function InlineBlockPrivateFilesTest::testPrivateFiles

Same name and namespace in other branches
  1. 9 core/modules/layout_builder/tests/src/FunctionalJavascript/InlineBlockPrivateFilesTest.php \Drupal\Tests\layout_builder\FunctionalJavascript\InlineBlockPrivateFilesTest::testPrivateFiles()
  2. 8.9.x core/modules/layout_builder/tests/src/FunctionalJavascript/InlineBlockPrivateFilesTest.php \Drupal\Tests\layout_builder\FunctionalJavascript\InlineBlockPrivateFilesTest::testPrivateFiles()
  3. 11.x core/modules/layout_builder/tests/src/FunctionalJavascript/InlineBlockPrivateFilesTest.php \Drupal\Tests\layout_builder\FunctionalJavascript\InlineBlockPrivateFilesTest::testPrivateFiles()

Tests access to private files added to inline blocks in the layout builder.

File

core/modules/layout_builder/tests/src/FunctionalJavascript/InlineBlockPrivateFilesTest.php, line 66

Class

InlineBlockPrivateFilesTest
Test access to private files in block fields on the Layout Builder.

Namespace

Drupal\Tests\layout_builder\FunctionalJavascript

Code

public function testPrivateFiles() : void {
  $assert_session = $this->assertSession();
  LayoutBuilderEntityViewDisplay::load('node.bundle_with_section_field.default')->enableLayoutBuilder()
    ->setOverridable()
    ->save();
  // Log in as user you can only configure layouts and access content.
  $this->drupalLogin($this->drupalCreateUser([
    'access contextual links',
    'configure any layout',
    'access content',
    'create and edit custom blocks',
  ]));
  $this->drupalGet('node/1/layout');
  // @todo Occasionally SQLite has database locks here. Waiting seems to
  //   resolve it. https://www.drupal.org/project/drupal/issues/3055983
  $assert_session->assertWaitOnAjaxRequest();
  $file = $this->createPrivateFile('drupal.txt');
  $file_real_path = $this->fileSystem
    ->realpath($file->getFileUri());
  $this->assertFileExists($file_real_path);
  $this->addInlineFileBlockToLayout('The file', $file);
  $this->assertSaveLayout();
  $this->drupalGet('node/1');
  $private_href1 = $this->getFileHrefAccessibleOnNode($file);
  // Remove the inline block with the private file.
  $this->drupalGet('node/1/layout');
  $this->removeInlineBlockFromLayout();
  $this->assertSaveLayout();
  $this->drupalGet('node/1');
  $assert_session->pageTextNotContains($file->label());
  // Try to access file directly after it has been removed. Since a new
  // revision was not created for the node the inline block is not in the
  // layout of a previous revision of the node.
  $this->drupalGet($private_href1);
  $assert_session->pageTextContains('You are not authorized to access this page');
  $assert_session->pageTextNotContains($this->getFileSecret($file));
  $this->assertFileExists($file_real_path);
  $file2 = $this->createPrivateFile('2ndFile.txt');
  $this->drupalGet('node/1/layout');
  $this->addInlineFileBlockToLayout('Number2', $file2);
  $this->assertSaveLayout();
  $this->drupalGet('node/1');
  $private_href2 = $this->getFileHrefAccessibleOnNode($file2);
  $this->createNewNodeRevision(1);
  $file3 = $this->createPrivateFile('3rdFile.txt');
  $this->drupalGet('node/1/layout');
  $this->replaceFileInBlock($file3);
  $this->assertSaveLayout();
  $this->drupalGet('node/1');
  $private_href3 = $this->getFileHrefAccessibleOnNode($file3);
  // $file2 is on a previous revision of the block which is on a previous
  // revision of the node. The user does not have access to view the previous
  // revision of the node.
  $this->drupalGet($private_href2);
  $assert_session->pageTextContains('You are not authorized to access this page');
  $node = Node::load(1);
  $node->setUnpublished();
  $node->save();
  $this->drupalGet('node/1');
  $assert_session->pageTextContains('You are not authorized to access this page');
  $this->drupalGet($private_href3);
  $assert_session->pageTextNotContains($this->getFileSecret($file3));
  $assert_session->pageTextContains('You are not authorized to access this page');
  $this->drupalGet('node/2/layout');
  $file4 = $this->createPrivateFile('drupal_4.txt');
  $this->addInlineFileBlockToLayout('The file', $file4);
  $this->assertSaveLayout();
  $this->drupalGet('node/2');
  $private_href4 = $this->getFileHrefAccessibleOnNode($file4);
  $this->createNewNodeRevision(2);
  // Remove the inline block with the private file.
  // The inline block will still be attached to the previous revision of the
  // node.
  $this->drupalGet('node/2/layout');
  $this->removeInlineBlockFromLayout();
  $this->assertSaveLayout();
  // Ensure that since the user cannot view the previous revision of the node
  // they can not view the file which is only used on that revision.
  $this->drupalGet($private_href4);
  $assert_session->pageTextContains('You are not authorized to access this page');
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.