Same name in this branch
  1. 10 core/modules/content_moderation/tests/src/Functional/NodeAccessTest.php \Drupal\Tests\content_moderation\Functional\NodeAccessTest
  2. 10 core/modules/content_moderation/tests/src/Kernel/NodeAccessTest.php \Drupal\Tests\content_moderation\Kernel\NodeAccessTest
  3. 10 core/modules/node/tests/src/Kernel/NodeAccessTest.php \Drupal\Tests\node\Kernel\NodeAccessTest
Same name and namespace in other branches
  1. 8.9.x core/modules/node/tests/src/Kernel/NodeAccessTest.php \Drupal\Tests\node\Kernel\NodeAccessTest
  2. 9 core/modules/node/tests/src/Kernel/NodeAccessTest.php \Drupal\Tests\node\Kernel\NodeAccessTest

Tests basic node_access functionality.

@group node

Hierarchy

Expanded class hierarchy of NodeAccessTest

File

core/modules/node/tests/src/Kernel/NodeAccessTest.php, line 10

Namespace

Drupal\Tests\node\Kernel
View source
class NodeAccessTest extends NodeAccessTestBase {

  /**
   * Runs basic tests for node_access function.
   */
  public function testNodeAccess() {

    // Ensures user without 'access content' permission can do nothing.
    $web_user1 = $this
      ->drupalCreateUser([
      'create page content',
      'edit any page content',
      'delete any page content',
    ]);
    $node1 = $this
      ->drupalCreateNode([
      'type' => 'page',
    ]);
    $this
      ->assertNodeCreateAccess($node1
      ->bundle(), FALSE, $web_user1);
    $this
      ->assertNodeAccess([
      'view' => FALSE,
      'update' => FALSE,
      'delete' => FALSE,
    ], $node1, $web_user1);

    // Ensures user with 'bypass node access' permission can do everything.
    $web_user2 = $this
      ->drupalCreateUser([
      'bypass node access',
    ]);
    $node2 = $this
      ->drupalCreateNode([
      'type' => 'page',
    ]);
    $this
      ->assertNodeCreateAccess($node2
      ->bundle(), TRUE, $web_user2);
    $this
      ->assertNodeAccess([
      'view' => TRUE,
      'update' => TRUE,
      'delete' => TRUE,
    ], $node2, $web_user2);

    // User cannot 'view own unpublished content'.
    $web_user3 = $this
      ->drupalCreateUser([
      'access content',
    ]);
    $node3 = $this
      ->drupalCreateNode([
      'status' => 0,
      'uid' => $web_user3
        ->id(),
    ]);
    $this
      ->assertNodeAccess([
      'view' => FALSE,
    ], $node3, $web_user3);

    // User cannot create content without permission.
    $this
      ->assertNodeCreateAccess($node3
      ->bundle(), FALSE, $web_user3);

    // User can 'view own unpublished content', but another user cannot.
    $web_user4 = $this
      ->drupalCreateUser([
      'access content',
      'view own unpublished content',
    ]);
    $web_user5 = $this
      ->drupalCreateUser([
      'access content',
      'view own unpublished content',
    ]);
    $node4 = $this
      ->drupalCreateNode([
      'status' => 0,
      'uid' => $web_user4
        ->id(),
    ]);
    $this
      ->assertNodeAccess([
      'view' => TRUE,
      'update' => FALSE,
    ], $node4, $web_user4);
    $this
      ->assertNodeAccess([
      'view' => FALSE,
    ], $node4, $web_user5);

    // Tests the default access provided for a published node.
    $node5 = $this
      ->drupalCreateNode();
    $this
      ->assertNodeAccess([
      'view' => TRUE,
      'update' => FALSE,
      'delete' => FALSE,
    ], $node5, $web_user3);

    // Tests the "edit any BUNDLE" and "delete any BUNDLE" permissions.
    $web_user6 = $this
      ->drupalCreateUser([
      'access content',
      'edit any page content',
      'delete any page content',
    ]);
    $node6 = $this
      ->drupalCreateNode([
      'type' => 'page',
    ]);
    $this
      ->assertNodeAccess([
      'view' => TRUE,
      'update' => TRUE,
      'delete' => TRUE,
    ], $node6, $web_user6);

    // Tests the "edit own BUNDLE" and "delete own BUNDLE" permission.
    $web_user7 = $this
      ->drupalCreateUser([
      'access content',
      'edit own page content',
      'delete own page content',
    ]);

    // User should not be able to edit or delete nodes they do not own.
    $this
      ->assertNodeAccess([
      'view' => TRUE,
      'update' => FALSE,
      'delete' => FALSE,
    ], $node6, $web_user7);

    // User should be able to edit or delete nodes they own.
    $node7 = $this
      ->drupalCreateNode([
      'type' => 'page',
      'uid' => $web_user7
        ->id(),
    ]);
    $this
      ->assertNodeAccess([
      'view' => TRUE,
      'update' => TRUE,
      'delete' => TRUE,
    ], $node7, $web_user7);
  }

  /**
   * Tests operations not supported by node grants.
   */
  public function testUnsupportedOperation() {
    $this
      ->enableModules([
      'node_access_test_empty',
    ]);
    $web_user = $this
      ->drupalCreateUser([
      'access content',
    ]);
    $node = $this
      ->drupalCreateNode();
    $this
      ->assertNodeAccess([
      'random_operation' => FALSE,
    ], $node, $web_user);
  }

  /**
   * Tests node grants for queries with node access checks and base table join.
   */
  public function testQueryWithBaseTableJoin() : void {
    $this
      ->enableModules([
      'node_access_test_empty',
    ]);
    $this
      ->drupalCreateNode([
      'type' => 'page',
    ]);
    $this
      ->drupalCreateNode([
      'type' => 'page',
    ]);
    $container = \Drupal::getContainer();
    $container
      ->get('current_user')
      ->setAccount($this
      ->drupalCreateUser());
    $query = \Drupal::database()
      ->select('node_field_data', 'n');

    // Intentionally add a left join of the base table on the base table with a
    // failing condition. This can, for example, happen in views with non
    // required relations.
    $query
      ->leftJoin('node_field_data', 'nc', 'n.changed = nc.nid');
    $query
      ->addTag('node_access');
    $this
      ->assertEquals(2, $query
      ->countQuery()
      ->execute()
      ->fetchField());
    $query = \Drupal::database()
      ->select('node_field_data', 'n');

    // Use a Condition object to do the left join to test that this is handled
    // correctly.
    $join_cond = \Drupal::database()
      ->condition('AND')
      ->where('[n].[changed] = [n].[changed]');
    $join_cond
      ->compile(\Drupal::database(), $query);
    $query
      ->leftJoin('node_field_data', 'nc', (string) $join_cond);
    $query
      ->addTag('node_access');
    $this
      ->assertEquals(4, $query
      ->countQuery()
      ->execute()
      ->fetchField());
  }

}

Members

Namesort descending Modifiers Type Description Overrides
ContentTypeCreationTrait::createContentType protected function Creates a custom content type based on default settings. Aliased as: drupalCreateContentType
NodeAccessTest::testNodeAccess public function Runs basic tests for node_access function.
NodeAccessTest::testQueryWithBaseTableJoin public function Tests node grants for queries with node access checks and base table join.
NodeAccessTest::testUnsupportedOperation public function Tests operations not supported by node grants.
NodeAccessTestBase::$accessHandler protected property Access handler.
NodeAccessTestBase::$modules protected static property 5
NodeAccessTestBase::assertNodeAccess public function Asserts that node access correctly grants or denies access.
NodeAccessTestBase::assertNodeCreateAccess public function Asserts that node create access correctly grants or denies access.
NodeAccessTestBase::nodeAccessAssertMessage public function Constructs an assert message to display which node access was tested.
NodeAccessTestBase::setUp protected function 4
NodeCreationTrait::createNode protected function Creates a node based on default settings. Aliased as: drupalCreateNode
NodeCreationTrait::getNodeByTitle public function Get a node from the database based on its title. Aliased as: drupalGetNodeByTitle
UserCreationTrait::checkPermissions protected function Checks whether a given list of permission names is valid.
UserCreationTrait::createAdminRole protected function Creates an administrative role. Aliased as: drupalCreateAdminRole
UserCreationTrait::createRole protected function Creates a role with specified permissions. Aliased as: drupalCreateRole
UserCreationTrait::createUser protected function Create a user with a given set of permissions. Aliased as: drupalCreateUser
UserCreationTrait::grantPermissions protected function Grant permissions to a user role.
UserCreationTrait::setCurrentUser protected function Switch the current logged in user.
UserCreationTrait::setUpCurrentUser protected function Creates a random user account and sets it as current user.