diff --git a/entity.test b/entity.test index 746713e..3ba8861 100644 --- a/entity.test +++ b/entity.test @@ -1619,3 +1619,64 @@ class EntityMetadataIntegrationTestCase extends EntityWebTestCase { } } } + +class EntityMetadataCreateAccesTest extends EntityWebTestCase { + + public static function getInfo() { + return array( + 'name' => 'Metadata Create Access', + 'description' => 'Makes sure metadata wrapper are working right.', + 'group' => 'Entity API', + ); + } + + function setUp() { + parent::setUp('entity', 'locale'); + } + + public function testNodeWrapperCreateAccess() { + // Create three users. One with super-powers, one with create perms, + // and one with no perms. + $admin_account = $this->drupalCreateUser(array( + 'bypass node access', + )); + $creator_account = $this->drupalCreateUser(array( + 'create page content', + )); + $auth_only_account = $this->drupalCreateUser(array()); + $node_author_account = $this->drupalCreateUser(array()); + + $settings = array( + 'uid' => $node_author_account->uid, + 'type' => 'page', + 'title' => $this->randomName(32), + 'body' => array(LANGUAGE_NONE => array(array($this->randomName(64)))), + ); + $node = $this->drupalCreateNode($settings); + + // First try the callbacks alone. + $this->assertTrue(entity_metadata_no_hook_node_access('create', $node, $admin_account), 'Create access allowed for ADMIN, for node callback.'); + $this->assertTrue(entity_metadata_no_hook_node_access('create', $node, $creator_account), 'Create access allowed for CREATOR, for node callback.'); + $this->assertFalse(entity_metadata_no_hook_node_access('create', $node, $auth_only_account), 'Create access denied for USER, for node callback.'); + + // Now try the populated wrapper. + $wrapper = entity_metadata_wrapper('node', $node); + $this->assertTrue($wrapper->entityAccess('create', $admin_account), + 'Create access allowed for ADMIN, for populated wrapper.'); + $this->assertTrue($wrapper->entityAccess('create', $creator_account), + 'Create access allowed for CREATOR, for populated wrapper.'); + $this->assertFalse($wrapper->entityAccess('create', $auth_only_account), + 'Create access denied for USER, for populated wrapper.'); + + // Now try the empty wrapper. + // Please try to make this set of assertions fail testing. + $wrapper = entity_metadata_wrapper('node', NULL, array('bundle' => 'page')); + $this->assertFalse($wrapper->entityAccess('create', $admin_account), + 'Create access denied for ADMIN, for empty wrapper.'); + $this->assertFalse($wrapper->entityAccess('create', $creator_account), + 'Create access denied for CREATOR, for empty wrapper.'); + $this->assertFalse($wrapper->entityAccess('create', $auth_only_account), + 'Create access denied for USER, for empty wrapper.'); + } + +} diff --git a/modules/callbacks.inc b/modules/callbacks.inc index 304f53f..f6c4308 100644 --- a/modules/callbacks.inc +++ b/modules/callbacks.inc @@ -612,8 +612,22 @@ function entity_metadata_field_file_validate_item($items, $context) { * * This function does not implement hook_node_access(), thus it may not be * called entity_metadata_node_access(). + * + * Invoked by entity_access(). + * + * Due to the way this API is designed, if $op is 'create' and $node is NULL, + * then access will always be FALSE. */ function entity_metadata_no_hook_node_access($op, $node = NULL, $account = NULL) { + if ('create' == $op) { + if (is_object($node)) { + if ((isset($node->nid)) && (isset($node->type))) { + return node_access($op, $node->type, $account); + } + } + // No way of telling what the bundle is, so we can't ask node_access(). + return FALSE; + } if (isset($node)) { // If a non-default revision is given, incorporate revision access. $default_revision = node_load($node->nid);