1 filter.test FilterFormatAccessTestCase::testFormatWidgetPermissions()

Tests editing a page using a disallowed text format.

Verifies that regular users and administrators are able to edit a page, but not allowed to change the fields which use an inaccessible text format. Also verifies that fields which use a text format that does not exist can be edited by administrators only, but that the administrator is forced to choose a new format before saving the page.

File

core/modules/filter/tests/filter.test, line 709
Tests for filter.module.

Class

FilterFormatAccessTestCase
Tests the filter format access functionality in the Filter module.

Code

function testFormatWidgetPermissions() {
  config_set('path.settings', 'node_pattern', '');
  config_set('path.settings', 'node_page_pattern', '');

  $langcode = LANGUAGE_NONE;
  $body_value_key = "body[$langcode][0][value]";
  $body_format_key = "body[$langcode][0][format]";

  // Create node to edit.
  $this->backdropLogin($this->admin_user);
  $edit = array();
  $edit['title'] = $this->randomName(8);
  $edit[$body_value_key] = $this->randomName(16);
  $edit[$body_format_key] = $this->disallowed_format->format;
  $this->backdropPost('node/add/page', $edit, t('Save'));
  $node = $this->backdropGetNodeByTitle($edit['title']);

  // Try to edit with a less privileged user.
  $this->backdropLogin($this->web_user);
  $this->backdropGet('node/' . $node->nid);
  $this->clickLink(t('Edit'));

  // Verify that body field is read-only and contains replacement value.
  $this->assertFieldByXPath("//textarea[@name='$body_value_key' and @disabled='disabled']", t('This field has been disabled because you do not have sufficient permissions to edit it.'), 'Text format access denied message found.');

  // Change the title and verify that only the title was changed.
  $new_edit = array();
  $new_edit['title'] = $this->randomName(8);
  $this->backdropPost(NULL, $new_edit, t('Save'));
  $this->assertNoText($edit['title'], 'Old title not found.');
  $this->assertText($new_edit['title'], 'New title found.');
  $this->assertText($edit[$body_value_key], 'Old body found.');

  // Check that even an administrator with "administer filters" permission
  // cannot edit the body field if they do not have specific permission to
  // use its stored format. (This must be disallowed so that the
  // administrator is never forced to switch the text format to something
  // else.)
  $this->backdropLogin($this->filter_admin_user);
  $this->backdropGet('node/' . $node->nid . '/edit');
  $this->assertFieldByXPath("//textarea[@name='$body_value_key' and @disabled='disabled']", t('This field has been disabled because you do not have sufficient permissions to edit it.'), 'Text format access denied message found.');

  // Disable the text format used above.
  filter_format_disable($this->disallowed_format);
  $this->resetFilterCaches();

  // Log back in as the less privileged user and verify that the body field
  // is still disabled, since the less privileged user should not be able to
  // edit content that does not have an assigned format.
  $this->backdropLogin($this->web_user);
  $this->backdropGet('node/' . $node->nid . '/edit');
  $this->assertFieldByXPath("//textarea[@name='$body_value_key' and @disabled='disabled']", t('This field has been disabled because you do not have sufficient permissions to edit it.'), 'Text format access denied message found.');

  // Log back in as the filter administrator and verify that the body field
  // can be edited.
  $this->backdropLogin($this->filter_admin_user);
  $this->backdropGet('node/' . $node->nid . '/edit');
  $this->assertNoFieldByXPath("//textarea[@name='$body_value_key' and @disabled='disabled']", NULL, 'Text format access denied message not found.');
  $this->assertFieldByXPath("//select[@name='$body_format_key']", NULL, 'Text format selector found.');

  // Verify that trying to save the node without selecting a new text format
  // produces an error message, and does not result in the node being saved.
  $old_title = $new_edit['title'];
  $new_title = $this->randomName(8);
  $edit = array('title' => $new_title);
  $this->backdropPost('node/' . $node->nid . '/edit', $edit, t('Save'));
  $this->assertText(t('!name field is required.', array('!name' => t('Editor'))), 'Error message is displayed.');
  $this->backdropGet('node/' . $node->nid);
  $this->assertText($old_title, 'Old title found.');
  $this->assertNoText($new_title, 'New title not found.');

  // Now select a new text format and make sure the node can be saved.
  $this->backdropLogin($this->admin_user);
  $edit[$body_format_key] = $this->allowed_format->format;
  $this->backdropPost('node/' . $node->nid . '/edit', $edit, t('Save'));
  $this->assertUrl('node/' . $node->nid);
  $this->assertText($new_title, 'New title found.');
  $this->assertNoText($old_title, 'Old title not found.');

  // Then disable that format and all other formats on the site (leaving only
  // the fallback format).
  foreach (filter_formats() as $format) {
    if ($format->format != filter_fallback_format()) {
      filter_format_disable($format);
    }
  }

  // Since there is now only one available text format, the widget for
  // selecting a text format would normally not display when the content is
  // edited. However, we need to verify that the filter administrator still
  // is forced to make a conscious choice to reassign the text to a different
  // format.
  $this->backdropLogin($this->filter_admin_user);
  $old_title = $new_title;
  $new_title = $this->randomName(8);
  $edit = array('title' => $new_title);
  $this->backdropPost('node/' . $node->nid . '/edit', $edit, t('Save'));
  $this->assertText(t('!name field is required.', array('!name' => t('Editor'))), 'Error message is displayed.');
  $this->backdropGet('node/' . $node->nid);
  $this->assertText($old_title, 'Old title found.');
  $this->assertNoText($new_title, 'New title not found.');
  $edit[$body_format_key] = filter_fallback_format();
  $this->backdropPost('node/' . $node->nid . '/edit', $edit, t('Save'));
  $this->assertUrl('node/' . $node->nid);
  $this->assertText($new_title, 'New title found.');
  $this->assertNoText($old_title, 'Old title not found.');
}