function FileAccessTestCase::testFileAccess

1 file.test FileAccessTestCase::testFileAccess()
Runs basic tests for file_access function.
File

core/modules/file/tests/file.test, line 3351: Tests for file.module.
Class

FileAccessTestCase: Tests the file entity access API.
Code

function testFileAccess() {
  $file = $this->createFile(array('type' => 'image'));

  // Ensures user with 'bypass file access' permission can do everything.
  $web_user = $this->backdropCreateUser(array('bypass file access'));
  $this->backdropLogin($web_user);
  $this->assertFileAccess(array('create' => TRUE), NULL, $web_user);
  $this->assertFileAccess(array('view' => TRUE, 'download' => TRUE, 'update' => TRUE, 'delete' => TRUE), $file, $web_user);

  // A user with 'manage files' should not access CRUD operations, except
  // update.
  $web_user = $this->backdropCreateUser(array('manage files'));
  $this->backdropLogin($web_user);
  $this->assertFileAccess(array('view' => FALSE, 'download' => FALSE, 'update' => TRUE, 'delete' => FALSE), $file, $web_user);

  // User cannot 'view files'.
  $web_user = $this->backdropCreateUser(array('create files'));
  $this->backdropLogin($web_user);
  $this->assertFileAccess(array('view' => FALSE), $file, $web_user);
  // But can upload new ones.
  $this->assertFileAccess(array('create' => TRUE), NULL, $web_user);

  // User can view own files but no other files.
  $web_user = $this->backdropCreateUser(array('create files', 'view own files'));
  $this->backdropLogin($web_user);
  $this->assertFileAccess(array('view' => FALSE), $file, $web_user);
  $file->uid = $web_user->uid;
  $this->assertFileAccess(array('view' => TRUE), $file, $web_user);

  // User can download own files but no other files.
  $web_user = $this->backdropCreateUser(array('create files', 'download own image files'));
  $this->backdropLogin($web_user);
  $this->assertFileAccess(array('download' => FALSE), $file, $web_user);
  $file->uid = $web_user->uid;
  $this->assertFileAccess(array('download' => TRUE), $file, $web_user);

  // User can update own files but no other files.
  $web_user = $this->backdropCreateUser(array('create files', 'view own files', 'edit own image files'));
  $this->backdropLogin($web_user);
  $this->assertFileAccess(array('update' => FALSE), $file, $web_user);
  $file->uid = $web_user->uid;
  $this->assertFileAccess(array('update' => TRUE), $file, $web_user);

  // User can delete own files but no other files.
  $web_user = $this->backdropCreateUser(array('create files', 'view own files', 'edit own image files', 'delete own image files'));
  $this->backdropLogin($web_user);
  $this->assertFileAccess(array('delete' => FALSE), $file, $web_user);
  $file->uid = $web_user->uid;
  $this->assertFileAccess(array('delete' => TRUE), $file, $web_user);

  // User can view any file.
  $web_user = $this->backdropCreateUser(array('create files', 'view files'));
  $this->backdropLogin($web_user);
  $this->assertFileAccess(array('view' => TRUE), $file, $web_user);

  // User can download any file.
  $web_user = $this->backdropCreateUser(array('create files', 'download any image files'));
  $this->backdropLogin($web_user);
  $this->assertFileAccess(array('download' => TRUE), $file, $web_user);

  // User can edit any file.
  $web_user = $this->backdropCreateUser(array('create files', 'view files', 'edit any image files'));
  $this->backdropLogin($web_user);
  $this->assertFileAccess(array('update' => TRUE), $file, $web_user);

  // User can delete any file.
  $web_user = $this->backdropCreateUser(array('create files', 'view files', 'edit any image files', 'delete any image files'));
  $this->backdropLogin($web_user);
  $this->assertFileAccess(array('delete' => TRUE), $file, $web_user);
}