function BulkFormAccessTest::testNodeEditAccess

Tests if nodes that may not be edited, can not be edited in bulk.

File

core/modules/node/tests/src/Functional/Views/BulkFormAccessTest.php, line 69

Class

BulkFormAccessTest

Tests if entity access is respected on a node bulk operations form.

Namespace

Code

public function testNodeEditAccess() {
    // Create an account who will be the author of a private node.
    $author = $this->drupalCreateUser();
    // Create a private node (author may view, edit and delete, others may not).
    $node = $this->drupalCreateNode([
        'type' => 'article',
        'private' => [
            [
                'value' => TRUE,
            ],
        ],
        'uid' => $author->id(),
    ]);
    // Create an account that may view the private node, but not edit it.
    $account = $this->drupalCreateUser([
        'node test view',
    ]);
    $this->drupalLogin($account);
    // Ensure the node is published.
    $this->assertTrue($node->isPublished(), 'Node is initially published.');
    // Ensure that the node can not be edited.
    $this->assertEqual(FALSE, $this->accessHandler
        ->access($node, 'update', $account), 'The node may not be edited.');
    // Test editing the node using the bulk form.
    $edit = [
        'node_bulk_form[0]' => TRUE,
        'action' => 'node_unpublish_action',
    ];
    $this->drupalPostForm('test-node-bulk-form', $edit, t('Apply to selected items'));
    $this->assertRaw(new FormattableMarkup('No access to execute %action on the @entity_type_label %entity_label.', [
        '%action' => 'Unpublish content',
        '@entity_type_label' => 'Content',
        '%entity_label' => $node->label(),
    ]));
    // Re-load the node and check the status.
    $node = Node::load($node->id());
    $this->assertTrue($node->isPublished(), 'The node is still published.');
    // Create an account that may view the private node, but can update the
    // status.
    $account = $this->drupalCreateUser([
        'administer nodes',
        'node test view',
    ]);
    $this->drupalLogin($account);
    // Ensure the node is published.
    $this->assertTrue($node->isPublished(), 'Node is initially published.');
    // Ensure that the private node can not be edited.
    $this->assertEqual(FALSE, $node->access('update', $account), 'The node may not be edited.');
    $this->assertEqual(TRUE, $node->status
        ->access('edit', $account), 'The node status can be edited.');
    // Test editing the node using the bulk form.
    $edit = [
        'node_bulk_form[0]' => TRUE,
        'action' => 'node_unpublish_action',
    ];
    $this->drupalPostForm('test-node-bulk-form', $edit, t('Apply to selected items'));
    // Test that the action message isn't shown.
    $this->assertNoRaw(new FormattableMarkup('%action was applied to 1 item.', [
        '%action' => 'Unpublish content',
    ]));
    // Re-load the node and check the status.
    $node = Node::load($node->id());
    $this->assertTrue($node->isPublished(), 'The node is still published.');
    // Try to delete the node and check that we are not redirected to the
    // conformation form but stay on the content view.
    $this->assertNotEmpty($this->cssSelect('#views-form-test-node-bulk-form-page-1'));
    $edit = [
        'node_bulk_form[0]' => TRUE,
        'action' => 'node_delete_action',
    ];
    $this->drupalPostForm('test-node-bulk-form', $edit, t('Apply to selected items'));
    // Test that the action message isn't shown.
    $this->assertRaw(new FormattableMarkup('No access to execute %action on the @entity_type_label %entity_label.', [
        '%action' => 'Delete content',
        '@entity_type_label' => 'Content',
        '%entity_label' => $node->label(),
    ]));
    $this->assertNotEmpty($this->cssSelect('#views-form-test-node-bulk-form-page-1'));
}