1 file.test FileAccessTestCase::testFilePageAccess()

Tests page access.

Verifies the privileges required to access the following pages: file/%/view file/%/download file/%/edit file/%/usage file/%/delete

File

core/modules/file/tests/file.test, line 3432
Tests for file.module.

Class

FileAccessTestCase
Tests the file entity access API.

Code

function testFilePageAccess() {
  // Test creating files without permission.
  $web_user = $this->backdropCreateUser();
  $this->backdropLogin($web_user);

  $file = $this->createFile(array('type' => 'document', 'uid' => $web_user->uid));

  // Test viewing own files without permission.
  $this->backdropGet("file/{$file->fid}/view");
  $this->assertResponse(403, 'Users without access can not view their own files');

  // Test viewing own files with permission.
  user_role_change_permissions(BACKDROP_AUTHENTICATED_ROLE, array(
    'view own files' => TRUE,
  ));
  $this->backdropGet("file/{$file->fid}/view");
  $this->assertResponse(200, 'Users with access can view their own files');

  // Test viewing any files without permission.
  $file->uid = 1;
  file_save($file);
  $this->backdropGet("file/{$file->fid}/view");
  $this->assertResponse(403, 'Users with access can not view any file');

  // Test viewing any files with permission.
  user_role_change_permissions(BACKDROP_AUTHENTICATED_ROLE, array(
    'view files' => TRUE,
  ));
  $this->backdropGet("file/{$file->fid}/view");
  $this->assertResponse(200, 'Users with access can view any file');

  // Test downloading own files without permission.
  $file->uid = $web_user->uid;
  file_save($file);
  $url = 'file/' . $file->fid . '/download';
  $this->backdropGet($url);
  $this->assertResponse(403, 'Users without access can not download their own files');

  // Test downloading own files with permission.
  user_role_change_permissions(BACKDROP_AUTHENTICATED_ROLE, array(
    'download own document files' => TRUE,
  ));
  $this->backdropGet($url);
  $this->assertResponse(200, 'Users with access can download their own files');

  // Test downloading any files without permission.
  $file->uid = 1;
  file_save($file);
  $url = "file/{$file->fid}/download";
  $this->backdropGet($url);
  $this->assertResponse(403, 'Users without access can not download any file');

  // Test downloading any files with permission.
  user_role_change_permissions(BACKDROP_AUTHENTICATED_ROLE, array(
    'download any document files' => TRUE,
  ));
  $this->backdropGet($url);
  $this->assertResponse(200, 'Users with access can download any file');

  // Tests editing own files without permission.
  $file->uid = $web_user->uid;
  file_save($file);
  $this->backdropGet("file/{$file->fid}/manage");
  $this->assertResponse(403, 'Users without access can not edit own files');

  // Tests checking the usage of their own files without permission.
  $this->backdropGet("file/{$file->fid}/usage");
  $this->assertResponse(403, 'Users without access can not check the usage of their own files');

  // Tests editing own files with permission.
  user_role_change_permissions(BACKDROP_AUTHENTICATED_ROLE, array(
    'edit own document files' => TRUE,
  ));
  $this->backdropGet("file/{$file->fid}/manage");
  $this->assertResponse(200, 'Users with access can edit own files');

  // Tests checking the usage of their own files without permission.
  $this->backdropGet("file/{$file->fid}/usage");
  $this->assertResponse(200, 'Users with access can check the usage of their own files');

  // Tests editing any files without permission.
  $file->uid = 1;
  file_save($file);
  $this->backdropGet("file/{$file->fid}/manage");
  $this->assertResponse(403, 'Users without access can not edit any file');

  // Tests checking the usage of any files without permission.
  $this->backdropGet("file/{$file->fid}/usage");
  $this->assertResponse(403, 'Users without access can not check the usage of any file');

  // Tests editing any files with permission.
  user_role_change_permissions(BACKDROP_AUTHENTICATED_ROLE, array(
    'edit any document files' => TRUE,
  ));
  $this->backdropGet("file/{$file->fid}/manage");
  $this->assertResponse(200, 'Users with access can edit any file');

  // Tests checking the usage of any files with permission.
  $this->backdropGet("file/{$file->fid}/usage");
  $this->assertResponse(200, 'Users with access can check the usage of any file');

  // Tests deleting own files without permission.
  $file->uid = $web_user->uid;
  file_save($file);
  $this->backdropGet("file/{$file->fid}/delete");
  $this->assertResponse(403, 'Users without access can not delete their own files');

  // Tests deleting own files with permission.
  user_role_change_permissions(BACKDROP_AUTHENTICATED_ROLE, array(
    'delete own document files' => TRUE,
  ));
  $this->backdropGet("file/{$file->fid}/delete");
  $this->assertResponse(200, 'Users with access can delete their own files');

  // Tests deleting any files without permission.
  $file->uid = 1;
  file_save($file);
  $this->backdropGet("file/{$file->fid}/delete");
  $this->assertResponse(403, 'Users without access can not delete any file');

  // Tests deleting any files with permission.
  user_role_change_permissions(BACKDROP_AUTHENTICATED_ROLE, array(
    'delete any document files' => TRUE,
  ));
  $this->backdropGet("file/{$file->fid}/delete");
  $this->assertResponse(200, 'Users with access can delete any file');
}