function InlineBlockPrivateFilesTest::testPrivateFiles
Same name in other branches
- 9 core/modules/layout_builder/tests/src/FunctionalJavascript/InlineBlockPrivateFilesTest.php \Drupal\Tests\layout_builder\FunctionalJavascript\InlineBlockPrivateFilesTest::testPrivateFiles()
- 8.9.x core/modules/layout_builder/tests/src/FunctionalJavascript/InlineBlockPrivateFilesTest.php \Drupal\Tests\layout_builder\FunctionalJavascript\InlineBlockPrivateFilesTest::testPrivateFiles()
- 10 core/modules/layout_builder/tests/src/FunctionalJavascript/InlineBlockPrivateFilesTest.php \Drupal\Tests\layout_builder\FunctionalJavascript\InlineBlockPrivateFilesTest::testPrivateFiles()
Tests access to private files added to inline blocks in the layout builder.
File
-
core/
modules/ layout_builder/ tests/ src/ FunctionalJavascript/ InlineBlockPrivateFilesTest.php, line 66
Class
- InlineBlockPrivateFilesTest
- Test access to private files in block fields on the Layout Builder.
Namespace
Drupal\Tests\layout_builder\FunctionalJavascriptCode
public function testPrivateFiles() : void {
$assert_session = $this->assertSession();
LayoutBuilderEntityViewDisplay::load('node.bundle_with_section_field.default')->enableLayoutBuilder()
->setOverridable()
->save();
// Log in as user you can only configure layouts and access content.
$this->drupalLogin($this->drupalCreateUser([
'access contextual links',
'configure any layout',
'access content',
'create and edit custom blocks',
]));
$this->drupalGet('node/1/layout');
// @todo Occasionally SQLite has database locks here. Waiting seems to
// resolve it. https://www.drupal.org/project/drupal/issues/3055983
$assert_session->assertWaitOnAjaxRequest();
$file = $this->createPrivateFile('drupal.txt');
$file_real_path = $this->fileSystem
->realpath($file->getFileUri());
$this->assertFileExists($file_real_path);
$this->addInlineFileBlockToLayout('The file', $file);
$this->assertSaveLayout();
$this->drupalGet('node/1');
$private_href1 = $this->getFileHrefAccessibleOnNode($file);
// Remove the inline block with the private file.
$this->drupalGet('node/1/layout');
$this->removeInlineBlockFromLayout();
$this->assertSaveLayout();
$this->drupalGet('node/1');
$assert_session->pageTextNotContains($file->label());
// Try to access file directly after it has been removed. Since a new
// revision was not created for the node the inline block is not in the
// layout of a previous revision of the node.
$this->drupalGet($private_href1);
$assert_session->pageTextContains('You are not authorized to access this page');
$assert_session->pageTextNotContains($this->getFileSecret($file));
$this->assertFileExists($file_real_path);
$file2 = $this->createPrivateFile('2ndFile.txt');
$this->drupalGet('node/1/layout');
$this->addInlineFileBlockToLayout('Number2', $file2);
$this->assertSaveLayout();
$this->drupalGet('node/1');
$private_href2 = $this->getFileHrefAccessibleOnNode($file2);
$this->createNewNodeRevision(1);
$file3 = $this->createPrivateFile('3rdFile.txt');
$this->drupalGet('node/1/layout');
$this->replaceFileInBlock($file3);
$this->assertSaveLayout();
$this->drupalGet('node/1');
$private_href3 = $this->getFileHrefAccessibleOnNode($file3);
// $file2 is on a previous revision of the block which is on a previous
// revision of the node. The user does not have access to view the previous
// revision of the node.
$this->drupalGet($private_href2);
$assert_session->pageTextContains('You are not authorized to access this page');
$node = Node::load(1);
$node->setUnpublished();
$node->save();
$this->drupalGet('node/1');
$assert_session->pageTextContains('You are not authorized to access this page');
$this->drupalGet($private_href3);
$assert_session->pageTextNotContains($this->getFileSecret($file3));
$assert_session->pageTextContains('You are not authorized to access this page');
$this->drupalGet('node/2/layout');
$file4 = $this->createPrivateFile('drupal_4.txt');
$this->addInlineFileBlockToLayout('The file', $file4);
$this->assertSaveLayout();
$this->drupalGet('node/2');
$private_href4 = $this->getFileHrefAccessibleOnNode($file4);
$this->createNewNodeRevision(2);
// Remove the inline block with the private file.
// The inline block will still be attached to the previous revision of the
// node.
$this->drupalGet('node/2/layout');
$this->removeInlineBlockFromLayout();
$this->assertSaveLayout();
// Ensure that since the user cannot view the previous revision of the node
// they can not view the file which is only used on that revision.
$this->drupalGet($private_href4);
$assert_session->pageTextContains('You are not authorized to access this page');
}
Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.