1 files changed, 150 insertions, 0 deletions
diff --git a/modules/node/node.test b/modules/node/node.test
index 8a871c0c7..56a2d3426 100644
--- a/modules/node/node.test
+++ b/modules/node/node.test
@@ -969,6 +969,156 @@ class NodeAccessRecordsUnitTest extends DrupalWebTestCase {
 }
 
 /**
+ * Tests for Node Access with a non-node base table.
+ */
+class NodeAccessBaseTableTestCase extends DrupalWebTestCase {
+
+  public static function getInfo() {
+    return array(
+      'name' => 'Node Access on any table',
+      'description' => 'Checks behavior of the node access subsystem if the base table is not node.',
+      'group' => 'Node',
+    );
+  }
+
+  /**
+   * Enable modules and create user with specific permissions.
+   */
+  public function setUp() {
+    parent::setUp('node_access_test');
+    node_access_rebuild();
+    variable_set('node_access_test_private', TRUE);
+  }
+
+  /**
+   * Test the "private" node access.
+   *
+   * - Create 2 users with "access content" and "create article" permissions.
+   * - Each user creates one private and one not private article.
+
+   * - Test that each user can view the other user's non-private article.
+   * - Test that each user cannot view the other user's private article.
+   * - Test that each user finds only appropriate (non-private + own private)
+   *   in taxonomy listing.
+   * - Create another user with 'view any private content'.
+   * - Test that user 4 can view all content created above.
+   * - Test that user 4 can view all content on taxonomy listing.
+   */
+  function testNodeAccessBasic() {
+    $num_simple_users = 2;
+    $simple_users = array();
+
+    // nodes keyed by uid and nid: $nodes[$uid][$nid] = $is_private;
+    $this->nodesByUser = array();
+    $titles = array(); // Titles keyed by nid
+    $private_nodes = array(); // Array of nids marked private.
+    for ($i = 0; $i < $num_simple_users; $i++) {
+      $simple_users[$i] = $this->drupalCreateUser(array('access content', 'create article content'));
+    }
+    foreach ($simple_users as $this->webUser) {
+      $this->drupalLogin($this->webUser);
+      foreach (array(0 => 'Public', 1 => 'Private') as $is_private => $type) {
+        $edit = array(
+          'title' => t('@private_public Article created by @user', array('@private_public' => $type, '@user' => $this->webUser->name)),
+        );
+        if ($is_private) {
+          $edit['private'] = TRUE;
+          $edit['body[und][0][value]'] = 'private node';
+          $edit['field_tags[und]'] = 'private';
+        }
+        else {
+          $edit['body[und][0][value]'] = 'public node';
+          $edit['field_tags[und]'] = 'public';
+        }
+
+        $this->drupalPost('node/add/article', $edit, t('Save'));
+        $nid = db_query('SELECT nid FROM {node} WHERE title = :title', array(':title' => $edit['title']))->fetchField();
+        $private_status = db_query('SELECT private FROM {node_access_test} where nid = :nid', array(':nid' => $nid))->fetchField();
+        $this->assertTrue($is_private == $private_status, t('The private status of the node was properly set in the node_access_test table.'));
+        if ($is_private) {
+          $private_nodes[] = $nid;
+        }
+        $titles[$nid] = $edit['title'];
+        $this->nodesByUser[$this->webUser->uid][$nid] = $is_private;
+      }
+    }
+    $this->publicTid = db_query('SELECT tid FROM {taxonomy_term_data} WHERE name = :name', array(':name' => 'public'))->fetchField();
+    $this->privateTid = db_query('SELECT tid FROM {taxonomy_term_data} WHERE name = :name', array(':name' => 'private'))->fetchField();
+    $this->assertTrue($this->publicTid, t('Public tid was found'));
+    $this->assertTrue($this->privateTid, t('Private tid was found'));
+    foreach ($simple_users as $this->webUser) {
+      $this->drupalLogin($this->webUser);
+      // Check own nodes to see that all are readable.
+      foreach ($this->nodesByUser as $uid => $data) {
+        foreach ($data as $nid => $is_private) {
+          $this->drupalGet('node/' . $nid);
+          if ($is_private) {
+            $should_be_visible = $uid == $this->webUser->uid;
+          }
+          else {
+            $should_be_visible = TRUE;
+          }
+          $this->assertResponse($should_be_visible ? 200 : 403, strtr('A %private node by user %uid is %visible for user %current_uid.', array(
+            '%private' => $is_private ? 'private' : 'public',
+            '%uid' => $uid,
+            '%visible' => $should_be_visible ? 'visible' : 'not visible',
+            '%current_uid' => $this->webUser->uid,
+          )));
+        }
+      }
+
+      // Check to see that the correct nodes are shown on taxonomy/private
+      // and taxonomy/public.
+      $this->assertTaxonomyPage(FALSE);
+    }
+
+    // Now test that a user with 'access any private content' can view content.
+    $access_user = $this->drupalCreateUser(array('access content', 'create article content', 'node test view', 'search content'));
+    $this->drupalLogin($access_user);
+
+    foreach ($this->nodesByUser as $uid => $private_status) {
+      foreach ($private_status as $nid => $is_private) {
+        $this->drupalGet('node/' . $nid);
+        $this->assertResponse(200);
+      }
+    }
+
+    // This user should be able to see all of the nodes on the relevant
+    // taxonomy pages.
+    $this->assertTaxonomyPage(TRUE);
+  }
+
+  protected function assertTaxonomyPage($super) {
+    foreach (array($this->publicTid, $this->privateTid) as $tid_is_private => $tid) {
+      $this->drupalGet("taxonomy/term/$tid");
+      $this->nids_visible = array();
+      foreach ($this->xpath("//a[text()='Read more']") as $link) {
+        $this->assertTrue(preg_match('|node/(\d+)$|', (string) $link['href'], $matches), 'Read more points to a node');
+        $this->nids_visible[$matches[1]] = TRUE;
+      }
+      foreach ($this->nodesByUser as $uid => $data) {
+        foreach ($data as $nid => $is_private) {
+          // Private nodes should be visible on the private term page,
+          // public nodes should be visible on the public term page.
+          $should_be_visible = $tid_is_private == $is_private;
+          // Non-superusers on the private page can only see their own nodes.
+          if (!$super && $tid_is_private) {
+            $should_be_visible = $should_be_visible && $uid == $this->webUser->uid;
+          }
+          $this->assertIdentical(isset($this->nids_visible[$nid]), $should_be_visible, strtr('A %private node by user %uid is %visible for user %current_uid on the %tid_is_private page.', array(
+            '%private' => $is_private ? 'private' : 'public',
+            '%uid' => $uid,
+            '%visible' => isset($this->nids_visible[$nid]) ? 'visible' : 'not visible',
+            '%current_uid' => $this->webUser->uid,
+            '%tid_is_private' => $tid_is_private ? 'private' : 'public',
+          )));
+        }
+      }
+    }
+  }
+}
+
+/**
  * Test case to check node save related functionality, including import-save
  */
 class NodeSaveTestCase extends DrupalWebTestCase {