function BulkFormAccessTest::testNodeDeleteAccess

Same name in other branches
  1. 9 core/modules/node/tests/src/Functional/Views/BulkFormAccessTest.php \Drupal\Tests\node\Functional\Views\BulkFormAccessTest::testNodeDeleteAccess()
  2. 8.9.x core/modules/node/tests/src/Functional/Views/BulkFormAccessTest.php \Drupal\Tests\node\Functional\Views\BulkFormAccessTest::testNodeDeleteAccess()
  3. 11.x core/modules/node/tests/src/Functional/Views/BulkFormAccessTest.php \Drupal\Tests\node\Functional\Views\BulkFormAccessTest::testNodeDeleteAccess()

Tests if nodes that may not be deleted, can not be deleted in bulk.

File

core/modules/node/tests/src/Functional/Views/BulkFormAccessTest.php, line 144

Class

BulkFormAccessTest
Tests if entity access is respected on a node bulk operations form.

Namespace

Drupal\Tests\node\Functional\Views

Code

public function testNodeDeleteAccess() : void {
    // Create an account who will be the author of a private node.
    $author = $this->drupalCreateUser();
    // Create a private node (author may view, edit and delete, others may not).
    $private_node = $this->drupalCreateNode([
        'type' => 'article',
        'private' => [
            [
                'value' => TRUE,
            ],
        ],
        'uid' => $author->id(),
    ]);
    // Create an account that may view the private node, but not delete it.
    $account = $this->drupalCreateUser([
        'access content',
        'administer nodes',
        'delete own article content',
        'node test view',
    ]);
    // Create a node that may be deleted too, to ensure the delete confirmation
    // page is shown later. In node_access_test.module, nodes may only be
    // deleted by the author.
    $own_node = $this->drupalCreateNode([
        'type' => 'article',
        'private' => [
            [
                'value' => TRUE,
            ],
        ],
        'uid' => $account->id(),
    ]);
    $this->drupalLogin($account);
    // Ensure that the private node can not be deleted.
    $this->assertFalse($this->accessHandler
        ->access($private_node, 'delete', $account), 'The private node may not be deleted.');
    // Ensure that the public node may be deleted.
    $this->assertTrue($this->accessHandler
        ->access($own_node, 'delete', $account), 'The own node may be deleted.');
    // Try to delete the node using the bulk form.
    $edit = [
        'node_bulk_form[0]' => TRUE,
        'node_bulk_form[1]' => TRUE,
        'action' => 'node_delete_action',
    ];
    $this->drupalGet('test-node-bulk-form');
    $this->submitForm($edit, 'Apply to selected items');
    $this->submitForm([], 'Delete');
    // Ensure the private node still exists.
    $private_node = Node::load($private_node->id());
    $this->assertNotNull($private_node, 'The private node has not been deleted.');
    // Ensure the own node is deleted.
    $own_node = Node::load($own_node->id());
    $this->assertNull($own_node, 'The own node is deleted.');
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.