3 namespace Drupal\paragraphs\Tests\Experimental;
5 use Drupal\field_ui\Tests\FieldUiTestTrait;
6 use Drupal\Core\Entity\Entity\EntityFormDisplay;
7 use Drupal\user\RoleInterface;
8 use Drupal\user\Entity\Role;
11 * Tests the access check of paragraphs.
15 class ParagraphsExperimentalAccessTest extends ParagraphsExperimentalTestBase {
24 public static $modules = array(
32 protected function setUp() {
37 * Tests the paragraph translation.
39 public function testParagraphAccessCheck() {
41 'administer site configuration',
42 'administer node display',
43 'administer paragraph display',
44 'create paragraphed_content_demo content',
45 'edit any paragraphed_content_demo content',
47 $this->loginAsAdmin($permissions);
49 // Remove the "access content" for anonymous users. That results in
50 // anonymous users not being able to "view" the host entity.
52 $role = \Drupal::entityTypeManager()
53 ->getStorage('user_role')
54 ->load(RoleInterface::ANONYMOUS_ID);
55 $role->revokePermission('access content');
58 // Set field_images from demo to private file storage.
60 'settings[uri_scheme]' => 'private',
62 $this->drupalPostForm('admin/structure/paragraphs_type/images/fields/paragraph.images.field_images_demo/storage', $edit, t('Save field settings'));
64 // Use the experimental widget.
65 $form_display = EntityFormDisplay::load('node.paragraphed_content_demo.default')
66 ->setComponent('field_paragraphs_demo', ['type' => 'paragraphs']);
67 $form_display->save();
68 // Create a new demo node.
69 $this->drupalGet('node/add/paragraphed_content_demo');
71 // Add a new paragraphs images item.
72 $this->drupalPostForm(NULL, NULL, t('Add Images'));
74 $images = $this->drupalGetTestFiles('image');
76 // Create a file, upload it.
77 file_unmanaged_copy($images[0]->uri, 'temporary://privateImage.jpg');
78 $file_path = $this->container->get('file_system')
79 ->realpath('temporary://privateImage.jpg');
81 // Create a file, upload it.
82 file_unmanaged_copy($images[1]->uri, 'temporary://privateImage2.jpg');
83 $file_path_2 = $this->container->get('file_system')
84 ->realpath('temporary://privateImage2.jpg');
87 'title[0][value]' => 'Security test node',
88 'files[field_paragraphs_demo_0_subform_field_images_demo_0][]' => [$file_path, $file_path_2],
91 $this->drupalPostForm(NULL, $edit, t('Upload'));
92 $this->drupalPostForm(NULL, [], t('Preview'));
93 $img1_url = file_create_url(\Drupal::token()->replace('private://privateImage.jpg'));
94 $image_url = file_url_transform_relative($img1_url);
95 $this->assertRaw($image_url, 'Image was found in preview');
96 $this->clickLink(t('Back to content editing'));
97 $this->drupalPostForm(NULL, [], t('Save'));
99 $node = $this->drupalGetNodeByTitle('Security test node');
101 $this->drupalGet('node/' . $node->id());
103 // Check the text and image after publish.
104 $this->assertRaw($image_url, 'Image was found in content');
106 $this->drupalGet($image_url);
107 $this->assertResponse(200, 'Image could be downloaded');
109 // Logout to become anonymous.
110 $this->drupalLogout();
112 // @todo Requesting the same $img_url again triggers a caching problem on
113 // drupal.org test bot, thus we request a different file here.
114 $img_url = file_create_url(\Drupal::token()->replace('private://privateImage2.jpg'));
115 $image_url = file_url_transform_relative($img_url);
116 // Check the text and image after publish. Anonymous should not see content.
117 $this->assertNoRaw($image_url, 'Image was not found in content');
119 $this->drupalGet($image_url);
120 $this->assertResponse(403, 'Image could not be downloaded');
122 // Login as admin with no delete permissions.
123 $this->loginAsAdmin($permissions);
124 // Create a new demo node.
125 $this->drupalGet('node/add/paragraphed_content_demo');
126 $this->drupalPostForm(NULL, NULL, t('Add Text'));
127 $this->assertText('Text');
129 'title[0][value]' => 'delete_permissions',
130 'field_paragraphs_demo[0][subform][field_text_demo][0][value]' => 'Test',
132 $this->drupalPostForm(NULL, $edit, t('Save'));
134 $this->clickLink(t('Edit'));
135 // Check the remove button is present.
136 $this->assertNotNull($this->xpath('//*[@name="field_paragraphs_demo_0_remove"]'));
137 // Delete the Paragraph and save.
138 $this->drupalPostAjaxForm(NULL, [], 'field_paragraphs_demo_0_remove');
139 $this->drupalPostForm(NULL, [], t('Save'));
140 $node = $this->getNodeByTitle('delete_permissions');
141 $this->assertUrl('node/' . $node->id());