function AccessTest::testFileAccess
Same name in other branches
- 11.x core/modules/file/tests/src/Kernel/AccessTest.php \Drupal\Tests\file\Kernel\AccessTest::testFileAccess()
Tests 'update' and 'delete' access to file entities.
File
-
core/
modules/ file/ tests/ src/ Kernel/ AccessTest.php, line 42
Class
- AccessTest
- Tests for the File access control.
Namespace
Drupal\Tests\file\KernelCode
public function testFileAccess() : void {
// Create a user so the tested users do not have the magic ID of user 1.
$this->createUser();
$user_any = $this->createUser([
'delete any file',
]);
$this->assertGreaterThan(1, (int) $user_any->id());
$user_own = $this->createUser([
'delete own files',
]);
$test_files = $this->getTestFiles('text');
$file1 = File::create((array) $test_files[0]);
$file1->set('uid', $user_any->id());
$file1->save();
$file2 = File::create((array) $test_files[1]);
$file2->set('uid', $user_own->id());
$file2->save();
// User with "* any file" permissions should delete all files and update
// their own.
$this->assertTrue($file1->access('delete', $user_any));
$this->assertTrue($file1->access('update', $user_any));
$this->assertTrue($file2->access('delete', $user_any));
$this->assertFalse($file2->access('update', $user_any));
// User with "* own files" permissions should access only own files.
$this->assertFalse($file1->access('delete', $user_own));
$this->assertFalse($file1->access('update', $user_own));
$this->assertTrue($file2->access('delete', $user_own));
$this->assertTrue($file2->access('update', $user_own));
// Ensure cacheability metadata is correct.
/** @var \Drupal\Core\Access\AccessResult $access */
$access = $file2->access('delete', $user_any, TRUE);
$this->assertSame([
'user.permissions',
], $access->getCacheContexts());
$this->assertSame([], $access->getCacheTags());
/** @var \Drupal\Core\Access\AccessResult $access */
$access = $file2->access('delete', $user_own, TRUE);
$this->assertSame([
'user.permissions',
'user',
], $access->getCacheContexts());
$this->assertSame([
'file:2',
], $access->getCacheTags());
/** @var \Drupal\Core\Access\AccessResult $access */
$access = $file2->access('update', $user_any, TRUE);
$this->assertSame([], $access->getCacheContexts());
$this->assertSame([], $access->getCacheTags());
/** @var \Drupal\Core\Access\AccessResult $access */
$access = $file2->access('update', $user_own, TRUE);
$this->assertSame([], $access->getCacheContexts());
$this->assertSame([], $access->getCacheTags());
// User without permissions should not be able to delete files even if they
// are the owner.
$user_none = $this->createUser();
$file3 = File::create([
'uid' => $user_none->id(),
'filename' => 'druplicon.txt',
'filemime' => 'text/plain',
]);
$this->assertFalse($file3->access('delete', $user_none));
$this->assertTrue($file3->access('update', $user_none));
// Create a file with no user entity.
$file4 = File::create([
'filename' => 'druplicon.txt',
'filemime' => 'text/plain',
]);
$this->assertFalse($file4->access('delete', $user_own));
$this->assertFalse($file4->access('update', $user_own));
$this->assertTrue($file4->access('delete', $user_any));
$this->assertFalse($file4->access('update', $user_any));
}
Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.