Révision dd54aff9
Ajouté par Assos Assos il y a plus de 10 ans
htmltest/sites/all/modules/entity/entity.test | ||
---|---|---|
997 | 997 |
|
998 | 998 |
// Test field level access. |
999 | 999 |
$this->assertTrue($wrapper->{$this->field_name}->access('view'), 'Field access granted.'); |
1000 |
|
|
1001 |
// Create node owned by anonymous and test access() method on each of its |
|
1002 |
// properties. |
|
1003 |
$node = $this->drupalCreateNode(array('type' => 'page', 'uid' => 0)); |
|
1004 |
$wrapper = entity_metadata_wrapper('node', $node->nid); |
|
1005 |
foreach ($wrapper as $name => $property) { |
|
1006 |
$property->access('view'); |
|
1007 |
} |
|
1008 |
|
|
1009 |
// Property access of entity references takes entity access into account. |
|
1010 |
$node = $this->drupalCreateNode(array('type' => 'article')); |
|
1011 |
$wrapper = entity_metadata_wrapper('node', $node); |
|
1012 |
$unprivileged_user = $this->drupalCreateUser(); |
|
1013 |
$privileged_user = $this->drupalCreateUser(array('access user profiles')); |
|
1014 |
|
|
1015 |
$this->assertTrue($wrapper->author->access('view', $privileged_user)); |
|
1016 |
$this->assertFalse($wrapper->author->access('view', $unprivileged_user)); |
|
1017 |
|
|
1018 |
// Ensure the same works with multiple entity references by testing the |
|
1019 |
// $node->field_tags example. |
|
1020 |
$privileged_user = $this->drupalCreateUser(array('administer taxonomy')); |
|
1021 |
// Terms are view-able with access content, so make sure to remove this |
|
1022 |
// permission first. |
|
1023 |
user_role_revoke_permissions(DRUPAL_ANONYMOUS_RID, array('access content')); |
|
1024 |
$unprivileged_user = drupal_anonymous_user(); |
|
1025 |
|
|
1026 |
$this->assertTrue($wrapper->field_tags->access('view', $privileged_user), 'Privileged user has access.'); |
|
1027 |
$this->assertTrue($wrapper->field_tags->access('view', $unprivileged_user), 'Unprivileged user has access.'); |
|
1028 |
$this->assertTrue($wrapper->field_tags[0]->access('view', $privileged_user), 'Privileged user has access.'); |
|
1029 |
$this->assertFalse($wrapper->field_tags[0]->access('view', $unprivileged_user), 'Unprivileged user has no access.'); |
|
1000 | 1030 |
} |
1001 | 1031 |
|
1002 | 1032 |
/** |
... | ... | |
1087 | 1117 |
} |
1088 | 1118 |
} |
1089 | 1119 |
|
1120 |
/** |
|
1121 |
* Tests basic entity_access() functionality for nodes. |
|
1122 |
* |
|
1123 |
* This code is a modified version of NodeAccessTestCase. |
|
1124 |
* |
|
1125 |
* @see NodeAccessTestCase |
|
1126 |
*/ |
|
1127 |
class EntityMetadataNodeAccessTestCase extends EntityWebTestCase { |
|
1128 |
public static function getInfo() { |
|
1129 |
return array( |
|
1130 |
'name' => 'Entity Metadata Node Access', |
|
1131 |
'description' => 'Test entity_access() for nodes', |
|
1132 |
'group' => 'Entity API', |
|
1133 |
); |
|
1134 |
} |
|
1135 |
|
|
1136 |
/** |
|
1137 |
* Asserts node_access() correctly grants or denies access. |
|
1138 |
*/ |
|
1139 |
function assertNodeMetadataAccess($ops, $node, $account) { |
|
1140 |
foreach ($ops as $op => $result) { |
|
1141 |
$msg = t("entity_access() returns @result with operation '@op'.", array('@result' => $result ? 'TRUE' : 'FALSE', '@op' => $op)); |
|
1142 |
$access = entity_access($op, 'node', $node, $account); |
|
1143 |
$this->assertEqual($result, $access, $msg); |
|
1144 |
} |
|
1145 |
} |
|
1146 |
|
|
1147 |
function setUp() { |
|
1148 |
parent::setUp('entity', 'node'); |
|
1149 |
// Clear permissions for authenticated users. |
|
1150 |
db_delete('role_permission') |
|
1151 |
->condition('rid', DRUPAL_AUTHENTICATED_RID) |
|
1152 |
->execute(); |
|
1153 |
} |
|
1154 |
|
|
1155 |
/** |
|
1156 |
* Runs basic tests for entity_access() function. |
|
1157 |
*/ |
|
1158 |
function testNodeMetadataAccess() { |
|
1159 |
// Author user. |
|
1160 |
$node_author_account = $this->drupalCreateUser(array()); |
|
1161 |
// Make a node object. |
|
1162 |
$settings = array( |
|
1163 |
'uid' => $node_author_account->uid, |
|
1164 |
'type' => 'page', |
|
1165 |
'title' => 'Node ' . $this->randomName(32), |
|
1166 |
); |
|
1167 |
$node = $this->drupalCreateNode($settings); |
|
1168 |
|
|
1169 |
// Ensures user without 'access content' permission can do nothing. |
|
1170 |
$web_user1 = $this->drupalCreateUser(array('create page content', 'edit any page content', 'delete any page content')); |
|
1171 |
$this->assertNodeMetadataAccess(array('create' => FALSE, 'view' => FALSE, 'update' => FALSE, 'delete' => FALSE), $node, $web_user1); |
|
1172 |
|
|
1173 |
// Ensures user with 'bypass node access' permission can do everything. |
|
1174 |
$web_user2 = $this->drupalCreateUser(array('bypass node access')); |
|
1175 |
$this->assertNodeMetadataAccess(array('create' => TRUE, 'view' => TRUE, 'update' => TRUE, 'delete' => TRUE), $node, $web_user2); |
|
1176 |
|
|
1177 |
// User cannot 'view own unpublished content'. |
|
1178 |
$web_user3 = $this->drupalCreateUser(array('access content')); |
|
1179 |
// Create an unpublished node. |
|
1180 |
$settings = array('type' => 'page', 'status' => 0, 'uid' => $web_user3->uid); |
|
1181 |
$node_unpublished = $this->drupalCreateNode($settings); |
|
1182 |
$this->assertNodeMetadataAccess(array('view' => FALSE), $node_unpublished, $web_user3); |
|
1183 |
// User cannot create content without permission. |
|
1184 |
$this->assertNodeMetadataAccess(array('create' => FALSE), $node, $web_user3); |
|
1185 |
|
|
1186 |
// User can 'view own unpublished content', but another user cannot. |
|
1187 |
$web_user4 = $this->drupalCreateUser(array('access content', 'view own unpublished content')); |
|
1188 |
$web_user5 = $this->drupalCreateUser(array('access content', 'view own unpublished content')); |
|
1189 |
$node4 = $this->drupalCreateNode(array('status' => 0, 'uid' => $web_user4->uid)); |
|
1190 |
$this->assertNodeMetadataAccess(array('view' => TRUE, 'update' => FALSE), $node4, $web_user4); |
|
1191 |
$this->assertNodeMetadataAccess(array('view' => FALSE), $node4, $web_user5); |
|
1192 |
|
|
1193 |
// Tests the default access provided for a published node. |
|
1194 |
$node5 = $this->drupalCreateNode(); |
|
1195 |
$this->assertNodeMetadataAccess(array('view' => TRUE, 'update' => FALSE, 'delete' => FALSE, 'create' => FALSE), $node5, $web_user3); |
|
1196 |
} |
|
1197 |
} |
|
1198 |
|
|
1199 |
/** |
|
1200 |
* Test user permissions for node creation. |
|
1201 |
*/ |
|
1202 |
class EntityMetadataNodeCreateAccessTestCase extends EntityWebTestCase { |
|
1203 |
public static function getInfo() { |
|
1204 |
return array( |
|
1205 |
'name' => 'Entity Metadata Node Create Access', |
|
1206 |
'description' => 'Test entity_access() for nodes', |
|
1207 |
'group' => 'Entity API', |
|
1208 |
); |
|
1209 |
} |
|
1210 |
|
|
1211 |
function setUp() { |
|
1212 |
parent::setUp('entity', 'node'); |
|
1213 |
} |
|
1214 |
|
|
1215 |
/** |
|
1216 |
* Addresses the special case of 'create' access for nodes. |
|
1217 |
*/ |
|
1218 |
public function testNodeMetadataCreateAccess() { |
|
1219 |
// Create some users. One with super-powers, one with create perms, |
|
1220 |
// and one with no perms, and a different one to author the node. |
|
1221 |
$admin_account = $this->drupalCreateUser(array( |
|
1222 |
'bypass node access', |
|
1223 |
)); |
|
1224 |
$creator_account = $this->drupalCreateUser(array( |
|
1225 |
'create page content', |
|
1226 |
)); |
|
1227 |
$auth_only_account = $this->drupalCreateUser(array()); |
|
1228 |
$node_author_account = $this->drupalCreateUser(array()); |
|
1229 |
|
|
1230 |
// Make a node object with Entity API (contrib) |
|
1231 |
$settings = array( |
|
1232 |
'uid' => $node_author_account->uid, |
|
1233 |
'type' => 'page', |
|
1234 |
'title' => $this->randomName(32), |
|
1235 |
'body' => array(LANGUAGE_NONE => array(array($this->randomName(64)))), |
|
1236 |
); |
|
1237 |
$node = entity_create('node', $settings); |
|
1238 |
|
|
1239 |
// Test the populated wrapper. |
|
1240 |
$wrapper = entity_metadata_wrapper('node', $node); |
|
1241 |
$this->assertTrue($wrapper->entityAccess('create', $admin_account), 'Create access allowed for ADMIN, for populated wrapper.'); |
|
1242 |
$this->assertTrue($wrapper->entityAccess('create', $creator_account), 'Create access allowed for CREATOR, for populated wrapper.'); |
|
1243 |
$this->assertFalse($wrapper->entityAccess('create', $auth_only_account), 'Create access denied for USER, for populated wrapper.'); |
|
1244 |
|
|
1245 |
// Test entity_acces(). |
|
1246 |
$this->assertTrue(entity_access('create', 'node', $node, $admin_account), 'Create access allowed for ADMIN, for entity_access().'); |
|
1247 |
$this->assertTrue(entity_access('create', 'node', $node, $creator_account), 'Create access allowed for CREATOR, for entity_access().'); |
|
1248 |
$this->assertFalse(entity_access('create', 'node', $node, $auth_only_account), 'Create access denied for USER, for entity_access().'); |
|
1249 |
} |
|
1250 |
} |
|
1251 |
|
|
1252 |
/** |
|
1253 |
* Tests user permissions for node revisions. |
|
1254 |
* |
|
1255 |
* Based almost entirely on NodeRevisionPermissionsTestCase. |
|
1256 |
*/ |
|
1257 |
class EntityMetadataNodeRevisionAccessTestCase extends DrupalWebTestCase { |
|
1258 |
protected $node_revisions = array(); |
|
1259 |
protected $accounts = array(); |
|
1260 |
|
|
1261 |
// Map revision permission names to node revision access ops. |
|
1262 |
protected $map = array( |
|
1263 |
'view' => 'view revisions', |
|
1264 |
'update' => 'revert revisions', |
|
1265 |
'delete' => 'delete revisions', |
|
1266 |
); |
|
1267 |
|
|
1268 |
public static function getInfo() { |
|
1269 |
return array( |
|
1270 |
'name' => 'Entity Metadata Node Revision Access', |
|
1271 |
'description' => 'Tests user permissions for node revision operations.', |
|
1272 |
'group' => 'Entity API', |
|
1273 |
); |
|
1274 |
} |
|
1275 |
|
|
1276 |
function setUp() { |
|
1277 |
parent::setUp('entity', 'node'); |
|
1278 |
|
|
1279 |
// Create a node with several revisions. |
|
1280 |
$node = $this->drupalCreateNode(); |
|
1281 |
$this->node_revisions[] = $node; |
|
1282 |
|
|
1283 |
for ($i = 0; $i < 3; $i++) { |
|
1284 |
// Create a revision for the same nid and settings with a random log. |
|
1285 |
$revision = node_load($node->nid); |
|
1286 |
$revision->revision = 1; |
|
1287 |
$revision->log = $this->randomName(32); |
|
1288 |
node_save($revision); |
|
1289 |
$this->node_revisions[] = node_load($revision->nid); |
|
1290 |
} |
|
1291 |
|
|
1292 |
// Create three users, one with each revision permission. |
|
1293 |
foreach ($this->map as $op => $permission) { |
|
1294 |
// Create the user. |
|
1295 |
$account = $this->drupalCreateUser( |
|
1296 |
array( |
|
1297 |
'access content', |
|
1298 |
'edit any page content', |
|
1299 |
'delete any page content', |
|
1300 |
$permission, |
|
1301 |
) |
|
1302 |
); |
|
1303 |
$account->op = $op; |
|
1304 |
$this->accounts[] = $account; |
|
1305 |
} |
|
1306 |
|
|
1307 |
// Create an admin account (returns TRUE for all revision permissions). |
|
1308 |
$admin_account = $this->drupalCreateUser(array('access content', 'administer nodes')); |
|
1309 |
$admin_account->is_admin = TRUE; |
|
1310 |
$this->accounts['admin'] = $admin_account; |
|
1311 |
|
|
1312 |
// Create a normal account (returns FALSE for all revision permissions). |
|
1313 |
$normal_account = $this->drupalCreateUser(); |
|
1314 |
$normal_account->op = FALSE; |
|
1315 |
$this->accounts[] = $normal_account; |
|
1316 |
} |
|
1317 |
|
|
1318 |
/** |
|
1319 |
* Tests the entity_access() function for revisions. |
|
1320 |
*/ |
|
1321 |
function testNodeRevisionAccess() { |
|
1322 |
// $node_revisions[1] won't be the latest revision. |
|
1323 |
$revision = $this->node_revisions[1]; |
|
1324 |
|
|
1325 |
$parameters = array( |
|
1326 |
'op' => array_keys($this->map), |
|
1327 |
'account' => $this->accounts, |
|
1328 |
); |
|
1329 |
|
|
1330 |
$permutations = $this->generatePermutations($parameters); |
|
1331 |
$entity_type = 'node'; |
|
1332 |
foreach ($permutations as $case) { |
|
1333 |
if (!empty($case['account']->is_admin) || $case['op'] == $case['account']->op) { |
|
1334 |
$access = entity_access($case['op'], $entity_type, $revision, $case['account']); |
|
1335 |
$this->assertTrue($access, "{$this->map[$case['op']]} granted on $entity_type."); |
|
1336 |
} |
|
1337 |
else { |
|
1338 |
$access = entity_access($case['op'], $entity_type, $revision, $case['account']); |
|
1339 |
$this->assertFalse($access, "{$this->map[$case['op']]} NOT granted on $entity_type."); |
|
1340 |
} |
|
1341 |
} |
|
1342 |
} |
|
1343 |
} |
|
1344 |
|
|
1090 | 1345 |
/** |
1091 | 1346 |
* Tests provided entity property info of the core modules. |
1092 | 1347 |
*/ |
... | ... | |
1202 | 1457 |
*/ |
1203 | 1458 |
function testBookModule() { |
1204 | 1459 |
$title = 'Book 1'; |
1205 |
$node = $this->drupalCreateNode(array('title' => $title, 'type' => 'book')); |
|
1206 |
$node2 = $this->drupalCreateNode(array('type' => 'book', 'book' => array('bid' => $node->nid))); |
|
1460 |
$node = $this->drupalCreateNode(array('title' => $title, 'type' => 'book', 'book' => array('bid' => 'new'))); |
|
1461 |
$book = array('bid' => $node->nid, 'plid' => $node->book['mlid']); |
|
1462 |
$node2 = $this->drupalCreateNode(array('type' => 'book', 'book' => $book)); |
|
1207 | 1463 |
$node3 = $this->drupalCreateNode(array('type' => 'page')); |
1208 | 1464 |
|
1209 | 1465 |
// Test whether the properties work. |
1210 | 1466 |
$wrapper = entity_metadata_wrapper('node', $node2); |
1211 |
$this->assertEqual("Book 1", $wrapper->book->title->value(), "Book title returned."); |
|
1467 |
$this->assertEqual($title, $wrapper->book->title->value(), "Book title returned."); |
|
1468 |
$this->assertEqual(array($node->nid), $wrapper->book_ancestors->value(array('identifier' => TRUE)), "Book ancestors returned."); |
|
1212 | 1469 |
$this->assertEqual($node->nid, $wrapper->book->nid->value(), "Book id returned."); |
1213 | 1470 |
|
1214 | 1471 |
// Try using book properties for no book nodes. |
1215 | 1472 |
$wrapper = entity_metadata_wrapper('node', $node3); |
1216 | 1473 |
$this->assertException($wrapper, 'book'); |
1474 |
$this->assertException($wrapper, 'book_ancestors'); |
|
1217 | 1475 |
} |
1218 | 1476 |
|
1219 | 1477 |
/** |
... | ... | |
1222 | 1480 |
function testComments() { |
1223 | 1481 |
$title = 'Node 1'; |
1224 | 1482 |
$node = $this->drupalCreateNode(array('title' => $title, 'type' => 'page')); |
1225 |
$account = $this->drupalCreateUser();
|
|
1483 |
$author = $this->drupalCreateUser(array('access comments', 'post comments', 'edit own comments'));
|
|
1226 | 1484 |
$comment = (object)array( |
1227 | 1485 |
'subject' => 'topic', |
1228 | 1486 |
'nid' => $node->nid, |
1229 |
'uid' => $account->uid,
|
|
1487 |
'uid' => $author->uid,
|
|
1230 | 1488 |
'cid' => FALSE, |
1231 | 1489 |
'pid' => 0, |
1232 | 1490 |
'homepage' => '', |
... | ... | |
1242 | 1500 |
} |
1243 | 1501 |
} |
1244 | 1502 |
$this->assertEmpty($wrapper, 'parent'); |
1503 |
|
|
1504 |
// Test comment entity access. |
|
1505 |
$admin_user = $this->drupalCreateUser(array('access comments', 'administer comments')); |
|
1506 |
// Also grant access to view user accounts to test the comment author |
|
1507 |
// property. |
|
1508 |
$unprivileged_user = $this->drupalCreateUser(array('access comments', 'access user profiles')); |
|
1509 |
// Published comments can be viewed and edited by the author. |
|
1510 |
$this->assertTrue($wrapper->access('view', $author), 'Comment author is allowed to view the published comment.'); |
|
1511 |
$this->assertTrue($wrapper->access('edit', $author), 'Comment author is allowed to edit the published comment.'); |
|
1512 |
// We cannot use $wrapper->access('delete') here because it only understands |
|
1513 |
// view and edit. |
|
1514 |
$this->assertFalse(entity_access('delete', 'comment', $comment, $author), 'Comment author is not allowed to delete the published comment.'); |
|
1515 |
|
|
1516 |
// Administrators can do anything with published comments. |
|
1517 |
$this->assertTrue($wrapper->access('view', $admin_user), 'Comment administrator is allowed to view the published comment.'); |
|
1518 |
$this->assertTrue($wrapper->access('edit', $admin_user), 'Comment administrator is allowed to edit the published comment.'); |
|
1519 |
$this->assertTrue(entity_access('delete', 'comment', $comment, $admin_user), 'Comment administrator is allowed to delete the published comment.'); |
|
1520 |
|
|
1521 |
// Unpriviledged users can only view the published comment. |
|
1522 |
$this->assertTrue($wrapper->access('view', $unprivileged_user), 'Unprivileged user is allowed to view the published comment.'); |
|
1523 |
$this->assertFalse($wrapper->access('edit', $unprivileged_user), 'Unprivileged user is not allowed to edit the published comment.'); |
|
1524 |
$this->assertFalse(entity_access('delete', 'comment', $comment, $unprivileged_user), 'Unprivileged user is not allowed to delete the published comment.'); |
|
1525 |
|
|
1526 |
// Test property view access. |
|
1527 |
$view_access = array('name', 'homepage', 'subject', 'created', 'author', 'node', 'parent', 'url', 'edit_url'); |
|
1528 |
foreach ($view_access as $property_name) { |
|
1529 |
$this->assertTrue($wrapper->{$property_name}->access('view', $unprivileged_user), "Unpriviledged user can view the $property_name property."); |
|
1530 |
} |
|
1531 |
|
|
1532 |
$view_denied = array('hostname', 'mail', 'status'); |
|
1533 |
foreach ($view_denied as $property_name) { |
|
1534 |
$this->assertFalse($wrapper->{$property_name}->access('view', $unprivileged_user), "Unpriviledged user can not view the $property_name property."); |
|
1535 |
$this->assertTrue($wrapper->{$property_name}->access('view', $admin_user), "Admin user can view the $property_name property."); |
|
1536 |
} |
|
1537 |
|
|
1538 |
// The author is allowed to edit the comment subject if they have the |
|
1539 |
// 'edit own comments' permission. |
|
1540 |
$this->assertTrue($wrapper->subject->access('edit', $author), "Author can edit the subject property."); |
|
1541 |
$this->assertFalse($wrapper->subject->access('edit', $unprivileged_user), "Unpriviledged user cannot edit the subject property."); |
|
1542 |
$this->assertTrue($wrapper->subject->access('edit', $admin_user), "Admin user can edit the subject property."); |
|
1543 |
|
|
1544 |
$edit_denied = array('hostname', 'mail', 'status', 'name', 'homepage', 'created', 'parent', 'node', 'author'); |
|
1545 |
foreach ($edit_denied as $property_name) { |
|
1546 |
$this->assertFalse($wrapper->{$property_name}->access('edit', $author), "Author cannot edit the $property_name property."); |
|
1547 |
$this->assertTrue($wrapper->{$property_name}->access('edit', $admin_user), "Admin user can edit the $property_name property."); |
|
1548 |
} |
|
1549 |
|
|
1550 |
// Test access to unpublished comments. |
|
1551 |
$comment->status = COMMENT_NOT_PUBLISHED; |
|
1552 |
comment_save($comment); |
|
1553 |
|
|
1554 |
// Unpublished comments cannot be accessed by the author. |
|
1555 |
$this->assertFalse($wrapper->access('view', $author), 'Comment author is not allowed to view the unpublished comment.'); |
|
1556 |
$this->assertFalse($wrapper->access('edit', $author), 'Comment author is not allowed to edit the unpublished comment.'); |
|
1557 |
$this->assertFalse(entity_access('delete', 'comment', $comment, $author), 'Comment author is not allowed to delete the unpublished comment.'); |
|
1558 |
|
|
1559 |
// Administrators can do anything with unpublished comments. |
|
1560 |
$this->assertTrue($wrapper->access('view', $admin_user), 'Comment administrator is allowed to view the unpublished comment.'); |
|
1561 |
$this->assertTrue($wrapper->access('edit', $admin_user), 'Comment administrator is allowed to edit the unpublished comment.'); |
|
1562 |
$this->assertTrue(entity_access('delete', 'comment', $comment, $admin_user), 'Comment administrator is allowed to delete the unpublished comment.'); |
|
1563 |
|
|
1564 |
// Unpriviledged users cannot access unpublished comments. |
|
1565 |
$this->assertFalse($wrapper->access('view', $unprivileged_user), 'Unprivileged user is not allowed to view the unpublished comment.'); |
|
1566 |
$this->assertFalse($wrapper->access('edit', $unprivileged_user), 'Unprivileged user is not allowed to edit the unpublished comment.'); |
|
1567 |
$this->assertFalse(entity_access('delete', 'comment', $comment, $unprivileged_user), 'Unprivileged user is not allowed to delete the unpublished comment.'); |
|
1245 | 1568 |
} |
1246 | 1569 |
|
1247 | 1570 |
/** |
... | ... | |
1252 | 1575 |
$node = $this->drupalCreateNode(array('title' => $title, 'type' => 'page')); |
1253 | 1576 |
$wrapper = entity_metadata_wrapper('node', $node); |
1254 | 1577 |
foreach ($wrapper as $key => $value) { |
1255 |
if ($key != 'book' && $key != 'source' && $key != 'last_view') { |
|
1578 |
if ($key != 'book' && $key != 'book_ancestors' && $key != 'source' && $key != 'last_view') {
|
|
1256 | 1579 |
$this->assertValue($wrapper, $key); |
1257 | 1580 |
} |
1258 | 1581 |
} |
1259 | 1582 |
$this->assertException($wrapper, 'book'); |
1583 |
$this->assertException($wrapper, 'book_ancestors'); |
|
1260 | 1584 |
$this->assertEmpty($wrapper, 'source'); |
1261 | 1585 |
$this->assertException($wrapper->source, 'title'); |
1262 | 1586 |
$this->assertEmpty($wrapper, 'last_view'); |
1587 |
|
|
1588 |
// Test statistics module integration access. |
|
1589 |
$unpriviledged_user = $this->drupalCreateUser(array('access content')); |
|
1590 |
$this->assertTrue($wrapper->access('view', $unpriviledged_user), 'Unpriviledged user can view the node.'); |
|
1591 |
$this->assertFalse($wrapper->access('edit', $unpriviledged_user), 'Unpriviledged user can not edit the node.'); |
|
1592 |
$count_access_user = $this->drupalCreateUser(array('view post access counter')); |
|
1593 |
$admin_user = $this->drupalCreateUser(array('access content', 'view post access counter', 'access statistics')); |
|
1594 |
|
|
1595 |
$this->assertFalse($wrapper->views->access('view', $unpriviledged_user), "Unpriviledged user cannot view the statistics counter property."); |
|
1596 |
$this->assertTrue($wrapper->views->access('view', $count_access_user), "Count access user can view the statistics counter property."); |
|
1597 |
$this->assertTrue($wrapper->views->access('view', $admin_user), "Admin user can view the statistics counter property."); |
|
1598 |
|
|
1599 |
$admin_properties = array('day_views', 'last_view'); |
|
1600 |
foreach ($admin_properties as $property_name) { |
|
1601 |
$this->assertFalse($wrapper->{$property_name}->access('view', $unpriviledged_user), "Unpriviledged user cannot view the $property_name property."); |
|
1602 |
$this->assertFalse($wrapper->{$property_name}->access('view', $count_access_user), "Count access user cannot view the $property_name property."); |
|
1603 |
$this->assertTrue($wrapper->{$property_name}->access('view', $admin_user), "Admin user can view the $property_name property."); |
|
1604 |
} |
|
1263 | 1605 |
} |
1264 | 1606 |
|
1265 | 1607 |
/** |
... | ... | |
1354 | 1696 |
* Test all properties of a user. |
1355 | 1697 |
*/ |
1356 | 1698 |
function testUserProperties() { |
1357 |
$account = $this->drupalCreateUser(); |
|
1699 |
$account = $this->drupalCreateUser(array('access user profiles', 'change own username'));
|
|
1358 | 1700 |
$account->login = REQUEST_TIME; |
1359 | 1701 |
$account->access = REQUEST_TIME; |
1360 | 1702 |
$wrapper = entity_metadata_wrapper('user', $account); |
1361 | 1703 |
foreach ($wrapper as $key => $value) { |
1362 | 1704 |
$this->assertValue($wrapper, $key); |
1363 | 1705 |
} |
1706 |
|
|
1707 |
// Test property view access. |
|
1708 |
$unpriviledged_user = $this->drupalCreateUser(array('access user profiles')); |
|
1709 |
$admin_user = $this->drupalCreateUser(array('administer users')); |
|
1710 |
$this->assertTrue($wrapper->access('view', $unpriviledged_user), 'Unpriviledged account can view the user.'); |
|
1711 |
$this->assertFalse($wrapper->access('edit', $unpriviledged_user), 'Unpriviledged account can not edit the user.'); |
|
1712 |
|
|
1713 |
$view_access = array('name', 'url', 'edit_url', 'created'); |
|
1714 |
foreach ($view_access as $property_name) { |
|
1715 |
$this->assertTrue($wrapper->{$property_name}->access('view', $unpriviledged_user), "Unpriviledged user can view the $property_name property."); |
|
1716 |
} |
|
1717 |
|
|
1718 |
$view_denied = array('mail', 'last_access', 'last_login', 'roles', 'status', 'theme'); |
|
1719 |
foreach ($view_denied as $property_name) { |
|
1720 |
$this->assertFalse($wrapper->{$property_name}->access('view', $unpriviledged_user), "Unpriviledged user can not view the $property_name property."); |
|
1721 |
$this->assertTrue($wrapper->{$property_name}->access('view', $admin_user), "Admin user can view the $property_name property."); |
|
1722 |
} |
|
1723 |
|
|
1724 |
// Test property edit access. |
|
1725 |
$edit_own_allowed = array('name', 'mail'); |
|
1726 |
foreach ($edit_own_allowed as $property_name) { |
|
1727 |
$this->assertTrue($wrapper->{$property_name}->access('edit', $account), "Account owner can edit the $property_name property."); |
|
1728 |
} |
|
1729 |
|
|
1730 |
$this->assertTrue($wrapper->roles->access('view', $account), "Account owner can view their own roles."); |
|
1731 |
|
|
1732 |
$edit_denied = array('last_access', 'last_login', 'created', 'roles', 'status', 'theme'); |
|
1733 |
foreach ($edit_denied as $property_name) { |
|
1734 |
$this->assertFalse($wrapper->{$property_name}->access('edit', $account), "Account owner cannot edit the $property_name property."); |
|
1735 |
$this->assertTrue($wrapper->{$property_name}->access('edit', $admin_user), "Admin user can edit the $property_name property."); |
|
1736 |
} |
|
1364 | 1737 |
} |
1365 | 1738 |
|
1366 | 1739 |
/** |
Formats disponibles : Unified diff
Weekly update of contrib modules