function FileFieldWidgetTest::testPrivateFileComment
Same name in other branches
- 8.9.x core/modules/file/tests/src/Functional/FileFieldWidgetTest.php \Drupal\Tests\file\Functional\FileFieldWidgetTest::testPrivateFileComment()
- 10 core/modules/file/tests/src/Functional/FileFieldWidgetTest.php \Drupal\Tests\file\Functional\FileFieldWidgetTest::testPrivateFileComment()
- 11.x core/modules/file/tests/src/Functional/FileFieldWidgetTest.php \Drupal\Tests\file\Functional\FileFieldWidgetTest::testPrivateFileComment()
Tests that download restrictions on private files work on comments.
File
-
core/
modules/ file/ tests/ src/ Functional/ FileFieldWidgetTest.php, line 287
Class
- FileFieldWidgetTest
- Tests the file field widget with public and private files.
Namespace
Drupal\Tests\file\FunctionalCode
public function testPrivateFileComment() {
$user = $this->drupalCreateUser([
'access comments',
]);
// Grant the admin user required comment permissions.
$roles = $this->adminUser
->getRoles();
user_role_grant_permissions($roles[1], [
'administer comment fields',
'administer comments',
]);
// Revoke access comments permission from anon user, grant post to
// authenticated.
user_role_revoke_permissions(RoleInterface::ANONYMOUS_ID, [
'access comments',
]);
user_role_grant_permissions(RoleInterface::AUTHENTICATED_ID, [
'post comments',
'skip comment approval',
]);
// Create a new field.
$this->addDefaultCommentField('node', 'article');
$name = strtolower($this->randomMachineName());
$label = $this->randomMachineName();
$storage_edit = [
'settings[uri_scheme]' => 'private',
];
$this->fieldUIAddNewField('admin/structure/comment/manage/comment', $name, $label, 'file', $storage_edit);
// Manually clear cache on the tester side.
\Drupal::service('entity_field.manager')->clearCachedFieldDefinitions();
// Create node.
$edit = [
'title[0][value]' => $this->randomMachineName(),
];
$this->drupalGet('node/add/article');
$this->submitForm($edit, 'Save');
$node = $this->drupalGetNodeByTitle($edit['title[0][value]']);
// Add a comment with a file.
$text_file = $this->getTestFile('text');
$edit = [
'files[field_' . $name . '_' . 0 . ']' => \Drupal::service('file_system')->realpath($text_file->getFileUri()),
'comment_body[0][value]' => $comment_body = $this->randomMachineName(),
];
$this->drupalGet('node/' . $node->id());
$this->submitForm($edit, 'Save');
// Get the comment ID.
preg_match('/comment-([0-9]+)/', $this->getUrl(), $matches);
$cid = $matches[1];
// Log in as normal user.
$this->drupalLogin($user);
$comment = Comment::load($cid);
$comment_file = $comment->{'field_' . $name}->entity;
$this->assertFileExists($comment_file->getFileUri());
// Test authenticated file download.
$url = $comment_file->createFileUrl();
$this->assertNotNull($url, 'Confirmed that the URL is valid');
$this->drupalGet($comment_file->createFileUrl());
$this->assertSession()
->statusCodeEquals(200);
// Ensure that the anonymous user cannot download the file.
$this->drupalLogout();
$this->drupalGet($comment_file->createFileUrl());
$this->assertSession()
->statusCodeEquals(403);
// Unpublishes node.
$this->drupalLogin($this->adminUser);
$edit = [
'status[value]' => FALSE,
];
$this->drupalGet('node/' . $node->id() . '/edit');
$this->submitForm($edit, 'Save');
// Ensures normal user can no longer download the file.
$this->drupalLogin($user);
$this->drupalGet($comment_file->createFileUrl());
$this->assertSession()
->statusCodeEquals(403);
}
Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.