3 namespace Drupal\Tests\content_moderation\Functional;
6 * Tests permission access control around nodes.
8 * @group content_moderation
10 class NodeAccessTest extends ModerationStateTestBase {
17 public static $modules = [
22 'node_access_test_empty',
26 * Permissions to grant admin user.
30 protected $permissions = [
31 'administer content moderation',
32 'access administration pages',
33 'administer content types',
35 'view latest version',
36 'view any unpublished content',
37 'access content overview',
38 'use editorial transition create_new_draft',
39 'use editorial transition publish',
46 protected function setUp() {
48 $this->drupalLogin($this->adminUser);
49 $this->createContentTypeFromUi('Moderated content', 'moderated_content', TRUE);
50 $this->grantUserPermissionToCreateContentOfType($this->adminUser, 'moderated_content');
52 // Rebuild permissions because hook_node_grants() is implemented by the
53 // node_access_test_empty module.
54 node_access_rebuild();
58 * Verifies that a non-admin user can still access the appropriate pages.
60 public function testPageAccess() {
61 $this->drupalLogin($this->adminUser);
63 // Create a node to test with.
64 $this->drupalPostForm('node/add/moderated_content', [
65 'title[0][value]' => 'moderated content',
66 ], t('Save and Create New Draft'));
67 $node = $this->getNodeByTitle('moderated content');
69 $this->fail('Test node was not saved correctly.');
72 $view_path = 'node/' . $node->id();
73 $edit_path = 'node/' . $node->id() . '/edit';
74 $latest_path = 'node/' . $node->id() . '/latest';
76 // Now make a new user and verify that the new user's access is correct.
77 $user = $this->createUser([
78 'use editorial transition create_new_draft',
79 'view latest version',
80 'view any unpublished content',
82 $this->drupalLogin($user);
84 $this->drupalGet($edit_path);
85 $this->assertResponse(403);
87 $this->drupalGet($latest_path);
88 $this->assertResponse(403);
89 $this->drupalGet($view_path);
90 $this->assertResponse(200);
93 $this->drupalLogin($this->adminUser);
94 $this->drupalPostForm($edit_path, [], t('Save and Publish'));
96 // Ensure access works correctly for anonymous users.
97 $this->drupalLogout();
99 $this->drupalGet($edit_path);
100 $this->assertResponse(403);
102 $this->drupalGet($latest_path);
103 $this->assertResponse(403);
104 $this->drupalGet($view_path);
105 $this->assertResponse(200);
107 // Create a forward revision for the 'Latest revision' tab.
108 $this->drupalLogin($this->adminUser);
109 $this->drupalPostForm($edit_path, [
110 'title[0][value]' => 'moderated content revised',
111 ], t('Save and Create New Draft'));
113 $this->drupalLogin($user);
115 $this->drupalGet($edit_path);
116 $this->assertResponse(403);
118 $this->drupalGet($latest_path);
119 $this->assertResponse(200);
120 $this->drupalGet($view_path);
121 $this->assertResponse(200);
123 // Now make another user, who should not be able to see forward revisions.
124 $user = $this->createUser([
125 'use editorial transition create_new_draft',
127 $this->drupalLogin($user);
129 $this->drupalGet($edit_path);
130 $this->assertResponse(403);
132 $this->drupalGet($latest_path);
133 $this->assertResponse(403);
134 $this->drupalGet($view_path);
135 $this->assertResponse(200);