function NodeAccessRebuildNodeGrantsTest::testNodeAccessRebuildNodeGrants

Tests rebuilding the node access permissions table with content.

File

core/modules/node/tests/src/Functional/NodeAccessRebuildNodeGrantsTest.php, line 53

Class

NodeAccessRebuildNodeGrantsTest

Ensures that node access rebuild functions work correctly even when other modules implements <a href="/api/drupal/core%21modules%21node%21node.api.php/function/hook_node_grants/8.9.x" title="Inform the node access system what permissions the user has." class="local">hook_node_grants</a>().

Namespace

Code

public function testNodeAccessRebuildNodeGrants() {
    \Drupal::service('module_installer')->install([
        'node_access_test',
    ]);
    \Drupal::state()->set('node_access_test.private', TRUE);
    node_access_test_add_field(NodeType::load('page'));
    $this->resetAll();
    // Create 30 nodes so that _node_access_rebuild_batch_operation() has to run
    // more than once.
    for ($i = 0; $i < 30; $i++) {
        $nodes[] = $this->drupalCreateNode([
            'uid' => $this->webUser
                ->id(),
            'private' => [
                [
                    'value' => 1,
                ],
            ],
        ]);
    }
    
    /** @var \Drupal\node\NodeGrantDatabaseStorageInterface $grant_storage */
    $grant_storage = \Drupal::service('node.grant_storage');
    // Default realm access and node records are present.
    foreach ($nodes as $node) {
        $this->assertNotEmpty($node->private->value);
        $this->assertTrue($grant_storage->access($node, 'view', $this->webUser)
            ->isAllowed(), 'Prior to rebuilding node access the grant storage returns allowed for the node author.');
        $this->assertTrue($grant_storage->access($node, 'view', $this->adminUser)
            ->isAllowed(), 'Prior to rebuilding node access the grant storage returns allowed for the admin user.');
    }
    $this->assertEqual(1, \Drupal::service('node.grant_storage')->checkAll($this->webUser), 'There is an all realm access record');
    $this->assertTrue(\Drupal::state()->get('node.node_access_needs_rebuild'), 'Node access permissions need to be rebuilt');
    // Rebuild permissions.
    $this->drupalGet('admin/reports/status');
    $this->clickLink(t('Rebuild permissions'));
    $this->drupalPostForm(NULL, [], t('Rebuild permissions'));
    $this->assertText(t('The content access permissions have been rebuilt.'));
    // Test if the rebuild by user that cannot bypass node access and does not
    // have access to the nodes has been successful.
    $this->assertFalse($this->adminUser
        ->hasPermission('bypass node access'));
    $this->assertNull(\Drupal::state()->get('node.node_access_needs_rebuild'), 'Node access permissions have been rebuilt');
    foreach ($nodes as $node) {
        $this->assertTrue($grant_storage->access($node, 'view', $this->webUser)
            ->isAllowed(), 'After rebuilding node access the grant storage returns allowed for the node author.');
        $this->assertFalse($grant_storage->access($node, 'view', $this->adminUser)
            ->isForbidden(), 'After rebuilding node access the grant storage returns forbidden for the admin user.');
    }
    $this->assertEmpty(\Drupal::service('node.grant_storage')->checkAll($this->webUser), 'There is no all realm access record');
    // Test an anonymous node access rebuild from code.
    $this->drupalLogout();
    node_access_rebuild();
    foreach ($nodes as $node) {
        $this->assertTrue($grant_storage->access($node, 'view', $this->webUser)
            ->isAllowed(), 'After rebuilding node access the grant storage returns allowed for the node author.');
        $this->assertFalse($grant_storage->access($node, 'view', $this->adminUser)
            ->isForbidden(), 'After rebuilding node access the grant storage returns forbidden for the admin user.');
    }
    $this->assertEmpty(\Drupal::service('node.grant_storage')->checkAll($this->webUser), 'There is no all realm access record');
}