1 node.test NodeQueryAlter::testNodeQueryAlterOverride()

Tests 'node_access' query alter override.

Verifies that node_access_view_all_nodes() is called from node_query_node_access_alter(). We do this by checking that a user who normally would not have view privileges is able to view the nodes when we add a record to {node_access} paired with a corresponding privilege in hook_node_grants().

File

core/modules/node/tests/node.test, line 3205
Tests for node.module.

Class

NodeQueryAlter
Tests node_query_node_access_alter().

Code

function testNodeQueryAlterOverride() {
  $record = array(
    'nid' => 0,
    'gid' => 0,
    'realm' => 'node_access_all',
    'grant_view' => 1,
    'grant_update' => 0,
    'grant_delete' => 0,
  );
  backdrop_write_record('node_access', $record);

  // Test that the noAccessUser still doesn't have the 'view'
  // privilege after adding the node_access record.
  backdrop_static_reset('node_access_view_all_nodes');
  try {
    $query = db_select('node', 'mytab')
      ->fields('mytab');
    $query->addTag('node_access');
    $query->addMetaData('op', 'view');
    $query->addMetaData('account', $this->noAccessUser);

    $result = $query->execute()->fetchAll();
    $this->assertEqual(count($result), 0, t('User view privileges are not overridden'));
  }
  catch (Exception $e) {
    $this->fail(t('Altered query is malformed'));
  }

  // Have node_test_node_grants return a node_access_all privilege,
  // to grant the noAccessUser 'view' access.  To verify that
  // node_access_view_all_nodes is properly checking the specified
  // $account instead of the global $user, we will log in as
  // noAccessUser2.
  $this->backdropLogin($this->noAccessUser2);
  state_set('node_test_node_access_all_uid', $this->noAccessUser->uid);
  backdrop_static_reset('node_access_view_all_nodes');
  try {
    $query = db_select('node', 'mytab')
      ->fields('mytab');
    $query->addTag('node_access');
    $query->addMetaData('op', 'view');
    $query->addMetaData('account', $this->noAccessUser);

    $result = $query->execute()->fetchAll();
    $this->assertEqual(count($result), 4, t('User view privileges are overridden'));
  }
  catch (Exception $e) {
    $this->fail(t('Altered query is malformed'));
  }
  state_del('node_test_node_access_all_uid');
}