function NodeFieldAccessTest::testAccessToAdministrativeFields in Zircon Profile 8
Same name and namespace in other branches
- 8.0 core/modules/node/src/Tests/NodeFieldAccessTest.php \Drupal\node\Tests\NodeFieldAccessTest::testAccessToAdministrativeFields()
Test permissions on nodes status field.
File
- core/
modules/ node/ src/ Tests/ NodeFieldAccessTest.php, line 51 - Contains \Drupal\node\Tests\NodeFieldAccessTest.
Class
- NodeFieldAccessTest
- Tests node field level access.
Namespace
Drupal\node\TestsCode
function testAccessToAdministrativeFields() {
// Create the page node type with revisions disabled.
$page = NodeType::create([
'type' => 'page',
'new_revision' => FALSE,
]);
$page
->save();
// Create the article node type with revisions disabled.
$article = NodeType::create([
'type' => 'article',
'new_revision' => TRUE,
]);
$article
->save();
// An administrator user. No user exists yet, ensure that the first user
// does not have UID 1.
$content_admin_user = $this
->createUser(array(
'uid' => 2,
), array(
'administer nodes',
));
// Two different editor users.
$page_creator_user = $this
->createUser(array(), array(
'create page content',
'edit own page content',
'delete own page content',
));
$page_manager_user = $this
->createUser(array(), array(
'create page content',
'edit any page content',
'delete any page content',
));
// An unprivileged user.
$page_unrelated_user = $this
->createUser(array(), array(
'access content',
));
// List of all users
$test_users = array(
$content_admin_user,
$page_creator_user,
$page_manager_user,
$page_unrelated_user,
);
// Create three "Basic pages". One is owned by our test-user
// "page_creator", one by "page_manager", and one by someone else.
$node1 = Node::create(array(
'title' => $this
->randomMachineName(8),
'uid' => $page_creator_user
->id(),
'type' => 'page',
));
$node2 = Node::create(array(
'title' => $this
->randomMachineName(8),
'uid' => $page_manager_user
->id(),
'type' => 'article',
));
$node3 = Node::create(array(
'title' => $this
->randomMachineName(8),
'type' => 'page',
));
foreach ($this->administrativeFields as $field) {
// Checks on view operations.
foreach ($test_users as $account) {
$may_view = $node1->{$field}
->access('view', $account);
$this
->assertTrue($may_view, SafeMarkup::format('Any user may view the field @name.', array(
'@name' => $field,
)));
}
// Checks on edit operations.
$may_update = $node1->{$field}
->access('edit', $page_creator_user);
$this
->assertFalse($may_update, SafeMarkup::format('Users with permission "edit own page content" is not allowed to the field @name.', array(
'@name' => $field,
)));
$may_update = $node2->{$field}
->access('edit', $page_creator_user);
$this
->assertFalse($may_update, SafeMarkup::format('Users with permission "edit own page content" is not allowed to the field @name.', array(
'@name' => $field,
)));
$may_update = $node2->{$field}
->access('edit', $page_manager_user);
$this
->assertFalse($may_update, SafeMarkup::format('Users with permission "edit any page content" is not allowed to the field @name.', array(
'@name' => $field,
)));
$may_update = $node1->{$field}
->access('edit', $page_manager_user);
$this
->assertFalse($may_update, SafeMarkup::format('Users with permission "edit any page content" is not allowed to the field @name.', array(
'@name' => $field,
)));
$may_update = $node2->{$field}
->access('edit', $page_unrelated_user);
$this
->assertFalse($may_update, SafeMarkup::format('Users not having permission "edit any page content" is not allowed to the field @name.', array(
'@name' => $field,
)));
$may_update = $node1->{$field}
->access('edit', $content_admin_user) && $node3->status
->access('edit', $content_admin_user);
$this
->assertTrue($may_update, SafeMarkup::format('Users with permission "administer nodes" may edit @name fields on all nodes.', array(
'@name' => $field,
)));
}
foreach ($this->readOnlyFields as $field) {
// Check view operation.
foreach ($test_users as $account) {
$may_view = $node1->{$field}
->access('view', $account);
$this
->assertTrue($may_view, SafeMarkup::format('Any user may view the field @name.', array(
'@name' => $field,
)));
}
// Check edit operation.
foreach ($test_users as $account) {
$may_view = $node1->{$field}
->access('edit', $account);
$this
->assertFalse($may_view, SafeMarkup::format('No user is not allowed to edit the field @name.', array(
'@name' => $field,
)));
}
}
// Check the revision_log field on node 1 which has revisions disabled.
$may_update = $node1->revision_log
->access('edit', $content_admin_user);
$this
->assertTrue($may_update, 'A user with permission "administer nodes" can edit the revision_log field when revisions are disabled.');
$may_update = $node1->revision_log
->access('edit', $page_creator_user);
$this
->assertFalse($may_update, 'A user without permission "administer nodes" can not edit the revision_log field when revisions are disabled.');
// Check the revision_log field on node 2 which has revisions enabled.
$may_update = $node2->revision_log
->access('edit', $content_admin_user);
$this
->assertTrue($may_update, 'A user with permission "administer nodes" can edit the revision_log field when revisions are enabled.');
$may_update = $node2->revision_log
->access('edit', $page_creator_user);
$this
->assertTrue($may_update, 'A user without permission "administer nodes" can edit the revision_log field when revisions are enabled.');
}