/**
* Tests if nodes that may not be deleted, can not be deleted in bulk.
*/
public function testNodeDeleteAccess()
{
// Create an account who will be the author of a private node.
$author = $this->drupalCreateUser();
// Create a private node (author may view, edit and delete, others may not).
$private_node = $this->drupalCreateNode(array('type' => 'article', 'private' => array(array('value' => TRUE)), 'uid' => $author->id()));
// Create an account that may view the private node, but not delete it.
$account = $this->drupalCreateUser(array('access content', 'administer nodes', 'delete own article content', 'node test view'));
// Create a node that may be deleted too, to ensure the delete confirmation
// page is shown later. In node_access_test.module, nodes may only be
// deleted by the author.
$own_node = $this->drupalCreateNode(array('type' => 'article', 'private' => array(array('value' => TRUE)), 'uid' => $account->id()));
$this->drupalLogin($account);
// Ensure that the private node can not be deleted.
$this->assertEqual(FALSE, $this->accessHandler->access($private_node, 'delete', $account), 'The private node may not be deleted.');
// Ensure that the public node may be deleted.
$this->assertEqual(TRUE, $this->accessHandler->access($own_node, 'delete', $account), 'The own node may be deleted.');
// Try to delete the node using the bulk form.
$edit = array('node_bulk_form[0]' => TRUE, 'node_bulk_form[1]' => TRUE, 'action' => 'node_delete_action');
$this->drupalPostForm('test-node-bulk-form', $edit, t('Apply to selected items'));
$this->drupalPostForm(NULL, array(), t('Delete'));
// Ensure the private node still exists.
$private_node = Node::load($private_node->id());
$this->assertNotNull($private_node, 'The private node has not been deleted.');
// Ensure the own node is deleted.
$own_node = Node::load($own_node->id());
$this->assertNull($own_node, 'The own node is deleted.');
}
/**
* Generates an action link to display at the top of the forum listing.
*
* @param string $vid
* Vocabulary ID.
* @param \Drupal\taxonomy\TermInterface $forum_term
* The term for which the links are to be built.
*
* @return array
* Render array containing the links.
*/
protected function buildActionLinks($vid, TermInterface $forum_term = NULL)
{
$user = $this->currentUser();
$links = [];
// Loop through all bundles for forum taxonomy vocabulary field.
foreach ($this->fieldMap['node']['taxonomy_forums']['bundles'] as $type) {
if ($this->nodeAccess->createAccess($type)) {
$links[$type] = ['#attributes' => ['class' => ['action-links']], '#theme' => 'menu_local_action', '#link' => ['title' => $this->t('Add new @node_type', ['@node_type' => $this->nodeTypeStorage->load($type)->label()]), 'url' => Url::fromRoute('node.add', ['node_type' => $type])]];
if ($forum_term && $forum_term->bundle() == $vid) {
// We are viewing a forum term (specific forum), append the tid to
// the url.
$links[$type]['#link']['localized_options']['query']['forum_id'] = $forum_term->id();
}
}
}
if (empty($links)) {
// Authenticated user does not have access to create new topics.
if ($user->isAuthenticated()) {
$links['disallowed'] = ['#markup' => $this->t('You are not allowed to post new content in the forum.')];
} else {
$links['login'] = ['#attributes' => ['class' => ['action-links']], '#theme' => 'menu_local_action', '#link' => array('title' => $this->t('Log in to post new content in the forum.'), 'url' => Url::fromRoute('user.login', [], ['query' => $this->getDestinationArray()]))];
}
}
return $links;
}
/**
* {@inheritdoc}
*/
public function setUp()
{
parent::setup();
require_once $this->root . '/core/includes/entity.inc';
$this->namespaces['Drupal\\Core\\Entity'] = $this->root . '/core/lib/Drupal/Core/Entity';
$language = $this->prophesize(LanguageInterface::class);
$language->getId()->willReturn('en');
$this->languageManager = $this->prophesize(LanguageManagerInterface::class);
$this->languageManager->getCurrentLanguage()->willReturn($language->reveal());
$this->languageManager->getLanguages()->willReturn([$language->reveal()]);
// We need to support multiple entity types, including a test type:
$type_info = ['test' => ['id' => 'test', 'label' => 'Test', 'entity_keys' => ['bundle' => 'bundle']], 'user' => ['id' => 'user', 'label' => 'Test User', 'entity_keys' => ['bundle' => 'user']], 'node' => ['id' => 'node', 'label' => 'Test Node', 'entity_keys' => ['bundle' => 'dummy']]];
$type_array = [];
foreach ($type_info as $type => $info) {
$entity_type = new ContentEntityType($info);
$type_array[$type] = $entity_type;
$this->entityTypeManager->getDefinition($type)->willReturn($entity_type);
$this->entityManager->getDefinition($type)->willReturn($entity_type);
}
// We need a user_role mock as well.
$role_entity_info = ['id' => 'user_role', 'label' => 'Test Role'];
$role_type = new ConfigEntityType($role_entity_info);
$type_array['user_role'] = $role_type;
$this->entityTypeManager->getDefinitions()->willReturn($type_array);
$this->entityManager->getDefinitions()->willReturn($type_array);
$this->entityAccess = $this->prophesize(EntityAccessControlHandlerInterface::class);
$this->entityTypeManager->getAccessControlHandler(Argument::any())->willReturn($this->entityAccess->reveal());
// The base field definitions for our test entity aren't used, and would
// require additional mocking. It doesn't appear that any of our tests rely
// on this for any other entity type that we are mocking.
$this->entityFieldManager->getBaseFieldDefinitions(Argument::any())->willReturn([]);
$this->entityManager->getBaseFieldDefinitions(Argument::any())->willReturn([]);
// Return some dummy bundle information for now, so that the entity manager
// does not call out to the config entity system to get bundle information.
$this->entityTypeBundleInfo->getBundleInfo(Argument::any())->willReturn(['test' => ['label' => 'Test']]);
$this->entityManager->getBundleInfo(Argument::any())->willReturn(['test' => ['label' => 'Test']]);
$this->moduleHandler->getImplementations('entity_type_build')->willReturn([]);
$this->fieldTypeManager = new FieldTypePluginManager($this->namespaces, $this->cacheBackend, $this->moduleHandler->reveal(), $this->typedDataManager);
$this->container->set('plugin.manager.field.field_type', $this->fieldTypeManager);
}
/**
* {@inheritdoc}
*/
public function setUp()
{
parent::setup();
require_once $this->root . '/core/includes/entity.inc';
$this->namespaces['Drupal\\Core\\Entity'] = $this->root . '/core/lib/Drupal/Core/Entity';
$language = $this->prophesize(LanguageInterface::class);
$language->getId()->willReturn('en');
$this->languageManager = $this->prophesize(LanguageManagerInterface::class);
$this->languageManager->getCurrentLanguage()->willReturn($language->reveal());
$this->languageManager->getLanguages()->willReturn([$language->reveal()]);
$entityType = new ContentEntityType(['id' => 'test', 'label' => 'Test', 'entity_keys' => ['bundle' => 'bundle']]);
$this->entityManager->getDefinitions()->willReturn(['test' => $entityType]);
$this->entityAccess = $this->prophesize(EntityAccessControlHandlerInterface::class);
$this->entityManager->getAccessControlHandler(Argument::any())->willReturn($this->entityAccess->reveal());
// The base field definitions for our test entity aren't used, and would
// require additional mocking.
$this->entityManager->getBaseFieldDefinitions('test')->willReturn([]);
// Return some dummy bundle information for now, so that the entity manager
// does not call out to the config entity system to get bundle information.
$this->entityManager->getBundleInfo(Argument::any())->willReturn(['test' => ['label' => 'Test']]);
$this->moduleHandler->getImplementations('entity_type_build')->willReturn([]);
}
/**
* @covers ::checkAccess
*
* @dataProvider providerTestAccessDelete
*/
public function testAccessDelete($is_new, $is_fallback, $expected)
{
$this->entityType->getAdminPermission()->willReturn('test permission');
$page = $this->prophesize(PageInterface::class);
$page->isNew()->willReturn($is_new);
$page->isFallbackPage()->willReturn($is_fallback);
$page->uuid()->shouldBeCalled();
$page->getEntityTypeId()->shouldBeCalled();
// Ensure that the cache tag is added for the temporary conditions.
if ($is_new || $is_fallback) {
$this->setUpCacheContextsManager();
$page->getCacheTags()->willReturn(['page:1']);
$page->getCacheContexts()->willReturn([]);
$page->getCacheMaxAge()->willReturn(0);
}
$account = $this->prophesize(AccountInterface::class);
$account->hasPermission('test permission')->willReturn(TRUE);
$account->id()->shouldBeCalled();
$this->assertSame($expected, $this->pageAccess->access($page->reveal(), 'delete', NULL, $account->reveal()));
}
/**
* Checks node revision access.
*
* @param \Drupal\node\NodeInterface $node
* The node to check.
* @param \Drupal\Core\Session\AccountInterface $account
* A user object representing the user for whom the operation is to be
* performed.
* @param string $op
* (optional) The specific operation being checked. Defaults to 'view.'
* @param string|null $langcode
* (optional) Language code for the variant of the node. Different language
* variants might have different permissions associated. If NULL, the
* original langcode of the node is used. Defaults to NULL.
*
* @return bool
* TRUE if the operation may be performed, FALSE otherwise.
*/
public function checkAccess(NodeInterface $node, AccountInterface $account, $op = 'view', $langcode = NULL)
{
$map = array('view' => 'view all revisions', 'update' => 'revert all revisions', 'delete' => 'delete all revisions');
$bundle = $node->bundle();
$type_map = array('view' => "view {$bundle} revisions", 'update' => "revert {$bundle} revisions", 'delete' => "delete {$bundle} revisions");
if (!$node || !isset($map[$op]) || !isset($type_map[$op])) {
// If there was no node to check against, or the $op was not one of the
// supported ones, we return access denied.
return FALSE;
}
// If no language code was provided, default to the node revision's langcode.
if (empty($langcode)) {
$langcode = $node->language()->getId();
}
// Statically cache access by revision ID, language code, user account ID,
// and operation.
$cid = $node->getRevisionId() . ':' . $langcode . ':' . $account->id() . ':' . $op;
if (!isset($this->access[$cid])) {
// Perform basic permission checks first.
if (!$account->hasPermission($map[$op]) && !$account->hasPermission($type_map[$op]) && !$account->hasPermission('administer nodes')) {
$this->access[$cid] = FALSE;
return FALSE;
}
// There should be at least two revisions. If the vid of the given node
// and the vid of the default revision differ, then we already have two
// different revisions so there is no need for a separate database check.
// Also, if you try to revert to or delete the default revision, that's
// not good.
if ($node->isDefaultRevision() && ($this->nodeStorage->countDefaultLanguageRevisions($node) == 1 || $op == 'update' || $op == 'delete')) {
$this->access[$cid] = FALSE;
} elseif ($account->hasPermission('administer nodes')) {
$this->access[$cid] = TRUE;
} else {
// First check the access to the default revision and finally, if the
// node passed in is not the default revision then access to that, too.
$this->access[$cid] = $this->nodeAccess->access($this->nodeStorage->load($node->id()), $op, $langcode, $account) && ($node->isDefaultRevision() || $this->nodeAccess->access($node, $op, $langcode, $account));
}
}
return $this->access[$cid];
}
/**
* Asserts that node create access correctly grants or denies access.
*
* @param string $bundle
* The node bundle to check access to.
* @param bool $result
* Whether access should be granted or not.
* @param \Drupal\Core\Session\AccountInterface $account
* The user account for which to check access.
* @param string|null $langcode
* (optional) The language code indicating which translation of the node
* to check. If NULL, the untranslated (fallback) access is checked.
*/
function assertNodeCreateAccess($bundle, $result, AccountInterface $account, $langcode = NULL)
{
$this->assertEqual($result, $this->accessHandler->createAccess($bundle, $account, array('langcode' => $langcode)), $this->nodeAccessAssertMessage('create', $result, $langcode));
}
