function FileFieldWidgetTest::testPrivateFileComment

Same name in other branches
  1. 9 core/modules/file/tests/src/Functional/FileFieldWidgetTest.php \Drupal\Tests\file\Functional\FileFieldWidgetTest::testPrivateFileComment()
  2. 10 core/modules/file/tests/src/Functional/FileFieldWidgetTest.php \Drupal\Tests\file\Functional\FileFieldWidgetTest::testPrivateFileComment()
  3. 11.x core/modules/file/tests/src/Functional/FileFieldWidgetTest.php \Drupal\Tests\file\Functional\FileFieldWidgetTest::testPrivateFileComment()

Tests that download restrictions on private files work on comments.

File

core/modules/file/tests/src/Functional/FileFieldWidgetTest.php, line 286

Class

FileFieldWidgetTest
Tests the file field widget with public and private files.

Namespace

Drupal\Tests\file\Functional

Code

public function testPrivateFileComment() {
    $user = $this->drupalCreateUser([
        'access comments',
    ]);
    // Grant the admin user required comment permissions.
    $roles = $this->adminUser
        ->getRoles();
    user_role_grant_permissions($roles[1], [
        'administer comment fields',
        'administer comments',
    ]);
    // Revoke access comments permission from anon user, grant post to
    // authenticated.
    user_role_revoke_permissions(RoleInterface::ANONYMOUS_ID, [
        'access comments',
    ]);
    user_role_grant_permissions(RoleInterface::AUTHENTICATED_ID, [
        'post comments',
        'skip comment approval',
    ]);
    // Create a new field.
    $this->addDefaultCommentField('node', 'article');
    $name = strtolower($this->randomMachineName());
    $label = $this->randomMachineName();
    $storage_edit = [
        'settings[uri_scheme]' => 'private',
    ];
    $this->fieldUIAddNewField('admin/structure/comment/manage/comment', $name, $label, 'file', $storage_edit);
    // Manually clear cache on the tester side.
    \Drupal::service('entity_field.manager')->clearCachedFieldDefinitions();
    // Create node.
    $edit = [
        'title[0][value]' => $this->randomMachineName(),
    ];
    $this->drupalPostForm('node/add/article', $edit, t('Save'));
    $node = $this->drupalGetNodeByTitle($edit['title[0][value]']);
    // Add a comment with a file.
    $text_file = $this->getTestFile('text');
    $edit = [
        'files[field_' . $name . '_' . 0 . ']' => \Drupal::service('file_system')->realpath($text_file->getFileUri()),
        'comment_body[0][value]' => $comment_body = $this->randomMachineName(),
    ];
    $this->drupalPostForm('node/' . $node->id(), $edit, t('Save'));
    // Get the comment ID.
    preg_match('/comment-([0-9]+)/', $this->getUrl(), $matches);
    $cid = $matches[1];
    // Log in as normal user.
    $this->drupalLogin($user);
    $comment = Comment::load($cid);
    $comment_file = $comment->{'field_' . $name}->entity;
    $this->assertFileExists($comment_file->getFileUri());
    // Test authenticated file download.
    $url = $comment_file->createFileUrl();
    $this->assertNotEqual($url, NULL, 'Confirmed that the URL is valid');
    $this->drupalGet($comment_file->createFileUrl());
    $this->assertSession()
        ->statusCodeEquals(200);
    // Ensure that the anonymous user cannot download the file.
    $this->drupalLogout();
    $this->drupalGet($comment_file->createFileUrl());
    $this->assertSession()
        ->statusCodeEquals(403);
    // Unpublishes node.
    $this->drupalLogin($this->adminUser);
    $edit = [
        'status[value]' => FALSE,
    ];
    $this->drupalPostForm('node/' . $node->id() . '/edit', $edit, t('Save'));
    // Ensures normal user can no longer download the file.
    $this->drupalLogin($user);
    $this->drupalGet($comment_file->createFileUrl());
    $this->assertSession()
        ->statusCodeEquals(403);
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.