function ImageStyleDownloadAccessControlTest::testPrivateThroughPublicRoute
Same name in other branches
- 10 core/modules/image/tests/src/Functional/ImageStyleDownloadAccessControlTest.php \Drupal\Tests\image\Functional\ImageStyleDownloadAccessControlTest::testPrivateThroughPublicRoute()
Ensures that private:// access is forbidden through image.style_public.
File
-
core/
modules/ image/ tests/ src/ Functional/ ImageStyleDownloadAccessControlTest.php, line 76
Class
- ImageStyleDownloadAccessControlTest
- Tests access control for downloading image styles.
Namespace
Drupal\Tests\image\FunctionalCode
public function testPrivateThroughPublicRoute() : void {
$this->fileSystem
->copy(\Drupal::root() . '/core/tests/fixtures/files/image-1.png', 'private://image.png');
// Manually create the file record for the private:// file as we want it
// to be temporary to pass hook_download() acl's.
$values = [
'uid' => $this->rootUser
->id(),
'status' => 0,
'filename' => 'image.png',
'uri' => 'private://image.png',
'filesize' => filesize('private://image.png'),
'filemime' => 'image/png',
];
$private_file = File::create($values);
$private_file->save();
$this->assertNotFalse(getimagesize($private_file->getFileUri()));
$token = $this->style
->getPathToken('private://image.png');
$public_route_private_scheme = Url::fromRoute('image.style_public', [
'image_style' => $this->style
->id(),
'scheme' => 'private',
])
->setAbsolute(TRUE);
$generate_url = $public_route_private_scheme->toString() . '/image.png?itok=' . $token;
$this->drupalLogin($this->rootUser);
$this->drupalGet($generate_url);
$this->drupalGet(PublicStream::basePath() . '/styles/' . $this->style
->id() . '/private/image.png');
$this->assertSession()
->statusCodeEquals(403);
}
Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.