TrackerNodeAccessTest.php

Same filename in other branches
  1. 9 core/modules/tracker/tests/src/Functional/TrackerNodeAccessTest.php
  2. 10 core/modules/tracker/tests/src/Functional/TrackerNodeAccessTest.php
  3. 11.x core/modules/tracker/tests/src/Functional/TrackerNodeAccessTest.php

Namespace

Drupal\Tests\tracker\Functional

File

core/modules/tracker/tests/src/Functional/TrackerNodeAccessTest.php

View source
<?php

namespace Drupal\Tests\tracker\Functional;

use Drupal\comment\Plugin\Field\FieldType\CommentItemInterface;
use Drupal\comment\Tests\CommentTestTrait;
use Drupal\node\Entity\NodeType;
use Drupal\Tests\BrowserTestBase;

/**
 * Tests for private node access on /tracker.
 *
 * @group tracker
 */
class TrackerNodeAccessTest extends BrowserTestBase {
    use CommentTestTrait;
    
    /**
     * Modules to enable.
     *
     * @var array
     */
    public static $modules = [
        'node',
        'comment',
        'tracker',
        'node_access_test',
    ];
    
    /**
     * {@inheritdoc}
     */
    protected $defaultTheme = 'stark';
    protected function setUp() {
        parent::setUp();
        node_access_rebuild();
        $this->drupalCreateContentType([
            'type' => 'page',
        ]);
        node_access_test_add_field(NodeType::load('page'));
        $this->addDefaultCommentField('node', 'page', 'comment', CommentItemInterface::OPEN);
        \Drupal::state()->set('node_access_test.private', TRUE);
    }
    
    /**
     * Ensure that tracker_cron is not access sensitive.
     */
    public function testTrackerNodeAccessIndexing() {
        // The node is private and not authored by the anonymous user, so any entity
        // queries run for the anonymous user will miss it.
        $author = $this->drupalCreateUser();
        $private_node = $this->drupalCreateNode([
            'title' => t('Private node test'),
            'private' => TRUE,
            'uid' => $author->id(),
        ]);
        // Remove index entries, and index as tracker_install() does.
        \Drupal::database()->delete('tracker_node')
            ->execute();
        \Drupal::state()->set('tracker.index_nid', $private_node->id());
        tracker_cron();
        // Test that the private node has been indexed and so can be viewed by a
        // user with node test view permission.
        $user = $this->drupalCreateUser([
            'node test view',
        ]);
        $this->drupalLogin($user);
        $this->drupalGet('activity');
        $this->assertText($private_node->getTitle());
    }
    
    /**
     * Ensure private node on /tracker is only visible to users with permission.
     */
    public function testTrackerNodeAccess() {
        // Create user with node test view permission.
        $access_user = $this->drupalCreateUser([
            'node test view',
            'access user profiles',
        ]);
        // Create user without node test view permission.
        $no_access_user = $this->drupalCreateUser([
            'access user profiles',
        ]);
        $this->drupalLogin($access_user);
        // Create some nodes.
        $private_node = $this->drupalCreateNode([
            'title' => t('Private node test'),
            'private' => TRUE,
        ]);
        $public_node = $this->drupalCreateNode([
            'title' => t('Public node test'),
            'private' => FALSE,
        ]);
        // User with access should see both nodes created.
        $this->drupalGet('activity');
        $this->assertText($private_node->getTitle(), 'Private node is visible to user with private access.');
        $this->assertText($public_node->getTitle(), 'Public node is visible to user with private access.');
        $this->drupalGet('user/' . $access_user->id() . '/activity');
        $this->assertText($private_node->getTitle(), 'Private node is visible to user with private access.');
        $this->assertText($public_node->getTitle(), 'Public node is visible to user with private access.');
        // User without access should not see private node.
        $this->drupalLogin($no_access_user);
        $this->drupalGet('activity');
        $this->assertNoText($private_node->getTitle(), 'Private node is not visible to user without private access.');
        $this->assertText($public_node->getTitle(), 'Public node is visible to user without private access.');
        $this->drupalGet('user/' . $access_user->id() . '/activity');
        $this->assertNoText($private_node->getTitle(), 'Private node is not visible to user without private access.');
        $this->assertText($public_node->getTitle(), 'Public node is visible to user without private access.');
    }

}

Classes

Title Deprecated Summary
TrackerNodeAccessTest Tests for private node access on /tracker.

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.