function FileFieldWidgetTestCase::testPrivateFileComment

7.x file.test FileFieldWidgetTestCase::testPrivateFileComment()

Tests that download restrictions on private files work on comments.

File

drupal-7.x/modules/file/tests/file.test, line 549: Tests for file.module.

Class

FileFieldWidgetTestCase: Tests file field widget.

Code

function testPrivateFileComment() {
  $user = $this->drupalCreateUser(array('access comments'));

  // Remove access comments permission from anon user.
  $edit = array(
    DRUPAL_ANONYMOUS_RID . '[access comments]' => FALSE,
  );
  $this->drupalPost('admin/people/permissions', $edit, t('Save permissions'));

  // Create a new field.
  $edit = array(
    'fields[_add_new_field][label]' => $label = $this->randomName(),
    'fields[_add_new_field][field_name]' => $name = strtolower($this->randomName()),
    'fields[_add_new_field][type]' => 'file',
    'fields[_add_new_field][widget_type]' => 'file_generic',
  );
  $this->drupalPost('admin/structure/types/manage/article/comment/fields', $edit, t('Save'));
  $edit = array('field[settings][uri_scheme]' => 'private');
  $this->drupalPost(NULL, $edit, t('Save field settings'));
  $this->drupalPost(NULL, array(), t('Save settings'));

  // Create node.
  $text_file = $this->getTestFile('text');
  $edit = array(
    'title' => $this->randomName(),
  );
  $this->drupalPost('node/add/article', $edit, t('Save'));
  $node = $this->drupalGetNodeByTitle($edit['title']);

  // Add a comment with a file.
  $text_file = $this->getTestFile('text');
  $edit = array(
    'files[field_' . $name . '_' . LANGUAGE_NONE . '_' . 0 . ']' => drupal_realpath($text_file->uri),
    'comment_body[' . LANGUAGE_NONE . '][0][value]' => $comment_body = $this->randomName(),
  );
  $this->drupalPost(NULL, $edit, t('Save'));

  // Get the comment ID.
  preg_match('/comment-([0-9]+)/', $this->getUrl(), $matches);
  $cid = $matches[1];

  // Log in as normal user.
  $this->drupalLogin($user);

  $comment = comment_load($cid);
  $comment_file = (object) $comment->{'field_' . $name}[LANGUAGE_NONE][0];
  $this->assertFileExists($comment_file, 'New file saved to disk on node creation.');
  // Test authenticated file download.
  $url = file_create_url($comment_file->uri);
  $this->assertNotEqual($url, NULL, 'Confirmed that the URL is valid');
  $this->drupalGet(file_create_url($comment_file->uri));
  $this->assertResponse(200, 'Confirmed that the generated URL is correct by downloading the shipped file.');

  // Test anonymous file download.
  $this->drupalLogout();
  $this->drupalGet(file_create_url($comment_file->uri));
  $this->assertResponse(403, 'Confirmed that access is denied for the file without the needed permission.');

  // Unpublishes node.
  $this->drupalLogin($this->admin_user);
  $edit = array(
    'status' => FALSE,
  );
  $this->drupalPost('node/' . $node->nid . '/edit', $edit, t('Save'));

  // Ensures normal user can no longer download the file.
  $this->drupalLogin($user);
  $this->drupalGet(file_create_url($comment_file->uri));
  $this->assertResponse(403, 'Confirmed that access is denied for the file without the needed permission.');
}