You are here

public function BulkFormAccessTest::testNodeEditAccess in Zircon Profile 8

Same name and namespace in other branches
  1. 8.0 core/modules/node/src/Tests/Views/BulkFormAccessTest.php \Drupal\node\Tests\Views\BulkFormAccessTest::testNodeEditAccess()

Tests if nodes that may not be edited, can not be edited in bulk.

File

core/modules/node/src/Tests/Views/BulkFormAccessTest.php, line 69
Contains \Drupal\node\Tests\Views\BulkFormAccessTest.

Class

BulkFormAccessTest
Tests if entity access is respected on a node bulk operations form.

Namespace

Drupal\node\Tests\Views

Code

public function testNodeEditAccess() {

  // Create an account who will be the author of a private node.
  $author = $this
    ->drupalCreateUser();

  // Create a private node (author may view, edit and delete, others may not).
  $node = $this
    ->drupalCreateNode(array(
    'type' => 'article',
    'private' => array(
      array(
        'value' => TRUE,
      ),
    ),
    'uid' => $author
      ->id(),
  ));

  // Create an account that may view the private node, but not edit it.
  $account = $this
    ->drupalCreateUser(array(
    'node test view',
  ));
  $this
    ->drupalLogin($account);

  // Ensure the node is published.
  $this
    ->assertTrue($node
    ->isPublished(), 'Node is initially published.');

  // Ensure that the node can not be edited.
  $this
    ->assertEqual(FALSE, $this->accessHandler
    ->access($node, 'update', $account), 'The node may not be edited.');

  // Test editing the node using the bulk form.
  $edit = array(
    'node_bulk_form[0]' => TRUE,
    'action' => 'node_unpublish_action',
  );
  $this
    ->drupalPostForm('test-node-bulk-form', $edit, t('Apply'));
  $this
    ->assertRaw(SafeMarkup::format('No access to execute %action on the @entity_type_label %entity_label.', [
    '%action' => 'Unpublish content',
    '@entity_type_label' => 'Content',
    '%entity_label' => $node
      ->label(),
  ]));

  // Re-load the node and check the status.
  $node = Node::load($node
    ->id());
  $this
    ->assertTrue($node
    ->isPublished(), 'The node is still published.');

  // Create an account that may view the private node, but can update the
  // status.
  $account = $this
    ->drupalCreateUser(array(
    'administer nodes',
    'node test view',
  ));
  $this
    ->drupalLogin($account);

  // Ensure the node is published.
  $this
    ->assertTrue($node
    ->isPublished(), 'Node is initially published.');

  // Ensure that the private node can not be edited.
  $this
    ->assertEqual(FALSE, $node
    ->access('update', $account), 'The node may not be edited.');
  $this
    ->assertEqual(TRUE, $node->status
    ->access('edit', $account), 'The node status can be edited.');

  // Test editing the node using the bulk form.
  $edit = array(
    'node_bulk_form[0]' => TRUE,
    'action' => 'node_unpublish_action',
  );
  $this
    ->drupalPostForm('test-node-bulk-form', $edit, t('Apply'));

  // Re-load the node and check the status.
  $node = Node::load($node
    ->id());
  $this
    ->assertTrue($node
    ->isPublished(), 'The node is still published.');
}