3 namespace Drupal\Tests\node\Functional;
5 use Drupal\node\Entity\NodeType;
8 * Ensures that node access rebuild functions work correctly even
9 * when other modules implements hook_node_grants().
13 class NodeAccessRebuildNodeGrantsTest extends NodeTestBase {
16 * A user to create nodes that only it has access to.
18 * @var \Drupal\user\UserInterface
23 * A user to test the rebuild nodes feature which can't access the nodes.
25 * @var \Drupal\user\UserInterface
32 protected function setUp() {
35 $this->adminUser = $this->drupalCreateUser(['administer site configuration', 'access administration pages', 'access site reports']);
36 $this->drupalLogin($this->adminUser);
38 $this->webUser = $this->drupalCreateUser();
42 * Tests rebuilding the node access permissions table with content.
44 public function testNodeAccessRebuildNodeGrants() {
45 \Drupal::service('module_installer')->install(['node_access_test']);
46 \Drupal::state()->set('node_access_test.private', TRUE);
47 node_access_test_add_field(NodeType::load('page'));
50 // Create 30 nodes so that _node_access_rebuild_batch_operation() has to run
52 for ($i = 0; $i < 30; $i++) {
53 $nodes[] = $this->drupalCreateNode([
54 'uid' => $this->webUser->id(),
55 'private' => [['value' => 1]],
59 /** @var \Drupal\node\NodeGrantDatabaseStorageInterface $grant_storage */
60 $grant_storage = \Drupal::service('node.grant_storage');
61 // Default realm access and node records are present.
62 foreach ($nodes as $node) {
63 $this->assertTrue($node->private->value);
64 $this->assertTrue($grant_storage->access($node, 'view', $this->webUser)->isAllowed(), 'Prior to rebuilding node access the grant storage returns allowed for the node author.');
65 $this->assertTrue($grant_storage->access($node, 'view', $this->adminUser)->isAllowed(), 'Prior to rebuilding node access the grant storage returns allowed for the admin user.');
68 $this->assertEqual(1, \Drupal::service('node.grant_storage')->checkAll($this->webUser), 'There is an all realm access record');
69 $this->assertTrue(\Drupal::state()->get('node.node_access_needs_rebuild'), 'Node access permissions need to be rebuilt');
71 // Rebuild permissions.
72 $this->drupalGet('admin/reports/status');
73 $this->clickLink(t('Rebuild permissions'));
74 $this->drupalPostForm(NULL, [], t('Rebuild permissions'));
75 $this->assertText(t('The content access permissions have been rebuilt.'));
77 // Test if the rebuild by user that cannot bypass node access and does not
78 // have access to the nodes has been successful.
79 $this->assertFalse($this->adminUser->hasPermission('bypass node access'));
80 $this->assertNull(\Drupal::state()->get('node.node_access_needs_rebuild'), 'Node access permissions have been rebuilt');
81 foreach ($nodes as $node) {
82 $this->assertTrue($grant_storage->access($node, 'view', $this->webUser)->isAllowed(), 'After rebuilding node access the grant storage returns allowed for the node author.');
83 $this->assertFalse($grant_storage->access($node, 'view', $this->adminUser)->isForbidden(), 'After rebuilding node access the grant storage returns forbidden for the admin user.');
85 $this->assertFalse(\Drupal::service('node.grant_storage')->checkAll($this->webUser), 'There is no all realm access record');
87 // Test an anonymous node access rebuild from code.
88 $this->drupalLogout();
89 node_access_rebuild();
90 foreach ($nodes as $node) {
91 $this->assertTrue($grant_storage->access($node, 'view', $this->webUser)->isAllowed(), 'After rebuilding node access the grant storage returns allowed for the node author.');
92 $this->assertFalse($grant_storage->access($node, 'view', $this->adminUser)->isForbidden(), 'After rebuilding node access the grant storage returns forbidden for the admin user.');
94 $this->assertFalse(\Drupal::service('node.grant_storage')->checkAll($this->webUser), 'There is no all realm access record');
98 * Tests rebuilding the node access permissions table with no content.
100 public function testNodeAccessRebuildNoAccessModules() {
101 // Default realm access is present.
102 $this->assertEqual(1, \Drupal::service('node.grant_storage')->count(), 'There is an all realm access record');
104 // No need to rebuild permissions.
105 $this->assertFalse(\Drupal::state()->get('node.node_access_needs_rebuild'), 'Node access permissions need to be rebuilt');
107 // Rebuild permissions.
108 $this->drupalGet('admin/reports/status');
109 $this->clickLink(t('Rebuild permissions'));
110 $this->drupalPostForm(NULL, [], t('Rebuild permissions'));
111 $this->assertText(t('Content permissions have been rebuilt.'));
112 $this->assertNull(\Drupal::state()->get('node.node_access_needs_rebuild'), 'Node access permissions have been rebuilt');
114 // Default realm access is still present.
115 $this->assertEqual(1, \Drupal::service('node.grant_storage')->count(), 'There is an all realm access record');