? node_access_test.patch
? modules/simpletest/tests/node_access_test.info
? modules/simpletest/tests/node_access_test.module
Index: modules/node/node.test
===================================================================
RCS file: /cvs/drupal/drupal/modules/node/node.test,v
retrieving revision 1.14
diff -u -p -r1.14 node.test
--- modules/node/node.test	9 Jan 2009 16:19:55 -0000	1.14
+++ modules/node/node.test	10 Jan 2009 10:24:25 -0000
@@ -598,4 +598,107 @@ class NodePostSettingsTestCase extends D
     $node = $this->drupalGetNodeByTitle($edit['title']);
     $this->assertNoRaw(theme('node_submitted', $node), t('Post information is not displayed.'));
   }
-}
\ No newline at end of file
+ 
+  class NodeAccessTestCase extends DrupalWebTestCase {
+    function getInfo() {
+      return array(
+        'name' => t('Node access'),
+        'description' => t('Check if the node access works'),
+        'group' => t('Node'),
+      );
+    }
+  
+    function setUp() {
+      parent::setUp('filter', 'node_access_test');
+    }
+  
+    /**
+     * Tests the node_access function.
+     */
+    function testNodeAccess() {
+      // Create a admin user, who has access to all content.
+      $admin_user = $this->drupalCreateUser(array('bypass node access'));
+      $web_user = $this->drupalCreateUser(array('access content'));
+      $web_user_2 = $this->drupalCreateUser(array('access content', 'administer filters'));
+  
+      // Create a user without access content perission.
+      // Remove access content for authenticated users!, because all users created  are authenticated.
+  
+      db_query("DELETE FROM {role_permission} WHERE rid = %d and permission = '%s'", 2, 'access content');
+      $web_user_no_access = $this->drupalCreateUser(array('access comments'));
+  
+      // Creates a test node which is unpublished.
+      $settings_1 = array(
+        'status' => 0,
+      );
+      $node_1 = $this->drupalCreateNode($settings_1);
+  
+      // Creates a normal test node.
+      $node_2 = $this->drupalCreateNode();
+  
+      // Creates a node of user web_user.
+      $settings_3 = array(
+        'status' => 0,
+        'uid' => $web_user->uid,
+        'format' => 1,
+      );
+      $node_3 = $this->drupalCreateNode($settings_3);
+  
+      $access_1 = node_access('view', $node_1, $admin_user);
+      $this->assertTrue($access_1, t('users with administer nodes should have access to every node'));
+  
+      $access_2 = node_access('view', $node_1, $web_user);
+      $this->assertFalse($access_2, t("users with normal access shouldn't be able to view unpublished nodes"));
+  
+      $access_3 = node_access('view', $node_2, $web_user_no_access);
+      $this->assertFalse($access_3, t("users with no access content should be able to view nodes"));
+  
+      $access_4 = node_access('view', NULL, $admin_user);
+      $this->assertFalse($access_4, t("an empty node object should always return FALSE"));
+  
+      $this->drupalLogin($admin_user);
+      $access_5 = node_access('view', $node_1);
+      $this->assertTrue($access_5, t('logged in user should be used, if no $account is passed to the function'));
+  
+      $access_6 = node_access('update', $node_2, $web_user);
+      $this->assertFalse($access_6, t("a user without filter permission should be not able to update"));
+  
+      $access_7 = node_access('view', $node_3, $web_user);
+      $this->assertTrue($access_7, t('a user should be able to see his own content, even if its unpublished'));
+  
+      // Tests node access with hook_access for custom content type.
+      // Creates a web user and a moderator.
+      $web_user = $this->drupalCreateUser(array('create node_access_test content', 'access content'));
+      $moderator = $this->drupalCreateUser(array('edit any node_access_test content'));
+  
+      $access_8 = node_access('create', 'node_access_test', $web_user);
+      $this->assertTrue($access_8, t('user with create permission for contenttyp is allowed to create a node'));
+      $access_9 = node_access('create', 'node_access_test', $moderator);
+      $this->assertFalse($access_9, t('user without create permission for contenttyp cannot create content'));
+  
+      $access_10 = node_access('update', $node_3, $web_user);
+      $this->assertFalse($access_10, t('user without edit own type permission cannot edit the node'));
+      $access_11 = node_access('update', $node_3, $moderator);
+      $this->assertTrue('update', t('user with edit all type permission can edit a nodetype'));
+  
+      // Test of node_access_grants.
+      // Creates another test node, which uses private
+      $web_user = $this->drupalCreateUser(array('create page content', 'edit own page content', 'access content'));
+      $moderator = $this->drupalCreateUser(array('access content', 'edit any page content'));
+      $settings_4 = array(
+        'status' => 1,
+        'uid' => $moderator->uid,
+      );
+      $node_4 = $this->drupalCreateNode($settings_4);
+  
+      $access_12 = node_access('view', $node_4, $web_user);
+      $this->assertTrue($access_12, t('Every user is able to view the node'));
+      $access_13 = node_access('view', $node_4, $moderator);
+      $this->assertTrue($access_13, t('Also the author is able to view the node'));
+      $access_14 = node_access('update', $node_4, $web_user);
+      $this->assertFalse($access_14, t('Only the author is able to update the node'));
+      $access_15 = node_access('update', $node_4, $moderator);
+      $this->assertTrue($access_15, t('Only the author is able to update the node'));
+    }
+  }
+}