123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338 |
- <?php
- /**
- * @file
- * Tests for Node Access example module.
- */
- /**
- * Functional tests for the Node Access Example module.
- *
- * @ingroup node_access_example
- */
- class NodeAccessExampleTestCase extends DrupalWebTestCase {
- /**
- * {@inheritdoc}
- */
- public static function getInfo() {
- return array(
- 'name' => 'Node Access Example functionality',
- 'description' => 'Checks behavior of Node Access Example.',
- 'group' => 'Examples',
- );
- }
- /**
- * Enable modules and create user with specific permissions.
- */
- public function setUp() {
- parent::setUp('node_access_example', 'search');
- node_access_rebuild();
- }
- /**
- * Test the "private" node access.
- *
- * - Create 3 users with "access content" and "create article" permissions.
- * - Each user creates one private and one not private article.
- * - Run cron to update search index.
- * - Test that each user can view the other user's non-private article.
- * - Test that each user cannot view the other user's private article.
- * - Test that each user finds only appropriate (non-private + own private)
- * in search results.
- * - Logout.
- * - Test that anonymous user can't view, edit or delete private content which
- * has author.
- * - Test that anonymous user can't view, edit or delete private content with
- * anonymous author.
- * - Create another user with 'view any private content'.
- * - Test that user 4 can view all content created above.
- * - Test that user 4 can search for all content created above.
- * - Test that user 4 cannot edit private content above.
- * - Create another user with 'edit any private content'
- * - Test that user 5 can edit private content.
- * - Test that user 5 can delete private content.
- * - Test listings of nodes with 'node_access' tag on database search.
- */
- public function testNodeAccessBasic() {
- $num_simple_users = 3;
- $simple_users = array();
- // Nodes keyed by uid and nid: $nodes[$uid][$nid] = $is_private;.
- $nodes_by_user = array();
- // Titles keyed by nid.
- $titles = array();
- // Array of nids marked private.
- $private_nodes = array();
- for ($i = 0; $i < $num_simple_users; $i++) {
- $simple_users[$i] = $this->drupalCreateUser(
- array(
- 'access content',
- 'create article content',
- 'search content',
- )
- );
- }
- foreach ($simple_users as $web_user) {
- $this->drupalLogin($web_user);
- foreach (array(0 => 'Public', 1 => 'Private') as $is_private => $type) {
- $edit = array(
- 'title' => t('@private_public Article created by @user', array('@private_public' => $type, '@user' => $web_user->name)),
- );
- if ($is_private) {
- $edit['private'] = TRUE;
- $edit['body[und][0][value]'] = 'private node';
- }
- else {
- $edit['body[und][0][value]'] = 'public node';
- }
- $this->drupalPost('node/add/article', $edit, t('Save'));
- debug(t('Created article with private=@private', array('@private' => $is_private)));
- $this->assertText(t('Article @title has been created', array('@title' => $edit['title'])));
- $nid = db_query('SELECT nid FROM {node} WHERE title = :title', array(':title' => $edit['title']))->fetchField();
- $this->assertText(t('New node @nid was created and private=@private', array('@nid' => $nid, '@private' => $is_private)));
- $private_status = db_query('SELECT private FROM {node_access_example} where nid = :nid', array(':nid' => $nid))->fetchField();
- $this->assertTrue($is_private == $private_status, 'Node was properly set to private or not private in node_access_example table.');
- if ($is_private) {
- $private_nodes[] = $nid;
- }
- $titles[$nid] = $edit['title'];
- $nodes_by_user[$web_user->uid][$nid] = $is_private;
- }
- }
- debug($nodes_by_user);
- // Build the search index.
- $this->cronRun();
- foreach ($simple_users as $web_user) {
- $this->drupalLogin($web_user);
- // Check to see that we find the number of search results expected.
- $this->checkSearchResults('Private node', 1);
- // Check own nodes to see that all are readable.
- foreach (array_keys($nodes_by_user) as $uid) {
- // All of this user's nodes should be readable to same.
- if ($uid == $web_user->uid) {
- foreach ($nodes_by_user[$uid] as $nid => $is_private) {
- $this->drupalGet('node/' . $nid);
- $this->assertResponse(200);
- $this->assertTitle($titles[$nid] . ' | Drupal', 'Correct title for node found');
- }
- }
- else {
- // Otherwise, for other users, private nodes should get a 403,
- // but we should be able to read non-private nodes.
- foreach ($nodes_by_user[$uid] as $nid => $is_private) {
- $this->drupalGet('node/' . $nid);
- $this->assertResponse(
- $is_private ? 403 : 200,
- format_string('Node @nid by user @uid should get a @response for this user (@web_user_uid)',
- array(
- '@nid' => $nid,
- '@uid' => $uid,
- '@response' => $is_private ? 403 : 200,
- '@web_user_uid' => $web_user->uid,
- )
- )
- );
- if (!$is_private) {
- $this->assertTitle($titles[$nid] . ' | Drupal', 'Correct title for node was found');
- }
- }
- }
- }
- // Check to see that the correct nodes are shown on examples/node_access.
- $this->drupalGet('examples/node_access');
- $accessible = $this->xpath("//tr[contains(@class,'accessible')]");
- $this->assertEqual(count($accessible), 1, 'One private item accessible');
- foreach ($accessible as $row) {
- $this->assertEqual($row->td[2], $web_user->uid, 'Accessible row owned by this user');
- }
- }
- // Test cases for anonymous user.
- $this->drupalLogout();
- // Test that private nodes with authors are not accessible.
- foreach ($private_nodes as $nid) {
- if (($node = node_load($nid)) === FALSE) {
- continue;
- }
- $this->checkNodeAccess($nid, FALSE, FALSE, FALSE);
- }
- // Test that private nodes that don't have author are not accessible.
- foreach ($private_nodes as $nid) {
- if (($node = node_load($nid)) === FALSE) {
- continue;
- }
- $original_uid = $node->uid;
- // Change node author to anonymous.
- $node->uid = 0;
- node_save($node);
- $node = node_load($nid);
- $this->assertEqual($node->uid, 0);
- $this->checkNodeAccess($nid, FALSE, FALSE, FALSE);
- // Change node to original author.
- $node->uid = $original_uid;
- node_save($node);
- }
- // Now test that a user with 'access any private content' can view content.
- $access_user = $this->drupalCreateUser(
- array(
- 'access content',
- 'create article content',
- 'access any private content',
- 'search content',
- )
- );
- $this->drupalLogin($access_user);
- // Check to see that we find the number of search results expected.
- $this->checkSearchResults('Private node', 3);
- foreach ($nodes_by_user as $uid => $private_status) {
- foreach ($private_status as $nid => $is_private) {
- $this->drupalGet('node/' . $nid);
- $this->assertResponse(200);
- }
- }
- // Check to see that the correct nodes are shown on examples/node_access.
- // This user should be able to see all 3 of them.
- $this->drupalGet('examples/node_access');
- $accessible = $this->xpath("//tr[contains(@class,'accessible')]");
- $this->assertEqual(count($accessible), 3);
- // Test that a user named 'foobar' can edit any private node due to
- // node_access_example_node_access(). Note that this user will not be
- // able to search for private nodes, and will not have available nodes
- // shown on examples/node_access, because node_access() is not called
- // for node listings, only for actual access to a node.
- $edit_user = $this->drupalCreateUser(
- array(
- 'access comments',
- 'access content',
- 'post comments',
- 'skip comment approval',
- 'search content',
- )
- );
- // Update the name of the user to 'foobar'.
- db_update('users')
- ->fields(array(
- 'name' => 'foobar',
- ))
- ->condition('uid', $edit_user->uid)
- ->execute();
- $edit_user->name = 'foobar';
- $this->drupalLogin($edit_user);
- // Try to edit each of the private nodes.
- foreach ($private_nodes as $nid) {
- $body = $this->randomName();
- $edit = array('body[und][0][value]' => $body);
- $this->drupalPost('node/' . $nid . '/edit', $edit, t('Save'));
- $this->assertText(t('has been updated'), 'Node was updated by "foobar" user');
- }
- // Test that a privileged user can edit and delete private content.
- // This test should go last, as the nodes get deleted.
- $edit_user = $this->drupalCreateUser(
- array(
- 'access content',
- 'access any private content',
- 'edit any private content',
- )
- );
- $this->drupalLogin($edit_user);
- foreach ($private_nodes as $nid) {
- $body = $this->randomName();
- $edit = array('body[und][0][value]' => $body);
- $this->drupalPost('node/' . $nid . '/edit', $edit, t('Save'));
- $this->assertText(t('has been updated'));
- $this->drupalPost('node/' . $nid . '/edit', array(), t('Delete'));
- $this->drupalPost(NULL, array(), t('Delete'));
- $this->assertText(t('has been deleted'));
- }
- }
- /**
- * Helper function.
- *
- * On the search page, search for a string and assert the expected number
- * of results.
- *
- * @param string $search_query
- * String to search for
- * @param int $expected_result_count
- * Expected result count
- */
- protected function checkSearchResults($search_query, $expected_result_count) {
- $this->drupalPost('search/node', array('keys' => $search_query), t('Search'));
- $search_results = $this->xpath("//ol[contains(@class, 'search-results')]/li");
- $this->assertEqual(count($search_results), $expected_result_count, 'Found the expected number of search results');
- }
- /**
- * Helper function.
- *
- * Test if a node with the id $nid has expected access grants.
- *
- * @param int $nid
- * Node that will be checked.
- *
- * @return bool
- * Checker ran successfully
- */
- protected function checkNodeAccess($nid, $grant_view, $grant_update, $grant_delete) {
- // Test if node can be viewed.
- if (!$this->checkResponse($grant_view, 'node/' . $nid)) {
- return FALSE;
- }
- // Test if private node can be edited.
- if (!$this->checkResponse($grant_update, 'node/' . $nid . '/edit')) {
- return FALSE;
- }
- // Test if private node can be deleted.
- if (!$this->checkResponse($grant_delete, 'node/' . $nid . '/delete')) {
- return FALSE;
- }
- return TRUE;
- }
- /**
- * Helper function.
- *
- * Test if there is access to an $url
- *
- * @param bool $grant
- * Access to the $url
- *
- * @param string $url
- * url to make the get call.
- *
- * @return bool
- * Get response
- */
- protected function checkResponse($grant, $url) {
- $this->drupalGet($url);
- if ($grant) {
- $response = $this->assertResponse(200);
- }
- else {
- $response = $this->assertResponse(403);
- }
- return $response;
- }
- }
|