3 namespace Drupal\Tests\node\Kernel;
5 use Drupal\Component\Render\FormattableMarkup;
6 use Drupal\KernelTests\Core\Entity\EntityKernelTestBase;
7 use Drupal\node\Entity\Node;
8 use Drupal\node\Entity\NodeType;
11 * Tests node field level access.
15 class NodeFieldAccessTest extends EntityKernelTestBase {
22 public static $modules = ['node'];
25 * Fields that only users with administer nodes permissions can change.
29 protected $administrativeFields = [
38 * These fields are automatically managed and can not be changed by any user.
42 protected $readOnlyFields = ['changed', 'revision_uid', 'revision_timestamp'];
45 * Test permissions on nodes status field.
47 public function testAccessToAdministrativeFields() {
49 // Create the page node type with revisions disabled.
50 $page = NodeType::create([
52 'new_revision' => FALSE,
56 // Create the article node type with revisions disabled.
57 $article = NodeType::create([
59 'new_revision' => TRUE,
63 // An administrator user. No user exists yet, ensure that the first user
64 // does not have UID 1.
65 $content_admin_user = $this->createUser(['uid' => 2], ['administer nodes']);
67 // Two different editor users.
68 $page_creator_user = $this->createUser([], ['create page content', 'edit own page content', 'delete own page content']);
69 $page_manager_user = $this->createUser([], ['create page content', 'edit any page content', 'delete any page content']);
71 // An unprivileged user.
72 $page_unrelated_user = $this->createUser([], ['access content']);
82 // Create three "Basic pages". One is owned by our test-user
83 // "page_creator", one by "page_manager", and one by someone else.
84 $node1 = Node::create([
85 'title' => $this->randomMachineName(8),
86 'uid' => $page_creator_user->id(),
89 $node2 = Node::create([
90 'title' => $this->randomMachineName(8),
91 'uid' => $page_manager_user->id(),
94 $node3 = Node::create([
95 'title' => $this->randomMachineName(8),
99 foreach ($this->administrativeFields as $field) {
101 // Checks on view operations.
102 foreach ($test_users as $account) {
103 $may_view = $node1->{$field}->access('view', $account);
104 $this->assertTrue($may_view, new FormattableMarkup('Any user may view the field @name.', ['@name' => $field]));
107 // Checks on edit operations.
108 $may_update = $node1->{$field}->access('edit', $page_creator_user);
109 $this->assertFalse($may_update, new FormattableMarkup('Users with permission "edit own page content" is not allowed to the field @name.', ['@name' => $field]));
110 $may_update = $node2->{$field}->access('edit', $page_creator_user);
111 $this->assertFalse($may_update, new FormattableMarkup('Users with permission "edit own page content" is not allowed to the field @name.', ['@name' => $field]));
112 $may_update = $node2->{$field}->access('edit', $page_manager_user);
113 $this->assertFalse($may_update, new FormattableMarkup('Users with permission "edit any page content" is not allowed to the field @name.', ['@name' => $field]));
114 $may_update = $node1->{$field}->access('edit', $page_manager_user);
115 $this->assertFalse($may_update, new FormattableMarkup('Users with permission "edit any page content" is not allowed to the field @name.', ['@name' => $field]));
116 $may_update = $node2->{$field}->access('edit', $page_unrelated_user);
117 $this->assertFalse($may_update, new FormattableMarkup('Users not having permission "edit any page content" is not allowed to the field @name.', ['@name' => $field]));
118 $may_update = $node1->{$field}->access('edit', $content_admin_user) && $node3->status->access('edit', $content_admin_user);
119 $this->assertTrue($may_update, new FormattableMarkup('Users with permission "administer nodes" may edit @name fields on all nodes.', ['@name' => $field]));
122 foreach ($this->readOnlyFields as $field) {
123 // Check view operation.
124 foreach ($test_users as $account) {
125 $may_view = $node1->{$field}->access('view', $account);
126 $this->assertTrue($may_view, new FormattableMarkup('Any user may view the field @name.', ['@name' => $field]));
129 // Check edit operation.
130 foreach ($test_users as $account) {
131 $may_view = $node1->{$field}->access('edit', $account);
132 $this->assertFalse($may_view, new FormattableMarkup('No user is not allowed to edit the field @name.', ['@name' => $field]));
136 // Check the revision_log field on node 1 which has revisions disabled.
137 $may_update = $node1->revision_log->access('edit', $content_admin_user);
138 $this->assertTrue($may_update, 'A user with permission "administer nodes" can edit the revision_log field when revisions are disabled.');
139 $may_update = $node1->revision_log->access('edit', $page_creator_user);
140 $this->assertFalse($may_update, 'A user without permission "administer nodes" can not edit the revision_log field when revisions are disabled.');
142 // Check the revision_log field on node 2 which has revisions enabled.
143 $may_update = $node2->revision_log->access('edit', $content_admin_user);
144 $this->assertTrue($may_update, 'A user with permission "administer nodes" can edit the revision_log field when revisions are enabled.');
145 $may_update = $node2->revision_log->access('edit', $page_creator_user);
146 $this->assertTrue($may_update, 'A user without permission "administer nodes" can edit the revision_log field when revisions are enabled.');