node_access_example.test

Tests for Node Access example module.
File

modules/examples/node_access_example/tests/node_access_example.test
View source
<?php
/**
 * @file
 * Tests for Node Access example module.
 */

/**
 * Functional tests for the Node Access Example module.
 *
 * @ingroup node_access_example
 */
class NodeAccessExampleTestCase extends BackdropWebTestCase {

  /**
   * Enable modules and create user with specific permissions.
   */
  public function setUp() {
    parent::setUp('node_access_example', 'search');
    node_access_rebuild();
  }

  /**
   * Test the "private" node access.
   *
   * - Create 3 users with "access content" and "create post" permissions.
   * - Each user creates one private and one not private post.
   * - Run cron to update search index.
   * - Test that each user can view the other user's non-private post.
   * - Test that each user cannot view the other user's private post.
   * - Test that each user finds only appropriate (non-private + own private)
   *   in search results.
   * - Logout.
   * - Test that anonymous user can't view, edit or delete private content which
   *   has author.
   * - Test that anonymous user can't view, edit or delete private content with
   *   anonymous author.
   * - Create another user with 'view any private content'.
   * - Test that user 4 can view all content created above.
   * - Test that user 4 can search for all content created above.
   * - Test that user 4 cannot edit private content above.
   * - Create another user with 'edit any private content'
   * - Test that user 5 can edit private content.
   * - Test that user 5 can delete private content.
   * - Test listings of nodes with 'node_access' tag on database search.
   */
  public function testNodeAccessBasic() {
    $num_simple_users = 3;
    $simple_users = array();

    // Nodes keyed by uid and nid: $nodes[$uid][$nid] = $is_private;.
    $nodes_by_user = array();
    // Titles keyed by nid.
    $titles = array();
    // Array of IDs for nodes marked private.
    $private_nodes = array();
    for ($i = 0; $i < $num_simple_users; $i++) {
      $simple_users[$i] = $this->backdropCreateUser(
        array(
          'access content',
          'create post content',
          'search content',
        )
      );
    }
    foreach ($simple_users as $web_user) {
      $this->backdropLogin($web_user);
      foreach (array(0 => 'Public', 1 => 'Private') as $is_private => $type) {
        $edit = array(
          'title' => t('@private_public Post created by @user', array('@private_public' => $type, '@user' => $web_user->name)),
        );
        if ($is_private) {
          $edit['private'] = TRUE;
          $edit['body[und][0][value]'] = 'private node';
        }
        else {
          $edit['body[und][0][value]'] = 'public node';
        }
        $this->backdropPost('node/add/post', $edit, t('Save'));
        debug(t('Created post with private=@private', array('@private' => $is_private)));
        $this->assertText(t('Post @title has been created', array('@title' => $edit['title'])));
        $nid = db_query('SELECT nid FROM {node} WHERE title = :title', array(':title' => $edit['title']))->fetchField();
        $this->assertText(t('New node @nid was created and private=@private', array('@nid' => $nid, '@private' => $is_private)));
        $private_status = db_query('SELECT private FROM {node_access_example} where nid = :nid', array(':nid' => $nid))->fetchField();
        $this->assertTrue($is_private == $private_status, 'Node was properly set to private or not private in node_access_example table.');
        if ($is_private) {
          $private_nodes[] = $nid;
        }
        $titles[$nid] = $edit['title'];
        $nodes_by_user[$web_user->uid][$nid] = $is_private;
      }
    }
    debug($nodes_by_user);
    // Build the search index.
    $this->cronRun();
    foreach ($simple_users as $web_user) {
      $this->backdropLogin($web_user);
      // Check to see that we find the number of search results expected.
      $this->checkSearchResults('Private node', 1);
      // Check own nodes to see that all are readable.
      foreach (array_keys($nodes_by_user) as $uid) {
        // All of this user's nodes should be readable to same.
        if ($uid == $web_user->uid) {
          foreach ($nodes_by_user[$uid] as $nid => $is_private) {
            $this->backdropGet('node/' . $nid);
            $this->assertResponse(200);
            $this->assertTitle($titles[$nid] . ' | Backdrop CMS', 'Correct title for node found');
          }
        }
        else {
          // Otherwise, for other users, private nodes should get a 403,
          // but we should be able to read non-private nodes.
          foreach ($nodes_by_user[$uid] as $nid => $is_private) {
            $this->backdropGet('node/' . $nid);
            $this->assertResponse(
              $is_private ? 403 : 200,
              format_string('Node @nid by user @uid should get a @response for this user (@web_user_uid)',
                array(
                  '@nid' => $nid,
                  '@uid' => $uid,
                  '@response' => $is_private ? 403 : 200,
                  '@web_user_uid' => $web_user->uid,
                )
              )
            );
            if (!$is_private) {
              $this->assertTitle($titles[$nid] . ' | Backdrop CMS', 'Correct title for node was found');
            }
          }
        }
      }

      // Check to see that the correct nodes are shown on examples/node_access.
      $this->backdropGet('examples/node_access');
      $accessible = $this->xpath("//tr[contains(@class,'accessible')]");
      $this->assertEqual(count($accessible), 1, 'One private item accessible');
      foreach ($accessible as $row) {
        $this->assertEqual($row->td[2], $web_user->uid, 'Accessible row owned by this user');
      }
    }

    // Test cases for anonymous user.
    $this->backdropLogout();

    // Test that private nodes with authors are not accessible.
    foreach ($private_nodes as $nid) {
      if (($node = node_load($nid)) === FALSE) {
        continue;
      }
      $this->checkNodeAccess($nid, FALSE, FALSE, FALSE);
    }

    // Test that private nodes that don't have author are not accessible.
    foreach ($private_nodes as $nid) {
      if (($node = node_load($nid)) === FALSE) {
        continue;
      }
      $original_uid = $node->uid;

      // Change node author to anonymous.
      $node->uid = 0;
      node_save($node);
      $node = node_load($nid);
      $this->assertEqual($node->uid, 0);

      $this->checkNodeAccess($nid, FALSE, FALSE, FALSE);

      // Change node to original author.
      $node->uid = $original_uid;
      node_save($node);
    }

    // Now test that a user with 'access any private content' can view content.
    $access_user = $this->backdropCreateUser(
      array(
        'access content',
        'create post content',
        'access any private content',
        'search content',
      )
    );
    $this->backdropLogin($access_user);

    // Check to see that we find the number of search results expected.
    $this->checkSearchResults('Private node', 3);

    foreach ($nodes_by_user as $uid => $private_status) {
      foreach ($private_status as $nid => $is_private) {
        $this->backdropGet('node/' . $nid);
        $this->assertResponse(200);
      }
    }

    // Check to see that the correct nodes are shown on examples/node_access.
    // This user should be able to see all 3 of them.
    $this->backdropGet('examples/node_access');
    $accessible = $this->xpath("//tr[contains(@class,'accessible')]");
    $this->assertEqual(count($accessible), 3);

    // Test that a user named 'foobar' can edit any private node due to
    // node_access_example_node_access(). Note that this user will not be
    // able to search for private nodes, and will not have available nodes
    // shown on examples/node_access, because node_access() is not called
    // for node listings, only for actual access to a node.
    $edit_user = $this->backdropCreateUser(
      array(
        'access comments',
        'access content',
        'post comments',
        'skip comment approval',
        'search content',
      )
    );
    // Update the name of the user to 'foobar'.
    db_update('users')
      ->fields(array(
          'name' => 'foobar',
      ))
      ->condition('uid', $edit_user->uid)
      ->execute();

    $edit_user->name = 'foobar';
    $this->backdropLogin($edit_user);

    // Try to edit each of the private nodes.
    foreach ($private_nodes as $nid) {
      $body = $this->randomName();
      $edit = array('body[und][0][value]' => $body);
      $this->backdropPost('node/' . $nid . '/edit', $edit, t('Save'));
      $this->assertText(t('has been updated'), 'Node was updated by "foobar" user');
    }

    // Test that a privileged user can edit and delete private content.
    // This test should go last, as the nodes get deleted.
    $edit_user = $this->backdropCreateUser(
      array(
        'access content',
        'access any private content',
        'edit any private content',
      )
    );
    $this->backdropLogin($edit_user);
    foreach ($private_nodes as $nid) {
      $body = $this->randomName();
      $edit = array('body[und][0][value]' => $body);
      $this->backdropPost('node/' . $nid . '/edit', $edit, t('Save'));
      $this->assertText(t('has been updated'));
      $this->backdropPost('node/' . $nid . '/edit', array(), t('Delete'));
      $this->backdropPost(NULL, array(), t('Delete'));
      $this->assertText(t('has been deleted'));
    }
  }

  /**
   * Helper function.
   *
   * On the search page, search for a string and assert the expected number
   * of results.
   *
   * @param string $search_query
   *   String to search for
   * @param int $expected_result_count
   *   Expected result count
   */
  protected function checkSearchResults($search_query, $expected_result_count) {
    $this->backdropPost('search/node', array('keys' => $search_query), t('Search'));
    $search_results = $this->xpath("//ol[contains(@class, 'search-results')]/li");
    $this->assertEqual(count($search_results), $expected_result_count, 'Found the expected number of search results');
  }

  /**
   * Helper function.
   *
   * Test if a node with the id $nid has expected access grants.
   *
   * @param int $nid
   *   Node that will be checked.
   *
   * @return bool
   *   Checker ran successfully
   */
  protected function checkNodeAccess($nid, $grant_view, $grant_update, $grant_delete) {
    // Test if node can be viewed.
    if (!$this->checkResponse($grant_view, 'node/' . $nid)) {
      return FALSE;
    }

    // Test if private node can be edited.
    if (!$this->checkResponse($grant_update, 'node/' . $nid . '/edit')) {
      return FALSE;
    }

    // Test if private node can be deleted.
    if (!$this->checkResponse($grant_delete, 'node/' . $nid . '/delete')) {
      return FALSE;
    }

    return TRUE;
  }


  /**
   * Helper function.
   *
   * Test if there is access to an $url
   *
   * @param bool $grant
   *   Access to the $url
   *
   * @param string $url
   *   url to make the get call.
   *
   * @return bool
   *   Get response
   */
  protected function checkResponse($grant, $url) {
    $this->backdropGet($url);
    if ($grant) {
      $response = $this->assertResponse(200);
    }
    else {
      $response = $this->assertResponse(403);
    }
    return $response;
  }

}
Classes

Name	Description
NodeAccessExampleTestCase	Functional tests for the Node Access Example module.