Same name in this branch
- 10 core/modules/content_moderation/tests/src/Functional/NodeAccessTest.php \Drupal\Tests\content_moderation\Functional\NodeAccessTest
- 10 core/modules/content_moderation/tests/src/Kernel/NodeAccessTest.php \Drupal\Tests\content_moderation\Kernel\NodeAccessTest
- 10 core/modules/node/tests/src/Kernel/NodeAccessTest.php \Drupal\Tests\node\Kernel\NodeAccessTest
Same name and namespace in other branches
- 8.9.x core/modules/node/tests/src/Kernel/NodeAccessTest.php \Drupal\Tests\node\Kernel\NodeAccessTest
- 9 core/modules/node/tests/src/Kernel/NodeAccessTest.php \Drupal\Tests\node\Kernel\NodeAccessTest
Tests basic node_access functionality.
@group node
Hierarchy
- class \Drupal\Tests\node\Kernel\NodeAccessTestBase extends \Drupal\KernelTests\KernelTestBase uses ContentTypeCreationTrait, NodeCreationTrait, UserCreationTrait
- class \Drupal\Tests\node\Kernel\NodeAccessTest
Expanded class hierarchy of NodeAccessTest
File
- core/
modules/ node/ tests/ src/ Kernel/ NodeAccessTest.php, line 10
Namespace
Drupal\Tests\node\KernelView source
class NodeAccessTest extends NodeAccessTestBase {
/**
* Runs basic tests for node_access function.
*/
public function testNodeAccess() {
// Ensures user without 'access content' permission can do nothing.
$web_user1 = $this
->drupalCreateUser([
'create page content',
'edit any page content',
'delete any page content',
]);
$node1 = $this
->drupalCreateNode([
'type' => 'page',
]);
$this
->assertNodeCreateAccess($node1
->bundle(), FALSE, $web_user1);
$this
->assertNodeAccess([
'view' => FALSE,
'update' => FALSE,
'delete' => FALSE,
], $node1, $web_user1);
// Ensures user with 'bypass node access' permission can do everything.
$web_user2 = $this
->drupalCreateUser([
'bypass node access',
]);
$node2 = $this
->drupalCreateNode([
'type' => 'page',
]);
$this
->assertNodeCreateAccess($node2
->bundle(), TRUE, $web_user2);
$this
->assertNodeAccess([
'view' => TRUE,
'update' => TRUE,
'delete' => TRUE,
], $node2, $web_user2);
// User cannot 'view own unpublished content'.
$web_user3 = $this
->drupalCreateUser([
'access content',
]);
$node3 = $this
->drupalCreateNode([
'status' => 0,
'uid' => $web_user3
->id(),
]);
$this
->assertNodeAccess([
'view' => FALSE,
], $node3, $web_user3);
// User cannot create content without permission.
$this
->assertNodeCreateAccess($node3
->bundle(), FALSE, $web_user3);
// User can 'view own unpublished content', but another user cannot.
$web_user4 = $this
->drupalCreateUser([
'access content',
'view own unpublished content',
]);
$web_user5 = $this
->drupalCreateUser([
'access content',
'view own unpublished content',
]);
$node4 = $this
->drupalCreateNode([
'status' => 0,
'uid' => $web_user4
->id(),
]);
$this
->assertNodeAccess([
'view' => TRUE,
'update' => FALSE,
], $node4, $web_user4);
$this
->assertNodeAccess([
'view' => FALSE,
], $node4, $web_user5);
// Tests the default access provided for a published node.
$node5 = $this
->drupalCreateNode();
$this
->assertNodeAccess([
'view' => TRUE,
'update' => FALSE,
'delete' => FALSE,
], $node5, $web_user3);
// Tests the "edit any BUNDLE" and "delete any BUNDLE" permissions.
$web_user6 = $this
->drupalCreateUser([
'access content',
'edit any page content',
'delete any page content',
]);
$node6 = $this
->drupalCreateNode([
'type' => 'page',
]);
$this
->assertNodeAccess([
'view' => TRUE,
'update' => TRUE,
'delete' => TRUE,
], $node6, $web_user6);
// Tests the "edit own BUNDLE" and "delete own BUNDLE" permission.
$web_user7 = $this
->drupalCreateUser([
'access content',
'edit own page content',
'delete own page content',
]);
// User should not be able to edit or delete nodes they do not own.
$this
->assertNodeAccess([
'view' => TRUE,
'update' => FALSE,
'delete' => FALSE,
], $node6, $web_user7);
// User should be able to edit or delete nodes they own.
$node7 = $this
->drupalCreateNode([
'type' => 'page',
'uid' => $web_user7
->id(),
]);
$this
->assertNodeAccess([
'view' => TRUE,
'update' => TRUE,
'delete' => TRUE,
], $node7, $web_user7);
}
/**
* Tests operations not supported by node grants.
*/
public function testUnsupportedOperation() {
$this
->enableModules([
'node_access_test_empty',
]);
$web_user = $this
->drupalCreateUser([
'access content',
]);
$node = $this
->drupalCreateNode();
$this
->assertNodeAccess([
'random_operation' => FALSE,
], $node, $web_user);
}
/**
* Tests node grants for queries with node access checks and base table join.
*/
public function testQueryWithBaseTableJoin() : void {
$this
->enableModules([
'node_access_test_empty',
]);
$this
->drupalCreateNode([
'type' => 'page',
]);
$this
->drupalCreateNode([
'type' => 'page',
]);
$container = \Drupal::getContainer();
$container
->get('current_user')
->setAccount($this
->drupalCreateUser());
$query = \Drupal::database()
->select('node_field_data', 'n');
// Intentionally add a left join of the base table on the base table with a
// failing condition. This can, for example, happen in views with non
// required relations.
$query
->leftJoin('node_field_data', 'nc', 'n.changed = nc.nid');
$query
->addTag('node_access');
$this
->assertEquals(2, $query
->countQuery()
->execute()
->fetchField());
$query = \Drupal::database()
->select('node_field_data', 'n');
// Use a Condition object to do the left join to test that this is handled
// correctly.
$join_cond = \Drupal::database()
->condition('AND')
->where('[n].[changed] = [n].[changed]');
$join_cond
->compile(\Drupal::database(), $query);
$query
->leftJoin('node_field_data', 'nc', (string) $join_cond);
$query
->addTag('node_access');
$this
->assertEquals(4, $query
->countQuery()
->execute()
->fetchField());
}
}
Members
Name | Modifiers | Type | Description | Overrides |
---|---|---|---|---|
ContentTypeCreationTrait:: |
protected | function | Creates a custom content type based on default settings. Aliased as: drupalCreateContentType | |
NodeAccessTest:: |
public | function | Runs basic tests for node_access function. | |
NodeAccessTest:: |
public | function | Tests node grants for queries with node access checks and base table join. | |
NodeAccessTest:: |
public | function | Tests operations not supported by node grants. | |
NodeAccessTestBase:: |
protected | property | Access handler. | |
NodeAccessTestBase:: |
protected static | property | 5 | |
NodeAccessTestBase:: |
public | function | Asserts that node access correctly grants or denies access. | |
NodeAccessTestBase:: |
public | function | Asserts that node create access correctly grants or denies access. | |
NodeAccessTestBase:: |
public | function | Constructs an assert message to display which node access was tested. | |
NodeAccessTestBase:: |
protected | function | 4 | |
NodeCreationTrait:: |
protected | function | Creates a node based on default settings. Aliased as: drupalCreateNode | |
NodeCreationTrait:: |
public | function | Get a node from the database based on its title. Aliased as: drupalGetNodeByTitle | |
UserCreationTrait:: |
protected | function | Checks whether a given list of permission names is valid. | |
UserCreationTrait:: |
protected | function | Creates an administrative role. Aliased as: drupalCreateAdminRole | |
UserCreationTrait:: |
protected | function | Creates a role with specified permissions. Aliased as: drupalCreateRole | |
UserCreationTrait:: |
protected | function | Create a user with a given set of permissions. Aliased as: drupalCreateUser | |
UserCreationTrait:: |
protected | function | Grant permissions to a user role. | |
UserCreationTrait:: |
protected | function | Switch the current logged in user. | |
UserCreationTrait:: |
protected | function | Creates a random user account and sets it as current user. |