'Organic groups field access', 'description' => 'Test the access control on fields.', 'group' => 'Organic groups field access', ); } function setUp() { parent::setUp('og_field_access'); } /** * Group with access field. */ function testOgFieldAccess() { $user1 = $this->drupalCreateUser(); $user2 = $this->drupalCreateUser(); $this->drupalLogin($user1); $global_roles = og_get_global_roles(); // Set global permissions. $anon_rid = array_search(OG_ANONYMOUS_ROLE, $global_roles); $permissions = array( 'view body field' => 0, 'update body field' => 0, // Allow non-members to edit the group, so we can test the node-edit page. 'update group' => 1, ); og_user_role_change_permissions($anon_rid, $permissions); // Create group and group content node types. $group_type = $this->drupalCreateContentType(); og_create_field(OG_GROUP_FIELD, 'node', $group_type->type); $group_content_type = $this->drupalCreateContentType(); og_create_field(OG_AUDIENCE_FIELD, 'node', $group_content_type->type); $this->drupalLogin($user1); // Create a group node. $settings = array(); $settings['type'] = $group_type->type; $settings[OG_GROUP_FIELD][LANGUAGE_NONE][0]['value'] = 1; $node = $this->drupalCreateNode($settings); $group = og_get_group('node', $node->nid); // Assert another user is not a group member. $this->drupalLogin($user2); $this->assertFalse(og_is_member($group->gid, 'user', $user2), t('User is not a group member.')); // Assert user can't view the field. $this->drupalGet('node/' . $node->nid); $this->assertResponse('200', t('Non group member can view node.')); $this->assertNoText($node->body[LANGUAGE_NONE][0]['value'], t('User can not view field.')); // Change permissions and assert user can view the field. $permissions['view body field'] = 1; og_user_role_change_permissions($anon_rid, $permissions); $this->drupalGet('node/' . $node->nid); $this->assertText($node->body[LANGUAGE_NONE][0]['value'], t('User can now view field.')); // Assert user can't edit the field. $this->drupalGet('node/' . $node->nid . '/edit'); $this->assertResponse('200', t('Non group member can view node.')); $this->assertNoText($node->body[LANGUAGE_NONE][0]['value'], t('User can not edit field.')); // Change permissions and assert user can view the field. $permissions['update body field'] = 1; og_user_role_change_permissions($anon_rid, $permissions); $this->drupalGet('node/' . $node->nid . '/edit'); $this->assertText($node->body[LANGUAGE_NONE][0]['value'], t('User can now edit field.')); // Assert field permissions on group content. $permissions['view body field'] = 0; og_user_role_change_permissions($anon_rid, $permissions); $settings = array(); $settings['type'] = $group_content_type->type; $settings[OG_AUDIENCE_FIELD][LANGUAGE_NONE][0]['gid'] = $group->gid; $settings['uid'] = $user1->uid; $node = $this->drupalCreateNode($settings); $this->drupalLogin($user1); $this->drupalGet('node/' . $node->nid); $this->assertText($node->body[LANGUAGE_NONE][0]['value'], t('Group member can view field of a group content.')); $this->drupalLogin($user2); $this->drupalGet('node/' . $node->nid); $this->assertNoText($node->body[LANGUAGE_NONE][0]['value'], t('Non member can not view field of a group content.')); // Assert field permissions on orphan group content. $settings = array(); $settings['type'] = $group_content_type->type; $settings['uid'] = $user1->uid; $node = $this->drupalCreateNode($settings); $this->drupalGet('node/' . $node->nid); $this->assertText($node->body[LANGUAGE_NONE][0]['value'], t('Non member can view field of an orphan group content.')); // Assert fields of nodes not related to OG are not being restricted. $user3 = $this->drupalCreateUser(array( 'access content', 'create page content', 'edit any page content', )); $this->drupalLogin($user3); $node = $this->drupalCreateNode(); $this->drupalGet('node/' . $node->nid); $this->assertText($node->body[LANGUAGE_NONE][0]['value'], t('User can view field of content not related to Organic groups.')); $this->drupalGet('node/' . $node->nid . '/edit'); $this->assertText($node->body[LANGUAGE_NONE][0]['value'], t('User can edit field of content not related to Organic groups.')); } }