1 file.test | FileAccessTestCase::testFilePageAccess() |
Tests page access.
Verifies the privileges required to access the following pages: file/%/view file/%/download file/%/edit file/%/usage file/%/delete
File
- core/
modules/ file/ tests/ file.test, line 3432 - Tests for file.module.
Class
- FileAccessTestCase
- Tests the file entity access API.
Code
function testFilePageAccess() {
// Test creating files without permission.
$web_user = $this->backdropCreateUser();
$this->backdropLogin($web_user);
$file = $this->createFile(array('type' => 'document', 'uid' => $web_user->uid));
// Test viewing own files without permission.
$this->backdropGet("file/{$file->fid}/view");
$this->assertResponse(403, 'Users without access can not view their own files');
// Test viewing own files with permission.
user_role_change_permissions(BACKDROP_AUTHENTICATED_ROLE, array(
'view own files' => TRUE,
));
$this->backdropGet("file/{$file->fid}/view");
$this->assertResponse(200, 'Users with access can view their own files');
// Test viewing any files without permission.
$file->uid = 1;
file_save($file);
$this->backdropGet("file/{$file->fid}/view");
$this->assertResponse(403, 'Users with access can not view any file');
// Test viewing any files with permission.
user_role_change_permissions(BACKDROP_AUTHENTICATED_ROLE, array(
'view files' => TRUE,
));
$this->backdropGet("file/{$file->fid}/view");
$this->assertResponse(200, 'Users with access can view any file');
// Test downloading own files without permission.
$file->uid = $web_user->uid;
file_save($file);
$url = 'file/' . $file->fid . '/download';
$this->backdropGet($url);
$this->assertResponse(403, 'Users without access can not download their own files');
// Test downloading own files with permission.
user_role_change_permissions(BACKDROP_AUTHENTICATED_ROLE, array(
'download own document files' => TRUE,
));
$this->backdropGet($url);
$this->assertResponse(200, 'Users with access can download their own files');
// Test downloading any files without permission.
$file->uid = 1;
file_save($file);
$url = "file/{$file->fid}/download";
$this->backdropGet($url);
$this->assertResponse(403, 'Users without access can not download any file');
// Test downloading any files with permission.
user_role_change_permissions(BACKDROP_AUTHENTICATED_ROLE, array(
'download any document files' => TRUE,
));
$this->backdropGet($url);
$this->assertResponse(200, 'Users with access can download any file');
// Tests editing own files without permission.
$file->uid = $web_user->uid;
file_save($file);
$this->backdropGet("file/{$file->fid}/manage");
$this->assertResponse(403, 'Users without access can not edit own files');
// Tests checking the usage of their own files without permission.
$this->backdropGet("file/{$file->fid}/usage");
$this->assertResponse(403, 'Users without access can not check the usage of their own files');
// Tests editing own files with permission.
user_role_change_permissions(BACKDROP_AUTHENTICATED_ROLE, array(
'edit own document files' => TRUE,
));
$this->backdropGet("file/{$file->fid}/manage");
$this->assertResponse(200, 'Users with access can edit own files');
// Tests checking the usage of their own files without permission.
$this->backdropGet("file/{$file->fid}/usage");
$this->assertResponse(200, 'Users with access can check the usage of their own files');
// Tests editing any files without permission.
$file->uid = 1;
file_save($file);
$this->backdropGet("file/{$file->fid}/manage");
$this->assertResponse(403, 'Users without access can not edit any file');
// Tests checking the usage of any files without permission.
$this->backdropGet("file/{$file->fid}/usage");
$this->assertResponse(403, 'Users without access can not check the usage of any file');
// Tests editing any files with permission.
user_role_change_permissions(BACKDROP_AUTHENTICATED_ROLE, array(
'edit any document files' => TRUE,
));
$this->backdropGet("file/{$file->fid}/manage");
$this->assertResponse(200, 'Users with access can edit any file');
// Tests checking the usage of any files with permission.
$this->backdropGet("file/{$file->fid}/usage");
$this->assertResponse(200, 'Users with access can check the usage of any file');
// Tests deleting own files without permission.
$file->uid = $web_user->uid;
file_save($file);
$this->backdropGet("file/{$file->fid}/delete");
$this->assertResponse(403, 'Users without access can not delete their own files');
// Tests deleting own files with permission.
user_role_change_permissions(BACKDROP_AUTHENTICATED_ROLE, array(
'delete own document files' => TRUE,
));
$this->backdropGet("file/{$file->fid}/delete");
$this->assertResponse(200, 'Users with access can delete their own files');
// Tests deleting any files without permission.
$file->uid = 1;
file_save($file);
$this->backdropGet("file/{$file->fid}/delete");
$this->assertResponse(403, 'Users without access can not delete any file');
// Tests deleting any files with permission.
user_role_change_permissions(BACKDROP_AUTHENTICATED_ROLE, array(
'delete any document files' => TRUE,
));
$this->backdropGet("file/{$file->fid}/delete");
$this->assertResponse(200, 'Users with access can delete any file');
}