3 namespace Drupal\Tests\comment\Functional;
5 use Drupal\comment\Entity\Comment;
6 use Drupal\comment\Tests\CommentTestTrait;
7 use Drupal\node\Entity\NodeType;
8 use Drupal\Tests\BrowserTestBase;
11 * Tests comment administration and preview access.
15 class CommentAccessTest extends BrowserTestBase {
22 public static $modules = [
28 * Node for commenting.
30 * @var \Drupal\node\NodeInterface
32 protected $unpublishedNode;
37 protected function setUp() {
40 $node_type = NodeType::create([
45 $node_author = $this->drupalCreateUser([
46 'create article content',
50 $this->drupalLogin($this->drupalCreateUser([
52 'skip comment approval',
58 $this->addDefaultCommentField('node', 'article');
59 $this->unpublishedNode = $this->createNode([
60 'title' => 'This is unpublished',
61 'uid' => $node_author->id(),
65 $this->unpublishedNode->save();
69 * Tests commenting disabled for access-blocked entities.
71 public function testCannotCommentOnEntitiesYouCannotView() {
72 $assert = $this->assertSession();
74 $comment_url = 'comment/reply/node/' . $this->unpublishedNode->id() . '/comment';
76 // Commenting on an unpublished node results in access denied.
77 $this->drupalGet($comment_url);
78 $assert->statusCodeEquals(403);
80 // Publishing the node grants access.
81 $this->unpublishedNode->setPublished(TRUE)->save();
82 $this->drupalGet($comment_url);
83 $assert->statusCodeEquals(200);
87 * Tests cannot view comment reply form on entities you cannot view.
89 public function testCannotViewCommentReplyFormOnEntitiesYouCannotView() {
90 $assert = $this->assertSession();
92 // Create a comment on an unpublished node.
93 $comment = Comment::create([
94 'entity_type' => 'node',
96 'hostname' => 'magic.example.com',
97 'mail' => 'foo@example.com',
98 'subject' => 'Comment on unpublished node',
99 'entity_id' => $this->unpublishedNode->id(),
100 'comment_type' => 'comment',
101 'field_name' => 'comment',
103 'uid' => $this->unpublishedNode->getOwnerId(),
108 $comment_url = 'comment/reply/node/' . $this->unpublishedNode->id() . '/comment/' . $comment->id();
110 // Replying to a comment on an unpublished node results in access denied.
111 $this->drupalGet($comment_url);
112 $assert->statusCodeEquals(403);
114 // Publishing the node grants access.
115 $this->unpublishedNode->setPublished(TRUE)->save();
116 $this->drupalGet($comment_url);
117 $assert->statusCodeEquals(200);