/**
* Tests if bypassing a certain user protection is respected.
*
* @param string $plugin
* The name of the UserProtection plugin.
* @param string $operation
* The access operation to check.
*/
protected function doUserProtectionBypassTest($plugin, $operation)
{
// Create a protected user.
$protected_account = $this->createProtectedUser(array($plugin));
// Create operating account.
$account = $this->drupalCreateUser(array('administer users', 'userprotect.dummy.bypass'));
// Test if account has the expected access.
$this->assertTrue($this->accessController->access($protected_account, $operation, NULL, $account));
}
/**
* Checks node revision access.
*
* @param \Drupal\node\NodeInterface $node
* The node to check.
* @param \Drupal\Core\Session\AccountInterface $account
* A user object representing the user for whom the operation is to be
* performed.
* @param string $op
* (optional) The specific operation being checked. Defaults to 'view.'
* @param string|null $langcode
* (optional) Language code for the variant of the node. Different language
* variants might have different permissions associated. If NULL, the
* original langcode of the node is used. Defaults to NULL.
*
* @return bool
* TRUE if the operation may be performed, FALSE otherwise.
*/
public function checkAccess(NodeInterface $node, AccountInterface $account, $op = 'view', $langcode = NULL)
{
$map = array('view' => 'view all revisions', 'update' => 'revert all revisions', 'delete' => 'delete all revisions');
$bundle = $node->bundle();
$type_map = array('view' => "view {$bundle} revisions", 'update' => "revert {$bundle} revisions", 'delete' => "delete {$bundle} revisions");
if (!$node || !isset($map[$op]) || !isset($type_map[$op])) {
// If there was no node to check against, or the $op was not one of the
// supported ones, we return access denied.
return FALSE;
}
// If no language code was provided, default to the node revision's langcode.
if (empty($langcode)) {
$langcode = $node->language()->id;
}
// Statically cache access by revision ID, language code, user account ID,
// and operation.
$cid = $node->getRevisionId() . ':' . $langcode . ':' . $account->id() . ':' . $op;
if (!isset($this->access[$cid])) {
// Perform basic permission checks first.
if (!$account->hasPermission($map[$op]) && !$account->hasPermission($type_map[$op]) && !$account->hasPermission('administer nodes')) {
$this->access[$cid] = FALSE;
return FALSE;
}
// There should be at least two revisions. If the vid of the given node
// and the vid of the default revision differ, then we already have two
// different revisions so there is no need for a separate database check.
// Also, if you try to revert to or delete the default revision, that's
// not good.
if ($node->isDefaultRevision() && ($this->connection->query('SELECT COUNT(*) FROM {node_field_revision} WHERE nid = :nid AND default_langcode = 1', array(':nid' => $node->id()))->fetchField() == 1 || $op == 'update' || $op == 'delete')) {
$this->access[$cid] = FALSE;
} elseif ($account->hasPermission('administer nodes')) {
$this->access[$cid] = TRUE;
} else {
// First check the access to the default revision and finally, if the
// node passed in is not the default revision then access to that, too.
$this->access[$cid] = $this->nodeAccess->access($this->nodeStorage->load($node->id()), $op, $langcode, $account) && ($node->isDefaultRevision() || $this->nodeAccess->access($node, $op, $langcode, $account));
}
}
return $this->access[$cid];
}
/**
* Asserts that node create access correctly grants or denies access.
*
* @param string $bundle
* The node bundle to check access to.
* @param bool $result
* Whether access should be granted or not.
* @param \Drupal\Core\Session\AccountInterface $account
* The user account for which to check access.
* @param string|null $langcode
* (optional) The language code indicating which translation of the node
* to check. If NULL, the untranslated (fallback) access is checked.
*/
function assertNodeCreateAccess($bundle, $result, AccountInterface $account, $langcode = NULL)
{
$this->assertEqual($result, $this->accessController->createAccess($bundle, $account, array('langcode' => $langcode)), $this->nodeAccessAssertMessage('create', $result, $langcode));
}