Version 1

[yaffs-website] / web / core / modules / tracker / tests / src / Functional / TrackerNodeAccessTest.php

diff --git a/web/core/modules/tracker/tests/src/Functional/TrackerNodeAccessTest.php b/web/core/modules/tracker/tests/src/Functional/TrackerNodeAccessTest.php
new file mode 100644 (file)
index 0000000..2b320ae
--- /dev/null
+++ b/web/core/modules/tracker/tests/src/Functional/TrackerNodeAccessTest.php
@@ -0,0 +1,75 @@
+<?php
+
+namespace Drupal\Tests\tracker\Functional;
+
+use Drupal\comment\Plugin\Field\FieldType\CommentItemInterface;
+use Drupal\comment\Tests\CommentTestTrait;
+use Drupal\node\Entity\NodeType;
+use Drupal\Tests\BrowserTestBase;
+
+/**
+ * Tests for private node access on /tracker.
+ *
+ * @group tracker
+ */
+class TrackerNodeAccessTest extends BrowserTestBase {
+
+  use CommentTestTrait;
+
+  /**
+   * Modules to enable.
+   *
+   * @var array
+   */
+  public static $modules = ['node', 'comment', 'tracker', 'node_access_test'];
+
+  protected function setUp() {
+    parent::setUp();
+    node_access_rebuild();
+    $this->drupalCreateContentType(['type' => 'page']);
+    node_access_test_add_field(NodeType::load('page'));
+    $this->addDefaultCommentField('node', 'page', 'comment', CommentItemInterface::OPEN);
+    \Drupal::state()->set('node_access_test.private', TRUE);
+  }
+
+  /**
+   * Ensure private node on /tracker is only visible to users with permission.
+   */
+  public function testTrackerNodeAccess() {
+    // Create user with node test view permission.
+    $access_user = $this->drupalCreateUser(['node test view', 'access user profiles']);
+
+    // Create user without node test view permission.
+    $no_access_user = $this->drupalCreateUser(['access user profiles']);
+
+    $this->drupalLogin($access_user);
+
+    // Create some nodes.
+    $private_node = $this->drupalCreateNode([
+      'title' => t('Private node test'),
+      'private' => TRUE,
+    ]);
+    $public_node = $this->drupalCreateNode([
+      'title' => t('Public node test'),
+      'private' => FALSE,
+    ]);
+
+    // User with access should see both nodes created.
+    $this->drupalGet('activity');
+    $this->assertText($private_node->getTitle(), 'Private node is visible to user with private access.');
+    $this->assertText($public_node->getTitle(), 'Public node is visible to user with private access.');
+    $this->drupalGet('user/' . $access_user->id() . '/activity');
+    $this->assertText($private_node->getTitle(), 'Private node is visible to user with private access.');
+    $this->assertText($public_node->getTitle(), 'Public node is visible to user with private access.');
+
+    // User without access should not see private node.
+    $this->drupalLogin($no_access_user);
+    $this->drupalGet('activity');
+    $this->assertNoText($private_node->getTitle(), 'Private node is not visible to user without private access.');
+    $this->assertText($public_node->getTitle(), 'Public node is visible to user without private access.');
+    $this->drupalGet('user/' . $access_user->id() . '/activity');
+    $this->assertNoText($private_node->getTitle(), 'Private node is not visible to user without private access.');
+    $this->assertText($public_node->getTitle(), 'Public node is visible to user without private access.');
+  }
+
+}