FilterFormatAccessTestCase

  1. drupal
    1. 8
    2. 7

Hierarchy

Properties

NameDescription
DrupalTestCase::$assertionsAssertions thrown in that test case.
DrupalTestCase::$databasePrefixThe database prefix of this test run.
DrupalTestCase::$originalFileDirectoryThe original file directory, before it was changed for testing purposes.
DrupalTestCase::$resultsCurrent results of this test case.
DrupalTestCase::$skipClassesThis class is skipped when looking for the source of an assertion.
DrupalTestCase::$testIdThe test run ID.
DrupalTestCase::$timeLimitTime limit for the test.
DrupalWebTestCase::$additionalCurlOptionsAdditional cURL options.
DrupalWebTestCase::$contentThe content of the page currently loaded in the internal browser.
DrupalWebTestCase::$cookieFileThe current cookie file used by cURL.
DrupalWebTestCase::$curlHandleThe handle of the current cURL connection.
DrupalWebTestCase::$drupalSettingsThe value of the Drupal.settings JavaScript variable for the page currently loaded in the internal browser.
DrupalWebTestCase::$elementsThe parsed version of the page.
DrupalWebTestCase::$generatedTestFilesWhether the files were copied to the test files directory.
DrupalWebTestCase::$headersThe headers of the page currently loaded in the internal browser.
DrupalWebTestCase::$httpauth_credentialsHTTP authentication credentials (<username>:<password>).
DrupalWebTestCase::$httpauth_methodHTTP authentication method
DrupalWebTestCase::$loggedInUserThe current user logged in using the internal browser.
DrupalWebTestCase::$originalShutdownCallbacksThe original shutdown handlers array, before it was cleaned for testing purposes.
DrupalWebTestCase::$originalUserThe original user, before it was changed to a clean uid = 1 for testing purposes.
DrupalWebTestCase::$plainTextContentThe content of the page currently loaded in the internal browser (plain text version).
DrupalWebTestCase::$profileThe profile to install as a basis for testing.
DrupalWebTestCase::$redirect_countThe number of redirects followed during the handling of a request.
DrupalWebTestCase::$session_idThe current session ID, if available.
DrupalWebTestCase::$session_nameThe current session name, if available.
DrupalWebTestCase::$urlThe URL currently loaded in the internal browser.
FilterFormatAccessTestCase::$admin_user
FilterFormatAccessTestCase::$allowed_format
FilterFormatAccessTestCase::$disallowed_format
FilterFormatAccessTestCase::$filter_admin_user
FilterFormatAccessTestCase::$web_user

Functions & methods

NameDescription
DrupalTestCase::assertInternal helper: stores the assert.
DrupalTestCase::assertEqualCheck to see if two values are equal.
DrupalTestCase::assertFalseCheck to see if a value is false (an empty string, 0, NULL, or FALSE).
DrupalTestCase::assertIdenticalCheck to see if two values are identical.
DrupalTestCase::assertNotEqualCheck to see if two values are not equal.
DrupalTestCase::assertNotIdenticalCheck to see if two values are not identical.
DrupalTestCase::assertNotNullCheck to see if a value is not NULL.
DrupalTestCase::assertNullCheck to see if a value is NULL.
DrupalTestCase::assertTrueCheck to see if a value is not false (not an empty string, 0, NULL, or FALSE).
DrupalTestCase::deleteAssertDelete an assertion record by message ID.
DrupalTestCase::errorFire an error assertion.
DrupalTestCase::errorHandlerHandle errors during test runs.
DrupalTestCase::exceptionHandlerHandle exceptions.
DrupalTestCase::failFire an assertion that is always negative.
DrupalTestCase::generatePermutationsConverts a list of possible parameters into a stack of permutations.
DrupalTestCase::getAssertionCallCycles through backtrace until the first non-assertion method is found.
DrupalTestCase::insertAssertStore an assertion from outside the testing context.
DrupalTestCase::passFire an assertion that is always positive.
DrupalTestCase::randomNameGenerates a random string containing letters and numbers.
DrupalTestCase::randomStringGenerates a random string of ASCII characters of codes 32 to 126.
DrupalTestCase::runRun all tests in this class.
DrupalTestCase::verboseLogs verbose message in a text file.
DrupalWebTestCase::assertFieldAsserts that a field exists with the given name or id.
DrupalWebTestCase::assertFieldByIdAsserts that a field exists in the current page with the given id and value.
DrupalWebTestCase::assertFieldByNameAsserts that a field exists in the current page with the given name and value.
DrupalWebTestCase::assertFieldByXPathAsserts that a field exists in the current page by the given XPath.
DrupalWebTestCase::assertFieldCheckedAsserts that a checkbox field in the current page is checked.
DrupalWebTestCase::assertLinkPass if a link with the specified label is found, and optional with the specified index.
DrupalWebTestCase::assertLinkByHrefPass if a link containing a given href (part) is found.
DrupalWebTestCase::assertMailAsserts that the most recently sent e-mail message has the given value.
DrupalWebTestCase::assertMailPatternAsserts that the most recently sent e-mail message has the pattern in it.
DrupalWebTestCase::assertMailStringAsserts that the most recently sent e-mail message has the string in it.
DrupalWebTestCase::assertNoDuplicateIdsAsserts that each HTML ID is used for just a single element.
DrupalWebTestCase::assertNoFieldAsserts that a field does not exist with the given name or id.
DrupalWebTestCase::assertNoFieldByIdAsserts that a field does not exist with the given id and value.
DrupalWebTestCase::assertNoFieldByNameAsserts that a field does not exist with the given name and value.
DrupalWebTestCase::assertNoFieldByXPathAsserts that a field does not exist in the current page by the given XPath.
DrupalWebTestCase::assertNoFieldCheckedAsserts that a checkbox field in the current page is not checked.
DrupalWebTestCase::assertNoLinkPass if a link with the specified label is not found.
DrupalWebTestCase::assertNoLinkByHrefPass if a link containing a given href (part) is not found.
DrupalWebTestCase::assertNoOptionSelectedAsserts that a select option in the current page is not checked.
DrupalWebTestCase::assertNoPatternWill trigger a pass if the perl regex pattern is not present in raw content.
DrupalWebTestCase::assertNoRawPass if the raw text is NOT found on the loaded page, fail otherwise. Raw text refers to the raw HTML that the page generated.
DrupalWebTestCase::assertNoResponseAsserts the page did not return the specified response code.
DrupalWebTestCase::assertNoTextPass if the text is NOT found on the text version of the page. The text version is the equivalent of what a user would see when viewing through a web browser. In other words the HTML has been filtered out of the contents.
DrupalWebTestCase::assertNoTitlePass if the page title is not the given string.
DrupalWebTestCase::assertNoUniqueTextPass if the text is found MORE THAN ONCE on the text version of the page.
DrupalWebTestCase::assertOptionSelectedAsserts that a select option in the current page is checked.
DrupalWebTestCase::assertPatternWill trigger a pass if the Perl regex pattern is found in the raw content.
DrupalWebTestCase::assertRawPass if the raw text IS found on the loaded page, fail otherwise. Raw text refers to the raw HTML that the page generated.
DrupalWebTestCase::assertResponseAsserts the page responds with the specified response code.
DrupalWebTestCase::assertTextPass if the text IS found on the text version of the page. The text version is the equivalent of what a user would see when viewing through a web browser. In other words the HTML has been filtered out of the contents.
DrupalWebTestCase::assertTextHelperHelper for assertText and assertNoText.
DrupalWebTestCase::assertTitlePass if the page title is the given string.
DrupalWebTestCase::assertUniqueTextPass if the text is found ONLY ONCE on the text version of the page.
DrupalWebTestCase::assertUniqueTextHelperHelper for assertUniqueText and assertNoUniqueText.
DrupalWebTestCase::assertUrlPass if the internal browser's URL matches the given path.
DrupalWebTestCase::buildXPathQueryBuilds an XPath query.
DrupalWebTestCase::checkForMetaRefreshCheck for meta refresh tag and if found call drupalGet() recursively. This function looks for the http-equiv attribute to be set to "Refresh" and is case-sensitive.
DrupalWebTestCase::checkPermissionsCheck to make sure that the array of permissions are valid.
DrupalWebTestCase::clickLinkFollows a link by name.
DrupalWebTestCase::constructFieldXpathHelper function: construct an XPath for the given set of attributes and value.
DrupalWebTestCase::cronRunRuns cron in the Drupal installed by Simpletest.
DrupalWebTestCase::curlCloseClose the cURL handler and unset the handler.
DrupalWebTestCase::curlExecInitializes and executes a cURL request.
DrupalWebTestCase::curlHeaderCallbackReads headers and registers errors received from the tested site.
DrupalWebTestCase::curlInitializeInitializes the cURL connection.
DrupalWebTestCase::drupalCompareFilesCompare two files based on size and file name.
DrupalWebTestCase::drupalCreateContentTypeCreates a custom content type based on default settings.
DrupalWebTestCase::drupalCreateNodeCreates a node based on default settings.
DrupalWebTestCase::drupalCreateRoleInternal helper function; Create a role with specified permissions.
DrupalWebTestCase::drupalCreateUserCreate a user with a given set of permissions. The permissions correspond to the names given on the privileges page.
DrupalWebTestCase::drupalGetRetrieves a Drupal path or an absolute path.
DrupalWebTestCase::drupalGetAJAXRetrieve a Drupal path or an absolute path and JSON decode the result.
DrupalWebTestCase::drupalGetContentGets the current raw HTML of requested page.
DrupalWebTestCase::drupalGetHeaderGets the value of an HTTP response header. If multiple requests were required to retrieve the page, only the headers from the last request will be checked by default. However, if TRUE is passed as the second argument, all requests will be processed…
DrupalWebTestCase::drupalGetHeadersGets the HTTP response headers of the requested page. Normally we are only interested in the headers returned by the last request. However, if a page is redirected or HTTP authentication is in use, multiple requests will be required to retrieve the…
DrupalWebTestCase::drupalGetMailsGets an array containing all e-mails sent during this test case.
DrupalWebTestCase::drupalGetNodeByTitleGet a node from the database based on its title.
DrupalWebTestCase::drupalGetSettingsGets the value of the Drupal.settings JavaScript variable for the currently loaded page.
DrupalWebTestCase::drupalGetTestFilesGet a list files that can be used in tests.
DrupalWebTestCase::drupalGetTokenGenerate a token for the currently logged in user.
DrupalWebTestCase::drupalHeadRetrieves only the headers for a Drupal path or an absolute path.
DrupalWebTestCase::drupalLoginLog in a user with the internal browser.
DrupalWebTestCase::drupalLogout
DrupalWebTestCase::drupalPostExecute a POST request on a Drupal page. It will be done as usual POST request with SimpleBrowser.
DrupalWebTestCase::drupalPostAJAXExecute an Ajax submission.
DrupalWebTestCase::drupalSetContentSets the raw HTML content. This can be useful when a page has been fetched outside of the internal browser and assertions need to be made on the returned page.
DrupalWebTestCase::drupalSetSettingsSets the value of the Drupal.settings JavaScript variable for the currently loaded page.
DrupalWebTestCase::getAbsoluteUrlTakes a path and returns an absolute path.
DrupalWebTestCase::getAllOptionsGet all option elements, including nested options, in a select.
DrupalWebTestCase::getSelectedItemGet the selected value from a select field.
DrupalWebTestCase::getUrlGet the current url from the cURL handler.
DrupalWebTestCase::handleFormHandle form input related to drupalPost(). Ensure that the specified fields exist and attempt to create POST data in the correct manner for the particular field type.
DrupalWebTestCase::parseParse content returned from curlExec using DOM and SimpleXML.
DrupalWebTestCase::preloadRegistryPreload the registry from the testing site.
DrupalWebTestCase::refreshVariablesRefresh the in-memory set of variables. Useful after a page request is made that changes a variable in a different thread.
DrupalWebTestCase::resetAllReset all data structures after having enabled new modules.
DrupalWebTestCase::tearDownDelete created files and temporary files directory, delete the tables created by setUp(), and reset the database prefix.
DrupalWebTestCase::verboseEmailOutputs to verbose the most recent $count emails sent.
DrupalWebTestCase::xpathPerform an xpath search on the contents of the internal browser. The search is relative to the root element (HTML tag normally) of the page.
DrupalWebTestCase::__constructConstructor for DrupalWebTestCase. Overrides DrupalTestCase::__construct
FilterFormatAccessTestCase::getInfo
FilterFormatAccessTestCase::resetFilterCachesRebuild text format and permission caches in the thread running the tests.
FilterFormatAccessTestCase::setUpGenerates a random database prefix, runs the install scripts on the prefixed database and enable the specified modules. After installation many caches are flushed and the internal browser is setup so that the page requests will run on the new prefix.… Overrides DrupalWebTestCase::setUp
FilterFormatAccessTestCase::testFormatPermissions
FilterFormatAccessTestCase::testFormatRoles
FilterFormatAccessTestCase::testFormatWidgetPermissionsTest editing a page using a disallowed text format.

modules/filter/filter.test, line 404

View source
<?php
class FilterFormatAccessTestCase extends DrupalWebTestCase {
  protected $admin_user;
  protected $filter_admin_user;
  protected $web_user;
  protected $allowed_format;
  protected $disallowed_format;

  public static function getInfo() {
    return array(
      'name' => 'Filter format access', 
      'description' => 'Tests access to text formats.', 
      'group' => 'Filter',
    );
  }

  function setUp() {
    parent::setUp();

    // Create a user who can administer text formats, but does not have
    // specific permission to use any of them.
    $this->filter_admin_user = $this->drupalCreateUser(array(
      'administer filters',
      'create page content',
      'edit any page content',
    ));

    // Create two text formats.
    $this->drupalLogin($this->filter_admin_user);
    $formats = array();
    for ($i = 0; $i < 2; $i++) {
      $edit = array(
        'format' => drupal_strtolower($this->randomName()), 
        'name' => $this->randomName(),
      );
      $this->drupalPost('admin/config/content/formats/add', $edit, t('Save configuration'));
      $this->resetFilterCaches();
      $formats[] = filter_format_load($edit['format']);
    }
    list($this->allowed_format, $this->disallowed_format) = $formats;
    $this->drupalLogout();

    // Create a regular user with access to one of the formats.
    $this->web_user = $this->drupalCreateUser(array(
      'create page content',
      'edit any page content',
      filter_permission_name($this->allowed_format),
    ));

    // Create an administrative user who has access to use both formats.
    $this->admin_user = $this->drupalCreateUser(array(
      'administer filters',
      'create page content',
      'edit any page content',
      filter_permission_name($this->allowed_format),
      filter_permission_name($this->disallowed_format),
    ));
  }

  function testFormatPermissions() {
    // Make sure that a regular user only has access to the text format they
    // were granted access to, as well to the fallback format.
    $this->assertTrue(filter_access($this->allowed_format, $this->web_user), t('A regular user has access to a text format they were granted access to.'));
    $this->assertFalse(filter_access($this->disallowed_format, $this->web_user), t('A regular user does not have access to a text format they were not granted access to.'));
    $this->assertTrue(filter_access(filter_format_load(filter_fallback_format()), $this->web_user), t('A regular user has access to the fallback format.'));

    // Perform similar checks as above, but now against the entire list of
    // available formats for this user.
    $this->assertTrue(in_array($this->allowed_format->format, array_keys(filter_formats($this->web_user))), t('The allowed format appears in the list of available formats for a regular user.'));
    $this->assertFalse(in_array($this->disallowed_format->format, array_keys(filter_formats($this->web_user))), t('The disallowed format does not appear in the list of available formats for a regular user.'));
    $this->assertTrue(in_array(filter_fallback_format(), array_keys(filter_formats($this->web_user))), t('The fallback format appears in the list of available formats for a regular user.'));

    // Make sure that a regular user only has permission to use the format
    // they were granted access to.
    $this->assertTrue(user_access(filter_permission_name($this->allowed_format), $this->web_user), t('A regular user has permission to use the allowed text format.'));
    $this->assertFalse(user_access(filter_permission_name($this->disallowed_format), $this->web_user), t('A regular user does not have permission to use the disallowed text format.'));

    // Make sure that the allowed format appears on the node form and that
    // the disallowed format does not.
    $this->drupalLogin($this->web_user);
    $this->drupalGet('node/add/page');
    $langcode = LANGUAGE_NONE;
    $elements = $this->xpath('//select[@name=:name]/option', array(
      ':name' => "body[$langcode][0][format]", 
      ':option' => $this->allowed_format->format,
    ));
    $options = array();
    foreach ($elements as $element) {
      $options[(string) $element['value']] = $element;
    }
    $this->assertTrue(isset($options[$this->allowed_format->format]), t('The allowed text format appears as an option when adding a new node.'));
    $this->assertFalse(isset($options[$this->disallowed_format->format]), t('The disallowed text format does not appear as an option when adding a new node.'));
    $this->assertTrue(isset($options[filter_fallback_format()]), t('The fallback format appears as an option when adding a new node.'));
  }

  function testFormatRoles() {
    // Get the role ID assigned to the regular user; it must be the maximum.
    $rid = max(array_keys($this->web_user->roles));

    // Check that this role appears in the list of roles that have access to an
    // allowed text format, but does not appear in the list of roles that have
    // access to a disallowed text format.
    $this->assertTrue(in_array($rid, array_keys(filter_get_roles_by_format($this->allowed_format))), t('A role which has access to a text format appears in the list of roles that have access to that format.'));
    $this->assertFalse(in_array($rid, array_keys(filter_get_roles_by_format($this->disallowed_format))), t('A role which does not have access to a text format does not appear in the list of roles that have access to that format.'));

    // Check that the correct text format appears in the list of formats
    // available to that role.
    $this->assertTrue(in_array($this->allowed_format->format, array_keys(filter_get_formats_by_role($rid))), t('A text format which a role has access to appears in the list of formats available to that role.'));
    $this->assertFalse(in_array($this->disallowed_format->format, array_keys(filter_get_formats_by_role($rid))), t('A text format which a role does not have access to does not appear in the list of formats available to that role.'));

    // Check that the fallback format is always allowed.
    $this->assertEqual(filter_get_roles_by_format(filter_format_load(filter_fallback_format())), user_roles(), t('All roles have access to the fallback format.'));
    $this->assertTrue(in_array(filter_fallback_format(), array_keys(filter_get_formats_by_role($rid))), t('The fallback format appears in the list of allowed formats for any role.'));
  }

  /**
   * Test editing a page using a disallowed text format.
   *
   * Verifies that regular users and administrators are able to edit a page,
   * but not allowed to change the fields which use an inaccessible text
   * format. Also verifies that fields which use a text format that does not
   * exist can be edited by administrators only, but that the administrator is
   * forced to choose a new format before saving the page.
   */
  function testFormatWidgetPermissions() {
    $langcode = LANGUAGE_NONE;
    $title_key = "title";
    $body_value_key = "body[$langcode][0][value]";
    $body_format_key = "body[$langcode][0][format]";

    // Create node to edit.
    $this->drupalLogin($this->admin_user);
    $edit = array();
    $edit['title'] = $this->randomName(8);
    $edit[$body_value_key] = $this->randomName(16);
    $edit[$body_format_key] = $this->disallowed_format->format;
    $this->drupalPost('node/add/page', $edit, t('Save'));
    $node = $this->drupalGetNodeByTitle($edit['title']);

    // Try to edit with a less privileged user.
    $this->drupalLogin($this->web_user);
    $this->drupalGet('node/' . $node->nid);
    $this->clickLink(t('Edit'));

    // Verify that body field is read-only and contains replacement value.
    $this->assertFieldByXPath("//textarea[@name='$body_value_key' and @disabled='disabled']", t('This field has been disabled because you do not have sufficient permissions to edit it.'), t('Text format access denied message found.'));

    // Verify that title can be changed, but preview displays original body.
    $new_edit = array();
    $new_edit['title'] = $this->randomName(8);
    $this->drupalPost(NULL, $new_edit, t('Preview'));
    $this->assertText($edit[$body_value_key], t('Old body found in preview.'));

    // Save and verify that only the title was changed.
    $this->drupalPost(NULL, $new_edit, t('Save'));
    $this->assertNoText($edit['title'], t('Old title not found.'));
    $this->assertText($new_edit['title'], t('New title found.'));
    $this->assertText($edit[$body_value_key], t('Old body found.'));

    // Check that even an administrator with "administer filters" permission
    // cannot edit the body field if they do not have specific permission to
    // use its stored format. (This must be disallowed so that the
    // administrator is never forced to switch the text format to something
    // else.)
    $this->drupalLogin($this->filter_admin_user);
    $this->drupalGet('node/' . $node->nid . '/edit');
    $this->assertFieldByXPath("//textarea[@name='$body_value_key' and @disabled='disabled']", t('This field has been disabled because you do not have sufficient permissions to edit it.'), t('Text format access denied message found.'));

    // Disable the text format used above.
    filter_format_disable($this->disallowed_format);
    $this->resetFilterCaches();

    // Log back in as the less privileged user and verify that the body field
    // is still disabled, since the less privileged user should not be able to
    // edit content that does not have an assigned format.
    $this->drupalLogin($this->web_user);
    $this->drupalGet('node/' . $node->nid . '/edit');
    $this->assertFieldByXPath("//textarea[@name='$body_value_key' and @disabled='disabled']", t('This field has been disabled because you do not have sufficient permissions to edit it.'), t('Text format access denied message found.'));

    // Log back in as the filter administrator and verify that the body field
    // can be edited.
    $this->drupalLogin($this->filter_admin_user);
    $this->drupalGet('node/' . $node->nid . '/edit');
    $this->assertNoFieldByXPath("//textarea[@name='$body_value_key' and @disabled='disabled']", NULL, t('Text format access denied message not found.'));
    $this->assertFieldByXPath("//select[@name='$body_format_key']", NULL, t('Text format selector found.'));

    // Verify that trying to save the node without selecting a new text format
    // produces an error message, and does not result in the node being saved.
    $old_title = $new_edit['title'];
    $new_title = $this->randomName(8);
    $edit = array('title' => $new_title);
    $this->drupalPost('node/' . $node->nid . '/edit', $edit, t('Save'));
    $this->assertText(t('!name field is required.', array('!name' => t('Text format'))), t('Error message is displayed.'));
    $this->drupalGet('node/' . $node->nid);
    $this->assertText($old_title, t('Old title found.'));
    $this->assertNoText($new_title, t('New title not found.'));

    // Now select a new text format and make sure the node can be saved.
    $edit[$body_format_key] = filter_fallback_format();
    $this->drupalPost('node/' . $node->nid . '/edit', $edit, t('Save'));
    $this->assertUrl('node/' . $node->nid);
    $this->assertText($new_title, t('New title found.'));
    $this->assertNoText($old_title, t('Old title not found.'));

    // Switch the text format to a new one, then disable that format and all
    // other formats on the site (leaving only the fallback format).
    $this->drupalLogin($this->admin_user);
    $edit = array($body_format_key => $this->allowed_format->format);
    $this->drupalPost('node/' . $node->nid . '/edit', $edit, t('Save'));
    $this->assertUrl('node/' . $node->nid);
    foreach (filter_formats() as $format) {
      if ($format->format != filter_fallback_format()) {
        filter_format_disable($format);
      }
    }

    // Since there is now only one available text format, the widget for
    // selecting a text format would normally not display when the content is
    // edited. However, we need to verify that the filter administrator still
    // is forced to make a conscious choice to reassign the text to a different
    // format.
    $this->drupalLogin($this->filter_admin_user);
    $old_title = $new_title;
    $new_title = $this->randomName(8);
    $edit = array('title' => $new_title);
    $this->drupalPost('node/' . $node->nid . '/edit', $edit, t('Save'));
    $this->assertText(t('!name field is required.', array('!name' => t('Text format'))), t('Error message is displayed.'));
    $this->drupalGet('node/' . $node->nid);
    $this->assertText($old_title, t('Old title found.'));
    $this->assertNoText($new_title, t('New title not found.'));
    $edit[$body_format_key] = filter_fallback_format();
    $this->drupalPost('node/' . $node->nid . '/edit', $edit, t('Save'));
    $this->assertUrl('node/' . $node->nid);
    $this->assertText($new_title, t('New title found.'));
    $this->assertNoText($old_title, t('Old title not found.'));
  }

  /**
   * Rebuild text format and permission caches in the thread running the tests.
   */
  protected function resetFilterCaches() {
    filter_formats_reset();
    $this->checkPermissions(array(), TRUE);
  }
}
?>