function FileFieldWidgetTestCase::testPrivateFileComment
Tests that download restrictions on private files work on comments.
File
-
modules/
file/ tests/ file.test, line 948
Class
- FileFieldWidgetTestCase
- Tests file field widget.
Code
function testPrivateFileComment() {
$user = $this->drupalCreateUser(array(
'access comments',
));
// Remove access comments permission from anon user.
$edit = array(
DRUPAL_ANONYMOUS_RID . '[access comments]' => FALSE,
);
$this->drupalPost('admin/people/permissions', $edit, t('Save permissions'));
// Create a new field.
$edit = array(
'fields[_add_new_field][label]' => $label = $this->randomName(),
'fields[_add_new_field][field_name]' => $name = strtolower($this->randomName()),
'fields[_add_new_field][type]' => 'file',
'fields[_add_new_field][widget_type]' => 'file_generic',
);
$this->drupalPost('admin/structure/types/manage/article/comment/fields', $edit, t('Save'));
$edit = array(
'field[settings][uri_scheme]' => 'private',
);
$this->drupalPost(NULL, $edit, t('Save field settings'));
$this->drupalPost(NULL, array(), t('Save settings'));
// Create node.
$text_file = $this->getTestFile('text');
$edit = array(
'title' => $this->randomName(),
);
$this->drupalPost('node/add/article', $edit, t('Save'));
$node = $this->drupalGetNodeByTitle($edit['title']);
// Add a comment with a file.
$text_file = $this->getTestFile('text');
$edit = array(
'files[field_' . $name . '_' . LANGUAGE_NONE . '_' . 0 . ']' => drupal_realpath($text_file->uri),
'comment_body[' . LANGUAGE_NONE . '][0][value]' => $comment_body = $this->randomName(),
);
$this->drupalPost(NULL, $edit, t('Save'));
// Get the comment ID.
preg_match('/comment-([0-9]+)/', $this->getUrl(), $matches);
$cid = $matches[1];
// Log in as normal user.
$this->drupalLogin($user);
$comment = comment_load($cid);
$comment_file = (object) $comment->{'field_' . $name}[LANGUAGE_NONE][0];
$this->assertFileExists($comment_file, 'New file saved to disk on node creation.');
// Test authenticated file download.
$url = file_create_url($comment_file->uri);
$this->assertNotEqual($url, NULL, 'Confirmed that the URL is valid');
$this->drupalGet(file_create_url($comment_file->uri));
$this->assertResponse(200, 'Confirmed that the generated URL is correct by downloading the shipped file.');
// Test anonymous file download.
$this->drupalLogout();
$this->drupalGet(file_create_url($comment_file->uri));
$this->assertResponse(403, 'Confirmed that access is denied for the file without the needed permission.');
// Unpublishes node.
$this->drupalLogin($this->admin_user);
$edit = array(
'status' => FALSE,
);
$this->drupalPost('node/' . $node->nid . '/edit', $edit, t('Save'));
// Ensures normal user can no longer download the file.
$this->drupalLogin($user);
$this->drupalGet(file_create_url($comment_file->uri));
$this->assertResponse(403, 'Confirmed that access is denied for the file without the needed permission.');
}
Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.