public function NodeAccessTest::testPageAccess in Workbench Moderation 8
Verifies that a non-admin user can still access the appropriate pages.
File
- tests/
src/ Functional/ NodeAccessTest.php, line 29
Class
- NodeAccessTest
- Tests permission access control around nodes.
Namespace
Drupal\Tests\workbench_moderation\FunctionalCode
public function testPageAccess() {
$this
->drupalLogin($this->adminUser);
// Create a node to test with.
$this
->drupalPostForm('node/add/moderated_content', [
'title[0][value]' => 'moderated content',
], t('Save and Create New Draft'));
$nodes = \Drupal::entityTypeManager()
->getStorage('node')
->loadByProperties([
'title' => 'moderated content',
]);
if (!$nodes) {
$this
->fail('Test node was not saved correctly.');
return;
}
/** @var \Drupal\node\NodeInterface $node */
$node = reset($nodes);
$view_path = 'node/' . $node
->id();
$edit_path = 'node/' . $node
->id() . '/edit';
$latest_path = 'node/' . $node
->id() . '/latest';
// Publish the node.
$this
->drupalPostForm($edit_path, [], t('Save and Request Review'));
$this
->drupalPostForm($edit_path, [], t('Save and Publish'));
// Ensure access works correctly for anonymous users.
$this
->drupalLogout();
$this
->drupalGet($edit_path);
$this
->assertSession()
->statusCodeEquals(403);
$this
->drupalGet($latest_path);
$this
->assertSession()
->statusCodeEquals(403);
$this
->drupalGet($view_path);
$this
->assertSession()
->statusCodeEquals(200);
// Create a forward revision for the 'Latest revision' tab.
$this
->drupalLogin($this->adminUser);
$this
->drupalPostForm($edit_path, [
'title[0][value]' => 'moderated content revised',
], t('Save and Create New Draft'));
// Now make a new user and verify that the new user's access is correct.
$user = $this
->createUser([
'use draft_draft transition',
'use draft_needs_review transition',
'use published_draft transition',
'use needs_review_published transition',
'view latest version',
'view any unpublished content',
]);
$this
->drupalLogin($user);
$this
->drupalGet($edit_path);
$this
->assertSession()
->statusCodeEquals(403);
$this
->drupalGet($latest_path);
$this
->assertSession()
->statusCodeEquals(200);
$this
->drupalGet($view_path);
$this
->assertSession()
->statusCodeEquals(200);
// Now make another user, who should not be able to see forward revisions.
$user = $this
->createUser([
'use draft_needs_review transition',
'use published_draft transition',
'use needs_review_published transition',
]);
$this
->drupalLogin($user);
$this
->drupalGet($edit_path);
$this
->assertSession()
->statusCodeEquals(403);
$this
->drupalGet($latest_path);
$this
->assertSession()
->statusCodeEquals(403);
$this
->drupalGet($view_path);
$this
->assertSession()
->statusCodeEquals(200);
}