protected function setUp()
{
parent::setUp();
$this->adminUser = $this->drupalCreateUser(array('administer permissions', 'access user profiles', 'administer site configuration', 'administer modules', 'administer account settings'));
// Find the new role ID.
$all_rids = $this->adminUser->getRoles();
unset($all_rids[array_search(RoleInterface::AUTHENTICATED_ID, $all_rids)]);
$this->rid = reset($all_rids);
}
/**
* Evaluate if user has role(s).
*
* @param \Drupal\user\UserInterface $account
* The account to check.
* @param \Drupal\user\RoleInterface[] $roles
* Array of user roles.
* @param string $operation
* Either "AND": user has all of roles.
* Or "OR": user has at least one of all roles.
* Defaults to "AND".
*
* @return bool
* TRUE if the user has the role(s).
*/
protected function doEvaluate(UserInterface $account, array $roles, $operation = 'AND')
{
$rids = array_map(function ($role) {
return $role->id();
}, $roles);
switch ($operation) {
case 'OR':
return (bool) array_intersect($rids, $account->getRoles());
case 'AND':
return (bool) (!array_diff($rids, $account->getRoles()));
default:
throw new \InvalidArgumentException('Either use "AND" or "OR". Leave empty for default "AND" behavior.');
}
}
/**
* {@inheritdoc}
*/
protected function setUp()
{
parent::setUp();
$this->drupalPlaceBlock('system_breadcrumb_block');
$this->enableViewsTestModule();
$this->webUser = $this->drupalCreateUser();
$roles = $this->webUser->getRoles();
$this->webRole = $roles[0];
$this->normalRole = $this->drupalCreateRole(array());
$this->normalUser = $this->drupalCreateUser(array('views_test_data test permission'));
$this->normalUser->addRole($this->normalRole);
$this->normalUser->save();
// @todo when all the plugin information is cached make a reset function and
// call it here.
}
/**
* @param array $form
* @param \Drupal\user\UserInterface $user
* @return array
*/
public static function addRoleDelegationElement(array $form, UserInterface $user)
{
$current_user = \Drupal::currentUser();
$roles_current = $user->getRoles(TRUE);
$roles_delegate = array();
$roles = user_roles(TRUE);
unset($roles[AccountInterface::AUTHENTICATED_ROLE]);
unset($roles['administrator']);
foreach ($roles as $rid => $role) {
if ($current_user->hasPermission('assign all roles') || $current_user->hasPermission("assign {$role->get('id')} role")) {
$roles_delegate[$rid] = isset($form['account']['roles']['#options'][$rid]) ? $form['account']['roles']['#options'][$rid] : $role->get('id');
}
}
if (empty($roles_delegate)) {
// No role can be assigned.
return $form;
}
if (!isset($form['account'])) {
$form['account'] = array('#type' => 'value', '#value' => $user);
}
$default_options = array();
foreach ($roles_current as $role) {
if (in_array($role, $roles_delegate)) {
$default_options[$role] = $role;
}
}
// Generate the form items.
$form['account']['roles_change'] = array('#type' => 'checkboxes', '#title' => isset($form['account']['roles']['#title']) ? $form['account']['roles']['#title'] : t('Roles'), '#options' => $roles_delegate, '#default_value' => array_keys(array_intersect_key(array_flip($roles_current), $roles_delegate)), '#description' => isset($form['account']['roles']['#description']) ? $form['account']['roles']['#description'] : t('Change roles assigned to user.'));
return $form;
}
/**
* Tests for the presence of nodes on a user's tracker listing.
*/
function testTrackerUser()
{
$this->drupalLogin($this->user);
$unpublished = $this->drupalCreateNode(array('title' => $this->randomMachineName(8), 'uid' => $this->user->id(), 'status' => 0));
$my_published = $this->drupalCreateNode(array('title' => $this->randomMachineName(8), 'uid' => $this->user->id(), 'status' => 1));
$other_published_no_comment = $this->drupalCreateNode(array('title' => $this->randomMachineName(8), 'uid' => $this->otherUser->id(), 'status' => 1));
$other_published_my_comment = $this->drupalCreateNode(array('title' => $this->randomMachineName(8), 'uid' => $this->otherUser->id(), 'status' => 1));
$comment = array('subject[0][value]' => $this->randomMachineName(), 'comment_body[0][value]' => $this->randomMachineName(20));
$this->drupalPostForm('comment/reply/node/' . $other_published_my_comment->id() . '/comment', $comment, t('Save'));
$this->drupalGet('user/' . $this->user->id() . '/activity');
$this->assertNoText($unpublished->label(), "Unpublished nodes do not show up in the user's tracker listing.");
$this->assertText($my_published->label(), "Published nodes show up in the user's tracker listing.");
$this->assertNoText($other_published_no_comment->label(), "Another user's nodes do not show up in the user's tracker listing.");
$this->assertText($other_published_my_comment->label(), "Nodes that the user has commented on appear in the user's tracker listing.");
// Assert cache contexts.
$this->assertCacheContexts(['languages:language_interface', 'route', 'theme', 'url.query_args:' . MainContentViewSubscriber::WRAPPER_FORMAT, 'url.query_args.pagers:0', 'user', 'user.node_grants:view']);
// Assert cache tags for the visible nodes (including owners) and node list
// cache tag.
$expected_tags = Cache::mergeTags($my_published->getCacheTags(), $my_published->getOwner()->getCacheTags());
$expected_tags = Cache::mergeTags($expected_tags, $other_published_my_comment->getCacheTags());
$expected_tags = Cache::mergeTags($expected_tags, $other_published_my_comment->getOwner()->getCacheTags());
// Because the 'user.permissions' cache context is being optimized away.
$role_tags = [];
foreach ($this->user->getRoles() as $rid) {
$role_tags[] = "config:user.role.{$rid}";
}
$expected_tags = Cache::mergeTags($expected_tags, $role_tags);
$block_tags = ['block_view', 'config:block.block.page_actions_block', 'config:block.block.page_tabs_block', 'config:block_list'];
$expected_tags = Cache::mergeTags($expected_tags, $block_tags);
$additional_tags = ['node_list', 'rendered'];
$expected_tags = Cache::mergeTags($expected_tags, $additional_tags);
$this->assertCacheTags($expected_tags);
$this->assertCacheContexts(['languages:language_interface', 'route', 'theme', 'url.query_args:' . MainContentViewSubscriber::WRAPPER_FORMAT, 'url.query_args.pagers:0', 'user', 'user.node_grants:view']);
$this->assertLink($my_published->label());
$this->assertNoLink($unpublished->label());
// Verify that title and tab title have been set correctly.
$this->assertText('Activity', 'The user activity tab has the name "Activity".');
$this->assertTitle(t('@name | @site', array('@name' => $this->user->getUsername(), '@site' => $this->config('system.site')->get('name'))), 'The user tracker page has the correct page title.');
// Verify that unpublished comments are removed from the tracker.
$admin_user = $this->drupalCreateUser(array('post comments', 'administer comments', 'access user profiles'));
$this->drupalLogin($admin_user);
$this->drupalPostForm('comment/1/edit', array('status' => CommentInterface::NOT_PUBLISHED), t('Save'));
$this->drupalGet('user/' . $this->user->id() . '/activity');
$this->assertNoText($other_published_my_comment->label(), 'Unpublished comments are not counted on the tracker listing.');
// Test escaping of title on user's tracker tab.
\Drupal::service('module_installer')->install(['user_hooks_test']);
Cache::invalidateTags(['rendered']);
\Drupal::state()->set('user_hooks_test_user_format_name_alter', TRUE);
$this->drupalGet('user/' . $this->user->id() . '/activity');
$this->assertEscaped('<em>' . $this->user->id() . '</em>');
\Drupal::state()->set('user_hooks_test_user_format_name_alter_safe', TRUE);
Cache::invalidateTags(['rendered']);
$this->drupalGet('user/' . $this->user->id() . '/activity');
$this->assertNoEscaped('<em>' . $this->user->id() . '</em>');
$this->assertRaw('<em>' . $this->user->id() . '</em>');
}
/**
* Exercises the toolbar_user_role_update() and toolbar_user_update() hook
* implementations.
*/
function testUserRoleUpdateSubtreesHashCacheClear()
{
// Find the new role ID.
$all_rids = $this->adminUser->getRoles();
unset($all_rids[array_search(RoleInterface::AUTHENTICATED_ID, $all_rids)]);
$rid = reset($all_rids);
$edit = array();
$edit[$rid . '[administer taxonomy]'] = FALSE;
$this->drupalPostForm('admin/people/permissions', $edit, t('Save permissions'));
// Assert that the subtrees hash has been altered because the subtrees
// structure changed.
$this->assertDifferentHash();
// Test that assigning a user an extra role only affects that single user.
// Get the hash for a second user.
$this->drupalLogin($this->adminUser2);
$this->drupalGet('test-page');
$this->assertResponse(200);
// Assert that the toolbar is present in the HTML.
$this->assertRaw('id="toolbar-administration"');
$admin_user_2_hash = $this->getSubtreesHash();
// Log in the first admin user again.
$this->drupalLogin($this->adminUser);
$this->drupalGet('test-page');
$this->assertResponse(200);
// Assert that the toolbar is present in the HTML.
$this->assertRaw('id="toolbar-administration"');
$this->hash = $this->getSubtreesHash();
$rid = $this->drupalCreateRole(array('administer content types'));
// Assign the role to the user.
$this->drupalPostForm('user/' . $this->adminUser->id() . '/edit', array("roles[{$rid}]" => $rid), t('Save'));
$this->assertText(t('The changes have been saved.'));
// Assert that the subtrees hash has been altered because the subtrees
// structure changed.
$this->assertDifferentHash();
// Log in the second user again and assert that their subtrees hash did not
// change.
$this->drupalLogin($this->adminUser2);
// Request a new page to refresh the drupalSettings object.
$this->drupalGet('test-page');
$this->assertResponse(200);
$new_subtree_hash = $this->getSubtreesHash();
// Assert that the old admin menu subtree hash and the new admin menu
// subtree hash are the same.
$this->assertTrue($new_subtree_hash, 'A valid hash value for the admin menu subtrees was created.');
$this->assertEqual($admin_user_2_hash, $new_subtree_hash, 'The user-specific subtree menu hash has not been updated.');
}
/**
* Verify access rules for comment indexing with different permissions.
*/
function testSearchResultsCommentAccess()
{
$comment_body = 'Test comment body';
$this->commentSubject = 'Test comment subject';
$roles = $this->adminUser->getRoles(TRUE);
$this->adminRole = $roles[0];
// Create a node.
// Make preview optional.
$field = FieldConfig::loadByName('node', 'article', 'comment');
$field->setSetting('preview', DRUPAL_OPTIONAL);
$field->save();
$this->node = $this->drupalCreateNode(array('type' => 'article'));
// Post a comment using 'Full HTML' text format.
$edit_comment = array();
$edit_comment['subject[0][value]'] = $this->commentSubject;
$edit_comment['comment_body[0][value]'] = '<h1>' . $comment_body . '</h1>';
$this->drupalPostForm('comment/reply/node/' . $this->node->id() . '/comment', $edit_comment, t('Save'));
$this->drupalLogout();
$this->setRolePermissions(RoleInterface::ANONYMOUS_ID);
$this->assertCommentAccess(FALSE, 'Anon user has search permission but no access comments permission, comments should not be indexed');
$this->setRolePermissions(RoleInterface::ANONYMOUS_ID, TRUE);
$this->assertCommentAccess(TRUE, 'Anon user has search permission and access comments permission, comments should be indexed');
$this->drupalLogin($this->adminUser);
$this->drupalGet('admin/people/permissions');
// Disable search access for authenticated user to test admin user.
$this->setRolePermissions(RoleInterface::AUTHENTICATED_ID, FALSE, FALSE);
$this->setRolePermissions($this->adminRole);
$this->assertCommentAccess(FALSE, 'Admin user has search permission but no access comments permission, comments should not be indexed');
$this->drupalGet('node/' . $this->node->id());
$this->setRolePermissions($this->adminRole, TRUE);
$this->assertCommentAccess(TRUE, 'Admin user has search permission and access comments permission, comments should be indexed');
$this->setRolePermissions(RoleInterface::AUTHENTICATED_ID);
$this->assertCommentAccess(FALSE, 'Authenticated user has search permission but no access comments permission, comments should not be indexed');
$this->setRolePermissions(RoleInterface::AUTHENTICATED_ID, TRUE);
$this->assertCommentAccess(TRUE, 'Authenticated user has search permission and access comments permission, comments should be indexed');
// Verify that access comments permission is inherited from the
// authenticated role.
$this->setRolePermissions(RoleInterface::AUTHENTICATED_ID, TRUE, FALSE);
$this->setRolePermissions($this->adminRole);
$this->assertCommentAccess(TRUE, 'Admin user has search permission and no access comments permission, but comments should be indexed because admin user inherits authenticated user\'s permission to access comments');
// Verify that search content permission is inherited from the authenticated
// role.
$this->setRolePermissions(RoleInterface::AUTHENTICATED_ID, TRUE, TRUE);
$this->setRolePermissions($this->adminRole, TRUE, FALSE);
$this->assertCommentAccess(TRUE, 'Admin user has access comments permission and no search permission, but comments should be indexed because admin user inherits authenticated user\'s permission to search');
}
/**
* Tests if text format is available to a role.
*/
function testFormatRoles()
{
// Get the role ID assigned to the regular user.
$roles = $this->webUser->getRoles(TRUE);
$rid = $roles[0];
// Check that this role appears in the list of roles that have access to an
// allowed text format, but does not appear in the list of roles that have
// access to a disallowed text format.
$this->assertTrue(in_array($rid, array_keys(filter_get_roles_by_format($this->allowedFormat))), 'A role which has access to a text format appears in the list of roles that have access to that format.');
$this->assertFalse(in_array($rid, array_keys(filter_get_roles_by_format($this->disallowedFormat))), 'A role which does not have access to a text format does not appear in the list of roles that have access to that format.');
// Check that the correct text format appears in the list of formats
// available to that role.
$this->assertTrue(in_array($this->allowedFormat->id(), array_keys(filter_get_formats_by_role($rid))), 'A text format which a role has access to appears in the list of formats available to that role.');
$this->assertFalse(in_array($this->disallowedFormat->id(), array_keys(filter_get_formats_by_role($rid))), 'A text format which a role does not have access to does not appear in the list of formats available to that role.');
// Check that the fallback format is always allowed.
$this->assertEqual(filter_get_roles_by_format(FilterFormat::load(filter_fallback_format())), user_role_names(), 'All roles have access to the fallback format.');
$this->assertTrue(in_array(filter_fallback_format(), array_keys(filter_get_formats_by_role($rid))), 'The fallback format appears in the list of allowed formats for any role.');
}
/**
* {@inheritdoc}
*/
public function saveRoles(UserInterface $account)
{
$query = $this->database->insert('users_roles')->fields(array('uid', 'rid'));
foreach ($account->getRoles() as $rid) {
if (!in_array($rid, array(DRUPAL_ANONYMOUS_RID, DRUPAL_AUTHENTICATED_RID))) {
$query->values(array('uid' => $account->id(), 'rid' => $rid));
}
}
$query->execute();
}
/**
* {@inheritdoc}
*/
public function getRoles($exclude_locked_roles = FALSE)
{
return $this->subject->getRoles($exclude_locked_roles);
}
/**
* Tests that the taxonomy term view is working properly.
*/
public function testTaxonomyTermView()
{
// Create terms in the vocabulary.
$term = $this->createTerm();
// Post an article.
$edit = array();
$edit['title[0][value]'] = $original_title = $this->randomMachineName();
$edit['body[0][value]'] = $this->randomMachineName();
$edit["{$this->fieldName1}[]"] = $term->id();
$this->drupalPostForm('node/add/article', $edit, t('Save'));
$node = $this->drupalGetNodeByTitle($edit['title[0][value]']);
$this->drupalGet('taxonomy/term/' . $term->id());
$this->assertText($term->label());
$this->assertText($node->label());
\Drupal::service('module_installer')->install(array('language', 'content_translation'));
$language = ConfigurableLanguage::createFromLangcode('ur');
$language->save();
// Enable translation for the article content type and ensure the change is
// picked up.
\Drupal::service('content_translation.manager')->setEnabled('node', 'article', TRUE);
$roles = $this->adminUser->getRoles(TRUE);
Role::load(reset($roles))->grantPermission('create content translations')->grantPermission('translate any entity')->save();
drupal_static_reset();
\Drupal::entityManager()->clearCachedDefinitions();
\Drupal::service('router.builder')->rebuild();
\Drupal::service('entity.definition_update_manager')->applyUpdates();
$edit['title[0][value]'] = $translated_title = $this->randomMachineName();
$this->drupalPostForm('node/' . $node->id() . '/translations/add/en/ur', $edit, t('Save (this translation)'));
$this->drupalGet('taxonomy/term/' . $term->id());
$this->assertText($term->label());
$this->assertText($original_title);
$this->assertNoText($translated_title);
$this->drupalGet('ur/taxonomy/term/' . $term->id());
$this->assertText($term->label());
$this->assertNoText($original_title);
$this->assertText($translated_title);
// Uninstall language module and ensure that the language is not part of the
// query anymore.
// @see \Drupal\views\Plugin\views\filter\LanguageFilter::query()
$node->delete();
\Drupal::service('module_installer')->uninstall(['content_translation', 'language']);
$view = Views::getView('taxonomy_term');
$view->initDisplay();
$view->setArguments([$term->id()]);
$view->build();
/** @var \Drupal\Core\Database\Query\Select $query */
$query = $view->build_info['query'];
$tables = $query->getTables();
// Ensure that the join to node_field_data is not added by default.
$this->assertEqual(['node_field_data', 'taxonomy_index'], array_keys($tables));
// Ensure that the filter to the language column is not there by default.
$condition = $query->conditions();
// We only want to check the no. of conditions in the query.
unset($condition['#conjunction']);
$this->assertEqual(1, count($condition));
// Clear permissions for anonymous users to check access for default views.
Role::load(RoleInterface::ANONYMOUS_ID)->revokePermission('access content')->save();
// Test the default views disclose no data by default.
$this->drupalLogout();
$this->drupalGet('taxonomy/term/' . $term->id());
$this->assertResponse(403);
$this->drupalGet('taxonomy/term/' . $term->id() . '/feed');
$this->assertResponse(403);
}
/**
* {@inheritdoc}
*/
public function isAllowed(UserInterface $user, $force = FALSE)
{
$result = FALSE;
$type_id = $this->getWorkflowId();
if ($user->hasPermission("bypass {$type_id} workflow_transition access")) {
// Superuser is special. And $force allows Rules to cause transition.
return TRUE;
}
if ($force) {
return TRUE;
}
if ($this->getFromSid() == $this->getToSid()) {
// Anyone may save an entity without changing state.
return TRUE;
}
return TRUE == array_intersect($user->getRoles(), $this->roles);
}
