'Node Access Example functionality', 'description' => 'Checks behavior of Node Access Example.', 'group' => 'Examples', ); } /** * Enable modules and create user with specific permissions. */ public function setUp() { parent::setUp('node_access_example', 'search'); node_access_rebuild(); } /** * Test the "private" node access. * * - Create 3 users with "access content" and "create article" permissions. * - Each user creates one private and one not private article. * - Run cron to update search index. * - Test that each user can view the other user's non-private article. * - Test that each user cannot view the other user's private article. * - Test that each user finds only appropriate (non-private + own private) * in search results. * - Logout. * - Test that anonymous user can't view, edit or delete private content which * has author. * - Test that anonymous user can't view, edit or delete private content with * anonymous author. * - Create another user with 'view any private content'. * - Test that user 4 can view all content created above. * - Test that user 4 can search for all content created above. * - Test that user 4 cannot edit private content above. * - Create another user with 'edit any private content' * - Test that user 5 can edit private content. * - Test that user 5 can delete private content. * - Test listings of nodes with 'node_access' tag on database search. */ public function testNodeAccessBasic() { $num_simple_users = 3; $simple_users = array(); // Nodes keyed by uid and nid: $nodes[$uid][$nid] = $is_private;. $nodes_by_user = array(); // Titles keyed by nid. $titles = array(); // Array of nids marked private. $private_nodes = array(); for ($i = 0; $i < $num_simple_users; $i++) { $simple_users[$i] = $this->drupalCreateUser( array( 'access content', 'create article content', 'search content', ) ); } foreach ($simple_users as $web_user) { $this->drupalLogin($web_user); foreach (array(0 => 'Public', 1 => 'Private') as $is_private => $type) { $edit = array( 'title' => t('@private_public Article created by @user', array('@private_public' => $type, '@user' => $web_user->name)), ); if ($is_private) { $edit['private'] = TRUE; $edit['body[und][0][value]'] = 'private node'; } else { $edit['body[und][0][value]'] = 'public node'; } $this->drupalPost('node/add/article', $edit, t('Save')); debug(t('Created article with private=@private', array('@private' => $is_private))); $this->assertText(t('Article @title has been created', array('@title' => $edit['title']))); $nid = db_query('SELECT nid FROM {node} WHERE title = :title', array(':title' => $edit['title']))->fetchField(); $this->assertText(t('New node @nid was created and private=@private', array('@nid' => $nid, '@private' => $is_private))); $private_status = db_query('SELECT private FROM {node_access_example} where nid = :nid', array(':nid' => $nid))->fetchField(); $this->assertTrue($is_private == $private_status, 'Node was properly set to private or not private in node_access_example table.'); if ($is_private) { $private_nodes[] = $nid; } $titles[$nid] = $edit['title']; $nodes_by_user[$web_user->uid][$nid] = $is_private; } } debug($nodes_by_user); // Build the search index. $this->cronRun(); foreach ($simple_users as $web_user) { $this->drupalLogin($web_user); // Check to see that we find the number of search results expected. $this->checkSearchResults('Private node', 1); // Check own nodes to see that all are readable. foreach (array_keys($nodes_by_user) as $uid) { // All of this user's nodes should be readable to same. if ($uid == $web_user->uid) { foreach ($nodes_by_user[$uid] as $nid => $is_private) { $this->drupalGet('node/' . $nid); $this->assertResponse(200); $this->assertTitle($titles[$nid] . ' | Drupal', 'Correct title for node found'); } } else { // Otherwise, for other users, private nodes should get a 403, // but we should be able to read non-private nodes. foreach ($nodes_by_user[$uid] as $nid => $is_private) { $this->drupalGet('node/' . $nid); $this->assertResponse( $is_private ? 403 : 200, format_string('Node @nid by user @uid should get a @response for this user (@web_user_uid)', array( '@nid' => $nid, '@uid' => $uid, '@response' => $is_private ? 403 : 200, '@web_user_uid' => $web_user->uid, ) ) ); if (!$is_private) { $this->assertTitle($titles[$nid] . ' | Drupal', 'Correct title for node was found'); } } } } // Check to see that the correct nodes are shown on examples/node_access. $this->drupalGet('examples/node_access'); $accessible = $this->xpath("//tr[contains(@class,'accessible')]"); $this->assertEqual(count($accessible), 1, 'One private item accessible'); foreach ($accessible as $row) { $this->assertEqual($row->td[2], $web_user->uid, 'Accessible row owned by this user'); } } // Test cases for anonymous user. $this->drupalLogout(); // Test that private nodes with authors are not accessible. foreach ($private_nodes as $nid) { if (($node = node_load($nid)) === FALSE) { continue; } $this->checkNodeAccess($nid, FALSE, FALSE, FALSE); } // Test that private nodes that don't have author are not accessible. foreach ($private_nodes as $nid) { if (($node = node_load($nid)) === FALSE) { continue; } $original_uid = $node->uid; // Change node author to anonymous. $node->uid = 0; node_save($node); $node = node_load($nid); $this->assertEqual($node->uid, 0); $this->checkNodeAccess($nid, FALSE, FALSE, FALSE); // Change node to original author. $node->uid = $original_uid; node_save($node); } // Now test that a user with 'access any private content' can view content. $access_user = $this->drupalCreateUser( array( 'access content', 'create article content', 'access any private content', 'search content', ) ); $this->drupalLogin($access_user); // Check to see that we find the number of search results expected. $this->checkSearchResults('Private node', 3); foreach ($nodes_by_user as $uid => $private_status) { foreach ($private_status as $nid => $is_private) { $this->drupalGet('node/' . $nid); $this->assertResponse(200); } } // Check to see that the correct nodes are shown on examples/node_access. // This user should be able to see all 3 of them. $this->drupalGet('examples/node_access'); $accessible = $this->xpath("//tr[contains(@class,'accessible')]"); $this->assertEqual(count($accessible), 3); // Test that a user named 'foobar' can edit any private node due to // node_access_example_node_access(). Note that this user will not be // able to search for private nodes, and will not have available nodes // shown on examples/node_access, because node_access() is not called // for node listings, only for actual access to a node. $edit_user = $this->drupalCreateUser( array( 'access comments', 'access content', 'post comments', 'skip comment approval', 'search content', ) ); // Update the name of the user to 'foobar'. db_update('users') ->fields(array( 'name' => 'foobar', )) ->condition('uid', $edit_user->uid) ->execute(); $edit_user->name = 'foobar'; $this->drupalLogin($edit_user); // Try to edit each of the private nodes. foreach ($private_nodes as $nid) { $body = $this->randomName(); $edit = array('body[und][0][value]' => $body); $this->drupalPost('node/' . $nid . '/edit', $edit, t('Save')); $this->assertText(t('has been updated'), 'Node was updated by "foobar" user'); } // Test that a privileged user can edit and delete private content. // This test should go last, as the nodes get deleted. $edit_user = $this->drupalCreateUser( array( 'access content', 'access any private content', 'edit any private content', ) ); $this->drupalLogin($edit_user); foreach ($private_nodes as $nid) { $body = $this->randomName(); $edit = array('body[und][0][value]' => $body); $this->drupalPost('node/' . $nid . '/edit', $edit, t('Save')); $this->assertText(t('has been updated')); $this->drupalPost('node/' . $nid . '/edit', array(), t('Delete')); $this->drupalPost(NULL, array(), t('Delete')); $this->assertText(t('has been deleted')); } } /** * Helper function. * * On the search page, search for a string and assert the expected number * of results. * * @param string $search_query * String to search for * @param int $expected_result_count * Expected result count */ protected function checkSearchResults($search_query, $expected_result_count) { $this->drupalPost('search/node', array('keys' => $search_query), t('Search')); $search_results = $this->xpath("//ol[contains(@class, 'search-results')]/li"); $this->assertEqual(count($search_results), $expected_result_count, 'Found the expected number of search results'); } /** * Helper function. * * Test if a node with the id $nid has expected access grants. * * @param int $nid * Node that will be checked. * * @return bool * Checker ran successfully */ protected function checkNodeAccess($nid, $grant_view, $grant_update, $grant_delete) { // Test if node can be viewed. if (!$this->checkResponse($grant_view, 'node/' . $nid)) { return FALSE; } // Test if private node can be edited. if (!$this->checkResponse($grant_update, 'node/' . $nid . '/edit')) { return FALSE; } // Test if private node can be deleted. if (!$this->checkResponse($grant_delete, 'node/' . $nid . '/delete')) { return FALSE; } return TRUE; } /** * Helper function. * * Test if there is access to an $url * * @param bool $grant * Access to the $url * * @param string $url * url to make the get call. * * @return bool * Get response */ protected function checkResponse($grant, $url) { $this->drupalGet($url); if ($grant) { $response = $this->assertResponse(200); } else { $response = $this->assertResponse(403); } return $response; } }