function EditorPrivateFileReferenceFilterTest::testEditorPrivateFileReferenceFilter

Tests the editor file reference filter with private files.

File

core/modules/editor/tests/src/Functional/EditorPrivateFileReferenceFilterTest.php, line 43

Class

EditorPrivateFileReferenceFilterTest

Tests Editor module's file reference filter with private files.

Namespace

Code

public function testEditorPrivateFileReferenceFilter() : void {
  $author = $this->drupalCreateUser();
  $this->drupalLogin($author);
  // Create a content type with a body field.
  $this->drupalCreateContentType([
    'type' => 'page',
    'name' => 'Basic page',
  ]);
  // Create a file in the 'private:// ' stream.
  $filename = 'test.png';
  $src = '/system/files/' . $filename;
  /** @var \Drupal\file\FileInterface $file */
  $file = File::create([
    'uri' => 'private://' . $filename,
  ]);
  $file->setTemporary();
  $file->setOwner($author);
  // Create the file itself.
  file_put_contents($file->getFileUri(), $this->randomString());
  $file->save();
  // The image should be visible for its author.
  $this->drupalGet($src);
  $this->assertSession()
    ->statusCodeEquals(200);
  // The not-yet-permanent image should NOT be visible for anonymous.
  $this->drupalLogout();
  $this->drupalGet($src);
  $this->assertSession()
    ->statusCodeEquals(403);
  // Resave the file to be permanent.
  $file->setPermanent();
  $file->save();
  // Create some nodes to ensure file usage count does not match the ID's
  // of the nodes we are going to check.
  for ($i = 0; $i < 5; $i++) {
    $this->drupalCreateNode([
      'type' => 'page',
      'uid' => $author->id(),
    ]);
  }
  // Create a node with its body field properly pointing to the just-created
  // file.
  $published_node = $this->drupalCreateNode([
    'type' => 'page',
    'body' => [
      'value' => '<img alt="alt" data-entity-type="file" data-entity-uuid="' . $file->uuid() . '" src="' . $src . '" />',
      'format' => 'private_images',
    ],
    'uid' => $author->id(),
  ]);
  // Create an unpublished node with its body field properly pointing to the
  // just-created file.
  $unpublished_node = $this->drupalCreateNode([
    'type' => 'page',
    'status' => NodeInterface::NOT_PUBLISHED,
    'body' => [
      'value' => '<img alt="alt" data-entity-type="file" data-entity-uuid="' . $file->uuid() . '" src="' . $src . '" />',
      'format' => 'private_images',
    ],
    'uid' => $author->id(),
  ]);
  // Do the actual test. The image should be visible for anonymous users,
  // because they can view the published node. Even though they can't view
  // the unpublished node.
  $this->drupalGet($published_node->toUrl());
  $this->assertSession()
    ->statusCodeEquals(200);
  $this->drupalGet($unpublished_node->toUrl());
  $this->assertSession()
    ->statusCodeEquals(403);
  $this->drupalGet($src);
  $this->assertSession()
    ->statusCodeEquals(200);
  // When the published node is also unpublished, the image should also
  // become inaccessible to anonymous users.
  $published_node->setUnpublished()
    ->save();
  $this->drupalGet($published_node->toUrl());
  $this->assertSession()
    ->statusCodeEquals(403);
  $this->drupalGet($src);
  $this->assertSession()
    ->statusCodeEquals(403);
  // Disallow anonymous users to view the entity, which then should also
  // disallow them to view the image.
  $published_node->setPublished()
    ->save();
  Role::load(RoleInterface::ANONYMOUS_ID)->revokePermission('access content')
    ->save();
  $this->drupalGet($published_node->toUrl());
  $this->assertSession()
    ->statusCodeEquals(403);
  $this->drupalGet($src);
  $this->assertSession()
    ->statusCodeEquals(403);
}