/**
* Asserts that node access correctly grants or denies access.
*
* @param array $ops
* An associative array of the expected node access grants for the node
* and account, with each key as the name of an operation (e.g. 'view',
* 'delete') and each value a Boolean indicating whether access to that
* operation should be granted.
* @param \Drupal\node\Entity\Node $node
* The node object to check.
* @param \Drupal\Core\Session\AccountInterface $account
* The user account for which to check access.
* @param string|null $langcode
* (optional) The language code indicating which translation of the node
* to check. If NULL, the untranslated (fallback) access is checked.
*/
function assertNodeAccess(array $ops, $node, AccountInterface $account, $langcode = NULL)
{
foreach ($ops as $op => $result) {
if (empty($langcode)) {
$langcode = $node->prepareLangcode();
}
$this->assertEqual($result, $this->accessHandler->access($node, $op, $langcode, $account), $this->nodeAccessAssertMessage($op, $result, $langcode));
}
}
/**
* Tests if nodes that may not be deleted, can not be deleted in bulk.
*/
public function testNodeDeleteAccess()
{
// Create an account who will be the author of a private node.
$author = $this->drupalCreateUser();
// Create a private node (author may view, edit and delete, others may not).
$private_node = $this->drupalCreateNode(array('type' => 'article', 'private' => array(array('value' => TRUE)), 'uid' => $author->id()));
// Create an account that may view the private node, but not delete it.
$account = $this->drupalCreateUser(array('access content', 'administer nodes', 'delete own article content', 'node test view'));
// Create a node that may be deleted too, to ensure the delete confirmation
// page is shown later. In node_access_test.module, nodes may only be
// deleted by the author.
$own_node = $this->drupalCreateNode(array('type' => 'article', 'private' => array(array('value' => TRUE)), 'uid' => $account->id()));
$this->drupalLogin($account);
// Ensure that the private node can not be deleted.
$this->assertEqual(FALSE, $this->accessHandler->access($private_node, 'delete', $account), 'The private node may not be deleted.');
// Ensure that the public node may be deleted.
$this->assertEqual(TRUE, $this->accessHandler->access($own_node, 'delete', $account), 'The own node may be deleted.');
// Try to delete the node using the bulk form.
$edit = array('node_bulk_form[0]' => TRUE, 'node_bulk_form[1]' => TRUE, 'action' => 'node_delete_action');
$this->drupalPostForm('test-node-bulk-form', $edit, t('Apply to selected items'));
$this->drupalPostForm(NULL, array(), t('Delete'));
// Ensure the private node still exists.
$private_node = Node::load($private_node->id());
$this->assertNotNull($private_node, 'The private node has not been deleted.');
// Ensure the own node is deleted.
$own_node = Node::load($own_node->id());
$this->assertNull($own_node, 'The own node is deleted.');
}
/**
* @covers ::checkAccess
*
* @dataProvider providerTestAccessDelete
*/
public function testAccessDelete($is_new, $is_fallback, $expected)
{
$this->entityType->getAdminPermission()->willReturn('test permission');
$page = $this->prophesize(PageInterface::class);
$page->isNew()->willReturn($is_new);
$page->isFallbackPage()->willReturn($is_fallback);
$page->uuid()->shouldBeCalled();
$page->getEntityTypeId()->shouldBeCalled();
// Ensure that the cache tag is added for the temporary conditions.
if ($is_new || $is_fallback) {
$this->setUpCacheContextsManager();
$page->getCacheTags()->willReturn(['page:1']);
$page->getCacheContexts()->willReturn([]);
$page->getCacheMaxAge()->willReturn(0);
}
$account = $this->prophesize(AccountInterface::class);
$account->hasPermission('test permission')->willReturn(TRUE);
$account->id()->shouldBeCalled();
$this->assertSame($expected, $this->pageAccess->access($page->reveal(), 'delete', NULL, $account->reveal()));
}
/**
* Checks node revision access.
*
* @param \Drupal\node\NodeInterface $node
* The node to check.
* @param \Drupal\Core\Session\AccountInterface $account
* A user object representing the user for whom the operation is to be
* performed.
* @param string $op
* (optional) The specific operation being checked. Defaults to 'view.'
* @param string|null $langcode
* (optional) Language code for the variant of the node. Different language
* variants might have different permissions associated. If NULL, the
* original langcode of the node is used. Defaults to NULL.
*
* @return bool
* TRUE if the operation may be performed, FALSE otherwise.
*/
public function checkAccess(NodeInterface $node, AccountInterface $account, $op = 'view', $langcode = NULL)
{
$map = array('view' => 'view all revisions', 'update' => 'revert all revisions', 'delete' => 'delete all revisions');
$bundle = $node->bundle();
$type_map = array('view' => "view {$bundle} revisions", 'update' => "revert {$bundle} revisions", 'delete' => "delete {$bundle} revisions");
if (!$node || !isset($map[$op]) || !isset($type_map[$op])) {
// If there was no node to check against, or the $op was not one of the
// supported ones, we return access denied.
return FALSE;
}
// If no language code was provided, default to the node revision's langcode.
if (empty($langcode)) {
$langcode = $node->language()->getId();
}
// Statically cache access by revision ID, language code, user account ID,
// and operation.
$cid = $node->getRevisionId() . ':' . $langcode . ':' . $account->id() . ':' . $op;
if (!isset($this->access[$cid])) {
// Perform basic permission checks first.
if (!$account->hasPermission($map[$op]) && !$account->hasPermission($type_map[$op]) && !$account->hasPermission('administer nodes')) {
$this->access[$cid] = FALSE;
return FALSE;
}
// There should be at least two revisions. If the vid of the given node
// and the vid of the default revision differ, then we already have two
// different revisions so there is no need for a separate database check.
// Also, if you try to revert to or delete the default revision, that's
// not good.
if ($node->isDefaultRevision() && ($this->nodeStorage->countDefaultLanguageRevisions($node) == 1 || $op == 'update' || $op == 'delete')) {
$this->access[$cid] = FALSE;
} elseif ($account->hasPermission('administer nodes')) {
$this->access[$cid] = TRUE;
} else {
// First check the access to the default revision and finally, if the
// node passed in is not the default revision then access to that, too.
$this->access[$cid] = $this->nodeAccess->access($this->nodeStorage->load($node->id()), $op, $langcode, $account) && ($node->isDefaultRevision() || $this->nodeAccess->access($node, $op, $langcode, $account));
}
}
return $this->access[$cid];
}
/**
* Asserts that node access correctly grants or denies access.
*
* @param array $ops
* An associative array of the expected node access grants for the node
* and account, with each key as the name of an operation (e.g. 'view',
* 'delete') and each value a Boolean indicating whether access to that
* operation should be granted.
* @param \Drupal\node\NodeInterface $node
* The node object to check.
* @param \Drupal\Core\Session\AccountInterface $account
* The user account for which to check access.
*/
function assertNodeAccess(array $ops, NodeInterface $node, AccountInterface $account)
{
foreach ($ops as $op => $result) {
$this->assertEqual($result, $this->accessHandler->access($node, $op, $account), $this->nodeAccessAssertMessage($op, $result, $node->language()->getId()));
}
}
/**
* Asserts that support ticket access correctly grants or denies access.
*
* @param array $ops
* An associative array of the expected support ticket access grants for the
* support ticket and account, with each key as the name of an operation (e.g.
* 'view', 'delete') and each value a Boolean indicating whether access to that
* operation should be granted.
* @param \Drupal\support_ticket\Entity\SupportTicket $support_ticket
* The support ticket object to check.
* @param \Drupal\Core\Session\AccountInterface $account
* The user account for which to check access.
*/
function assertSupportTicketAccess(array $ops, $support_ticket, AccountInterface $account)
{
foreach ($ops as $op => $result) {
$this->assertEqual($result, $this->accessHandler->access($support_ticket, $op, $account), $this->supportTicketAccessAssertMessage($op, $result, $support_ticket->language()->getId()));
}
}
