1 node_access_example.test public NodeAccessExampleTestCase::testNodeAccessBasic()

Test the "private" node access.

  • Create 3 users with "access content" and "create post" permissions.
  • Each user creates one private and one not private post.
  • Run cron to update search index.
  • Test that each user can view the other user's non-private post.
  • Test that each user cannot view the other user's private post.
  • Test that each user finds only appropriate (non-private + own private) in search results.
  • Logout.
  • Test that anonymous user can't view, edit or delete private content which has author.
  • Test that anonymous user can't view, edit or delete private content with anonymous author.
  • Create another user with 'view any private content'.
  • Test that user 4 can view all content created above.
  • Test that user 4 can search for all content created above.
  • Test that user 4 cannot edit private content above.
  • Create another user with 'edit any private content'
  • Test that user 5 can edit private content.
  • Test that user 5 can delete private content.
  • Test listings of nodes with 'node_access' tag on database search.

File

modules/examples/node_access_example/node_access_example.test, line 47
Tests for Node Access example module.

Class

NodeAccessExampleTestCase
Functional tests for the Node Access Example module.

Code

public function testNodeAccessBasic() {
  $num_simple_users = 3;
  $simple_users = array();

  // Nodes keyed by uid and nid: $nodes[$uid][$nid] = $is_private;.
  $nodes_by_user = array();
  // Titles keyed by nid.
  $titles = array();
  // Array of nids marked private.
  $private_nodes = array();
  for ($i = 0; $i < $num_simple_users; $i++) {
    $simple_users[$i] = $this->backdropCreateUser(
    array(
      'access content',
      'create post content',
      'search content',
    )
    );
  }
  foreach ($simple_users as $web_user) {
    $this->backdropLogin($web_user);
    foreach (array(0 => 'Public', 1 => 'Private') as $is_private => $type) {
      $edit = array(
        'title' => t('@private_public Post created by @user', array('@private_public' => $type, '@user' => $web_user->name)),
      );
      if ($is_private) {
        $edit['private'] = TRUE;
        $edit['body[und][0][value]'] = 'private node';
      }
      else {
        $edit['body[und][0][value]'] = 'public node';
      }
      $this->backdropPost('node/add/post', $edit, t('Save'));
      debug(t('Created post with private=@private', array('@private' => $is_private)));
      $this->assertText(t('Post @title has been created', array('@title' => $edit['title'])));
      $nid = db_query('SELECT nid FROM {node} WHERE title = :title', array(':title' => $edit['title']))->fetchField();
      $this->assertText(t('New node @nid was created and private=@private', array('@nid' => $nid, '@private' => $is_private)));
      $private_status = db_query('SELECT private FROM {node_access_example} where nid = :nid', array(':nid' => $nid))->fetchField();
      $this->assertTrue($is_private == $private_status, 'Node was properly set to private or not private in node_access_example table.');
      if ($is_private) {
        $private_nodes[] = $nid;
      }
      $titles[$nid] = $edit['title'];
      $nodes_by_user[$web_user->uid][$nid] = $is_private;
    }
  }
  debug($nodes_by_user);
  // Build the search index.
  $this->cronRun();
  foreach ($simple_users as $web_user) {
    $this->backdropLogin($web_user);
    // Check to see that we find the number of search results expected.
    $this->checkSearchResults('Private node', 1);
    // Check own nodes to see that all are readable.
    foreach (array_keys($nodes_by_user) as $uid) {
      // All of this user's nodes should be readable to same.
      if ($uid == $web_user->uid) {
        foreach ($nodes_by_user[$uid] as $nid => $is_private) {
          $this->backdropGet('node/' . $nid);
          $this->assertResponse(200);
          $this->assertTitle($titles[$nid] . ' | Backdrop CMS', 'Correct title for node found');
        }
      }
      else {
        // Otherwise, for other users, private nodes should get a 403,
        // but we should be able to read non-private nodes.
        foreach ($nodes_by_user[$uid] as $nid => $is_private) {
          $this->backdropGet('node/' . $nid);
          $this->assertResponse(
          $is_private ? 403 : 200, 
          format_string('Node @nid by user @uid should get a @response for this user (@web_user_uid)', 
          array(
            '@nid' => $nid,
            '@uid' => $uid,
            '@response' => $is_private ? 403 : 200,
            '@web_user_uid' => $web_user->uid,
          )
          )
          );
          if (!$is_private) {
            $this->assertTitle($titles[$nid] . ' | Backdrop CMS', 'Correct title for node was found');
          }
        }
      }
    }

    // Check to see that the correct nodes are shown on examples/node_access.
    $this->backdropGet('examples/node_access');
    $accessible = $this->xpath("//tr[contains(@class,'accessible')]");
    $this->assertEqual(count($accessible), 1, 'One private item accessible');
    foreach ($accessible as $row) {
      $this->assertEqual($row->td[2], $web_user->uid, 'Accessible row owned by this user');
    }
  }

  // Test cases for anonymus user.
  $this->backdropLogout();

  // Test that private nodes with authors are not accessible.
  foreach ($private_nodes as $nid) {
    if (($node = node_load($nid)) === FALSE) {
      continue;
    }
    $this->checkNodeAccess($nid, FALSE, FALSE, FALSE);
  }

  // Test that private nodes that don't have author are not accessible.
  foreach ($private_nodes as $nid) {
    if (($node = node_load($nid)) === FALSE) {
      continue;
    }
    $original_uid = $node->uid;

    // Change node author to anonymus.
    $node->uid = 0;
    node_save($node);
    $node = node_load($nid);
    $this->assertEqual($node->uid, 0);

    $this->checkNodeAccess($nid, FALSE, FALSE, FALSE);

    // Change node to original author.
    $node->uid = $original_uid;
    node_save($node);
  }

  // Now test that a user with 'access any private content' can view content.
  $access_user = $this->backdropCreateUser(
  array(
    'access content',
    'create post content',
    'access any private content',
    'search content',
  )
  );
  $this->backdropLogin($access_user);

  // Check to see that we find the number of search results expected.
  $this->checkSearchResults('Private node', 3);

  foreach ($nodes_by_user as $uid => $private_status) {
    foreach ($private_status as $nid => $is_private) {
      $this->backdropGet('node/' . $nid);
      $this->assertResponse(200);
    }
  }

  // Check to see that the correct nodes are shown on examples/node_access.
  // This user should be able to see all 3 of them.
  $this->backdropGet('examples/node_access');
  $accessible = $this->xpath("//tr[contains(@class,'accessible')]");
  $this->assertEqual(count($accessible), 3);

  // Test that a user named 'foobar' can edit any private node due to
  // node_access_example_node_access(). Note that this user will not be
  // able to search for private nodes, and will not have available nodes
  // shown on examples/node_access, because node_access() is not called
  // for node listings, only for actual access to a node.
  $edit_user = $this->backdropCreateUser(
  array(
    'access comments',
    'access content',
    'post comments',
    'skip comment approval',
    'search content',
  )
  );
  // Update the name of the user to 'foobar'.
  db_update('users')
    ->fields(array(
      'name' => 'foobar',
    ))
    ->condition('uid', $edit_user->uid)
    ->execute();

  $edit_user->name = 'foobar';
  $this->backdropLogin($edit_user);

  // Try to edit each of the private nodes.
  foreach ($private_nodes as $nid) {
    $body = $this->randomName();
    $edit = array('body[und][0][value]' => $body);
    $this->backdropPost('node/' . $nid . '/edit', $edit, t('Save'));
    $this->assertText(t('has been updated'), 'Node was updated by "foobar" user');
  }

  // Test that a privileged user can edit and delete private content.
  // This test should go last, as the nodes get deleted.
  $edit_user = $this->backdropCreateUser(
  array(
    'access content',
    'access any private content',
    'edit any private content',
  )
  );
  $this->backdropLogin($edit_user);
  foreach ($private_nodes as $nid) {
    $body = $this->randomName();
    $edit = array('body[und][0][value]' => $body);
    $this->backdropPost('node/' . $nid . '/edit', $edit, t('Save'));
    $this->assertText(t('has been updated'));
    $this->backdropPost('node/' . $nid . '/edit', array(), t('Delete'));
    $this->backdropPost(NULL, array(), t('Delete'));
    $this->assertText(t('has been deleted'));
  }
}