1 |
c2ac6d1d
|
Assos Assos
|
<?php
|
2 |
|
|
|
3 |
|
|
/**
|
4 |
|
|
* @file
|
5 |
|
|
* Tests for the nodeaccess module.
|
6 |
|
|
*/
|
7 |
|
|
|
8 |
|
|
/**
|
9 |
|
|
* Tests the functionality of the nodeaccess module.
|
10 |
|
|
*/
|
11 |
|
|
class NodeaccesssPublishTestCase extends DrupalWebTestCase {
|
12 |
|
|
|
13 |
|
|
// Nodes.
|
14 |
|
|
protected $authored_node;
|
15 |
|
|
protected $published_node;
|
16 |
|
|
protected $unpublished_node;
|
17 |
|
|
|
18 |
|
|
// Users.
|
19 |
|
|
protected $admin_user;
|
20 |
|
|
protected $author_user;
|
21 |
|
|
protected $basic_user;
|
22 |
|
|
|
23 |
|
|
// Default Grant.
|
24 |
|
|
protected $grant;
|
25 |
|
|
|
26 |
|
|
/**
|
27 |
|
|
* Enable the nodeaccess module. Add type grant for pages. Rebuild perms.
|
28 |
|
|
*/
|
29 |
|
|
public function setUp() {
|
30 |
|
|
parent::setUp('nodeaccess');
|
31 |
|
|
|
32 |
|
|
user_role_grant_permissions(DRUPAL_ANONYMOUS_RID, array('access content'));
|
33 |
|
|
|
34 |
|
|
nodeaccess_add_type_grant('page');
|
35 |
|
|
|
36 |
|
|
// Let's create a sample authenticated user with basic permissions.
|
37 |
|
|
$this->basic_user = $this->drupalCreateUser(array('access content'));
|
38 |
|
|
|
39 |
|
|
// Let's create a sample author-type user.
|
40 |
|
|
$this->author_user = $this->drupalCreateUser(array('access content', 'view own unpublished content'));
|
41 |
|
|
|
42 |
|
|
// Let's create a more admin-type user.
|
43 |
|
|
$this->admin_user = $this->drupalCreateUser(array('access content', 'bypass node access'));
|
44 |
|
|
|
45 |
|
|
// Create a published page node, authored by admin.
|
46 |
|
|
$this->published_node = $this->drupalCreateNode(array('type' => 'page', 'uid' => 1));
|
47 |
|
|
|
48 |
|
|
// Create an unpublished page node, authored by admin.
|
49 |
|
|
$this->unpublished_node = $this->drupalCreateNode(array('type' => 'page', 'uid' => 1, 'status' => 0));
|
50 |
|
|
|
51 |
|
|
// Create an unpublished page node, authored by author.
|
52 |
|
|
$this->authored_node = $this->drupalCreateNode(array('type' => 'page', 'uid' => $this->author_user->uid, 'status' => 0));
|
53 |
|
|
|
54 |
|
|
$this->grant = array(
|
55 |
|
|
array(
|
56 |
|
|
'gid' => DRUPAL_ANONYMOUS_RID,
|
57 |
|
|
'realm' => 'nodeaccess_rid',
|
58 |
|
|
'grant_view' => 1,
|
59 |
|
|
'grant_update' => 0,
|
60 |
|
|
'grant_delete' => 0,
|
61 |
|
|
),
|
62 |
|
|
array(
|
63 |
|
|
'gid' => DRUPAL_AUTHENTICATED_RID,
|
64 |
|
|
'realm' => 'nodeaccess_rid',
|
65 |
|
|
'grant_view' => 1,
|
66 |
|
|
'grant_update' => 0,
|
67 |
|
|
'grant_delete' => 0,
|
68 |
|
|
),
|
69 |
|
|
);
|
70 |
|
|
|
71 |
|
|
node_access_rebuild();
|
72 |
|
|
}
|
73 |
|
|
|
74 |
|
|
/**
|
75 |
|
|
* Provide some information about this test case.
|
76 |
|
|
*/
|
77 |
|
|
public static function getInfo() {
|
78 |
|
|
return array(
|
79 |
|
|
'name' => 'Nodeaccess node status based tests.',
|
80 |
|
|
'description' => 'Tests nodes are correctly hidden based on node published status.',
|
81 |
|
|
'group' => 'Nodeaccess',
|
82 |
|
|
);
|
83 |
|
|
}
|
84 |
|
|
|
85 |
|
|
/**
|
86 |
|
|
* Test standard, published node visibility.
|
87 |
|
|
*/
|
88 |
|
|
public function testPublishedView() {
|
89 |
|
|
|
90 |
|
|
nodeaccess_set_grants($this->published_node, $this->grant);
|
91 |
|
|
|
92 |
|
|
// Baseline, should be visible by all users, including anon.
|
93 |
|
|
$this->drupalGet("node/{$this->published_node->nid}");
|
94 |
|
|
$this->assertResponse(200, 'Anonymous user is allowed to view the content.');
|
95 |
|
|
|
96 |
|
|
// Authenticated User
|
97 |
|
|
$this->drupalLogin($this->basic_user);
|
98 |
|
|
$this->drupalGet("node/{$this->published_node->nid}");
|
99 |
|
|
$this->assertResponse(200, 'Authenticated user is allowed to view the content.');
|
100 |
|
|
$this->drupalLogout();
|
101 |
|
|
|
102 |
|
|
// Author User
|
103 |
|
|
$this->drupalLogin($this->author_user);
|
104 |
|
|
$this->drupalGet("node/{$this->published_node->nid}");
|
105 |
|
|
$this->assertResponse(200, 'Author user is allowed to view the content.');
|
106 |
|
|
$this->drupalLogout();
|
107 |
|
|
|
108 |
|
|
// Admin User
|
109 |
|
|
$this->drupalLogin($this->admin_user);
|
110 |
|
|
$this->drupalGet("node/{$this->published_node->nid}");
|
111 |
|
|
$this->assertResponse(200, 'Admin user is allowed to view the content.');
|
112 |
|
|
$this->drupalLogout();
|
113 |
|
|
|
114 |
|
|
}
|
115 |
|
|
|
116 |
|
|
/**
|
117 |
|
|
* Test unpublished node visibility.
|
118 |
|
|
*/
|
119 |
|
|
public function testUnpublishedView() {
|
120 |
|
|
nodeaccess_set_grants($this->unpublished_node, $this->grant);
|
121 |
|
|
|
122 |
|
|
// Anonymous users should NOT see the content.
|
123 |
|
|
$this->drupalGet("node/{$this->unpublished_node->nid}");
|
124 |
|
|
$this->assertResponse(403, 'Anonymous user is not allowed to view the unpublished content.');
|
125 |
|
|
|
126 |
|
|
// Authenticated User, should NOT see content.
|
127 |
|
|
$this->drupalLogin($this->basic_user);
|
128 |
|
|
$this->drupalGet("node/{$this->unpublished_node->nid}");
|
129 |
|
|
$this->assertResponse(403, 'Authenticated user is not allowed to view the unpublished content.');
|
130 |
|
|
$this->drupalLogout();
|
131 |
|
|
|
132 |
|
|
// Author User, should NOT see the content, not author of this node.
|
133 |
|
|
$this->drupalLogin($this->author_user);
|
134 |
|
|
$this->drupalGet("node/{$this->unpublished_node->nid}");
|
135 |
|
|
$this->assertResponse(403, 'Author user is not allowed to view the unpublished content.');
|
136 |
|
|
$this->drupalLogout();
|
137 |
|
|
|
138 |
|
|
// Admin User should see content, has administer content permission.
|
139 |
|
|
$this->drupalLogin($this->admin_user);
|
140 |
|
|
$this->drupalGet("node/{$this->unpublished_node->nid}");
|
141 |
|
|
$this->assertResponse(200, 'Admin user is allowed to view the unpublished content (bypass).');
|
142 |
|
|
$this->drupalLogout();
|
143 |
|
|
|
144 |
|
|
}
|
145 |
|
|
|
146 |
|
|
/**
|
147 |
|
|
* Test unpublished node visibility.
|
148 |
|
|
*/
|
149 |
|
|
public function testAuthoredView() {
|
150 |
|
|
nodeaccess_set_grants($this->authored_node, $this->grant);
|
151 |
|
|
|
152 |
|
|
// Anonymous users should NOT see the content.
|
153 |
|
|
$this->drupalGet("node/{$this->authored_node->nid}");
|
154 |
|
|
$this->assertResponse(403, 'Anonymous user is not allowed to view the unpublished content.');
|
155 |
|
|
|
156 |
|
|
// Authenticated User, should NOT see content.
|
157 |
|
|
$this->drupalLogin($this->basic_user);
|
158 |
|
|
$this->drupalGet("node/{$this->authored_node->nid}");
|
159 |
|
|
$this->assertResponse(403, 'Authenticated user is not allowed to view the unpublished content.');
|
160 |
|
|
$this->drupalLogout();
|
161 |
|
|
|
162 |
|
|
// Author User, should NOT see the content, not author of this node.
|
163 |
|
|
$this->drupalLogin($this->author_user);
|
164 |
|
|
$this->drupalGet("node/{$this->authored_node->nid}");
|
165 |
|
|
$this->assertResponse(200, 'Author user is allowed to view their own unpublished content.');
|
166 |
|
|
$this->drupalLogout();
|
167 |
|
|
|
168 |
|
|
// Admin User should see content, has administer content permission.
|
169 |
|
|
$this->drupalLogin($this->admin_user);
|
170 |
|
|
$this->drupalGet("node/{$this->authored_node->nid}");
|
171 |
|
|
$this->assertResponse(200, 'Admin user is allowed to view the unpublished content (bypass).');
|
172 |
|
|
$this->drupalLogout();
|
173 |
|
|
|
174 |
|
|
}
|
175 |
|
|
|
176 |
|
|
|
177 |
|
|
|
178 |
|
|
} |