123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332 |
- <?php
- /**
- * @file
- * Automatd SimpleTest Case for content access module
- */
- require_once(drupal_get_path('module', 'content_access') .'/tests/content_access_test_help.php');
- class ContentAccessModuleTestCase extends ContentAccessTestCase {
- /**
- * Implementation of get_info() for information
- */
- public static function getInfo() {
- return array(
- 'name' => t('Content Access Module Tests'),
- 'description' => t('Various tests to check permission settings on nodes.'),
- 'group' => t('Content Access'),
- );
- }
- function setUp($module = '') {
- parent::setUp();
- // Create test nodes
- $this->node1 = $this->drupalCreateNode(array('type' => $this->content_type->type));
- $this->node2 = $this->drupalCreateNode(array('type' => $this->content_type->type));
- }
- /**
- * Test for viewing nodes
- */
- function testViewAccess() {
- // Restrict access to the content type (access is only allowed for the author)
- $access_permissions = array(
- 'view[1]' => FALSE,
- 'view[2]' => FALSE,
- );
- $this->changeAccessContentType($access_permissions);
- // Logout admin and try to access the node anonymously
- $this->drupalLogout();
- $this->drupalGet('node/'. $this->node1->nid);
- $this->assertText(t('Access denied'), 'node is not viewable');
- // Login test user, view node, access must be denied
- $this->drupalLogin($this->test_user);
- $this->drupalGet('node/'. $this->node1->nid);
- $this->assertText(t('Access denied'), 'node is not viewable');
- // Login admin and grant access for viewing to the test user
- $this->drupalLogin($this->admin_user);
- $this->changeAccessContentTypeKeyword('view');
- // Logout admin and try to access the node anonymously
- // access must be denied again
- $this->drupalLogout();
- $this->drupalGet('node/'. $this->node1->nid);
- $this->assertText(t('Access denied'), 'node is not viewable');
- // Login test user, view node, access must be granted
- $this->drupalLogin($this->test_user);
- $this->drupalGet('node/'. $this->node1->nid);
- $this->assertNoText(t('Access denied'), 'node is viewable');
- // Login admin and enable per node access
- $this->drupalLogin($this->admin_user);
- $this->changeAccessPerNode();
- // Restrict access on node2 for the test user role
- $this->changeAccessNodeKeyword($this->node2, 'view', FALSE);
- // Logout admin and try to access both nodes anonymously
- $this->drupalLogout();
- $this->drupalGet('node/'. $this->node1->nid);
- $this->assertText(t('Access denied'), 'node1 is not viewable');
- $this->drupalGet('node/'. $this->node2->nid);
- $this->assertText(t('Access denied'), 'node2 is not viewable');
- // Login test user, view node1, access must be granted
- $this->drupalLogin($this->test_user);
- $this->drupalGet('node/'. $this->node1->nid);
- $this->assertNoText(t('Access denied'), 'node1 is viewable');
- // View node2, access must be denied
- $this->drupalGet('node/'. $this->node2->nid);
- $this->assertText(t('Access denied'), 'node2 is not viewable');
- // Login admin, swap permissions between content type and node2
- $this->drupalLogin($this->admin_user);
- // Restrict access to content type
- $this->changeAccessContentTypeKeyword('view', FALSE);
- // Grant access to node2
- $this->changeAccessNodeKeyword($this->node2, 'view');
- // Logout admin and try to access both nodes anonymously
- $this->drupalLogout();
- $this->drupalGet('node/'. $this->node1->nid);
- $this->assertText(t('Access denied'), 'node1 is not viewable');
- $this->drupalGet('node/'. $this->node2->nid);
- $this->assertText(t('Access denied'), 'node2 is not viewable');
- // Login test user, view node1, access must be denied
- $this->drupalLogin($this->test_user);
- $this->drupalGet('node/'. $this->node1->nid);
- $this->assertText(t('Access denied'), 'node1 is not viewable');
- // View node2, access must be granted
- $this->drupalGet('node/'. $this->node2->nid);
- $this->assertNoText(t('Access denied'), 'node2 is viewable');
- }
- /**
- * Test for editing nodes
- */
- function testEditAccess() {
- // Logout admin and try to edit the node anonymously
- $this->drupalLogout();
- $this->drupalGet('node/'. $this->node1->nid .'/edit');
- $this->assertText(t('Access denied'), 'edit access denied for anonymous');
- // Login test user, edit node, access must be denied
- $this->drupalLogin($this->test_user);
- $this->drupalGet('node/'. $this->node1->nid .'/edit');
- $this->assertText(t('Access denied'), 'edit access denied for test user');
- // Login admin and grant access for editing to the test user
- $this->drupalLogin($this->admin_user);
- $this->changeAccessContentTypeKeyword('update');
- // Logout admin and try to edit the node anonymously
- // access must be denied again
- $this->drupalLogout();
- $this->drupalGet('node/'. $this->node1->nid .'/edit');
- $this->assertText(t('Access denied'), 'edit access denied for anonymous');
- // Login test user, edit node, access must be granted
- $this->drupalLogin($this->test_user);
- $this->drupalGet('node/'. $this->node1->nid .'/edit');
- $this->assertNoText(t('Access denied'), 'node1 is editable');
- // Login admin and enable per node access
- $this->drupalLogin($this->admin_user);
- $this->changeAccessPerNode();
- // Restrict access for this content type for the test user
- $this->changeAccessContentTypeKeyword('update', FALSE);
- // Allow acces for node1 only
- $this->changeAccessNodeKeyword($this->node1, 'update');
- // Logout admin and try to edit both nodes anonymously
- $this->drupalLogout();
- $this->drupalGet('node/'. $this->node1->nid .'/edit');
- $this->assertText(t('Access denied'), 'node1 is not editable');
- $this->drupalGet('node/'. $this->node2->nid .'/edit');
- $this->assertText(t('Access denied'), 'node2 is not editable');
- // Login test user, edit node1, access must be granted
- $this->drupalLogin($this->test_user);
- $this->drupalGet('node/'. $this->node1->nid .'/edit');
- $this->assertNoText(t('Access denied'), 'node1 is editable');
- // Edit node2, access must be denied
- $this->drupalGet('node/'. $this->node2->nid .'/edit');
- $this->assertText(t('Access denied'), 'node2 is not editable');
- // Login admin, swap permissions between node1 and node2
- $this->drupalLogin($this->admin_user);
- // Grant edit access to node2
- $this->changeAccessNodeKeyword($this->node2, 'update');
- // Restrict edit acces to node1
- $this->changeAccessNodeKeyword($this->node1, 'update', FALSE);
- // Logout admin and try to edit both nodes anonymously
- $this->drupalLogout();
- $this->drupalGet('node/'. $this->node1->nid .'/edit');
- $this->assertText(t('Access denied'), 'node1 is not editable');
- $this->drupalGet('node/'. $this->node2->nid .'/edit');
- $this->assertText(t('Access denied'), 'node2 is not editable');
- // Login test user, edit node1, access must be denied
- $this->drupalLogin($this->test_user);
- $this->drupalGet('node/'. $this->node1->nid .'/edit');
- $this->assertText(t('Access denied'), 'node1 is not editable');
- // Edit node2, access must be granted
- $this->drupalGet('node/'. $this->node2->nid .'/edit');
- $this->assertNoText(t('Access denied'), 'node2 is editable');
- }
- /**
- * Test for deleting nodes
- */
- function testDeleteAccess() {
- // Logout admin and try to delete the node anonymously
- $this->drupalLogout();
- $this->drupalGet('node/'. $this->node1->nid .'/delete');
- $this->assertText(t('Access denied'), 'delete access denied for anonymous');
- // Login test user, delete node, access must be denied
- $this->drupalLogin($this->test_user);
- $this->drupalGet('node/'. $this->node1->nid .'/delete');
- $this->assertText(t('Access denied'), 'delete access denied for test user');
- // Login admin and grant access for deleting to the test user
- $this->drupalLogin($this->admin_user);
- $this->changeAccessContentTypeKeyword('delete');
- // Logout admin and try to edit the node anonymously
- // access must be denied again
- $this->drupalLogout();
- $this->drupalGet('node/'. $this->node1->nid .'/delete');
- $this->assertText(t('Access denied'), 'delete access denied for anonymous');
- // Login test user, delete node, access must be granted
- $this->drupalLogin($this->test_user);
- $this->drupalPost('node/'. $this->node1->nid .'/delete', array(), 'Delete');
- $this->assertRaw(t('%node has been deleted', array('%node' => $this->node1->title)), 'Test node was deleted successfully by test user');
- // Login admin and recreate test node1
- $this->drupalLogin($this->admin_user);
- $this->node1 = $this->drupalCreateNode(array('type' => $this->content_type->type));
- // Enable per node access
- $this->changeAccessPerNode();
- // Restrict access for this content type for the test user
- $this->changeAccessContentTypeKeyword('delete', FALSE);
- // Allow acces for node1 only
- $this->changeAccessNodeKeyword($this->node1, 'delete');
- // Logout admin and try to delete both nodes anonymously
- $this->drupalLogout();
- $this->drupalGet('node/'. $this->node1->nid .'/delete');
- $this->assertText(t('Access denied'), 'node1 is not deletable');
- $this->drupalGet('node/'. $this->node2->nid .'/delete');
- $this->assertText(t('Access denied'), 'node2 is not deletable');
- // Login test user, delete node1, access must be granted
- $this->drupalLogin($this->test_user);
- $this->drupalGet('node/'. $this->node1->nid .'/delete');
- $this->assertNoText(t('Access denied'), 'node1 is deletable');
- // Delete node2, access must be denied
- $this->drupalGet('node/'. $this->node2->nid .'/delete');
- $this->assertText(t('Access denied'), 'node2 is not deletable');
- // Login admin, swap permissions between node1 and node2
- $this->drupalLogin($this->admin_user);
- // Grant delete access to node2
- $this->changeAccessNodeKeyword($this->node2, 'delete');
- // Restrict delete acces to node1
- $this->changeAccessNodeKeyword($this->node1, 'delete', FALSE);
- // Logout admin and try to delete both nodes anonymously
- $this->drupalLogout();
- $this->drupalGet('node/'. $this->node1->nid .'/delete');
- $this->assertText(t('Access denied'), 'node1 is not deletable');
- $this->drupalGet('node/'. $this->node2->nid .'/delete');
- $this->assertText(t('Access denied'), 'node2 is not deletable');
- // Login test user, delete node1, access must be denied
- $this->drupalLogin($this->test_user);
- $this->drupalGet('node/'. $this->node1->nid .'/delete');
- $this->assertText(t('Access denied'), 'node1 is not deletable');
- // Delete node2, access must be granted
- $this->drupalGet('node/'. $this->node2->nid .'/delete');
- $this->assertNoText(t('Access denied'), 'node2 is deletable');
- }
- /**
- * Test own view access
- */
- function testOwnViewAccess() {
- // Setup 2 test users
- $test_user1 = $this->test_user;
- $test_user2 = $this->drupalCreateUser();
- // Change ownership of test nodes to test users
- $this->node1->uid = $test_user1->uid;
- node_save($this->node1);
- $this->node2->uid = $test_user2->uid;
- node_save($this->node2);
- // Remove all view permissions for this content type
- $access_permissions = array(
- 'view[1]' => FALSE,
- 'view[2]' => FALSE,
- 'view_own[1]' => FALSE,
- 'view_own[2]' => FALSE,
- );
- $this->changeAccessContentType($access_permissions);
- // Allow view own content for test user 1 and 2 roles
- $this->changeAccessContentTypeKeyword('view_own', TRUE, $test_user1);
- $this->changeAccessContentTypeKeyword('view_own', TRUE, $test_user2);
- // Logout admin and try to access both nodes anonymously
- $this->drupalLogout();
- $this->drupalGet('node/'. $this->node1->nid);
- $this->assertText(t('Access denied'), 'node1 is not viewable');
- $this->drupalGet('node/'. $this->node2->nid);
- $this->assertText(t('Access denied'), 'node2 is not viewable');
- // Login test user 1, view node1, access must be granted
- $this->drupalLogin($test_user1);
- $this->drupalGet('node/'. $this->node1->nid);
- $this->assertNoText(t('Access denied'), 'node1 is viewable');
- // View node2, access must be denied
- $this->drupalGet('node/'. $this->node2->nid);
- $this->assertText(t('Access denied'), 'node2 is not viewable');
- // Login test user 2, view node1, access must be denied
- $this->drupalLogin($test_user2);
- $this->drupalGet('node/'. $this->node1->nid);
- $this->assertText(t('Access denied'), 'node1 is not viewable');
- // View node2, access must be granted
- $this->drupalGet('node/'. $this->node2->nid);
- $this->assertNoText(t('Access denied'), 'node2 is viewable');
- }
- }
|