Révision cf490feb
Ajouté par Assos Assos il y a environ 6 ans
drupal7/modules/file/tests/file.test | ||
---|---|---|
1626 | 1626 |
$this->drupalGet($file_url); |
1627 | 1627 |
$this->assertResponse(403, 'Confirmed that another anonymous user cannot access the permanent file when it is referenced by an unpublished node.'); |
1628 | 1628 |
} |
1629 |
|
|
1630 |
/** |
|
1631 |
* Tests file access for private nodes when file download access is granted. |
|
1632 |
*/ |
|
1633 |
function testPrivateFileDownloadAccessGranted() { |
|
1634 |
// Tell file_module_test to attempt to grant access to all private files, |
|
1635 |
// and ensure that it is doing so correctly. |
|
1636 |
$test_file = $this->getTestFile('text'); |
|
1637 |
$uri = file_unmanaged_move($test_file->uri, 'private://'); |
|
1638 |
$file_url = file_create_url($uri); |
|
1639 |
$this->drupalGet($file_url); |
|
1640 |
$this->assertResponse(403, 'Access is not granted to an arbitrary private file by default.'); |
|
1641 |
variable_set('file_module_test_grant_download_access', TRUE); |
|
1642 |
$this->drupalGet($file_url); |
|
1643 |
$this->assertResponse(200, 'Access is granted to an arbitrary private file after a module grants access to all private files in hook_file_download().'); |
|
1644 |
|
|
1645 |
// Create a public node with a file attached. |
|
1646 |
$type_name = 'page'; |
|
1647 |
$field_name = strtolower($this->randomName()); |
|
1648 |
$this->createFileField($field_name, $type_name, array('uri_scheme' => 'private')); |
|
1649 |
$test_file = $this->getTestFile('text'); |
|
1650 |
$nid = $this->uploadNodeFile($test_file, $field_name, $type_name, TRUE, array('private' => FALSE)); |
|
1651 |
$node = node_load($nid, NULL, TRUE); |
|
1652 |
$file_url = file_create_url($node->{$field_name}[LANGUAGE_NONE][0]['uri']); |
|
1653 |
|
|
1654 |
// Unpublish the node and ensure that only administrators (not anonymous |
|
1655 |
// users) can access the node and download the file; the expectation is |
|
1656 |
// that the File module's hook_file_download() implementation will deny |
|
1657 |
// access and thereby override the file_module_test module's access grant. |
|
1658 |
$node->status = NODE_NOT_PUBLISHED; |
|
1659 |
node_save($node); |
|
1660 |
$this->drupalLogin($this->admin_user); |
|
1661 |
$this->drupalGet("node/$nid"); |
|
1662 |
$this->assertResponse(200, 'Administrator can access the unpublished node.'); |
|
1663 |
$this->drupalGet($file_url); |
|
1664 |
$this->assertResponse(200, 'Administrator can download the file attached to the unpublished node.'); |
|
1665 |
$this->drupalLogOut(); |
|
1666 |
$this->drupalGet("node/$nid"); |
|
1667 |
$this->assertResponse(403, 'Anonymous user cannot access the unpublished node.'); |
|
1668 |
$this->drupalGet($file_url); |
|
1669 |
$this->assertResponse(403, 'Anonymous user cannot download the file attached to the unpublished node.'); |
|
1670 |
|
|
1671 |
// Re-publish the node and ensure that the node and file can be accessed by |
|
1672 |
// everyone. |
|
1673 |
$node->status = NODE_PUBLISHED; |
|
1674 |
node_save($node); |
|
1675 |
$this->drupalLogin($this->admin_user); |
|
1676 |
$this->drupalGet("node/$nid"); |
|
1677 |
$this->assertResponse(200, 'Administrator can access the published node.'); |
|
1678 |
$this->drupalGet($file_url); |
|
1679 |
$this->assertResponse(200, 'Administrator can download the file attached to the published node.'); |
|
1680 |
$this->drupalLogOut(); |
|
1681 |
$this->drupalGet("node/$nid"); |
|
1682 |
$this->assertResponse(200, 'Anonymous user can access the published node.'); |
|
1683 |
$this->drupalGet($file_url); |
|
1684 |
$this->assertResponse(200, 'Anonymous user can download the file attached to the published node.'); |
|
1685 |
|
|
1686 |
// Make the node private via the node access system and test that only |
|
1687 |
// administrators (not anonymous users) can access the node and download |
|
1688 |
// the file. |
|
1689 |
$node->private = TRUE; |
|
1690 |
node_save($node); |
|
1691 |
$this->drupalLogin($this->admin_user); |
|
1692 |
$this->drupalGet("node/$nid"); |
|
1693 |
$this->assertResponse(200, 'Administrator can access the private node.'); |
|
1694 |
$this->drupalGet($file_url); |
|
1695 |
$this->assertResponse(200, 'Administrator can download the file attached to the private node.'); |
|
1696 |
$this->drupalLogOut(); |
|
1697 |
$this->drupalGet("node/$nid"); |
|
1698 |
$this->assertResponse(403, 'Anonymous user cannot access the private node.'); |
|
1699 |
$this->drupalGet($file_url); |
|
1700 |
$this->assertResponse(403, 'Anonymous user cannot download the file attached to the private node.'); |
|
1701 |
} |
|
1629 | 1702 |
} |
1630 | 1703 |
|
1631 | 1704 |
/** |
Formats disponibles : Unified diff
Update to 7.57