function NodeAccessTest::testNodeAccess in Zircon Profile 8
Same name and namespace in other branches
- 8.0 core/modules/node/src/Tests/NodeAccessTest.php \Drupal\node\Tests\NodeAccessTest::testNodeAccess()
Runs basic tests for node_access function.
File
- core/
modules/ node/ src/ Tests/ NodeAccessTest.php, line 30 - Contains \Drupal\node\Tests\NodeAccessTest.
Class
- NodeAccessTest
- Tests basic node_access functionality.
Namespace
Drupal\node\TestsCode
function testNodeAccess() {
// Ensures user without 'access content' permission can do nothing.
$web_user1 = $this
->drupalCreateUser(array(
'create page content',
'edit any page content',
'delete any page content',
));
$node1 = $this
->drupalCreateNode(array(
'type' => 'page',
));
$this
->assertNodeCreateAccess($node1
->bundle(), FALSE, $web_user1);
$this
->assertNodeAccess(array(
'view' => FALSE,
'update' => FALSE,
'delete' => FALSE,
), $node1, $web_user1);
// Ensures user with 'bypass node access' permission can do everything.
$web_user2 = $this
->drupalCreateUser(array(
'bypass node access',
));
$node2 = $this
->drupalCreateNode(array(
'type' => 'page',
));
$this
->assertNodeCreateAccess($node2
->bundle(), TRUE, $web_user2);
$this
->assertNodeAccess(array(
'view' => TRUE,
'update' => TRUE,
'delete' => TRUE,
), $node2, $web_user2);
// User cannot 'view own unpublished content'.
$web_user3 = $this
->drupalCreateUser(array(
'access content',
));
$node3 = $this
->drupalCreateNode(array(
'status' => 0,
'uid' => $web_user3
->id(),
));
$this
->assertNodeAccess(array(
'view' => FALSE,
), $node3, $web_user3);
// User cannot create content without permission.
$this
->assertNodeCreateAccess($node3
->bundle(), FALSE, $web_user3);
// User can 'view own unpublished content', but another user cannot.
$web_user4 = $this
->drupalCreateUser(array(
'access content',
'view own unpublished content',
));
$web_user5 = $this
->drupalCreateUser(array(
'access content',
'view own unpublished content',
));
$node4 = $this
->drupalCreateNode(array(
'status' => 0,
'uid' => $web_user4
->id(),
));
$this
->assertNodeAccess(array(
'view' => TRUE,
'update' => FALSE,
), $node4, $web_user4);
$this
->assertNodeAccess(array(
'view' => FALSE,
), $node4, $web_user5);
// Tests the default access provided for a published node.
$node5 = $this
->drupalCreateNode();
$this
->assertNodeAccess(array(
'view' => TRUE,
'update' => FALSE,
'delete' => FALSE,
), $node5, $web_user3);
// Tests the "edit any BUNDLE" and "delete any BUNDLE" permissions.
$web_user6 = $this
->drupalCreateUser(array(
'access content',
'edit any page content',
'delete any page content',
));
$node6 = $this
->drupalCreateNode(array(
'type' => 'page',
));
$this
->assertNodeAccess(array(
'view' => TRUE,
'update' => TRUE,
'delete' => TRUE,
), $node6, $web_user6);
// Tests the "edit own BUNDLE" and "delete own BUNDLE" permission.
$web_user7 = $this
->drupalCreateUser(array(
'access content',
'edit own page content',
'delete own page content',
));
// User should not be able to edit or delete nodes they do not own.
$this
->assertNodeAccess(array(
'view' => TRUE,
'update' => FALSE,
'delete' => FALSE,
), $node6, $web_user7);
// User should be able to edit or delete nodes they own.
$node7 = $this
->drupalCreateNode(array(
'type' => 'page',
'uid' => $web_user7
->id(),
));
$this
->assertNodeAccess(array(
'view' => TRUE,
'update' => TRUE,
'delete' => TRUE,
), $node7, $web_user7);
}