Issue #1558478 follow-up by tim.plunkett, Berdir, chx: Fixed tests for SA-CORE-2012-002 - Access bypass - content administration.

1 files changed, 11 insertions, 3 deletions

diff --git a/modules/node/node.test b/modules/node/node.test
index 37d05e529..7080ce7ab 100644
--- a/modules/node/node.test
+++ b/modules/node/node.test
@@ -2030,9 +2030,9 @@ class NodeQueryAlter extends DrupalWebTestCase {
 
     // Create user with simple node access permission. The 'node test view'
     // permission is implemented and granted by the node_access_test module.
-    $this->accessUser = $this->drupalCreateUser(array('access content', 'node test view'));
-    $this->noAccessUser = $this->drupalCreateUser(array('access content'));
-    $this->noAccessUser2 = $this->drupalCreateUser(array('access content'));
+    $this->accessUser = $this->drupalCreateUser(array('access content overview', 'access content', 'node test view'));
+    $this->noAccessUser = $this->drupalCreateUser(array('access content overview', 'access content'));
+    $this->noAccessUser2 = $this->drupalCreateUser(array('access content overview', 'access content'));
   }
 
   /**
@@ -2045,11 +2045,19 @@ class NodeQueryAlter extends DrupalWebTestCase {
     $this->assertText('Yes, 4 nodes', "4 nodes were found for access user");
     $this->assertNoText('Exception', "No database exception");
 
+    // Test the content overview page.
+    $this->drupalGet('admin/content');
+    $table_rows = $this->xpath('//tbody/tr');
+    $this->assertEqual(4, count($table_rows), "4 nodes were found for access user");
+
     // Verify that a user with no access permission cannot see nodes.
     $this->drupalLogin($this->noAccessUser);
     $this->drupalGet('node_access_test_page');
     $this->assertText('No nodes', "No nodes were found for no access user");
     $this->assertNoText('Exception', "No database exception");
+
+    $this->drupalGet('admin/content');
+    $this->assertText(t('No content available.'));
   }
 
   /**