1 |
85ad3d82
|
Assos Assos
|
<?php
|
2 |
|
|
|
3 |
|
|
/**
|
4 |
|
|
* @file
|
5 |
|
|
* Automatd SimpleTest Case for content access module
|
6 |
|
|
*/
|
7 |
|
|
|
8 |
|
|
require_once(drupal_get_path('module', 'content_access') .'/tests/content_access_test_help.php');
|
9 |
|
|
|
10 |
|
|
class ContentAccessModuleTestCase extends ContentAccessTestCase {
|
11 |
|
|
|
12 |
|
|
/**
|
13 |
|
|
* Implementation of get_info() for information
|
14 |
|
|
*/
|
15 |
|
|
public static function getInfo() {
|
16 |
|
|
return array(
|
17 |
|
|
'name' => t('Content Access Module Tests'),
|
18 |
|
|
'description' => t('Various tests to check permission settings on nodes.'),
|
19 |
|
|
'group' => t('Content Access'),
|
20 |
|
|
);
|
21 |
|
|
}
|
22 |
|
|
|
23 |
|
|
function setUp($module = '') {
|
24 |
|
|
parent::setUp();
|
25 |
|
|
|
26 |
|
|
// Create test nodes
|
27 |
|
|
$this->node1 = $this->drupalCreateNode(array('type' => $this->content_type->type));
|
28 |
|
|
$this->node2 = $this->drupalCreateNode(array('type' => $this->content_type->type));
|
29 |
|
|
}
|
30 |
|
|
|
31 |
|
|
/**
|
32 |
|
|
* Test for viewing nodes
|
33 |
|
|
*/
|
34 |
|
|
function testViewAccess() {
|
35 |
|
|
// Restrict access to the content type (access is only allowed for the author)
|
36 |
|
|
$access_permissions = array(
|
37 |
|
|
'view[1]' => FALSE,
|
38 |
|
|
'view[2]' => FALSE,
|
39 |
|
|
);
|
40 |
|
|
$this->changeAccessContentType($access_permissions);
|
41 |
|
|
|
42 |
|
|
// Logout admin and try to access the node anonymously
|
43 |
|
|
$this->drupalLogout();
|
44 |
|
|
$this->drupalGet('node/'. $this->node1->nid);
|
45 |
|
|
$this->assertText(t('Access denied'), 'node is not viewable');
|
46 |
|
|
|
47 |
|
|
// Login test user, view node, access must be denied
|
48 |
|
|
$this->drupalLogin($this->test_user);
|
49 |
|
|
$this->drupalGet('node/'. $this->node1->nid);
|
50 |
|
|
$this->assertText(t('Access denied'), 'node is not viewable');
|
51 |
|
|
|
52 |
|
|
// Login admin and grant access for viewing to the test user
|
53 |
|
|
$this->drupalLogin($this->admin_user);
|
54 |
|
|
$this->changeAccessContentTypeKeyword('view');
|
55 |
|
|
|
56 |
|
|
// Logout admin and try to access the node anonymously
|
57 |
|
|
// access must be denied again
|
58 |
|
|
$this->drupalLogout();
|
59 |
|
|
$this->drupalGet('node/'. $this->node1->nid);
|
60 |
|
|
$this->assertText(t('Access denied'), 'node is not viewable');
|
61 |
|
|
|
62 |
|
|
// Login test user, view node, access must be granted
|
63 |
|
|
$this->drupalLogin($this->test_user);
|
64 |
|
|
$this->drupalGet('node/'. $this->node1->nid);
|
65 |
|
|
$this->assertNoText(t('Access denied'), 'node is viewable');
|
66 |
|
|
|
67 |
|
|
// Login admin and enable per node access
|
68 |
|
|
$this->drupalLogin($this->admin_user);
|
69 |
|
|
$this->changeAccessPerNode();
|
70 |
|
|
|
71 |
|
|
// Restrict access on node2 for the test user role
|
72 |
|
|
$this->changeAccessNodeKeyword($this->node2, 'view', FALSE);
|
73 |
|
|
|
74 |
|
|
// Logout admin and try to access both nodes anonymously
|
75 |
|
|
$this->drupalLogout();
|
76 |
|
|
$this->drupalGet('node/'. $this->node1->nid);
|
77 |
|
|
$this->assertText(t('Access denied'), 'node1 is not viewable');
|
78 |
|
|
$this->drupalGet('node/'. $this->node2->nid);
|
79 |
|
|
$this->assertText(t('Access denied'), 'node2 is not viewable');
|
80 |
|
|
|
81 |
|
|
// Login test user, view node1, access must be granted
|
82 |
|
|
$this->drupalLogin($this->test_user);
|
83 |
|
|
$this->drupalGet('node/'. $this->node1->nid);
|
84 |
|
|
$this->assertNoText(t('Access denied'), 'node1 is viewable');
|
85 |
|
|
|
86 |
|
|
// View node2, access must be denied
|
87 |
|
|
$this->drupalGet('node/'. $this->node2->nid);
|
88 |
|
|
$this->assertText(t('Access denied'), 'node2 is not viewable');
|
89 |
|
|
|
90 |
|
|
// Login admin, swap permissions between content type and node2
|
91 |
|
|
$this->drupalLogin($this->admin_user);
|
92 |
|
|
|
93 |
|
|
// Restrict access to content type
|
94 |
|
|
$this->changeAccessContentTypeKeyword('view', FALSE);
|
95 |
|
|
|
96 |
|
|
// Grant access to node2
|
97 |
|
|
$this->changeAccessNodeKeyword($this->node2, 'view');
|
98 |
|
|
|
99 |
|
|
// Logout admin and try to access both nodes anonymously
|
100 |
|
|
$this->drupalLogout();
|
101 |
|
|
$this->drupalGet('node/'. $this->node1->nid);
|
102 |
|
|
$this->assertText(t('Access denied'), 'node1 is not viewable');
|
103 |
|
|
$this->drupalGet('node/'. $this->node2->nid);
|
104 |
|
|
$this->assertText(t('Access denied'), 'node2 is not viewable');
|
105 |
|
|
|
106 |
|
|
// Login test user, view node1, access must be denied
|
107 |
|
|
$this->drupalLogin($this->test_user);
|
108 |
|
|
$this->drupalGet('node/'. $this->node1->nid);
|
109 |
|
|
$this->assertText(t('Access denied'), 'node1 is not viewable');
|
110 |
|
|
|
111 |
|
|
// View node2, access must be granted
|
112 |
|
|
$this->drupalGet('node/'. $this->node2->nid);
|
113 |
|
|
$this->assertNoText(t('Access denied'), 'node2 is viewable');
|
114 |
|
|
}
|
115 |
|
|
|
116 |
|
|
/**
|
117 |
|
|
* Test for editing nodes
|
118 |
|
|
*/
|
119 |
|
|
function testEditAccess() {
|
120 |
|
|
// Logout admin and try to edit the node anonymously
|
121 |
|
|
$this->drupalLogout();
|
122 |
|
|
$this->drupalGet('node/'. $this->node1->nid .'/edit');
|
123 |
|
|
$this->assertText(t('Access denied'), 'edit access denied for anonymous');
|
124 |
|
|
|
125 |
|
|
// Login test user, edit node, access must be denied
|
126 |
|
|
$this->drupalLogin($this->test_user);
|
127 |
|
|
$this->drupalGet('node/'. $this->node1->nid .'/edit');
|
128 |
|
|
$this->assertText(t('Access denied'), 'edit access denied for test user');
|
129 |
|
|
|
130 |
|
|
// Login admin and grant access for editing to the test user
|
131 |
|
|
$this->drupalLogin($this->admin_user);
|
132 |
|
|
$this->changeAccessContentTypeKeyword('update');
|
133 |
|
|
|
134 |
|
|
// Logout admin and try to edit the node anonymously
|
135 |
|
|
// access must be denied again
|
136 |
|
|
$this->drupalLogout();
|
137 |
|
|
$this->drupalGet('node/'. $this->node1->nid .'/edit');
|
138 |
|
|
$this->assertText(t('Access denied'), 'edit access denied for anonymous');
|
139 |
|
|
|
140 |
|
|
// Login test user, edit node, access must be granted
|
141 |
|
|
$this->drupalLogin($this->test_user);
|
142 |
|
|
$this->drupalGet('node/'. $this->node1->nid .'/edit');
|
143 |
|
|
$this->assertNoText(t('Access denied'), 'node1 is editable');
|
144 |
|
|
|
145 |
|
|
// Login admin and enable per node access
|
146 |
|
|
$this->drupalLogin($this->admin_user);
|
147 |
|
|
$this->changeAccessPerNode();
|
148 |
|
|
|
149 |
|
|
// Restrict access for this content type for the test user
|
150 |
|
|
$this->changeAccessContentTypeKeyword('update', FALSE);
|
151 |
|
|
|
152 |
|
|
// Allow acces for node1 only
|
153 |
|
|
$this->changeAccessNodeKeyword($this->node1, 'update');
|
154 |
|
|
|
155 |
|
|
// Logout admin and try to edit both nodes anonymously
|
156 |
|
|
$this->drupalLogout();
|
157 |
|
|
$this->drupalGet('node/'. $this->node1->nid .'/edit');
|
158 |
|
|
$this->assertText(t('Access denied'), 'node1 is not editable');
|
159 |
|
|
$this->drupalGet('node/'. $this->node2->nid .'/edit');
|
160 |
|
|
$this->assertText(t('Access denied'), 'node2 is not editable');
|
161 |
|
|
|
162 |
|
|
// Login test user, edit node1, access must be granted
|
163 |
|
|
$this->drupalLogin($this->test_user);
|
164 |
|
|
$this->drupalGet('node/'. $this->node1->nid .'/edit');
|
165 |
|
|
$this->assertNoText(t('Access denied'), 'node1 is editable');
|
166 |
|
|
|
167 |
|
|
// Edit node2, access must be denied
|
168 |
|
|
$this->drupalGet('node/'. $this->node2->nid .'/edit');
|
169 |
|
|
$this->assertText(t('Access denied'), 'node2 is not editable');
|
170 |
|
|
|
171 |
|
|
// Login admin, swap permissions between node1 and node2
|
172 |
|
|
$this->drupalLogin($this->admin_user);
|
173 |
|
|
|
174 |
|
|
// Grant edit access to node2
|
175 |
|
|
$this->changeAccessNodeKeyword($this->node2, 'update');
|
176 |
|
|
// Restrict edit acces to node1
|
177 |
|
|
$this->changeAccessNodeKeyword($this->node1, 'update', FALSE);
|
178 |
|
|
|
179 |
|
|
// Logout admin and try to edit both nodes anonymously
|
180 |
|
|
$this->drupalLogout();
|
181 |
|
|
$this->drupalGet('node/'. $this->node1->nid .'/edit');
|
182 |
|
|
$this->assertText(t('Access denied'), 'node1 is not editable');
|
183 |
|
|
$this->drupalGet('node/'. $this->node2->nid .'/edit');
|
184 |
|
|
$this->assertText(t('Access denied'), 'node2 is not editable');
|
185 |
|
|
|
186 |
|
|
// Login test user, edit node1, access must be denied
|
187 |
|
|
$this->drupalLogin($this->test_user);
|
188 |
|
|
$this->drupalGet('node/'. $this->node1->nid .'/edit');
|
189 |
|
|
$this->assertText(t('Access denied'), 'node1 is not editable');
|
190 |
|
|
|
191 |
|
|
// Edit node2, access must be granted
|
192 |
|
|
$this->drupalGet('node/'. $this->node2->nid .'/edit');
|
193 |
|
|
$this->assertNoText(t('Access denied'), 'node2 is editable');
|
194 |
|
|
}
|
195 |
|
|
|
196 |
|
|
/**
|
197 |
|
|
* Test for deleting nodes
|
198 |
|
|
*/
|
199 |
|
|
function testDeleteAccess() {
|
200 |
|
|
// Logout admin and try to delete the node anonymously
|
201 |
|
|
$this->drupalLogout();
|
202 |
|
|
$this->drupalGet('node/'. $this->node1->nid .'/delete');
|
203 |
|
|
$this->assertText(t('Access denied'), 'delete access denied for anonymous');
|
204 |
|
|
|
205 |
|
|
// Login test user, delete node, access must be denied
|
206 |
|
|
$this->drupalLogin($this->test_user);
|
207 |
|
|
$this->drupalGet('node/'. $this->node1->nid .'/delete');
|
208 |
|
|
$this->assertText(t('Access denied'), 'delete access denied for test user');
|
209 |
|
|
|
210 |
|
|
// Login admin and grant access for deleting to the test user
|
211 |
|
|
$this->drupalLogin($this->admin_user);
|
212 |
|
|
|
213 |
|
|
$this->changeAccessContentTypeKeyword('delete');
|
214 |
|
|
|
215 |
|
|
// Logout admin and try to edit the node anonymously
|
216 |
|
|
// access must be denied again
|
217 |
|
|
$this->drupalLogout();
|
218 |
|
|
$this->drupalGet('node/'. $this->node1->nid .'/delete');
|
219 |
|
|
$this->assertText(t('Access denied'), 'delete access denied for anonymous');
|
220 |
|
|
|
221 |
|
|
// Login test user, delete node, access must be granted
|
222 |
|
|
$this->drupalLogin($this->test_user);
|
223 |
|
|
$this->drupalPost('node/'. $this->node1->nid .'/delete', array(), 'Delete');
|
224 |
|
|
$this->assertRaw(t('%node has been deleted', array('%node' => $this->node1->title)), 'Test node was deleted successfully by test user');
|
225 |
|
|
|
226 |
|
|
// Login admin and recreate test node1
|
227 |
|
|
$this->drupalLogin($this->admin_user);
|
228 |
|
|
$this->node1 = $this->drupalCreateNode(array('type' => $this->content_type->type));
|
229 |
|
|
|
230 |
|
|
// Enable per node access
|
231 |
|
|
$this->changeAccessPerNode();
|
232 |
|
|
|
233 |
|
|
// Restrict access for this content type for the test user
|
234 |
|
|
$this->changeAccessContentTypeKeyword('delete', FALSE);
|
235 |
|
|
|
236 |
|
|
// Allow acces for node1 only
|
237 |
|
|
$this->changeAccessNodeKeyword($this->node1, 'delete');
|
238 |
|
|
|
239 |
|
|
// Logout admin and try to delete both nodes anonymously
|
240 |
|
|
$this->drupalLogout();
|
241 |
|
|
$this->drupalGet('node/'. $this->node1->nid .'/delete');
|
242 |
|
|
$this->assertText(t('Access denied'), 'node1 is not deletable');
|
243 |
|
|
$this->drupalGet('node/'. $this->node2->nid .'/delete');
|
244 |
|
|
$this->assertText(t('Access denied'), 'node2 is not deletable');
|
245 |
|
|
|
246 |
|
|
// Login test user, delete node1, access must be granted
|
247 |
|
|
$this->drupalLogin($this->test_user);
|
248 |
|
|
$this->drupalGet('node/'. $this->node1->nid .'/delete');
|
249 |
|
|
$this->assertNoText(t('Access denied'), 'node1 is deletable');
|
250 |
|
|
|
251 |
|
|
// Delete node2, access must be denied
|
252 |
|
|
$this->drupalGet('node/'. $this->node2->nid .'/delete');
|
253 |
|
|
$this->assertText(t('Access denied'), 'node2 is not deletable');
|
254 |
|
|
|
255 |
|
|
// Login admin, swap permissions between node1 and node2
|
256 |
|
|
$this->drupalLogin($this->admin_user);
|
257 |
|
|
|
258 |
|
|
// Grant delete access to node2
|
259 |
|
|
$this->changeAccessNodeKeyword($this->node2, 'delete');
|
260 |
|
|
// Restrict delete acces to node1
|
261 |
|
|
$this->changeAccessNodeKeyword($this->node1, 'delete', FALSE);
|
262 |
|
|
|
263 |
|
|
// Logout admin and try to delete both nodes anonymously
|
264 |
|
|
$this->drupalLogout();
|
265 |
|
|
$this->drupalGet('node/'. $this->node1->nid .'/delete');
|
266 |
|
|
$this->assertText(t('Access denied'), 'node1 is not deletable');
|
267 |
|
|
$this->drupalGet('node/'. $this->node2->nid .'/delete');
|
268 |
|
|
$this->assertText(t('Access denied'), 'node2 is not deletable');
|
269 |
|
|
|
270 |
|
|
// Login test user, delete node1, access must be denied
|
271 |
|
|
$this->drupalLogin($this->test_user);
|
272 |
|
|
$this->drupalGet('node/'. $this->node1->nid .'/delete');
|
273 |
|
|
$this->assertText(t('Access denied'), 'node1 is not deletable');
|
274 |
|
|
|
275 |
|
|
// Delete node2, access must be granted
|
276 |
|
|
$this->drupalGet('node/'. $this->node2->nid .'/delete');
|
277 |
|
|
$this->assertNoText(t('Access denied'), 'node2 is deletable');
|
278 |
|
|
}
|
279 |
|
|
|
280 |
|
|
/**
|
281 |
|
|
* Test own view access
|
282 |
|
|
*/
|
283 |
|
|
function testOwnViewAccess() {
|
284 |
|
|
// Setup 2 test users
|
285 |
|
|
$test_user1 = $this->test_user;
|
286 |
|
|
$test_user2 = $this->drupalCreateUser();
|
287 |
|
|
|
288 |
|
|
// Change ownership of test nodes to test users
|
289 |
|
|
$this->node1->uid = $test_user1->uid;
|
290 |
|
|
node_save($this->node1);
|
291 |
|
|
$this->node2->uid = $test_user2->uid;
|
292 |
|
|
node_save($this->node2);
|
293 |
|
|
|
294 |
|
|
// Remove all view permissions for this content type
|
295 |
|
|
$access_permissions = array(
|
296 |
|
|
'view[1]' => FALSE,
|
297 |
|
|
'view[2]' => FALSE,
|
298 |
|
|
'view_own[1]' => FALSE,
|
299 |
|
|
'view_own[2]' => FALSE,
|
300 |
|
|
);
|
301 |
|
|
$this->changeAccessContentType($access_permissions);
|
302 |
|
|
|
303 |
|
|
// Allow view own content for test user 1 and 2 roles
|
304 |
|
|
$this->changeAccessContentTypeKeyword('view_own', TRUE, $test_user1);
|
305 |
|
|
$this->changeAccessContentTypeKeyword('view_own', TRUE, $test_user2);
|
306 |
|
|
|
307 |
|
|
// Logout admin and try to access both nodes anonymously
|
308 |
|
|
$this->drupalLogout();
|
309 |
|
|
$this->drupalGet('node/'. $this->node1->nid);
|
310 |
|
|
$this->assertText(t('Access denied'), 'node1 is not viewable');
|
311 |
|
|
$this->drupalGet('node/'. $this->node2->nid);
|
312 |
|
|
$this->assertText(t('Access denied'), 'node2 is not viewable');
|
313 |
|
|
|
314 |
|
|
// Login test user 1, view node1, access must be granted
|
315 |
|
|
$this->drupalLogin($test_user1);
|
316 |
|
|
$this->drupalGet('node/'. $this->node1->nid);
|
317 |
|
|
$this->assertNoText(t('Access denied'), 'node1 is viewable');
|
318 |
|
|
|
319 |
|
|
// View node2, access must be denied
|
320 |
|
|
$this->drupalGet('node/'. $this->node2->nid);
|
321 |
|
|
$this->assertText(t('Access denied'), 'node2 is not viewable');
|
322 |
|
|
|
323 |
|
|
// Login test user 2, view node1, access must be denied
|
324 |
|
|
$this->drupalLogin($test_user2);
|
325 |
|
|
$this->drupalGet('node/'. $this->node1->nid);
|
326 |
|
|
$this->assertText(t('Access denied'), 'node1 is not viewable');
|
327 |
|
|
|
328 |
|
|
// View node2, access must be granted
|
329 |
|
|
$this->drupalGet('node/'. $this->node2->nid);
|
330 |
|
|
$this->assertNoText(t('Access denied'), 'node2 is viewable');
|
331 |
|
|
}
|
332 |
|
|
} |