You are here

function FileFieldWidgetTest::testPrivateFileComment in Zircon Profile 8

Same name and namespace in other branches
  1. 8.0 core/modules/file/src/Tests/FileFieldWidgetTest.php \Drupal\file\Tests\FileFieldWidgetTest::testPrivateFileComment()

Tests that download restrictions on private files work on comments.

File

core/modules/file/src/Tests/FileFieldWidgetTest.php, line 309
Contains \Drupal\file\Tests\FileFieldWidgetTest.

Class

FileFieldWidgetTest
Tests the file field widget, single and multi-valued, with and without AJAX, with public and private files.

Namespace

Drupal\file\Tests

Code

function testPrivateFileComment() {
  $user = $this
    ->drupalCreateUser(array(
    'access comments',
  ));

  // Grant the admin user required comment permissions.
  $roles = $this->adminUser
    ->getRoles();
  user_role_grant_permissions($roles[1], array(
    'administer comment fields',
    'administer comments',
  ));

  // Revoke access comments permission from anon user, grant post to
  // authenticated.
  user_role_revoke_permissions(RoleInterface::ANONYMOUS_ID, array(
    'access comments',
  ));
  user_role_grant_permissions(RoleInterface::AUTHENTICATED_ID, array(
    'post comments',
    'skip comment approval',
  ));

  // Create a new field.
  $this
    ->addDefaultCommentField('node', 'article');
  $name = strtolower($this
    ->randomMachineName());
  $label = $this
    ->randomMachineName();
  $storage_edit = array(
    'settings[uri_scheme]' => 'private',
  );
  $this
    ->fieldUIAddNewField('admin/structure/comment/manage/comment', $name, $label, 'file', $storage_edit);

  // Manually clear cache on the tester side.
  \Drupal::entityManager()
    ->clearCachedFieldDefinitions();

  // Create node.
  $edit = array(
    'title[0][value]' => $this
      ->randomMachineName(),
  );
  $this
    ->drupalPostForm('node/add/article', $edit, t('Save and publish'));
  $node = $this
    ->drupalGetNodeByTitle($edit['title[0][value]']);

  // Add a comment with a file.
  $text_file = $this
    ->getTestFile('text');
  $edit = array(
    'files[field_' . $name . '_' . 0 . ']' => drupal_realpath($text_file
      ->getFileUri()),
    'comment_body[0][value]' => $comment_body = $this
      ->randomMachineName(),
  );
  $this
    ->drupalPostForm('node/' . $node
    ->id(), $edit, t('Save'));

  // Get the comment ID.
  preg_match('/comment-([0-9]+)/', $this
    ->getUrl(), $matches);
  $cid = $matches[1];

  // Log in as normal user.
  $this
    ->drupalLogin($user);
  $comment = Comment::load($cid);
  $comment_file = $comment->{'field_' . $name}->entity;
  $this
    ->assertFileExists($comment_file, 'New file saved to disk on node creation.');

  // Test authenticated file download.
  $url = file_create_url($comment_file
    ->getFileUri());
  $this
    ->assertNotEqual($url, NULL, 'Confirmed that the URL is valid');
  $this
    ->drupalGet(file_create_url($comment_file
    ->getFileUri()));
  $this
    ->assertResponse(200, 'Confirmed that the generated URL is correct by downloading the shipped file.');

  // Test anonymous file download.
  $this
    ->drupalLogout();
  $this
    ->drupalGet(file_create_url($comment_file
    ->getFileUri()));
  $this
    ->assertResponse(403, 'Confirmed that access is denied for the file without the needed permission.');

  // Unpublishes node.
  $this
    ->drupalLogin($this->adminUser);
  $this
    ->drupalPostForm('node/' . $node
    ->id() . '/edit', array(), t('Save and unpublish'));

  // Ensures normal user can no longer download the file.
  $this
    ->drupalLogin($user);
  $this
    ->drupalGet(file_create_url($comment_file
    ->getFileUri()));
  $this
    ->assertResponse(403, 'Confirmed that access is denied for the file without the needed permission.');
}