3 namespace Drupal\Tests\node\Functional\Views;
5 use Drupal\Component\Utility\SafeMarkup;
6 use Drupal\node\Entity\Node;
7 use Drupal\node\Entity\NodeType;
10 * Tests if entity access is respected on a node bulk operations form.
13 * @see \Drupal\node\Plugin\views\field\BulkForm
14 * @see \Drupal\node\Tests\NodeTestBase
15 * @see \Drupal\node\Tests\NodeAccessBaseTableTest
16 * @see \Drupal\node\Tests\Views\BulkFormTest
18 class BulkFormAccessTest extends NodeTestBase {
25 public static $modules = ['node_test_views', 'node_access_test'];
28 * Views used by this test.
32 public static $testViews = ['test_node_bulk_form'];
35 * The node access control handler.
37 * @var \Drupal\Core\Entity\EntityAccessControlHandlerInterface
39 protected $accessHandler;
44 protected function setUp($import_test_views = TRUE) {
45 parent::setUp($import_test_views);
47 // Create Article node type.
48 $this->drupalCreateContentType(['type' => 'article', 'name' => 'Article']);
50 $this->accessHandler = \Drupal::entityManager()->getAccessControlHandler('node');
52 node_access_test_add_field(NodeType::load('article'));
54 // After enabling a node access module, the access table has to be rebuild.
55 node_access_rebuild();
57 // Enable the private node feature of the node_access_test module.
58 \Drupal::state()->set('node_access_test.private', TRUE);
62 * Tests if nodes that may not be edited, can not be edited in bulk.
64 public function testNodeEditAccess() {
65 // Create an account who will be the author of a private node.
66 $author = $this->drupalCreateUser();
67 // Create a private node (author may view, edit and delete, others may not).
68 $node = $this->drupalCreateNode([
73 'uid' => $author->id(),
75 // Create an account that may view the private node, but not edit it.
76 $account = $this->drupalCreateUser(['node test view']);
77 $this->drupalLogin($account);
79 // Ensure the node is published.
80 $this->assertTrue($node->isPublished(), 'Node is initially published.');
82 // Ensure that the node can not be edited.
83 $this->assertEqual(FALSE, $this->accessHandler->access($node, 'update', $account), 'The node may not be edited.');
85 // Test editing the node using the bulk form.
87 'node_bulk_form[0]' => TRUE,
88 'action' => 'node_unpublish_action',
90 $this->drupalPostForm('test-node-bulk-form', $edit, t('Apply to selected items'));
91 $this->assertRaw(SafeMarkup::format('No access to execute %action on the @entity_type_label %entity_label.', [
92 '%action' => 'Unpublish content',
93 '@entity_type_label' => 'Content',
94 '%entity_label' => $node->label(),
97 // Re-load the node and check the status.
98 $node = Node::load($node->id());
99 $this->assertTrue($node->isPublished(), 'The node is still published.');
101 // Create an account that may view the private node, but can update the
103 $account = $this->drupalCreateUser(['administer nodes', 'node test view']);
104 $this->drupalLogin($account);
106 // Ensure the node is published.
107 $this->assertTrue($node->isPublished(), 'Node is initially published.');
109 // Ensure that the private node can not be edited.
110 $this->assertEqual(FALSE, $node->access('update', $account), 'The node may not be edited.');
111 $this->assertEqual(TRUE, $node->status->access('edit', $account), 'The node status can be edited.');
113 // Test editing the node using the bulk form.
115 'node_bulk_form[0]' => TRUE,
116 'action' => 'node_unpublish_action',
118 $this->drupalPostForm('test-node-bulk-form', $edit, t('Apply to selected items'));
119 // Test that the action message isn't shown.
120 $this->assertNoRaw(SafeMarkup::format('%action was applied to 1 item.', [
121 '%action' => 'Unpublish content',
123 // Re-load the node and check the status.
124 $node = Node::load($node->id());
125 $this->assertTrue($node->isPublished(), 'The node is still published.');
129 * Tests if nodes that may not be deleted, can not be deleted in bulk.
131 public function testNodeDeleteAccess() {
132 // Create an account who will be the author of a private node.
133 $author = $this->drupalCreateUser();
134 // Create a private node (author may view, edit and delete, others may not).
135 $private_node = $this->drupalCreateNode([
140 'uid' => $author->id(),
142 // Create an account that may view the private node, but not delete it.
143 $account = $this->drupalCreateUser(['access content', 'administer nodes', 'delete own article content', 'node test view']);
144 // Create a node that may be deleted too, to ensure the delete confirmation
145 // page is shown later. In node_access_test.module, nodes may only be
146 // deleted by the author.
147 $own_node = $this->drupalCreateNode([
152 'uid' => $account->id(),
154 $this->drupalLogin($account);
156 // Ensure that the private node can not be deleted.
157 $this->assertEqual(FALSE, $this->accessHandler->access($private_node, 'delete', $account), 'The private node may not be deleted.');
158 // Ensure that the public node may be deleted.
159 $this->assertEqual(TRUE, $this->accessHandler->access($own_node, 'delete', $account), 'The own node may be deleted.');
161 // Try to delete the node using the bulk form.
163 'node_bulk_form[0]' => TRUE,
164 'node_bulk_form[1]' => TRUE,
165 'action' => 'node_delete_action',
167 $this->drupalPostForm('test-node-bulk-form', $edit, t('Apply to selected items'));
168 $this->drupalPostForm(NULL, [], t('Delete'));
169 // Ensure the private node still exists.
170 $private_node = Node::load($private_node->id());
171 $this->assertNotNull($private_node, 'The private node has not been deleted.');
172 // Ensure the own node is deleted.
173 $own_node = Node::load($own_node->id());
174 $this->assertNull($own_node, 'The own node is deleted.');