1 file.test FileFieldWidgetTestCase::testPrivateFileComment()

Tests that download restrictions on private files work on comments.

File

core/modules/file/tests/file.test, line 1003
Tests for file.module.

Class

FileFieldWidgetTestCase
Tests file field widget.

Code

function testPrivateFileComment() {
  $user = $this->backdropCreateUser(array('access comments'));

  // Remove access comments permission from anonymous user.
  $edit = array(
    'anonymous[access comments]' => FALSE,
  );
  $this->backdropPost('admin/config/people/permissions', $edit, t('Save permissions'));

  // Create a new field.
  $edit = array(
    'fields[_add_new_field][label]' => $label = $this->randomName(),
    'fields[_add_new_field][field_name]' => $name = strtolower($this->randomName()),
    'fields[_add_new_field][type]' => 'file',
    'fields[_add_new_field][widget_type]' => 'file_generic',
  );
  $this->backdropPost('admin/structure/types/manage/post/comment/fields', $edit, t('Save'));
  $edit = array('field[settings][uri_scheme]' => 'private');
  $this->backdropPost(NULL, $edit, t('Save field settings'));
  $this->backdropPost(NULL, array(), t('Save settings'));

  // Create node.
  $text_file = $this->getTestFile('text');
  $edit = array(
    'title' => $this->randomName(),
  );
  $this->backdropPost('node/add/post', $edit, t('Save'));
  $node = $this->backdropGetNodeByTitle($edit['title']);

  // Add a comment with a file.
  $text_file = $this->getTestFile('text');
  $edit = array(
    'files[field_' . $name . '_' . LANGUAGE_NONE . '_' . 0 . ']' => backdrop_realpath($text_file->uri),
    'comment_body[' . LANGUAGE_NONE . '][0][value]' => $comment_body = $this->randomName(),
  );
  $this->backdropPost(NULL, $edit, t('Save'));

  // Get the comment ID.
  preg_match('/comment-([0-9]+)/', $this->getUrl(), $matches);
  $cid = $matches[1];

  // Log in as normal user.
  $this->backdropLogin($user);

  $comment = comment_load($cid);
  $comment_file = (object) $comment->{'field_' . $name}[LANGUAGE_NONE][0];
  $this->assertFileExists($comment_file, 'New file saved to disk on node creation.');
  // Test authenticated file download.
  $url = file_create_url($comment_file->uri);
  $this->assertNotEqual($url, NULL, 'Confirmed that the URL is valid');
  $this->backdropGet(file_create_url($comment_file->uri));
  $this->assertResponse(200, 'Confirmed that the generated URL is correct by downloading the shipped file.');

  // Test anonymous file download.
  $this->backdropLogout();
  $this->backdropGet(file_create_url($comment_file->uri));
  $this->assertResponse(403, 'Confirmed that access is denied for the file without the needed permission.');

  // Unpublishes node.
  $this->backdropLogin($this->admin_user);
  $edit = array(
    'status' => NODE_NOT_PUBLISHED,
  );
  $this->backdropPost('node/' . $node->nid . '/edit', $edit, t('Save'));

  // Ensures normal user can no longer download the file.
  $this->backdropLogin($user);
  $this->backdropGet(file_create_url($comment_file->uri));
  $this->assertResponse(403, 'Confirmed that access is denied for the file without the needed permission.');
}