function InlineBlockPrivateFilesTest::testPrivateFiles

Same name in other branches
  1. 9 core/modules/layout_builder/tests/src/FunctionalJavascript/InlineBlockPrivateFilesTest.php \Drupal\Tests\layout_builder\FunctionalJavascript\InlineBlockPrivateFilesTest::testPrivateFiles()
  2. 10 core/modules/layout_builder/tests/src/FunctionalJavascript/InlineBlockPrivateFilesTest.php \Drupal\Tests\layout_builder\FunctionalJavascript\InlineBlockPrivateFilesTest::testPrivateFiles()
  3. 11.x core/modules/layout_builder/tests/src/FunctionalJavascript/InlineBlockPrivateFilesTest.php \Drupal\Tests\layout_builder\FunctionalJavascript\InlineBlockPrivateFilesTest::testPrivateFiles()

Test access to private files added via inline blocks in the layout builder.

File

core/modules/layout_builder/tests/src/FunctionalJavascript/InlineBlockPrivateFilesTest.php, line 63

Class

InlineBlockPrivateFilesTest
Test access to private files in block fields on the Layout Builder.

Namespace

Drupal\Tests\layout_builder\FunctionalJavascript

Code

public function testPrivateFiles() {
    $assert_session = $this->assertSession();
    $this->drupalLogin($this->drupalCreateUser([
        'access contextual links',
        'configure any layout',
        'administer node display',
        'administer node fields',
        'create and edit custom blocks',
    ]));
    // Enable layout builder and overrides.
    $this->drupalPostForm(static::FIELD_UI_PREFIX . '/display/default', [
        'layout[enabled]' => TRUE,
        'layout[allow_custom]' => TRUE,
    ], 'Save');
    $this->drupalLogout();
    // Log in as user you can only configure layouts and access content.
    $this->drupalLogin($this->drupalCreateUser([
        'access contextual links',
        'configure any layout',
        'access content',
        'create and edit custom blocks',
    ]));
    $this->drupalGet('node/1/layout');
    // @todo Occasionally SQLite has database locks here. Waiting seems to
    //   resolve it. https://www.drupal.org/project/drupal/issues/3055983
    $assert_session->assertWaitOnAjaxRequest();
    $file = $this->createPrivateFile('drupal.txt');
    $file_real_path = $this->fileSystem
        ->realpath($file->getFileUri());
    $this->assertFileExists($file_real_path);
    $this->addInlineFileBlockToLayout('The file', $file);
    $this->assertSaveLayout();
    $this->drupalGet('node/1');
    $private_href1 = $this->assertFileAccessibleOnNode($file);
    // Remove the inline block with the private file.
    $this->drupalGet('node/1/layout');
    $this->removeInlineBlockFromLayout();
    $this->assertSaveLayout();
    $this->drupalGet('node/1');
    $assert_session->pageTextNotContains($file->label());
    // Try to access file directly after it has been removed. Since a new
    // revision was not created for the node the inline block is not in the
    // layout of a previous revision of the node.
    $this->drupalGet($private_href1);
    $assert_session->pageTextContains('You are not authorized to access this page');
    $assert_session->pageTextNotContains($this->getFileSecret($file));
    $this->assertFileExists($file_real_path);
    $file2 = $this->createPrivateFile('2ndFile.txt');
    $this->drupalGet('node/1/layout');
    $this->addInlineFileBlockToLayout('Number2', $file2);
    $this->assertSaveLayout();
    $this->drupalGet('node/1');
    $private_href2 = $this->assertFileAccessibleOnNode($file2);
    $this->createNewNodeRevision(1);
    $file3 = $this->createPrivateFile('3rdFile.txt');
    $this->drupalGet('node/1/layout');
    $this->replaceFileInBlock($file3);
    $this->assertSaveLayout();
    $this->drupalGet('node/1');
    $private_href3 = $this->assertFileAccessibleOnNode($file3);
    // $file2 is on a previous revision of the block which is on a previous
    // revision of the node. The user does not have access to view the previous
    // revision of the node.
    $this->drupalGet($private_href2);
    $assert_session->pageTextContains('You are not authorized to access this page');
    $node = Node::load(1);
    $node->setUnpublished();
    $node->save();
    $this->drupalGet('node/1');
    $assert_session->pageTextContains('You are not authorized to access this page');
    $this->drupalGet($private_href3);
    $assert_session->pageTextNotContains($this->getFileSecret($file3));
    $assert_session->pageTextContains('You are not authorized to access this page');
    $this->drupalGet('node/2/layout');
    $file4 = $this->createPrivateFile('drupal_4.txt');
    $this->addInlineFileBlockToLayout('The file', $file4);
    $this->assertSaveLayout();
    $this->drupalGet('node/2');
    $private_href4 = $this->assertFileAccessibleOnNode($file4);
    $this->createNewNodeRevision(2);
    // Remove the inline block with the private file.
    // The inline block will still be attached to the previous revision of the
    // node.
    $this->drupalGet('node/2/layout');
    $this->removeInlineBlockFromLayout();
    $this->assertSaveLayout();
    // Ensure that since the user cannot view the previous revision of the node
    // they can not view the file which is only used on that revision.
    $this->drupalGet($private_href4);
    $assert_session->pageTextContains('You are not authorized to access this page');
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.