Home Verkennen Help
Inloggen
bachir
/
edlp_d8
1
0
Vork 0
Bestanden Issues 8 Pull-aanvragen 0 Wiki
Boom: 5c71ef4c46
Aftakkingen Labels
edlp_d8
/
core
/
modules
/
content_moderation
/
tests
/
src
/
Functional
/
NodeAccessTest.php

NodeAccessTest.php 5.4 KB
Geschiedenis Ruwe

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187 
  1. <?php
    2. 

  2. 

  3. namespace Drupal\Tests\content_moderation\Functional;
    4. 

  4. 

  5. use Drupal\node\Entity\NodeType;
    6. 

  6. 

  7. /**
    8. 

  8.  * Tests permission access control around nodes.
    9. 

  9.  *
    10. 

  10.  * @group content_moderation
    11. 

  11.  */
    12. 

  12. class NodeAccessTest extends ModerationStateTestBase {
    13. 

  13. 

  14.   /**
    15. 

  15.    * Modules to enable.
    16. 

  16.    *
    17. 

  17.    * @var array
    18. 

  18.    */
    19. 

  19.   public static $modules = [
    20. 

  20.     'content_moderation',
    21. 

  21.     'block',
    22. 

  22.     'block_content',
    23. 

  23.     'node',
    24. 

  24.     'node_access_test',
    25. 

  25.   ];
    26. 

  26. 

  27.   /**
    28. 

  28.    * Permissions to grant admin user.
    29. 

  29.    *
    30. 

  30.    * @var array
    31. 

  31.    */
    32. 

  32.   protected $permissions = [
    33. 

  33.     'administer workflows',
    34. 

  34.     'access administration pages',
    35. 

  35.     'administer content types',
    36. 

  36.     'administer nodes',
    37. 

  37.     'view latest version',
    38. 

  38.     'view any unpublished content',
    39. 

  39.     'access content overview',
    40. 

  40.     'use editorial transition create_new_draft',
    41. 

  41.     'use editorial transition publish',
    42. 

  42.     'bypass node access',
    43. 

  43.   ];
    44. 

  44. 

  45.   /**
    46. 

  46.    * {@inheritdoc}
    47. 

  47.    */
    48. 

  48.   protected function setUp() {
    49. 

  49.     parent::setUp();
    50. 

  50.     $this->drupalLogin($this->adminUser);
    51. 

  51.     $this->createContentTypeFromUi('Moderated content', 'moderated_content', FALSE);
    52. 

  52.     $this->grantUserPermissionToCreateContentOfType($this->adminUser, 'moderated_content');
    53. 

  53. 

  54.     // Add the private field to the node type.
    55. 

  55.     node_access_test_add_field(NodeType::load('moderated_content'));
    56. 

  56. 

  57.     // Rebuild permissions because hook_node_grants() is implemented by the
    58. 

  58.     // node_access_test_empty module.
    59. 

  59.     node_access_rebuild();
    60. 

  60.   }
    61. 

  61. 

  62.   /**
    63. 

  63.    * Verifies that a non-admin user can still access the appropriate pages.
    64. 

  64.    */
    65. 

  65.   public function testPageAccess() {
    66. 

  66.     // Initially disable access grant records in
    67. 

  67.     // node_access_test_node_access_records().
    68. 

  68.     \Drupal::state()->set('node_access_test.private', TRUE);
    69. 

  69. 

  70.     $this->drupalLogin($this->adminUser);
    71. 

  71. 

  72.     // Access the node form before moderation is enabled, the publication state
    73. 

  73.     // should now be visible.
    74. 

  74.     $this->drupalGet('node/add/moderated_content');
    75. 

  75.     $this->assertSession()->fieldExists('Published');
    76. 

  76. 

  77.     // Now enable the workflow.
    78. 

  78.     $this->enableModerationThroughUi('moderated_content', 'editorial');
    79. 

  79. 

  80.     // Access that the status field is no longer visible.
    81. 

  81.     $this->drupalGet('node/add/moderated_content');
    82. 

  82.     $this->assertSession()->fieldNotExists('Published');
    83. 

  83. 

  84.     // Create a node to test with.
    85. 

  85.     $this->drupalPostForm(NULL, [
    86. 

  86.       'title[0][value]' => 'moderated content',
    87. 

  87.       'moderation_state[0][state]' => 'draft',
    88. 

  88.     ], t('Save'));
    89. 

  89.     $node = $this->getNodeByTitle('moderated content');
    90. 

  90.     if (!$node) {
    91. 

  91.       $this->fail('Test node was not saved correctly.');
    92. 

  92.     }
    93. 

  93. 

  94.     $view_path = 'node/' . $node->id();
    95. 

  95.     $edit_path = 'node/' . $node->id() . '/edit';
    96. 

  96.     $latest_path = 'node/' . $node->id() . '/latest';
    97. 

  97. 

  98.     // Now make a new user and verify that the new user's access is correct.
    99. 

  99.     $user = $this->createUser([
    100. 

  100.       'use editorial transition create_new_draft',
    101. 

  101.       'view latest version',
    102. 

  102.       'view any unpublished content',
    103. 

  103.     ]);
    104. 

  104.     $this->drupalLogin($user);
    105. 

  105. 

  106.     $this->drupalGet($edit_path);
    107. 

  107.     $this->assertResponse(403);
    108. 

  108. 

  109.     $this->drupalGet($latest_path);
    110. 

  110.     $this->assertResponse(403);
    111. 

  111.     $this->drupalGet($view_path);
    112. 

  112.     $this->assertResponse(200);
    113. 

  113. 

  114.     // Publish the node.
    115. 

  115.     $this->drupalLogin($this->adminUser);
    116. 

  116.     $this->drupalPostForm($edit_path, [
    117. 

  117.       'moderation_state[0][state]' => 'published',
    118. 

  118.     ], t('Save'));
    119. 

  119. 

  120.     // Ensure access works correctly for anonymous users.
    121. 

  121.     $this->drupalLogout();
    122. 

  122. 

  123.     $this->drupalGet($edit_path);
    124. 

  124.     $this->assertResponse(403);
    125. 

  125. 

  126.     $this->drupalGet($latest_path);
    127. 

  127.     $this->assertResponse(403);
    128. 

  128.     $this->drupalGet($view_path);
    129. 

  129.     $this->assertResponse(200);
    130. 

  130. 

  131.     // Create a pending revision for the 'Latest revision' tab.
    132. 

  132.     $this->drupalLogin($this->adminUser);
    133. 

  133.     $this->drupalPostForm($edit_path, [
    134. 

  134.       'title[0][value]' => 'moderated content revised',
    135. 

  135.       'moderation_state[0][state]' => 'draft',
    136. 

  136.     ], t('Save'));
    137. 

  137. 

  138.     $this->drupalLogin($user);
    139. 

  139. 

  140.     $this->drupalGet($edit_path);
    141. 

  141.     $this->assertResponse(403);
    142. 

  142. 

  143.     $this->drupalGet($latest_path);
    144. 

  144.     $this->assertResponse(200);
    145. 

  145.     $this->drupalGet($view_path);
    146. 

  146.     $this->assertResponse(200);
    147. 

  147. 

  148.     // Now make another user, who should not be able to see pending revisions.
    149. 

  149.     $user = $this->createUser([
    150. 

  150.       'use editorial transition create_new_draft',
    151. 

  151.     ]);
    152. 

  152.     $this->drupalLogin($user);
    153. 

  153. 

  154.     $this->drupalGet($edit_path);
    155. 

  155.     $this->assertResponse(403);
    156. 

  156. 

  157.     $this->drupalGet($latest_path);
    158. 

  158.     $this->assertResponse(403);
    159. 

  159.     $this->drupalGet($view_path);
    160. 

  160.     $this->assertResponse(200);
    161. 

  161. 

  162.     // Now create a private node that the user is not granted access to by the
    163. 

  163.     // node grants, but is granted access via hook_node_access().
    164. 

  164.     // @see node_access_test_node_access
    165. 

  165.     $node = $this->createNode([
    166. 

  166.       'type' => 'moderated_content',
    167. 

  167.       'private' => TRUE,
    168. 

  168.       'uid' => $this->adminUser->id(),
    169. 

  169.     ]);
    170. 

  170.     $user = $this->createUser([
    171. 

  171.       'use editorial transition publish',
    172. 

  172.     ]);
    173. 

  173.     $this->drupalLogin($user);
    174. 

  174. 

  175.     // Grant access to the node via node_access_test_node_access().
    176. 

  176.     \Drupal::state()->set('node_access_test.allow_uid', $user->id());
    177. 

  177. 

  178.     $this->drupalGet($node->toUrl());
    179. 

  179.     $this->assertResponse(200);
    180. 

  180. 

  181.     // Verify the moderation form is in place by publishing the node.
    182. 

  182.     $this->drupalPostForm(NULL, [], t('Apply'));
    183. 

  183.     $node = \Drupal::entityTypeManager()->getStorage('node')->loadUnchanged($node->id());
    184. 

  184.     $this->assertEquals('published', $node->moderation_state->value);
    185. 

  185.   }
    186. 

  186. 

  187. }
    188.