X-Git-Url: http://www.aleph1.co.uk/gitweb/?a=blobdiff_plain;f=web%2Fmodules%2Fcontrib%2Fparagraphs%2Fsrc%2FTests%2FExperimental%2FParagraphsExperimentalAccessTest.php;fp=web%2Fmodules%2Fcontrib%2Fparagraphs%2Fsrc%2FTests%2FExperimental%2FParagraphsExperimentalAccessTest.php;h=f2d0fdf9193667b9ef767c2247c2a5cef3292896;hb=a2bd1bf0c2c1f1a17d188f4dc0726a45494cefae;hp=0000000000000000000000000000000000000000;hpb=57c063afa3f66b07c4bbddc2d6129a96d90f0aad;p=yaffs-website

diff --git a/web/modules/contrib/paragraphs/src/Tests/Experimental/ParagraphsExperimentalAccessTest.php b/web/modules/contrib/paragraphs/src/Tests/Experimental/ParagraphsExperimentalAccessTest.php
new file mode 100644
index 000000000..f2d0fdf91
--- /dev/null
+++ b/web/modules/contrib/paragraphs/src/Tests/Experimental/ParagraphsExperimentalAccessTest.php
@@ -0,0 +1,143 @@
+<?php
+
+namespace Drupal\paragraphs\Tests\Experimental;
+
+use Drupal\field_ui\Tests\FieldUiTestTrait;
+use Drupal\Core\Entity\Entity\EntityFormDisplay;
+use Drupal\user\RoleInterface;
+use Drupal\user\Entity\Role;
+
+/**
+ * Tests the access check of paragraphs.
+ *
+ * @group paragraphs
+ */
+class ParagraphsExperimentalAccessTest extends ParagraphsExperimentalTestBase {
+
+  use FieldUiTestTrait;
+
+  /**
+   * Modules to enable.
+   *
+   * @var array
+   */
+  public static $modules = array(
+    'image',
+    'paragraphs_demo',
+  );
+
+  /**
+   * {@inheritdoc}
+   */
+  protected function setUp() {
+    parent::setUp();
+  }
+
+  /**
+   * Tests the paragraph translation.
+   */
+  public function testParagraphAccessCheck() {
+    $permissions = [
+      'administer site configuration',
+      'administer node display',
+      'administer paragraph display',
+      'create paragraphed_content_demo content',
+      'edit any paragraphed_content_demo content',
+    ];
+    $this->loginAsAdmin($permissions);
+
+    // Remove the "access content" for anonymous users. That results in
+    // anonymous users not being able to "view" the host entity.
+    /* @var Role $role */
+    $role = \Drupal::entityTypeManager()
+      ->getStorage('user_role')
+      ->load(RoleInterface::ANONYMOUS_ID);
+    $role->revokePermission('access content');
+    $role->save();
+
+    // Set field_images from demo to private file storage.
+    $edit = array(
+      'settings[uri_scheme]' => 'private',
+    );
+    $this->drupalPostForm('admin/structure/paragraphs_type/images/fields/paragraph.images.field_images_demo/storage', $edit, t('Save field settings'));
+
+    // Use the experimental widget.
+    $form_display = EntityFormDisplay::load('node.paragraphed_content_demo.default')
+      ->setComponent('field_paragraphs_demo', ['type' => 'paragraphs']);
+    $form_display->save();
+    // Create a new demo node.
+    $this->drupalGet('node/add/paragraphed_content_demo');
+
+    // Add a new paragraphs images item.
+    $this->drupalPostForm(NULL, NULL, t('Add Images'));
+
+    $images = $this->drupalGetTestFiles('image');
+
+    // Create a file, upload it.
+    file_unmanaged_copy($images[0]->uri, 'temporary://privateImage.jpg');
+    $file_path = $this->container->get('file_system')
+      ->realpath('temporary://privateImage.jpg');
+
+    // Create a file, upload it.
+    file_unmanaged_copy($images[1]->uri, 'temporary://privateImage2.jpg');
+    $file_path_2 = $this->container->get('file_system')
+      ->realpath('temporary://privateImage2.jpg');
+
+    $edit = array(
+      'title[0][value]' => 'Security test node',
+      'files[field_paragraphs_demo_0_subform_field_images_demo_0][]' => [$file_path, $file_path_2],
+    );
+
+    $this->drupalPostForm(NULL, $edit, t('Upload'));
+    $this->drupalPostForm(NULL,  [], t('Preview'));
+    $img1_url = file_create_url(\Drupal::token()->replace('private://privateImage.jpg'));
+    $image_url = file_url_transform_relative($img1_url);
+    $this->assertRaw($image_url, 'Image was found in preview');
+    $this->clickLink(t('Back to content editing'));
+    $this->drupalPostForm(NULL,  [], 'Save and publish');
+
+    $node = $this->drupalGetNodeByTitle('Security test node');
+
+    $this->drupalGet('node/' . $node->id());
+
+    // Check the text and image after publish.
+    $this->assertRaw($image_url, 'Image was found in content');
+
+    $this->drupalGet($image_url);
+    $this->assertResponse(200, 'Image could be downloaded');
+
+    // Logout to become anonymous.
+    $this->drupalLogout();
+
+    // @todo Requesting the same $img_url again triggers a caching problem on
+    // drupal.org test bot, thus we request a different file here.
+    $img_url = file_create_url(\Drupal::token()->replace('private://privateImage2.jpg'));
+    $image_url = file_url_transform_relative($img_url);
+    // Check the text and image after publish. Anonymous should not see content.
+    $this->assertNoRaw($image_url, 'Image was not found in content');
+
+    $this->drupalGet($image_url);
+    $this->assertResponse(403, 'Image could not be downloaded');
+
+    // Login as admin with no delete permissions.
+    $this->loginAsAdmin($permissions);
+    // Create a new demo node.
+    $this->drupalGet('node/add/paragraphed_content_demo');
+    $this->drupalPostForm(NULL, NULL, t('Add Text'));
+    $this->assertText('Text');
+    $edit = [
+      'title[0][value]' => 'delete_permissions',
+      'field_paragraphs_demo[0][subform][field_text_demo][0][value]' => 'Test',
+    ];
+    $this->drupalPostForm(NULL, $edit, 'Save and publish');
+    // Edit the node.
+    $this->clickLink(t('Edit'));
+    // Check the remove button is present.
+    $this->assertNotNull($this->xpath('//*[@name="field_paragraphs_demo_0_remove"]'));
+    // Delete the Paragraph and save.
+    $this->drupalPostAjaxForm(NULL, [], 'field_paragraphs_demo_0_remove');
+    $this->drupalPostForm(NULL, [], t('Save and keep published'));
+    $node = $this->getNodeByTitle('delete_permissions');
+    $this->assertUrl('node/' . $node->id());
+  }
+}