusCodeEquals(403);
  $this
    ->drupalGet($view_path);
  $this
    ->assertSession()
    ->statusCodeEquals(200);

  // Create a forward revision for the 'Latest revision' tab.
  $this
    ->drupalLogin($this->adminUser);
  $this
    ->drupalPostForm($edit_path, [
    'title[0][value]' => 'moderated content revised',
  ], t('Save and Create New Draft'));

  // Now make a new user and verify that the new user's access is correct.
  $user = $this
    ->createUser([
    'use draft_draft transition',
    'use draft_needs_review transition',
    'use published_draft transition',
    'use needs_review_published transition',
    'view latest version',
    'view any unpublished content',
  ]);
  $this
    ->drupalLogin($user);
  $this
    ->drupalGet($edit_path);
  $this
    ->assertSession()
    ->statusCodeEquals(403);
  $this
    ->drupalGet($latest_path);
  $this
    ->assertSession()
    ->statusCodeEquals(200);
  $this
    ->drupalGet($view_path);
  $this
    ->assertSession()
    ->statusCodeEquals(200);

  // Now make another user, who should not be able to see forward revisions.
  $user = $this
    ->createUser([
    'use draft_needs_review transition',
    'use published_draft transition',
    'use needs_review_published transition',
  ]);
  $this
    ->drupalLogin($user);
  $this
    ->drupalGet($edit_path);
  $this
    ->assertSession()
    ->statusCodeEquals(403);
  $this
    ->drupalGet($latest_path);
  $this
    ->assertSession()
    ->statusCodeEquals(403);
  $this
    ->drupalGet($view_path);
  $this
    ->assertSession()
    ->statusCodeEquals(200);
}