Index: modules/node/node.test
===================================================================
RCS file: /cvs/drupal/drupal/modules/node/node.test,v
retrieving revision 1.22
diff -u -p -r1.22 node.test
--- modules/node/node.test	25 Apr 2009 17:52:43 -0000	1.22
+++ modules/node/node.test	25 Apr 2009 20:41:53 -0000
@@ -716,3 +716,109 @@ class NodeSaveTestCase extends DrupalWeb
     $this->assertTrue($node_by_title, t('Node load by node title.'));
   }
 }
+
+/**
+ * Tests the node access system.
+ */
+class NodeAccessTestCase extends DrupalWebTestCase {
+  function getInfo() {
+    return array(
+      'name' => t('Node access'),
+      'description' => t('Check if the node access works'),
+      'group' => t('Node'),
+    );
+  }
+
+  function setUp() {
+    parent::setUp('filter', 'node_access_test');
+  }
+
+  /**
+   * Tests the node_access function.
+   */
+  function testNodeAccess() {
+    // Create a admin user, who has access to all content.
+    $admin_user = $this->drupalCreateUser(array('bypass node access'));
+    $web_user = $this->drupalCreateUser(array('access content'));
+    $web_user_2 = $this->drupalCreateUser(array('access content', 'administer filters'));
+
+    // Create a user without access content perission.
+    // Remove access content for authenticated users!, because all users created  are authenticated.
+
+    db_query("DELETE FROM {role_permission} WHERE rid = %d and permission = '%s'", 2, 'access content');
+    $web_user_no_access = $this->drupalCreateUser(array('access comments'));
+
+    // Creates a test node which is unpublished.
+    $settings_1 = array(
+      'status' => 0,
+    );
+    $node_1 = $this->drupalCreateNode($settings_1);
+
+    // Creates a normal test node.
+    $node_2 = $this->drupalCreateNode();
+
+    // Creates a node of user web_user.
+    $settings_3 = array(
+      'status' => 0,
+      'uid' => $web_user->uid,
+      'format' => 1,
+    );
+    $node_3 = $this->drupalCreateNode($settings_3);
+
+    $access_1 = node_access('view', $node_1, $admin_user);
+    $this->assertTrue($access_1, t('users with administer nodes should have access to every node'));
+
+    $access_2 = node_access('view', $node_1, $web_user);
+    $this->assertFalse($access_2, t("users with normal access shouldn't be able to view unpublished nodes"));
+
+    $access_3 = node_access('view', $node_2, $web_user_no_access);
+    $this->assertFalse($access_3, t("users with no access content should be able to view nodes"));
+
+    $access_4 = node_access('view', NULL, $admin_user);
+    $this->assertFalse($access_4, t("an empty node object should always return FALSE"));
+
+    $this->drupalLogin($admin_user);
+    $access_5 = node_access('view', $node_1);
+    $this->assertTrue($access_5, t('logged in user should be used, if no $account is passed to the function'));
+
+    $access_6 = node_access('update', $node_2, $web_user);
+    $this->assertFalse($access_6, t("a user without filter permission should be not able to update"));
+
+    $access_7 = node_access('view', $node_3, $web_user);
+    $this->assertTrue($access_7, t('a user should be able to see his own content, even if its unpublished'));
+
+    // Tests node access with hook_access for custom content type.
+    // Creates a web user and a moderator.
+    $web_user = $this->drupalCreateUser(array('create node_access_test content', 'access content'));
+    $moderator = $this->drupalCreateUser(array('edit any node_access_test content'));
+
+    $access_8 = node_access('create', 'node_access_test', $web_user);
+    $this->assertTrue($access_8, t('user with create permission for contenttyp is allowed to create a node'));
+    $access_9 = node_access('create', 'node_access_test', $moderator);
+    $this->assertFalse($access_9, t('user without create permission for contenttyp cannot create content'));
+
+    $access_10 = node_access('update', $node_3, $web_user);
+    $this->assertFalse($access_10, t('user without edit own type permission cannot edit the node'));
+    $access_11 = node_access('update', $node_3, $moderator);
+    $this->assertTrue('update', t('user with edit all type permission can edit a nodetype'));
+
+    // Test of node_access_grants.
+    // Creates another test node, which uses private
+    $web_user = $this->drupalCreateUser(array('create page content', 'edit own page content', 'access content'));
+    $moderator = $this->drupalCreateUser(array('access content', 'edit any page content'));
+    $settings_4 = array(
+      'status' => 1,
+      'uid' => $moderator->uid,
+    );
+    $node_4 = $this->drupalCreateNode($settings_4);
+
+    $access_12 = node_access('view', $node_4, $web_user);
+    $this->assertTrue($access_12, t('Every user is able to view the node'));
+    $access_13 = node_access('view', $node_4, $moderator);
+    $this->assertTrue($access_13, t('Also the author is able to view the node'));
+    $access_14 = node_access('update', $node_4, $web_user);
+    $this->assertFalse($access_14, t('Only the author is able to update the node'));
+    $access_15 = node_access('update', $node_4, $moderator);
+    $this->assertTrue($access_15, t('Only the author is able to update the node'));
+  }
+}
Index: modules/simpletest/tests/node_access_test.info
===================================================================
RCS file: modules/simpletest/tests/node_access_test.info
diff -N modules/simpletest/tests/node_access_test.info
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ modules/simpletest/tests/node_access_test.info	25 Apr 2009 20:41:53 -0000
@@ -0,0 +1,8 @@
+; $Id$
+name = "node_access test"
+description = "Support module for node_access testing."
+package = Testing
+version = VERSION
+core = 7.x
+files[] = node_access_test.module
+hidden = TRUE
Index: modules/simpletest/tests/node_access_test.module
===================================================================
RCS file: modules/simpletest/tests/node_access_test.module
diff -N modules/simpletest/tests/node_access_test.module
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ modules/simpletest/tests/node_access_test.module	25 Apr 2009 20:41:53 -0000
@@ -0,0 +1,65 @@
+<?php
+// $Id$
+
+/**
+ * Implementation of hook_node_info().
+ */
+function node_access_test_node_info() {
+  return array(
+    'node_access_test' => array(
+      'name' => t('node_access type'),
+      'base' => 'node_access_test',
+      'description' => t('this is a node type for test the node_access function'),
+    ),
+  );
+}
+
+/**
+ * Implementation of hook_perm().
+ */
+function node_access_test_perm() {
+  return node_list_permissions('node_access_test');
+}
+
+/**
+ * Implementation of hook_access().
+ */
+function node_access_test_access($op, $node, $account) {
+  switch ($op) {
+    case 'create':
+      // Anonymous users cannot post even if they have the permission.
+      return user_access('create node_access_test content', $account) && $account->uid;
+    case 'update':
+      return user_access('edit any node_access_test content', $account) || (user_access('edit own node_access_test content', $account) && ($node->uid == $account->uid));
+    case 'delete':
+      return user_access('delete any node_access_test content', $account) || (user_access('delete own node_access_test content', $account) && ($node->uid == $account->uid));
+  }
+}
+
+/**
+ * Implementation of hook_node_access_records().
+ */
+function node_access_test_node_access_records($node) {
+  $grants = array();
+  $grants[] = array(
+    'realm' => 'node_access_test',
+    'gid' => TRUE,
+    'grant_view' => TRUE,
+    'grant_update' => FALSE,
+    'grant_delete' => FALSE,
+    'priority' => 0,
+  );
+
+  // For the node_access_test_author array, the GID is equivalent to a UID,
+  // which means there are many many groups of just 1 user.
+  $grants[] = array(
+    'realm' => 'node_access_test_author',
+    'gid' => $node->uid,
+    'grant_view' => TRUE,
+    'grant_update' => TRUE,
+    'grant_delete' => TRUE,
+    'priority' => 0,
+  );
+
+  return $grants;
+}