/** * Asserts that node access correctly grants or denies access. * * @param array $ops * An associative array of the expected node access grants for the node * and account, with each key as the name of an operation (e.g. 'view', * 'delete') and each value a Boolean indicating whether access to that * operation should be granted. * @param \Drupal\node\Entity\Node $node * The node object to check. * @param \Drupal\Core\Session\AccountInterface $account * The user account for which to check access. * @param string|null $langcode * (optional) The language code indicating which translation of the node * to check. If NULL, the untranslated (fallback) access is checked. */ function assertNodeAccess(array $ops, $node, AccountInterface $account, $langcode = NULL) { foreach ($ops as $op => $result) { if (empty($langcode)) { $langcode = $node->prepareLangcode(); } $this->assertEqual($result, $this->accessController->access($node, $op, $langcode, $account), $this->nodeAccessAssertMessage($op, $result, $langcode)); } }
/** * Tests if bypassing a certain user protection is respected. * * @param string $plugin * The name of the UserProtection plugin. * @param string $operation * The access operation to check. */ protected function doUserProtectionBypassTest($plugin, $operation) { // Create a protected user. $protected_account = $this->createProtectedUser(array($plugin)); // Create operating account. $account = $this->drupalCreateUser(array('administer users', 'userprotect.dummy.bypass')); // Test if account has the expected access. $this->assertTrue($this->accessController->access($protected_account, $operation, NULL, $account)); }
/** * Checks node revision access. * * @param \Drupal\node\NodeInterface $node * The node to check. * @param \Drupal\Core\Session\AccountInterface $account * A user object representing the user for whom the operation is to be * performed. * @param string $op * (optional) The specific operation being checked. Defaults to 'view.' * @param string|null $langcode * (optional) Language code for the variant of the node. Different language * variants might have different permissions associated. If NULL, the * original langcode of the node is used. Defaults to NULL. * * @return bool * TRUE if the operation may be performed, FALSE otherwise. */ public function checkAccess(NodeInterface $node, AccountInterface $account, $op = 'view', $langcode = NULL) { $map = array('view' => 'view all revisions', 'update' => 'revert all revisions', 'delete' => 'delete all revisions'); $bundle = $node->bundle(); $type_map = array('view' => "view {$bundle} revisions", 'update' => "revert {$bundle} revisions", 'delete' => "delete {$bundle} revisions"); if (!$node || !isset($map[$op]) || !isset($type_map[$op])) { // If there was no node to check against, or the $op was not one of the // supported ones, we return access denied. return FALSE; } // If no language code was provided, default to the node revision's langcode. if (empty($langcode)) { $langcode = $node->language()->id; } // Statically cache access by revision ID, language code, user account ID, // and operation. $cid = $node->getRevisionId() . ':' . $langcode . ':' . $account->id() . ':' . $op; if (!isset($this->access[$cid])) { // Perform basic permission checks first. if (!$account->hasPermission($map[$op]) && !$account->hasPermission($type_map[$op]) && !$account->hasPermission('administer nodes')) { $this->access[$cid] = FALSE; return FALSE; } // There should be at least two revisions. If the vid of the given node // and the vid of the default revision differ, then we already have two // different revisions so there is no need for a separate database check. // Also, if you try to revert to or delete the default revision, that's // not good. if ($node->isDefaultRevision() && ($this->connection->query('SELECT COUNT(*) FROM {node_field_revision} WHERE nid = :nid AND default_langcode = 1', array(':nid' => $node->id()))->fetchField() == 1 || $op == 'update' || $op == 'delete')) { $this->access[$cid] = FALSE; } elseif ($account->hasPermission('administer nodes')) { $this->access[$cid] = TRUE; } else { // First check the access to the default revision and finally, if the // node passed in is not the default revision then access to that, too. $this->access[$cid] = $this->nodeAccess->access($this->nodeStorage->load($node->id()), $op, $langcode, $account) && ($node->isDefaultRevision() || $this->nodeAccess->access($node, $op, $langcode, $account)); } } return $this->access[$cid]; }