Project

General

Profile

Paste
Download (14.8 KB) Statistics
| Branch: | Revision:

root / drupal7 / sites / all / modules / field_permissions / field_permissions.test @ a8cee257

1
<?php
2

    
3
/**
4
 * @file
5
 * Tests for field_permissions.module.
6
 */
7

    
8
/**
9
 * Tests the Field Permissions module.
10
 */
11
class FieldPermissionsTestCase extends DrupalWebTestCase {
12
  private $admin_user = NULL;
13
  private $limited_user = NULL;
14
  private $admin_rid = NULL;
15
  private $limited_rid = NULL;
16

    
17
  public static function getInfo() {
18
    return array(
19
      'name' => 'Field permissions functionality',
20
      'description' => 'Test field permissions.',
21
      'group' => 'Field permissions'
22
    );
23
  }
24

    
25
  function setUp() {
26
    parent::setUp('field_ui', 'field_permissions');
27

    
28
    // Create test user.
29
    $admin_permissions = array('access content', 'administer nodes', 'bypass node access', 'administer content types', 'administer taxonomy', 'administer permissions', 'create page content', 'administer fields');
30
    $this->limited_user = $this->drupalCreateUser($admin_permissions);
31
    $all_rids = array_keys($this->limited_user->roles);
32
    sort($all_rids);
33
    $this->limited_rid = array_pop($all_rids);
34

    
35
    $admin_permissions[] = 'administer field permissions';
36
    $admin_permissions[] = 'administer users';
37
    $this->admin_user = $this->drupalCreateUser($admin_permissions);
38
    $all_rids = array_keys($this->admin_user->roles);
39
    sort($all_rids);
40
    $this->admin_rid = array_pop($all_rids);
41

    
42
    $this->drupalLogin($this->limited_user);
43
  }
44

    
45
  function testPermissionsUI() {
46
    // This depends on a page node type with a body field, standard install.
47
    // Could alternatively extend field_ui.test classes, but would be much
48
    // slower to run. Tradeoffs.
49
    $field_info = array(
50
      'admin_path' => 'admin/structure/types/manage/page/fields/body',
51
      'machine_name' => 'body',
52
      'add_path' => 'node/add/page',
53
      'name' => 'Body',
54
      'form_field' => 'body[und][0][value]',
55
      'value' => $this->randomName(),
56
    );
57

    
58
    // Check if we can see the field on the entity creation form.
59
    $this->drupalGet($field_info['add_path']);
60
    $this->assertText($field_info['name']);
61

    
62
    // Admin users cannot access field permissions without specifically being
63
    // granted the permission to do so.
64
    $this->drupalGet($field_info['admin_path']);
65
    $this->assertNoText(t('Field visibility and permissions'));
66

    
67
    // Switch to admin user who can see the field permissions UI.
68
    $this->drupalGet('user/logout');
69
    $this->drupalLogin($this->admin_user);
70
    $this->drupalGet($field_info['admin_path']);
71
    $this->assertText(t('Field visibility and permissions'));
72

    
73
    // == PUBLIC FIELD =========================================================
74

    
75
    $this->assertFieldChecked('edit-field-field-permissions-type-0');
76

    
77
    // Although simpletest could create a node for us, we are doing this directly
78
    // to ensure we have full control over the process. Given that we work with
79
    // field permissions.
80
    $this->drupalGet('user/logout');
81
    $this->drupalLogin($this->limited_user);
82
    $node1_values = array(
83
      'title' => $this->randomName(),
84
      $field_info['form_field'] => $field_info['value'],
85
    );
86
    $this->drupalPost($field_info['add_path'], $node1_values, t('Save'));
87
    $this->assertText($node1_values['title']);
88
    $this->assertText($field_info['value']);
89
    $url = $this->getUrl();
90
    $nid1 = preg_replace('!^.*node/(\d+)$!', '\1', $url);
91

    
92
    // Switch to admin user to check we can see the body.
93
    $this->drupalGet('user/logout');
94
    $this->drupalLogin($this->admin_user);
95
    $this->drupalGet('node/' . $nid1);
96
    $this->assertText($node1_values['title']);
97
    $this->assertText($field_info['value']);
98

    
99
    // And we can edit the title and body.
100
    $this->drupalGet('node/' . $nid1 . '/edit');
101
    $this->assertText('Title');
102
    $this->assertText($node1_values['title']);
103
    $this->assertText($field_info['name']);
104
    $this->assertText($field_info['value']);
105

    
106
    // == PRIVATE FIELD ========================================================
107

    
108
    // Switch to admin user to set field to private.
109
    $edit = array(
110
      'field[field_permissions][type]' => 1,
111
    );
112
    $this->drupalPost($field_info['admin_path'], $edit, t('Save settings'));
113

    
114
    // Now we should not have access to see or edit this field.
115
    $this->drupalGet('node/' . $nid1);
116
    $this->assertText($node1_values['title']);
117
    $this->assertNoText($field_info['value']);
118
    $this->drupalGet($field_info['add_path']);
119
    $this->assertText('Title');
120
    $this->assertText($field_info['name']);
121
    $this->drupalGet('node/' . $nid1 . '/edit');
122
    $this->assertText('Title');
123
    $this->assertNoText($field_info['name']);
124
    $this->assertNoText($field_info['value']);
125

    
126
    // Grant this user the Drupal core administrator role. This will give them
127
    // the 'access private fields' permission (tested here), and it also means
128
    // that when custom field permissions are created later on in this test,
129
    // the admin user will automatically get those permissions granted also.
130
    $user_admin_rid = variable_get('user_admin_role', 0);
131
    $edit = array(
132
      "roles[$user_admin_rid]" => TRUE,
133
    );
134
    $this->drupalPost('user/' . $this->admin_user->uid . '/edit', $edit, t('Save'));
135

    
136
    // Now we should have access to see or submit or edit this field again.
137
    $this->drupalGet('node/' . $nid1);
138
    $this->assertText($node1_values['title']);
139
    $this->assertText($field_info['value']);
140
    $this->drupalGet($field_info['add_path']);
141
    $this->assertText('Title');
142
    $this->assertText($field_info['name']);
143
    $this->drupalGet('node/' . $nid1 . '/edit');
144
    $this->assertText('Title');
145
    $this->assertText($field_info['name']);
146
    $this->assertText($field_info['value']);
147

    
148
    // == CUSTOM PERMISSIONS ===================================================
149

    
150
    // Introduce body creation permission.
151
    $edit = array(
152
      'field[field_permissions][type]' => 2,
153
    );
154
    $this->drupalPost($field_info['admin_path'], $edit, t('Save settings'));
155
    $this->drupalGet($field_info['admin_path']);
156
    $this->assertRaw(t('Create own value for field %field', array('%field' => $field_info['name'])));
157
    $this->assertRaw(t('Edit own value for field %field', array('%field' => $field_info['name'])));
158
    $this->assertRaw(t("Edit anyone's value for field %field", array('%field' => $field_info['name'])));
159
    $this->assertRaw(t('View own value for field %field', array('%field' => $field_info['name'])));
160
    $this->assertRaw(t("View anyone's value for field %field", array('%field' => $field_info['name'])));
161

    
162
    // See if we have that exposed on the permissions UI as well now.
163
    $this->drupalGet('admin/people/permissions');
164
    $this->assertText(t('Field Permissions'));
165
    $this->assertRaw(t('Create own value for field %field', array('%field' => $field_info['machine_name'])));
166
    $this->assertRaw(t('Edit own value for field %field', array('%field' => $field_info['machine_name'])));
167
    $this->assertRaw(t("Edit anyone's value for field %field", array('%field' => $field_info['machine_name'])));
168
    $this->assertRaw(t('View own value for field %field', array('%field' => $field_info['machine_name'])));
169
    $this->assertRaw(t("View anyone's value for field %field", array('%field' => $field_info['machine_name'])));
170

    
171
    // == CREATE ===============================================================
172

    
173
    // The admin user should have been automatically granted the create
174
    // permission, but the limited user shouldn't have it yet.
175
    $this->assertUserHasPermission($this->admin_user, 'create ' . $field_info['machine_name'], t('Admin user does have "create @field" permission.', array('@field' => $field_info['machine_name'])));
176
    $this->assertUserDoesNotHavePermission($this->limited_user, 'create ' . $field_info['machine_name'], t('Limited user does not have "create @field" permission.', array('@field' => $field_info['machine_name'])));
177

    
178
    // Should not see the field on the entity creation form anymore for limited_user.
179
    $this->drupalGet('user/logout');
180
    $this->drupalLogin($this->limited_user);
181
    $this->drupalGet($field_info['add_path']);
182
    $this->assertNoText($field_info['name']);
183

    
184
    // Grant body creation permission to limited users too.
185
    $edit = array(
186
      $this->limited_rid .'[create '. $field_info['machine_name'] .']' => TRUE,
187
    );
188
    $this->drupalPost('admin/people/permissions', $edit, t('Save permissions'));
189
    $this->assertUserHasPermission($this->admin_user, 'create ' . $field_info['machine_name'], t('Admin user does have "create @field" permission.', array('@field' => $field_info['machine_name'])));
190
    $this->assertUserHasPermission($this->limited_user, 'create ' . $field_info['machine_name'], t('Limited user does have "create @field" permission.', array('@field' => $field_info['machine_name'])));
191

    
192
    // Should see the field again on the entity creation form.
193
    $this->drupalGet($field_info['add_path']);
194
    $this->assertText($field_info['name']);
195

    
196
    // Although simpletest could create a node for us, we are doing this directly
197
    // to ensure we have full control over the process. Given that we work with
198
    // field permissions.
199
    $node2_values = array(
200
      'title' => $this->randomName(),
201
      $field_info['form_field'] => $field_info['value'],
202
    );
203
    $this->drupalPost($field_info['add_path'], $node2_values, t('Save'));
204
    $this->assertText($node2_values['title']);
205
    // The body will not yet be visible to this user.
206
    $this->assertNoText($field_info['value']);
207
    $url = $this->getUrl();
208
    $nid2 = preg_replace('!^.*node/(\d+)$!', '\1', $url);
209

    
210
    // Switch to admin user and prove she has access to body.
211
    $this->drupalGet('user/logout');
212
    $this->drupalLogin($this->admin_user);
213
    $this->drupalGet('node/' . $nid2);
214
    $this->assertText($node2_values['title']);
215
    $this->assertText($field_info['value']);
216

    
217
    // == VIEW =================================================================
218

    
219
    // Grant body view permission to limited users too.
220
    $edit = array(
221
      $this->limited_rid .'[view '. $field_info['machine_name'] .']' => TRUE,
222
    );
223
    $this->drupalPost('admin/people/permissions', $edit, t('Save permissions'));
224
    $this->assertUserHasPermission($this->admin_user, 'view ' . $field_info['machine_name'], t('Admin user does have "view @field" permission.', array('@field' => $field_info['machine_name'])));
225
    $this->assertUserHasPermission($this->limited_user, 'view ' . $field_info['machine_name'], t('Limited user does have "view @field" permission.', array('@field' => $field_info['machine_name'])));
226

    
227
    // Limited user can now see the field.
228
    $this->drupalGet('user/logout');
229
    $this->drupalLogin($this->limited_user);
230
    $this->drupalGet('node/' . $nid2);
231
    $this->assertText($node2_values['title']);
232
    $this->assertText($field_info['value']);
233

    
234
    // == EDIT =================================================================
235

    
236
    // We still don't have access to edit our field.
237
    $this->drupalGet('node/' . $nid2 . '/edit');
238
    $this->assertNoText($field_info['value']);
239

    
240
    // Switch to admin user to configure edit permissions.
241
    $this->drupalGet('user/logout');
242
    $this->drupalLogin($this->admin_user);
243

    
244
    // Ensure the editing screen now has the body.
245
    $this->drupalGet('node/' . $nid2 . '/edit');
246
    $this->assertText($field_info['value']);
247

    
248
    // Grant body editing permission for the limited role.
249
    $edit = array(
250
      $this->limited_rid .'[edit '. $field_info['machine_name'] .']' => TRUE,
251
    );
252
    $this->drupalPost('admin/people/permissions', $edit, t('Save permissions'));
253
    $this->assertUserHasPermission($this->admin_user, 'edit ' . $field_info['machine_name'], t('Admin user does have "edit @field" permission.', array('@field' => $field_info['machine_name'])));
254
    $this->assertUserHasPermission($this->limited_user, 'edit ' . $field_info['machine_name'], t('Limited user does have "edit @field" permission.', array('@field' => $field_info['machine_name'])));
255

    
256
    // Ensure the editing screen still has the body.
257
    $this->drupalGet('node/' . $nid2 . '/edit');
258
    $this->assertText($field_info['value']);
259

    
260
    // Switch to limited user to check that we can edit body now.
261
    $this->drupalGet('user/logout');
262
    $this->drupalLogin($this->limited_user);
263
    $this->drupalGet('node/' . $nid2 . '/edit');
264
    $this->assertText($field_info['value']);
265
  }
266

    
267
  function testUserFields() {
268
    // Create a field attached to users and make it appear on the user
269
    // registration form with (default) custom permissions.
270
    $this->drupalLogin($this->admin_user);
271
    $label = 'Field attached to users';
272
    $edit = array(
273
      'fields[_add_new_field][label]' => $label,
274
      'fields[_add_new_field][field_name]' => 'attached_to_users',
275
      'fields[_add_new_field][type]' => 'text',
276
      'fields[_add_new_field][widget_type]' => 'text_textfield',
277
    );
278
    $this->drupalPost('admin/config/people/accounts/fields',  $edit, t('Save'));
279
    $this->drupalPost(NULL, array(), t('Save field settings'));
280
    $edit = array(
281
      'field[field_permissions][type]' => 2,
282
      'instance[settings][user_register_form]' => TRUE,
283
    );
284
    $this->drupalPost(NULL, $edit, t('Save settings'));
285

    
286
    // Log out, go to the registration form and make sure the field appears
287
    // there for anonymous users.
288
    $this->drupalLogout();
289
    $this->drupalGet('user/register');
290
    $this->assertText($label);
291

    
292
    // Log in and make sure the user does not have access to edit the field
293
    // (i.e., there are only default permissions to create it).
294
    $this->drupalLogin($this->limited_user);
295
    $this->drupalGet('user/' . $this->limited_user->uid . '/edit');
296
    $this->assertResponse(200);
297
    $this->assertNoText($label);
298
  }
299

    
300
  /**
301
   * Asserts that a user account has a permission.
302
   */
303
  protected function assertUserHasPermission($account, $permission, $message) {
304
     $this->_assertUserPermissionState($account, $permission, $message, TRUE);
305
  }
306

    
307
  /**
308
   * Asserts that a user account does not have a permission.
309
   */
310
  protected function assertUserDoesNotHavePermission($account, $permission, $message) {
311
    $this->_assertUserPermissionState($account, $permission, $message, FALSE);
312
  }
313

    
314
  /**
315
   * Helper function for asserting user permissions.
316
   */
317
  protected function _assertUserPermissionState($account, $permission, $message, $should_have_permission) {
318
    // We need to clear static caches since the tests may have recently changed
319
    // the permissions via the UI (i.e., in a different thread than the one
320
    // running the tests).
321
    drupal_static_reset('user_access');
322
    drupal_static_reset('user_role_permissions');
323

    
324
    // Load the full user account, since we may have been provided an out of
325
    // date pseudo-account of the kind SimpleTest uses (e.g. as returned by
326
    // drupalCreateUser()), rather than an up to date object that actually
327
    // contains the full list of roles this user has been assigned.
328
    $full_account = user_load($account->uid);
329

    
330
    // Now check the permission.
331
    $has_permission = user_access($permission, $full_account);
332
    if ($should_have_permission) {
333
      $this->assertTrue($has_permission, $message);
334
    }
335
    else {
336
      $this->assertFalse($has_permission, $message);
337
    }
338
  }
339
}