| Current Path : /var/www/html/rocksensor1/web/core/modules/node/tests/src/Kernel/ |
Linux ift1.ift-informatik.de 5.4.0-216-generic #236-Ubuntu SMP Fri Apr 11 19:53:21 UTC 2025 x86_64 |
| Current File : /var/www/html/rocksensor1/web/core/modules/node/tests/src/Kernel/NodeFieldAccessTest.php |
<?php
declare(strict_types=1);
namespace Drupal\Tests\node\Kernel;
use Drupal\KernelTests\Core\Entity\EntityKernelTestBase;
use Drupal\node\Entity\Node;
use Drupal\node\Entity\NodeType;
/**
* Tests node field level access.
*
* @group node
*/
class NodeFieldAccessTest extends EntityKernelTestBase {
/**
* {@inheritdoc}
*/
protected static $modules = ['node'];
/**
* Fields that only users with administer nodes permissions can change.
*
* @var array
*/
protected $administrativeFields = [
'status',
'promote',
'sticky',
'created',
'uid',
];
/**
* These fields are automatically managed and can not be changed by any user.
*
* @var array
*/
protected $readOnlyFields = ['changed', 'revision_uid', 'revision_timestamp'];
/**
* Tests permissions on nodes status field.
*/
public function testAccessToAdministrativeFields(): void {
// Create the page node type with revisions disabled.
$page = NodeType::create([
'type' => 'page',
'name' => 'Page',
'new_revision' => FALSE,
]);
$page->save();
// Create the article node type with revisions enabled.
$article = NodeType::create([
'type' => 'article',
'name' => 'Article',
'new_revision' => TRUE,
]);
$article->save();
// An administrator user. No user exists yet, ensure that the first user
// does not have UID 1.
$content_admin_user = $this->createUser(['administer nodes', 'access content'], values: ['uid' => 2]);
// Two different editor users.
$page_creator_user = $this->createUser([
'create page content',
'edit own page content',
'delete own page content',
'access content',
]);
$page_manager_user = $this->createUser([
'create page content',
'edit any page content',
'delete any page content',
'access content',
]);
// An unprivileged user.
$page_unrelated_user = $this->createUser(['access content']);
// List of all users
$test_users = [
$content_admin_user,
$page_creator_user,
$page_manager_user,
$page_unrelated_user,
];
// Create three "Basic pages". One is owned by our test-user
// "page_creator", one by "page_manager", and one by someone else.
$node1 = Node::create([
'title' => $this->randomMachineName(8),
'uid' => $page_creator_user->id(),
'type' => 'page',
]);
$node1->save();
$node2 = Node::create([
'title' => $this->randomMachineName(8),
'uid' => $page_manager_user->id(),
'type' => 'article',
'revision_log' => 'Updated to requirements',
]);
$node2->save();
$node3 = Node::create([
'title' => $this->randomMachineName(8),
'type' => 'page',
]);
$node3->save();
foreach ($this->administrativeFields as $field) {
// Checks on view operations.
foreach ($test_users as $account) {
$may_view = $node1->{$field}->access('view', $account);
$this->assertTrue($may_view, "Any user may view the field $field.");
}
// Checks on edit operations.
$may_update = $node1->{$field}->access('edit', $page_creator_user);
$this->assertFalse($may_update, 'Users with permission "edit own page content" is not allowed to the field ' . $field . '.');
$may_update = $node2->{$field}->access('edit', $page_creator_user);
$this->assertFalse($may_update, 'Users with permission "edit own page content" is not allowed to the field ' . $field . '.');
$may_update = $node2->{$field}->access('edit', $page_manager_user);
$this->assertFalse($may_update, 'Users with permission "edit any page content" is not allowed to the field ' . $field . '.');
$may_update = $node1->{$field}->access('edit', $page_manager_user);
$this->assertFalse($may_update, 'Users with permission "edit any page content" is not allowed to the field ' . $field . '.');
$may_update = $node2->{$field}->access('edit', $page_unrelated_user);
$this->assertFalse($may_update, 'Users not having permission "edit any page content" is not allowed to the field ' . $field . '.');
$may_update = $node1->{$field}->access('edit', $content_admin_user) && $node3->status->access('edit', $content_admin_user);
$this->assertTrue($may_update, 'Users with permission "administer nodes" may edit ' . $field . ' fields on all nodes.');
}
foreach ($this->readOnlyFields as $field) {
// Check view operation.
foreach ($test_users as $account) {
$may_view = $node1->{$field}->access('view', $account);
$this->assertTrue($may_view, "Any user may view the field $field.");
}
// Check edit operation.
foreach ($test_users as $account) {
$may_view = $node1->{$field}->access('edit', $account);
$this->assertFalse($may_view, "No user is not allowed to edit the field $field.");
}
}
// Check the revision_log field on node 1 which has revisions disabled.
$may_update = $node1->revision_log->access('edit', $content_admin_user);
$this->assertTrue($may_update, 'A user with permission "administer nodes" can edit the revision_log field when revisions are disabled.');
$may_update = $node1->revision_log->access('edit', $page_creator_user);
$this->assertFalse($may_update, 'A user without permission "administer nodes" can not edit the revision_log field when revisions are disabled.');
// Check the revision_log field on node 2 which has revisions enabled.
$may_update = $node2->revision_log->access('edit', $content_admin_user);
$this->assertTrue($may_update, 'A user with permission "administer nodes" can edit the revision_log field when revisions are enabled.');
$may_update = $node2->revision_log->access('edit', $page_creator_user);
$this->assertTrue($may_update, 'A user without permission "administer nodes" can edit the revision_log field when revisions are enabled.');
$may_view = $node2->revision_log->access('view', $content_admin_user);
$this->assertTrue($may_view, 'A user without permission "administer nodes" cannot view the revision_log field when revisions are enabled.');
// Page manager only has permissions to 'page', not 'article' content type.
$may_view = $node2->revision_log->access('view', $page_manager_user);
$this->assertFalse($may_view, 'A user without permission to the content type cannot view the revision_log field when revisions are enabled.');
$article_revision_manager_user = $this->createUser(['access content', 'view article revisions']);
$may_view = $node2->revision_log->access('view', $article_revision_manager_user);
$this->assertTrue($may_view, 'A user without permission "view article revisions" cannot view the revision_log field when revisions are enabled on article.');
$revision_manager_user = $this->createUser(['access content', 'view all revisions']);
$may_view = $node2->revision_log->access('view', $revision_manager_user);
$this->assertTrue($may_view, 'A user without permission "view all revisions" cannot view the revision_log field when revisions are enabled.');
$may_view = $node2->revision_log->access('view', $page_unrelated_user);
$this->assertFalse($may_view, 'A user with only permission "access content" cannot view the revision_log field when revisions are enabled.');
}
}