function NodeAccessBaseTableTest::testNodeAccessBasic

Same name in other branches
  1. 9 core/modules/node/tests/src/Functional/NodeAccessBaseTableTest.php \Drupal\Tests\node\Functional\NodeAccessBaseTableTest::testNodeAccessBasic()
  2. 8.9.x core/modules/node/tests/src/Functional/NodeAccessBaseTableTest.php \Drupal\Tests\node\Functional\NodeAccessBaseTableTest::testNodeAccessBasic()
  3. 10 core/modules/node/tests/src/Functional/NodeAccessBaseTableTest.php \Drupal\Tests\node\Functional\NodeAccessBaseTableTest::testNodeAccessBasic()

Tests the "private" node access functionality.

  • Create 2 users with "access content" and "create article" permissions.
  • Each user creates one private and one not private article.
  • Test that each user can view the other user's non-private article.
  • Test that each user cannot view the other user's private article.
  • Test that each user finds only appropriate (non-private + own private) in taxonomy listing.
  • Create another user with 'view any private content'.
  • Test that user 4 can view all content created above.
  • Test that user 4 can view all content on taxonomy listing.

File

core/modules/node/tests/src/Functional/NodeAccessBaseTableTest.php, line 125

Class

NodeAccessBaseTableTest
Tests behavior of the node access subsystem if the base table is not node.

Namespace

Drupal\Tests\node\Functional

Code

public function testNodeAccessBasic() : void {
    $num_simple_users = 2;
    $simple_users = [];
    // Nodes keyed by uid and nid: $nodes[$uid][$nid] = $is_private;
    $this->nodesByUser = [];
    // Titles keyed by nid.
    $titles = [];
    // Array of nids marked private.
    $private_nodes = [];
    for ($i = 0; $i < $num_simple_users; $i++) {
        $simple_users[$i] = $this->drupalCreateUser([
            'access content',
            'create article content',
        ]);
    }
    foreach ($simple_users as $this->webUser) {
        $this->drupalLogin($this->webUser);
        foreach ([
            0 => 'Public',
            1 => 'Private',
        ] as $is_private => $type) {
            $edit = [
                'title[0][value]' => "{$type} Article created by " . $this->webUser
                    ->getAccountName(),
            ];
            if ($is_private) {
                $edit['private[0][value]'] = TRUE;
                $edit['body[0][value]'] = 'private node';
                $edit['field_tags[target_id]'] = 'private';
            }
            else {
                $edit['body[0][value]'] = 'public node';
                $edit['field_tags[target_id]'] = 'public';
            }
            $this->drupalGet('node/add/article');
            $this->submitForm($edit, 'Save');
            $node = $this->drupalGetNodeByTitle($edit['title[0][value]']);
            $this->assertEquals($is_private, (int) $node->private->value, 'The private status of the node was properly set in the node_access_test table.');
            if ($is_private) {
                $private_nodes[] = $node->id();
            }
            $titles[$node->id()] = $edit['title[0][value]'];
            $this->nodesByUser[$this->webUser
                ->id()][$node->id()] = $is_private;
        }
    }
    $public_tids = \Drupal::entityQuery('taxonomy_term')->accessCheck(FALSE)
        ->condition('name', 'public')
        ->condition('default_langcode', 1)
        ->execute();
    $this->publicTid = reset($public_tids);
    $private_tids = \Drupal::entityQuery('taxonomy_term')->accessCheck(FALSE)
        ->condition('name', 'private')
        ->condition('default_langcode', 1)
        ->execute();
    $this->privateTid = reset($private_tids);
    $this->assertNotEmpty($this->publicTid, 'Public tid was found');
    $this->assertNotEmpty($this->privateTid, 'Private tid was found');
    foreach ($simple_users as $this->webUser) {
        $this->drupalLogin($this->webUser);
        // Check own nodes to see that all are readable.
        foreach ($this->nodesByUser as $uid => $data) {
            foreach ($data as $nid => $is_private) {
                $this->drupalGet('node/' . $nid);
                if ($is_private) {
                    $should_be_visible = $uid == $this->webUser
                        ->id();
                }
                else {
                    $should_be_visible = TRUE;
                }
                $this->assertSession()
                    ->statusCodeEquals($should_be_visible ? 200 : 403);
            }
        }
        // Check to see that the correct nodes are shown on taxonomy/private
        // and taxonomy/public.
        $this->assertTaxonomyPage(FALSE);
    }
    // Now test that a user with 'node test view' permissions can view content.
    $access_user = $this->drupalCreateUser([
        'access content',
        'create article content',
        'node test view',
        'search content',
    ]);
    $this->drupalLogin($access_user);
    foreach ($this->nodesByUser as $private_status) {
        foreach ($private_status as $nid => $is_private) {
            $this->drupalGet('node/' . $nid);
            $this->assertSession()
                ->statusCodeEquals(200);
        }
    }
    // This user should be able to see all of the nodes on the relevant
    // taxonomy pages.
    $this->assertTaxonomyPage(TRUE);
    // Rebuild the node access permissions, repeat the test. This is done to
    // ensure that node access is rebuilt correctly even if the current user
    // does not have the bypass node access permission.
    node_access_rebuild();
    foreach ($this->nodesByUser as $private_status) {
        foreach ($private_status as $nid => $is_private) {
            $this->drupalGet('node/' . $nid);
            $this->assertSession()
                ->statusCodeEquals(200);
        }
    }
    // This user should be able to see all of the nodes on the relevant
    // taxonomy pages.
    $this->assertTaxonomyPage(TRUE);
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.