function BulkFormAccessTest::testNodeEditAccess

Same name and namespace in other branches
  1. 9 core/modules/node/tests/src/Functional/Views/BulkFormAccessTest.php \Drupal\Tests\node\Functional\Views\BulkFormAccessTest::testNodeEditAccess()
  2. 8.9.x core/modules/node/tests/src/Functional/Views/BulkFormAccessTest.php \Drupal\Tests\node\Functional\Views\BulkFormAccessTest::testNodeEditAccess()
  3. 11.x core/modules/node/tests/src/Functional/Views/BulkFormAccessTest.php \Drupal\Tests\node\Functional\Views\BulkFormAccessTest::testNodeEditAccess()

Tests if nodes that may not be edited, can not be edited in bulk.

File

core/modules/node/tests/src/Functional/Views/BulkFormAccessTest.php, line 68

Class

BulkFormAccessTest
Tests if entity access is respected on a node bulk operations form.

Namespace

Drupal\Tests\node\Functional\Views

Code

public function testNodeEditAccess() : void {
  // Create an account who will be the author of a private node.
  $author = $this->drupalCreateUser();
  // Create a private node (author may view, edit and delete, others may not).
  $node = $this->drupalCreateNode([
    'type' => 'article',
    'private' => [
      [
        'value' => TRUE,
      ],
    ],
    'uid' => $author->id(),
  ]);
  // Create an account that may view the private node, but not edit it.
  $account = $this->drupalCreateUser([
    'node test view',
  ]);
  $this->drupalLogin($account);
  // Ensure the node is published.
  $this->assertTrue($node->isPublished(), 'Node is initially published.');
  // Ensure that the node can not be edited.
  $this->assertFalse($this->accessHandler
    ->access($node, 'update', $account), 'The node may not be edited.');
  // Test editing the node using the bulk form.
  $edit = [
    'node_bulk_form[0]' => TRUE,
    'action' => 'node_unpublish_action',
  ];
  $this->drupalGet('test-node-bulk-form');
  $this->submitForm($edit, 'Apply to selected items');
  $this->assertSession()
    ->pageTextContains("No access to execute Unpublish content on the Content {$node->label()}.");
  // Re-load the node and check the status.
  $node = Node::load($node->id());
  $this->assertTrue($node->isPublished(), 'The node is still published.');
  // Create an account that may view the private node, but can update the
  // status.
  $account = $this->drupalCreateUser([
    'administer nodes',
    'node test view',
  ]);
  $this->drupalLogin($account);
  // Ensure the node is published.
  $this->assertTrue($node->isPublished(), 'Node is initially published.');
  // Ensure that the private node can not be edited.
  $this->assertFalse($node->access('update', $account), 'The node may not be edited.');
  $this->assertTrue($node->status
    ->access('edit', $account), 'The node status can be edited.');
  // Test editing the node using the bulk form.
  $edit = [
    'node_bulk_form[0]' => TRUE,
    'action' => 'node_unpublish_action',
  ];
  $this->drupalGet('test-node-bulk-form');
  $this->submitForm($edit, 'Apply to selected items');
  // Test that the action message isn't shown.
  $this->assertSession()
    ->pageTextNotContains("Unpublish content was applied to 1 item.");
  // Re-load the node and check the status.
  $node = Node::load($node->id());
  $this->assertTrue($node->isPublished(), 'The node is still published.');
  // Try to delete the node and check that we are not redirected to the
  // conformation form but stay on the content view.
  $this->assertNotEmpty($this->cssSelect('#views-form-test-node-bulk-form-page-1'));
  $edit = [
    'node_bulk_form[0]' => TRUE,
    'action' => 'node_delete_action',
  ];
  $this->drupalGet('test-node-bulk-form');
  $this->submitForm($edit, 'Apply to selected items');
  // Test that the action message isn't shown.
  $this->assertSession()
    ->pageTextContains("No access to execute Delete content on the Content {$node->label()}.");
  $this->assertNotEmpty($this->cssSelect('#views-form-test-node-bulk-form-page-1'));
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.