The content access module ist important to work properly for us (especially concerning security), so I coded some Simpletests for this module (for the Drupal 5 version).

There are two test files: one does tests on content type access and per node access, the other one does tests in combination with the ACL module. Both use a parent class that provides some common functions.

I'm sorry, but I was not able to create a patch from the command line (because there is a new subdirectory "tests", the documentation on http://drupal.org/patch/create did not give information for that).

So just put the files in a new subdirectory "tests" in content_access (and rename the file "content_access_test_help.php_.txt" to "content_access_test_help.php")


klausi’s picture

Oh, I forgot: The test with the ACL module showed me a bug: if per node access is enabled and a user gets extra permissions on a node, these permissions remain active if per node access is deactivated again, but the special per user permissions should be disabled.

This means that at the moment 3 test assertions fail in the ACL module test.

fago’s picture

Status:Needs review» Needs work

indeed! I've just fixed that bug for 5.x.

Now all tests are running fine, thanks a lot! However I noticed when the acl module isn't available, the acl tests fail as it can't be activated. I think we need to handle this case somehow and skip the acl tests without producing false errors.

klausi’s picture

Status:Needs work» Needs review
new6.49 KB

I did some minor changes for the tests with the ACL module, they pass now when ACL module is not available. It was a little bit tricky, because I had to avoid calling drupalEnableModule(), which produces a test fail when a module could not be enabled.

I'm not completely happy with the solution, because preparing work in setUp() should not be done when the ACL module could not be enabled. It is done at the moment, because I was not able to find a way in PHP to access a grandparent class (something like parent::parent::setUp() and parent::parent::tearDown() would have been useful).

New ACL tests file as attachement below.

fago’s picture

Version:5.x-1.x-dev» 6.x-1.x-dev
Category:bug» task
Status:Needs review» Patch (to be ported)

thanks, committed to 5.x :)

Let's port this to d6 -> note that we have some new settings there to check ('edit OWN ..' instead of author..)

klausi’s picture

Status:Patch (to be ported)» Needs review
new5.8 KB
new3.88 KB
new10.85 KB

So finally here we are: I did a port of the 5.x tests to Drupal 6.

*) It was hard to get Simpletest 2.x for Drupal 6 working, I had to use the current development version (see #334278: SimpleTest fails with cURL 7.18.2 and MAMP 1.7.2)

*) I was not able to use the implicit content type creation of Simpletest 2.x (see #336377: Simpletest created content types are not accessible on the admin pages), so I did it manually again (as in the D5 tests)

*) The tests do not pass at the moment, because the functionality of the module somewhat changed. In the D5 version you could enable update/delete access on the content type and restrict it per node (for example a user role can update/delete all other nodes of a content type, but not the restricted node). Now update/delete access can not be unchecked (it is greyed out) per node if it is set on the content type. If this behavior is intended and a design decision we will have to change the tests.

I have attached the test files, copy content_access.test and content_access_test_help.php to your content_access module directory. Create a new subdirectory "tests" and put content_access_acl.test there.

fago’s picture

Status:Needs review» Needs work

>If this behavior is intended and a design decision we will have to change the tests.

Somehow yes. Now in d6 there are permissions for edit/delete content per type - so CA leverages these permissions instead of duplicating functionality. But the permissions behave in this point different: It's not possible to restrict access to a special node any more - that's why the checkboxes are disabled.

So I think we have to adapt the tests accordingly.

Then I think there is not test yet for the '$op OWN ..' settings, instead of the author? I think we need to test at least one case for it, e.g. allow the author view access when he has a certain role, then test with an author of this role and with one without this role.

klausi’s picture

Status:Needs work» Needs review
new3.92 KB
new5.8 KB
new12.83 KB

OK, I considered the new behavior and adapted the tests a little bit (by swapping permissions between nodes instead of content type and node). The current 6-1.x version should pass now all tests. There is also a new test function to check the view own content permission.

I know, the testfile is quite long, but I wanted to make sure that anonymous access to restricted content is never possible (checking it in many situations). However, these tests do not cover all possible states and permission combinations (this would be nearly impossible), but they can find common misbehavior of the module.

Testfiles are attached below, the ACL tests kept unchanged.

fago’s picture

Status:Needs review» Fixed

so, I finally got simpletest 6.x-2.x running.. Sry that it took so long.
Anyway, the tests are fine! Committed to 6.x-1.x-dev.


Status:Fixed» Closed (fixed)

Automatically closed -- issue fixed for two weeks with no activity.