X-Git-Url: http://www.aleph1.co.uk/gitweb/?p=yaffs-website;a=blobdiff_plain;f=web%2Fmodules%2Fcontrib%2Fpermissions_by_term%2Ftests%2Fsrc%2FKernel%2FAccessCheckTest.php;fp=web%2Fmodules%2Fcontrib%2Fpermissions_by_term%2Ftests%2Fsrc%2FKernel%2FAccessCheckTest.php;h=27804cf491fb943c0e29b1927072c8de66bc10ae;hp=21d2b151aa233c5019bf86eb12f6349b07046c80;hb=af6d1fb995500ae68849458ee10d66abbdcfb252;hpb=680c79a86e3ed402f263faeac92e89fb6d9edcc0

diff --git a/web/modules/contrib/permissions_by_term/tests/src/Kernel/AccessCheckTest.php b/web/modules/contrib/permissions_by_term/tests/src/Kernel/AccessCheckTest.php
index 21d2b151a..27804cf49 100644
--- a/web/modules/contrib/permissions_by_term/tests/src/Kernel/AccessCheckTest.php
+++ b/web/modules/contrib/permissions_by_term/tests/src/Kernel/AccessCheckTest.php
@@ -2,7 +2,13 @@
 
 namespace Drupal\Tests\permissions_by_term\Kernel;
 
+use Drupal\node\Entity\Node;
 use Drupal\permissions_by_term\Service\AccessStorage;
+use Drupal\taxonomy\Entity\Term;
+use Drupal\taxonomy\Entity\Vocabulary;
+use Drupal\user\Entity\Role;
+use Drupal\user\Entity\User;
+use Drupal\user\RoleInterface;
 
 /**
  * Class AccessCheckTest
@@ -78,10 +84,10 @@ class AccessCheckTest extends PBTKernelTestBase {
   public function testNoTermRestriction() {
     $database = $this->container->get('database');
     $database->truncate('node_access')->execute();
-    $this->createRelationNoTerms();
+    $this->createRelationWithoutRestriction();
 
     \Drupal::configFactory()->getEditable('permissions_by_term.settings.single_term_restriction')->set('value', FALSE)->save();
-    $this->assertTrue($this->accessCheck->canUserAccessByNodeId($this->getNidNoTerms()));
+    $this->assertTrue($this->accessCheck->canUserAccessByNodeId($this->getNidNoRestriction()));
 
     node_access_rebuild();
 
@@ -95,13 +101,13 @@ class AccessCheckTest extends PBTKernelTestBase {
       ->execute()
       ->fetchCol();
 
-    $this->assertCount(1, $permittedNids);
+    $this->assertCount(0, $permittedNids);
   }
 
   /**
    * @return void
    */
-  public function testEnabledSingleTermRestriction() {
+  public function testSingleTermRestrictionWithRestrictedTerms() {
     $database = $this->container->get('database');
     $database->truncate('node_access')->execute();
     $this->createRelationOneGrantedTerm();
@@ -125,4 +131,83 @@ class AccessCheckTest extends PBTKernelTestBase {
     $this->assertCount(1, $permittedNids);
   }
 
-}
\ No newline at end of file
+  /**
+   * @return void
+   */
+  public function testSingleTermRestrictionWithNoRestrictedTerms() {
+    $database = $this->container->get('database');
+    $database->truncate('node_access')->execute();
+    $this->createRelationWithoutRestriction();
+
+    \Drupal::configFactory()->getEditable('permissions_by_term.settings.single_term_restriction')->set('value', TRUE)->save();
+    $this->assertTrue($this->accessCheck->canUserAccessByNodeId($this->getNidOneGrantedTerm()));
+
+    node_access_rebuild();
+
+    $gids = $this->accessStorage->getGids(\Drupal::service('current_user'));
+
+    $nodeAccess = $database->select('node_access', 'na')
+      ->fields('na', ['nid'])
+      ->condition('na.gid', $gids['permissions_by_term'], 'IN')
+      ->condition('na.realm', AccessStorage::NODE_ACCESS_REALM);
+    $permittedNids = $nodeAccess
+      ->execute()
+      ->fetchCol();
+
+    $this->assertCount(0, $permittedNids);
+  }
+
+  public function testCheckAccessAsGuest() {
+    $term = Term::create([
+      'name' => 'term1',
+      'vid' => 'test',
+    ]);
+    $term->save();
+
+    $this->accessCheck->isAccessAllowedByDatabase($term->id(), 0);
+  }
+
+  public function testBypassNodeAccess() {
+    Vocabulary::create([
+      'name'     => 'Test Multilingual',
+      'vid'      => 'test_multilingual',
+      'langcode' => 'de',
+    ])->save();
+
+    $term = Term::create([
+      'name'     => 'term1',
+      'vid'      => 'test',
+      'langcode' => 'de',
+    ]);
+    $term->save();
+
+    $node = Node::create([
+      'type' => 'page',
+      'title' => 'test_title',
+      'field_tags' => [
+        [
+          'target_id' => $term->id()
+        ],
+      ]
+    ]);
+    $node->save();
+
+    $this->accessStorage->addTermPermissionsByUserIds([99], $term->id(), 'de');
+    $this->assertFalse($this->accessCheck->canUserAccessByNodeId($node->id(), \Drupal::currentUser()->id(), 'de'));
+
+    $editorRole = Role::create(['id' => 'editor']);
+    $editorRole->grantPermission('bypass node access');
+    $editorRole->save();
+
+    $user = User::load(\Drupal::currentUser()->id());
+
+    $user->addRole('editor');
+    $user->save();
+
+    $accountSwitcher = \Drupal::service('account_switcher');
+    $accountSwitcher->switchTo($user);
+
+    $this->assertTrue($this->accessCheck->canUserAccessByNodeId($node->id(), \Drupal::currentUser()->id(), 'de'));
+  }
+
+}