1 filter.test FilterEditorAccessTestCase::testDialogAccess()

Checks access to editor dialogs for adding images and links.


core/modules/filter/tests/filter.test, line 2277
Tests for filter.module.


Tests access to editors and their associated dialogs.


function testDialogAccess() {
  // Check that the dialog for filtered HTML is not directly accessible.
  $this->assertResponse(403, 'Access denied on image dialog without token.');

  // Generate a valid token.
  $format = filter_format_load('filtered_html');
  $anonymous = new AnonymousUser();
  $dialog_token = filter_editor_dialog_token($format, 'image', $anonymous, 'some-path');
  $options = array(
    'query' => array(
      'token' => $dialog_token,
      'calling_path' => 'some-path',

  $this->backdropGet('editor/dialog/image/filtered_html', $options);
  $this->assertResponse(200, 'Access granted on image dialog with token.');

  $this->assertNoField('files[fid]', 'File upload field not found when uploads are disabled.');

  $format->editor_settings['image_upload'] = array(
    'status' => 1,
    'scheme' => 'public',

  $this->backdropGet('editor/dialog/image/filtered_html', $options);
  $this->assertNoField('files[fid]', 'File upload field not found when uploads are enabled but user missing upload permission.');

  user_role_grant_permissions(BACKDROP_ANONYMOUS_ROLE, array('upload editor images'));
  $this->backdropGet('editor/dialog/image/filtered_html', $options);
  $this->assertField('files[fid]', 'File upload field found when uploads are enabled and user has upload permission.');

  // Revoke access to the format and check that access is denied.
  $filtered_html_permission = filter_permission_name($format);
  user_role_revoke_permissions(BACKDROP_ANONYMOUS_ROLE, array($filtered_html_permission));
  $this->backdropGet('editor/dialog/image/filtered_html', $options);
  $this->assertResponse(403, 'Access denied on image dialog when access to the format is not allowed.');