aleph1.co.uk Git - yaffs-website/blob - web/core/modules/file/tests/src/Kernel/AccessTest.php

   1 <?php
   2
   3 namespace Drupal\Tests\file\Kernel;
   4
   5 use Drupal\file\Entity\File;
   6 use Drupal\KernelTests\KernelTestBase;
   7 use Drupal\user\Entity\User;
   8
   9 /**
  10  * Tests for the File access control.
  11  *
  12  * @group file
  13  */
  14 class AccessTest extends KernelTestBase {
  15
  16   /**
  17    * Modules to enable.
  18    *
  19    * @var array
  20    */
  21   public static $modules = ['file', 'system', 'user'];
  22
  23   /**
  24    * An authenticated user.
  25    *
  26    * @var \Drupal\user\UserInterface
  27    */
  28   protected $user1;
  29
  30   /**
  31    * An authenticated user.
  32    *
  33    * @var \Drupal\user\UserInterface
  34    */
  35   protected $user2;
  36
  37   /**
  38    * The file object used in the test.
  39    *
  40    * @var \Drupal\file\FileInterface
  41    */
  42   protected $file;
  43
  44   /**
  45    * {@inheritdoc}
  46    */
  47   protected function setUp() {
  48     parent::setUp();
  49
  50     $this->installEntitySchema('file');
  51     $this->installEntitySchema('user');
  52     $this->installSchema('file', ['file_usage']);
  53     $this->installSchema('system', 'sequences');
  54
  55     $this->user1 = User::create([
  56       'name' => 'user1',
  57       'status' => 1,
  58     ]);
  59     $this->user1->save();
  60
  61     $this->user2 = User::create([
  62       'name' => 'user2',
  63       'status' => 1,
  64     ]);
  65     $this->user2->save();
  66
  67     $this->file = File::create([
  68       'uid' => $this->user1->id(),
  69       'filename' => 'druplicon.txt',
  70       'filemime' => 'text/plain',
  71     ]);
  72   }
  73
  74   /**
  75    * Tests that only the file owner can delete or update a file.
  76    */
  77   public function testOnlyOwnerCanDeleteUpdateFile() {
  78     \Drupal::currentUser()->setAccount($this->user2);
  79     $this->assertFalse($this->file->access('delete'));
  80     $this->assertFalse($this->file->access('update'));
  81
  82     \Drupal::currentUser()->setAccount($this->user1);
  83     $this->assertTrue($this->file->access('delete'));
  84     $this->assertTrue($this->file->access('update'));
  85   }
  86
  87   /**
  88    * Tests file entity field access.
  89    *
  90    * @see \Drupal\file\FileAccessControlHandler::checkFieldAccess()
  91    */
  92   public function testCheckFieldAccess() {
  93     \Drupal::currentUser()->setAccount($this->user1);
  94     /** @var \Drupal\file\FileInterface $file */
  95     $file = File::create([
  96       'uri' => 'public://test.png',
  97     ]);
  98     // While creating a file entity access will be allowed for create-only
  99     // fields.
 100     $this->assertTrue($file->get('uri')->access('edit'));
 101     $this->assertTrue($file->get('filemime')->access('edit'));
 102     $this->assertTrue($file->get('filesize')->access('edit'));
 103     // Access to the status field is denied whilst creating a file entity.
 104     $this->assertFalse($file->get('status')->access('edit'));
 105     $file->save();
 106     // After saving the entity is no longer new and, therefore, access to
 107     // create-only fields and the status field will be denied.
 108     $this->assertFalse($file->get('uri')->access('edit'));
 109     $this->assertFalse($file->get('filemime')->access('edit'));
 110     $this->assertFalse($file->get('filesize')->access('edit'));
 111     $this->assertFalse($file->get('status')->access('edit'));
 112   }
 113
 114   /**
 115    * Tests create access checks.
 116    */
 117   public function testCreateAccess() {
 118     // Anonymous users can create a file by default.
 119     $this->assertFalse($this->file->access('create'));
 120
 121     // Authenticated users can create a file by default.
 122     \Drupal::currentUser()->setAccount($this->user1);
 123     $this->assertFalse($this->file->access('create'));
 124   }
 125
 126   /**
 127    * Tests cacheability metadata.
 128    */
 129   public function testFileCacheability() {
 130     $file = File::create([
 131       'filename' => 'green-scarf',
 132       'uri' => 'private://green-scarf',
 133       'filemime' => 'text/plain',
 134       'status' => FILE_STATUS_PERMANENT,
 135     ]);
 136     $file->save();
 137     \Drupal::service('session')->set('anonymous_allowed_file_ids', [$file->id() => $file->id()]);
 138
 139     $account = User::getAnonymousUser();
 140     $file->setOwnerId($account->id())->save();
 141     $this->assertSame(['session', 'user'], $file->access('view', $account, TRUE)->getCacheContexts());
 142     $this->assertSame(['session', 'user'], $file->access('download', $account, TRUE)->getCacheContexts());
 143
 144     $account = $this->user1;
 145     $file->setOwnerId($account->id())->save();
 146     $this->assertSame(['user'], $file->access('view', $account, TRUE)->getCacheContexts());
 147     $this->assertSame(['user'], $file->access('download', $account, TRUE)->getCacheContexts());
 148   }
 149
 150 }