/** * Tests if nodes that may not be deleted, can not be deleted in bulk. */ public function testNodeDeleteAccess() { // Create an account who will be the author of a private node. $author = $this->drupalCreateUser(); // Create a private node (author may view, edit and delete, others may not). $private_node = $this->drupalCreateNode(array('type' => 'article', 'private' => array(array('value' => TRUE)), 'uid' => $author->id())); // Create an account that may view the private node, but not delete it. $account = $this->drupalCreateUser(array('access content', 'administer nodes', 'delete own article content', 'node test view')); // Create a node that may be deleted too, to ensure the delete confirmation // page is shown later. In node_access_test.module, nodes may only be // deleted by the author. $own_node = $this->drupalCreateNode(array('type' => 'article', 'private' => array(array('value' => TRUE)), 'uid' => $account->id())); $this->drupalLogin($account); // Ensure that the private node can not be deleted. $this->assertEqual(FALSE, $this->accessHandler->access($private_node, 'delete', $account), 'The private node may not be deleted.'); // Ensure that the public node may be deleted. $this->assertEqual(TRUE, $this->accessHandler->access($own_node, 'delete', $account), 'The own node may be deleted.'); // Try to delete the node using the bulk form. $edit = array('node_bulk_form[0]' => TRUE, 'node_bulk_form[1]' => TRUE, 'action' => 'node_delete_action'); $this->drupalPostForm('test-node-bulk-form', $edit, t('Apply to selected items')); $this->drupalPostForm(NULL, array(), t('Delete')); // Ensure the private node still exists. $private_node = Node::load($private_node->id()); $this->assertNotNull($private_node, 'The private node has not been deleted.'); // Ensure the own node is deleted. $own_node = Node::load($own_node->id()); $this->assertNull($own_node, 'The own node is deleted.'); }
/** * Generates an action link to display at the top of the forum listing. * * @param string $vid * Vocabulary ID. * @param \Drupal\taxonomy\TermInterface $forum_term * The term for which the links are to be built. * * @return array * Render array containing the links. */ protected function buildActionLinks($vid, TermInterface $forum_term = NULL) { $user = $this->currentUser(); $links = []; // Loop through all bundles for forum taxonomy vocabulary field. foreach ($this->fieldMap['node']['taxonomy_forums']['bundles'] as $type) { if ($this->nodeAccess->createAccess($type)) { $links[$type] = ['#attributes' => ['class' => ['action-links']], '#theme' => 'menu_local_action', '#link' => ['title' => $this->t('Add new @node_type', ['@node_type' => $this->nodeTypeStorage->load($type)->label()]), 'url' => Url::fromRoute('node.add', ['node_type' => $type])]]; if ($forum_term && $forum_term->bundle() == $vid) { // We are viewing a forum term (specific forum), append the tid to // the url. $links[$type]['#link']['localized_options']['query']['forum_id'] = $forum_term->id(); } } } if (empty($links)) { // Authenticated user does not have access to create new topics. if ($user->isAuthenticated()) { $links['disallowed'] = ['#markup' => $this->t('You are not allowed to post new content in the forum.')]; } else { $links['login'] = ['#attributes' => ['class' => ['action-links']], '#theme' => 'menu_local_action', '#link' => array('title' => $this->t('Log in to post new content in the forum.'), 'url' => Url::fromRoute('user.login', [], ['query' => $this->getDestinationArray()]))]; } } return $links; }
/** * {@inheritdoc} */ public function setUp() { parent::setup(); require_once $this->root . '/core/includes/entity.inc'; $this->namespaces['Drupal\\Core\\Entity'] = $this->root . '/core/lib/Drupal/Core/Entity'; $language = $this->prophesize(LanguageInterface::class); $language->getId()->willReturn('en'); $this->languageManager = $this->prophesize(LanguageManagerInterface::class); $this->languageManager->getCurrentLanguage()->willReturn($language->reveal()); $this->languageManager->getLanguages()->willReturn([$language->reveal()]); // We need to support multiple entity types, including a test type: $type_info = ['test' => ['id' => 'test', 'label' => 'Test', 'entity_keys' => ['bundle' => 'bundle']], 'user' => ['id' => 'user', 'label' => 'Test User', 'entity_keys' => ['bundle' => 'user']], 'node' => ['id' => 'node', 'label' => 'Test Node', 'entity_keys' => ['bundle' => 'dummy']]]; $type_array = []; foreach ($type_info as $type => $info) { $entity_type = new ContentEntityType($info); $type_array[$type] = $entity_type; $this->entityTypeManager->getDefinition($type)->willReturn($entity_type); $this->entityManager->getDefinition($type)->willReturn($entity_type); } // We need a user_role mock as well. $role_entity_info = ['id' => 'user_role', 'label' => 'Test Role']; $role_type = new ConfigEntityType($role_entity_info); $type_array['user_role'] = $role_type; $this->entityTypeManager->getDefinitions()->willReturn($type_array); $this->entityManager->getDefinitions()->willReturn($type_array); $this->entityAccess = $this->prophesize(EntityAccessControlHandlerInterface::class); $this->entityTypeManager->getAccessControlHandler(Argument::any())->willReturn($this->entityAccess->reveal()); // The base field definitions for our test entity aren't used, and would // require additional mocking. It doesn't appear that any of our tests rely // on this for any other entity type that we are mocking. $this->entityFieldManager->getBaseFieldDefinitions(Argument::any())->willReturn([]); $this->entityManager->getBaseFieldDefinitions(Argument::any())->willReturn([]); // Return some dummy bundle information for now, so that the entity manager // does not call out to the config entity system to get bundle information. $this->entityTypeBundleInfo->getBundleInfo(Argument::any())->willReturn(['test' => ['label' => 'Test']]); $this->entityManager->getBundleInfo(Argument::any())->willReturn(['test' => ['label' => 'Test']]); $this->moduleHandler->getImplementations('entity_type_build')->willReturn([]); $this->fieldTypeManager = new FieldTypePluginManager($this->namespaces, $this->cacheBackend, $this->moduleHandler->reveal(), $this->typedDataManager); $this->container->set('plugin.manager.field.field_type', $this->fieldTypeManager); }
/** * {@inheritdoc} */ public function setUp() { parent::setup(); require_once $this->root . '/core/includes/entity.inc'; $this->namespaces['Drupal\\Core\\Entity'] = $this->root . '/core/lib/Drupal/Core/Entity'; $language = $this->prophesize(LanguageInterface::class); $language->getId()->willReturn('en'); $this->languageManager = $this->prophesize(LanguageManagerInterface::class); $this->languageManager->getCurrentLanguage()->willReturn($language->reveal()); $this->languageManager->getLanguages()->willReturn([$language->reveal()]); $entityType = new ContentEntityType(['id' => 'test', 'label' => 'Test', 'entity_keys' => ['bundle' => 'bundle']]); $this->entityManager->getDefinitions()->willReturn(['test' => $entityType]); $this->entityAccess = $this->prophesize(EntityAccessControlHandlerInterface::class); $this->entityManager->getAccessControlHandler(Argument::any())->willReturn($this->entityAccess->reveal()); // The base field definitions for our test entity aren't used, and would // require additional mocking. $this->entityManager->getBaseFieldDefinitions('test')->willReturn([]); // Return some dummy bundle information for now, so that the entity manager // does not call out to the config entity system to get bundle information. $this->entityManager->getBundleInfo(Argument::any())->willReturn(['test' => ['label' => 'Test']]); $this->moduleHandler->getImplementations('entity_type_build')->willReturn([]); }
/** * @covers ::checkAccess * * @dataProvider providerTestAccessDelete */ public function testAccessDelete($is_new, $is_fallback, $expected) { $this->entityType->getAdminPermission()->willReturn('test permission'); $page = $this->prophesize(PageInterface::class); $page->isNew()->willReturn($is_new); $page->isFallbackPage()->willReturn($is_fallback); $page->uuid()->shouldBeCalled(); $page->getEntityTypeId()->shouldBeCalled(); // Ensure that the cache tag is added for the temporary conditions. if ($is_new || $is_fallback) { $this->setUpCacheContextsManager(); $page->getCacheTags()->willReturn(['page:1']); $page->getCacheContexts()->willReturn([]); $page->getCacheMaxAge()->willReturn(0); } $account = $this->prophesize(AccountInterface::class); $account->hasPermission('test permission')->willReturn(TRUE); $account->id()->shouldBeCalled(); $this->assertSame($expected, $this->pageAccess->access($page->reveal(), 'delete', NULL, $account->reveal())); }
/** * Checks node revision access. * * @param \Drupal\node\NodeInterface $node * The node to check. * @param \Drupal\Core\Session\AccountInterface $account * A user object representing the user for whom the operation is to be * performed. * @param string $op * (optional) The specific operation being checked. Defaults to 'view.' * @param string|null $langcode * (optional) Language code for the variant of the node. Different language * variants might have different permissions associated. If NULL, the * original langcode of the node is used. Defaults to NULL. * * @return bool * TRUE if the operation may be performed, FALSE otherwise. */ public function checkAccess(NodeInterface $node, AccountInterface $account, $op = 'view', $langcode = NULL) { $map = array('view' => 'view all revisions', 'update' => 'revert all revisions', 'delete' => 'delete all revisions'); $bundle = $node->bundle(); $type_map = array('view' => "view {$bundle} revisions", 'update' => "revert {$bundle} revisions", 'delete' => "delete {$bundle} revisions"); if (!$node || !isset($map[$op]) || !isset($type_map[$op])) { // If there was no node to check against, or the $op was not one of the // supported ones, we return access denied. return FALSE; } // If no language code was provided, default to the node revision's langcode. if (empty($langcode)) { $langcode = $node->language()->getId(); } // Statically cache access by revision ID, language code, user account ID, // and operation. $cid = $node->getRevisionId() . ':' . $langcode . ':' . $account->id() . ':' . $op; if (!isset($this->access[$cid])) { // Perform basic permission checks first. if (!$account->hasPermission($map[$op]) && !$account->hasPermission($type_map[$op]) && !$account->hasPermission('administer nodes')) { $this->access[$cid] = FALSE; return FALSE; } // There should be at least two revisions. If the vid of the given node // and the vid of the default revision differ, then we already have two // different revisions so there is no need for a separate database check. // Also, if you try to revert to or delete the default revision, that's // not good. if ($node->isDefaultRevision() && ($this->nodeStorage->countDefaultLanguageRevisions($node) == 1 || $op == 'update' || $op == 'delete')) { $this->access[$cid] = FALSE; } elseif ($account->hasPermission('administer nodes')) { $this->access[$cid] = TRUE; } else { // First check the access to the default revision and finally, if the // node passed in is not the default revision then access to that, too. $this->access[$cid] = $this->nodeAccess->access($this->nodeStorage->load($node->id()), $op, $langcode, $account) && ($node->isDefaultRevision() || $this->nodeAccess->access($node, $op, $langcode, $account)); } } return $this->access[$cid]; }
/** * Asserts that node create access correctly grants or denies access. * * @param string $bundle * The node bundle to check access to. * @param bool $result * Whether access should be granted or not. * @param \Drupal\Core\Session\AccountInterface $account * The user account for which to check access. * @param string|null $langcode * (optional) The language code indicating which translation of the node * to check. If NULL, the untranslated (fallback) access is checked. */ function assertNodeCreateAccess($bundle, $result, AccountInterface $account, $langcode = NULL) { $this->assertEqual($result, $this->accessHandler->createAccess($bundle, $account, array('langcode' => $langcode)), $this->nodeAccessAssertMessage('create', $result, $langcode)); }