function FilePrivateTestCase::testPrivateFile
| 7.x file.test | FilePrivateTestCase::testPrivateFile() |
Tests file access for file uploaded to a private node.
File
- drupal-7.x/
modules/ file/ tests/ file.test, line 1138 - Tests for file.module.
Class
- FilePrivateTestCase
- Tests file access on private nodes.
Code
function testPrivateFile() {
// Use 'page' instead of 'article', so that the 'article' image field does
// not conflict with this test. If in the future the 'page' type gets its
// own default file or image field, this test can be made more robust by
// using a custom node type.
$type_name = 'page';
$field_name = strtolower($this->randomName());
$this->createFileField($field_name, $type_name, array('uri_scheme' => 'private'));
// Create a field with no view access - see field_test_field_access().
$no_access_field_name = 'field_no_view_access';
$this->createFileField($no_access_field_name, $type_name, array('uri_scheme' => 'private'));
$test_file = $this->getTestFile('text');
$nid = $this->uploadNodeFile($test_file, $field_name, $type_name, TRUE, array('private' => TRUE));
$node = node_load($nid, NULL, TRUE);
$node_file = (object) $node->{$field_name}[LANGUAGE_NONE][0];
// Ensure the file can be downloaded.
$this->drupalGet(file_create_url($node_file->uri));
$this->assertResponse(200, 'Confirmed that the generated URL is correct by downloading the shipped file.');
$this->drupalLogOut();
$this->drupalGet(file_create_url($node_file->uri));
$this->assertResponse(403, 'Confirmed that access is denied for the file without the needed permission.');
// Test with the field that should deny access through field access.
$this->drupalLogin($this->admin_user);
$nid = $this->uploadNodeFile($test_file, $no_access_field_name, $type_name, TRUE, array('private' => TRUE));
$node = node_load($nid, NULL, TRUE);
$node_file = (object) $node->{$no_access_field_name}[LANGUAGE_NONE][0];
// Ensure the file cannot be downloaded.
$this->drupalGet(file_create_url($node_file->uri));
$this->assertResponse(403, 'Confirmed that access is denied for the file without view field access permission.');
}