212 lines
7.6 KiB
Plaintext
212 lines
7.6 KiB
Plaintext
<?php
|
|
|
|
/**
|
|
* @file
|
|
* Unit tests for Publish Content module.
|
|
* prerequesite: make sure that 'authenticated user' does not have any access like
|
|
* 'publish [content type] content' or 'unpublish [content type] content'
|
|
*
|
|
* @note: We test to ensure we are not messing up with the default Drupal access for view node
|
|
* i.e. a owner of a node can view it even if unpublished.
|
|
*/
|
|
class PublishContentWebCaseTest extends DrupalWebTestCase {
|
|
|
|
/**
|
|
* Drupal SimpleTest method: return metadata about the test.
|
|
*/
|
|
function getInfo() {
|
|
return array(
|
|
'name' => t('Publish Content: access control'),
|
|
'description' => t('Executes test suite for Publish Content module.'),
|
|
'group' => t('Publish Content'),
|
|
);
|
|
}
|
|
|
|
function setUp() {
|
|
parent::setUp('publishcontent');
|
|
}
|
|
|
|
function publishcontent_do_operation($nid, $op, $expected_status, $msg = NULL) {
|
|
$this->drupalGet("node/$nid/$op");
|
|
$node = node_load($nid, NULL, TRUE);
|
|
$this->assertEqual($node->status, $expected_status, $msg);
|
|
}
|
|
|
|
function assert_access_node($node, $msg = NULL) {
|
|
$this->drupalGet('node/'. $node->nid);
|
|
$this->assertResponse(200);
|
|
$this->assertTitle($node->title . ' | '. variable_get('site_name', 'Drupal'), $msg);
|
|
}
|
|
|
|
function assert_access_denied($url, $msg = NULL) {
|
|
$this->drupalGet($url);
|
|
$this->assertResponse(403);
|
|
$this->assertText('Access denied' . ' | '. variable_get('site_name', 'Drupal'), $msg);
|
|
}
|
|
|
|
function assert_node_status($nid, $status, $msg = 'node status mismatches') {
|
|
$result = node_load($nid, NULL, TRUE);
|
|
$this->assertEqual($result->status, $status, $msg);
|
|
}
|
|
|
|
function set_node_status(&$node, $status, $msg = 'unable to set correct node status') {
|
|
$node->status = $status;
|
|
node_save($node);
|
|
$this->assert_node_status($node->nid, $status, $msg);
|
|
}
|
|
|
|
function assert_current_user_cannot_publish_node(&$node) {
|
|
$this->assertEqual($node->status, 1, 'pre-requesite: status MUST be 1');
|
|
$this->assert_access_denied("node/{$node->nid}/publish", "no publish permission --> access denied");
|
|
$this->assert_node_status($node->nid, 1, 'node should be still published');
|
|
$this->assert_access_node($node, 'node MUST BE viewable');
|
|
|
|
$this->set_node_status($node, 0);
|
|
|
|
$this->assert_access_denied("node/{$node->nid}/publish", "no publish permission --> access denied");
|
|
$this->assert_node_status($node->nid, 0, 'node should be still unpublished');
|
|
|
|
$this->set_node_status($node, 1, 'post-requesite: status MUST be 1');
|
|
}
|
|
|
|
function assert_current_user_cannot_unpublish_node(&$node) {
|
|
$this->assertEqual($node->status, 1, 'pre-requesite: status MUST be 1');
|
|
$this->assert_access_denied("node/{$node->nid}/unpublish", "no unpublish permission --> access denied");
|
|
$this->assert_node_status($node->nid, 1, 'node should be still published');
|
|
$this->assert_access_node($node, 'node MUST BE viewable');
|
|
|
|
$this->set_node_status($node, 0);
|
|
|
|
$this->assert_access_denied("node/{$node->nid}/unpublish", "no unpublish permission --> access denied");
|
|
$this->assert_node_status($node->nid, 0, 'node should be still unpublished');
|
|
|
|
$this->set_node_status($node, 1, 'post-requesite: status MUST be 1');
|
|
}
|
|
|
|
function assert_current_user_can_publish_node(&$node) {
|
|
$this->assertEqual($node->status, 1, 'pre-requesite: status MUST be 1');
|
|
$this->publishcontent_do_operation($node->nid, 'publish', 1, 'node should be still published');
|
|
$this->assert_access_node($node, 'node MUST BE viewable');
|
|
|
|
$this->set_node_status($node, 0);
|
|
|
|
$this->assert_access_node($node, 'node MUST BE viewable even if unpublished');
|
|
|
|
$this->publishcontent_do_operation($node->nid, 'publish', 1, 'node should be now published');
|
|
$this->assertText(_publishcontent_get_message($node->nid, $node->title, TRUE),
|
|
'drupal_set_message not working for publish.');
|
|
|
|
$this->set_node_status($node, 1, 'post-requesite: status MUST be 1');
|
|
}
|
|
|
|
function assert_current_user_can_unpublish_node(&$node) {
|
|
$this->assertEqual($node->status, 1, 'pre-requesite: status MUST be 1');
|
|
$this->publishcontent_do_operation($node->nid, 'unpublish', 0, 'node should be published');
|
|
$this->assertText(_publishcontent_get_message($node->nid, $node->title, FALSE),
|
|
'drupal_set_message not working for unpublish.');
|
|
|
|
$this->assert_access_node($node, 'node MUST BE viewable even if unpublished');
|
|
|
|
$this->publishcontent_do_operation($node->nid, 'unpublish', 0, 'node should be still unpublished');
|
|
|
|
$this->set_node_status($node, 1, 'post-requesite: status MUST be 1');
|
|
}
|
|
|
|
/**
|
|
* Test the access for the owner of a node without the permission to
|
|
* publish or unpublish.
|
|
*
|
|
* @note: node's owner can see it even if unpublished by default in Drupal
|
|
*/
|
|
function testNoPermissionByOwner() {
|
|
// Prepare a user to do the stuff
|
|
$web_user = $this->drupalCreateUser(array('access content'));
|
|
$this->drupalLogin($web_user);
|
|
$node = $this->drupalCreateNode(
|
|
array(
|
|
'type' => 'page',
|
|
'uid' => $web_user->uid,
|
|
'status' => 1,
|
|
)
|
|
);
|
|
$this->assert_current_user_cannot_publish_node($node);
|
|
$this->assert_current_user_cannot_unpublish_node($node);
|
|
|
|
$this->set_node_status($node, 0);
|
|
$this->assert_access_node($node, 'node MUST BE viewable if unpublished');
|
|
}
|
|
|
|
function testNoPermissionAndNotOwner() {
|
|
$node = $this->drupalCreateNode(
|
|
array(
|
|
'type' => 'page',
|
|
'uid' => 0,
|
|
'status' => 1,
|
|
)
|
|
);
|
|
|
|
$this->drupalLogin($this->drupalCreateUser(array('access content')));
|
|
$this->assert_current_user_cannot_publish_node($node);
|
|
$this->assert_current_user_cannot_unpublish_node($node);
|
|
}
|
|
|
|
function testDoPublishByNodeOwner() {
|
|
$type = 'page';
|
|
$web_user = $this->drupalCreateUser(array('publish any '. $type .' content'));
|
|
$this->drupalLogin($web_user);
|
|
|
|
$node = $this->drupalCreateNode(
|
|
array(
|
|
'type' => $type,
|
|
'uid' => $web_user->uid,
|
|
'status' => 1,
|
|
)
|
|
);
|
|
$this->assert_current_user_can_publish_node($node);
|
|
$this->assert_current_user_cannot_unpublish_node($node);
|
|
}
|
|
|
|
function testDoUnpublishByNodeOwner() {
|
|
$type = 'page';
|
|
$web_user = $this->drupalCreateUser(array('unpublish any '. $type .' content'));
|
|
$this->drupalLogin($web_user);
|
|
|
|
$node = $this->drupalCreateNode(
|
|
array(
|
|
'type' => $type,
|
|
'uid' => $web_user->uid,
|
|
'status' => 1,
|
|
)
|
|
);
|
|
$this->assert_current_user_cannot_publish_node($node);
|
|
$this->assert_current_user_can_unpublish_node($node);
|
|
}
|
|
|
|
function testDoPublishAndUnpublishNotByNodeOwner() {
|
|
$type = 'page';
|
|
$node = $this->drupalCreateNode(
|
|
array(
|
|
'type' => $type,
|
|
'uid' => 0,
|
|
'status' => 1,
|
|
)
|
|
);
|
|
|
|
$this->drupalLogin($this->drupalCreateUser(array('publish any '. $type .' content')));
|
|
$this->assert_current_user_can_publish_node($node);
|
|
$this->assert_current_user_cannot_unpublish_node($node);
|
|
|
|
$this->drupalLogin($this->drupalCreateUser(array('unpublish any '. $type .' content')));
|
|
$this->assert_current_user_cannot_publish_node($node);
|
|
$this->assert_current_user_can_unpublish_node($node);
|
|
|
|
$this->drupalLogin($this->drupalCreateUser(array('publish any content')));
|
|
$this->assert_current_user_can_publish_node($node);
|
|
$this->assert_current_user_cannot_unpublish_node($node);
|
|
|
|
$this->drupalLogin($this->drupalCreateUser(array('unpublish any content')));
|
|
$this->assert_current_user_cannot_publish_node($node);
|
|
$this->assert_current_user_can_unpublish_node($node);
|
|
}
|
|
}
|