3 namespace Drupal\paragraphs\Tests\Classic;
5 use Drupal\Core\Entity\Entity\EntityFormDisplay;
6 use Drupal\field_ui\Tests\FieldUiTestTrait;
7 use Drupal\user\RoleInterface;
8 use Drupal\user\Entity\Role;
11 * Tests the access check of paragraphs.
15 class ParagraphsAccessTest extends ParagraphsTestBase {
24 public static $modules = array(
32 protected function setUp() {
37 * Tests the paragraph translation.
39 public function testParagraphAccessCheck() {
41 'administer site configuration',
42 'administer node display',
43 'administer paragraph display',
44 'create paragraphed_content_demo content',
45 'edit any paragraphed_content_demo content',
47 $this->loginAsAdmin($admin_user);
49 // Remove the "access content" for anonymous users. That results in
50 // anonymous users not being able to "view" the host entity.
52 $role = \Drupal::entityTypeManager()
53 ->getStorage('user_role')
54 ->load(RoleInterface::ANONYMOUS_ID);
55 $role->revokePermission('access content');
58 // Set field_images from demo to private file storage.
60 'settings[uri_scheme]' => 'private',
62 $this->drupalPostForm('admin/structure/paragraphs_type/images/fields/paragraph.images.field_images_demo/storage', $edit, t('Save field settings'));
64 // Set the form display to classic.
65 $form_display = EntityFormDisplay::load('node.paragraphed_content_demo.default')
66 ->setComponent('field_paragraphs_demo', ['type' => 'entity_reference_paragraphs']);
67 $form_display->save();
69 // Create a new demo node.
70 $this->drupalGet('node/add/paragraphed_content_demo');
72 // Add a new paragraphs images item.
73 $this->drupalPostForm(NULL, NULL, t('Add Images'));
75 $images = $this->drupalGetTestFiles('image');
77 // Create a file, upload it.
78 file_unmanaged_copy($images[0]->uri, 'temporary://privateImage.jpg');
79 $file_path = $this->container->get('file_system')
80 ->realpath('temporary://privateImage.jpg');
82 // Create a file, upload it.
83 file_unmanaged_copy($images[1]->uri, 'temporary://privateImage2.jpg');
84 $file_path_2 = $this->container->get('file_system')
85 ->realpath('temporary://privateImage2.jpg');
88 'title[0][value]' => 'Security test node',
89 'files[field_paragraphs_demo_0_subform_field_images_demo_0][]' => [$file_path, $file_path_2],
92 $this->drupalPostForm(NULL, $edit, t('Upload'));
93 $this->drupalPostForm(NULL, [], t('Preview'));
94 $img1_url = file_create_url(\Drupal::token()->replace('private://privateImage.jpg'));
95 $image_url = file_url_transform_relative($img1_url);
96 $this->assertRaw($image_url, 'Image was found in preview');
97 $this->clickLink(t('Back to content editing'));
98 $this->drupalPostForm(NULL, [], t('Save'));
100 $node = $this->drupalGetNodeByTitle('Security test node');
102 $this->drupalGet('node/' . $node->id());
104 // Check the text and image after publish.
105 $this->assertRaw($image_url, 'Image was found in content');
107 $this->drupalGet($image_url);
108 $this->assertResponse(200, 'Image could be downloaded');
110 // Logout to become anonymous.
111 $this->drupalLogout();
113 // @todo Requesting the same $img_url again triggers a caching problem on
114 // drupal.org test bot, thus we request a different file here.
115 $img_url = file_create_url(\Drupal::token()->replace('private://privateImage2.jpg'));
116 $image_url = file_url_transform_relative($img_url);
117 // Check the text and image after publish. Anonymous should not see content.
118 $this->assertNoRaw($image_url, 'Image was not found in content');
120 $this->drupalGet($image_url);
121 $this->assertResponse(403, 'Image could not be downloaded');
123 // Login as admin with no delete permissions.
124 $this->loginAsAdmin($admin_user);
125 // Create a new demo node.
126 $this->drupalGet('node/add/paragraphed_content_demo');
127 $this->drupalPostForm(NULL, NULL, t('Add Text'));
128 $this->assertText('Text');
130 'title[0][value]' => 'delete_permissions',
131 'field_paragraphs_demo[0][subform][field_text_demo][0][value]' => 'Test',
133 $this->drupalPostForm(NULL, $edit, t('Save'));
135 $this->clickLink(t('Edit'));
136 // Check the remove button is present.
137 $this->assertNotNull($this->xpath('//*[@name="field_paragraphs_demo_0_remove"]'));
138 // Delete the Paragraph and save.
139 $this->drupalPostAjaxForm(NULL, [], 'field_paragraphs_demo_0_remove');
140 $this->drupalPostAjaxForm(NULL, [], 'field_paragraphs_demo_0_confirm_remove');
141 $this->drupalPostForm(NULL, [], t('Save'));
142 $node = $this->getNodeByTitle('delete_permissions');
143 $this->assertUrl('node/' . $node->id());