Issue CollaboraOnline#49: Test access for anonymous with permissions.

donquixote · Nov 12, 2024 · 05e0173 · 05e0173
1 parent acff921
commit 05e0173
Showing 1 changed file with 71 additions and 0 deletions.
diff --git a/tests/src/Kernel/CollaboraMediaAccessTest.php b/tests/src/Kernel/CollaboraMediaAccessTest.php
@@ -197,6 +197,77 @@ public function testCollaboraMediaAccess(): void {
         );
     }
 
+    /**
+     * Tests a scenario where the anonymous user has more permissions.
+     */
+    public function testAnonymousOwnAccess(): void {
+        user_role_grant_permissions(RoleInterface::ANONYMOUS_ID, [
+            'edit own document in collabora',
+        ]);
+
+        /** @var \Drupal\Core\Session\AccountInterface[] $accounts */
+        $accounts = [
+            'anonymous' => new AnonymousUserSession(),
+            'Emilia' => $this->createUser(),
+        ];
+
+        /** @var \Drupal\media\MediaInterface[] $media_entities */
+        $media_entities = [
+            // Set uid = 0 to verify that anonymous is not seen as the owner.
+            "published document" => $this->createMediaEntity('document', [
+                'uid' => 0,
+            ]),
+            "unpublished document" => $this->createMediaEntity('document', [
+                'uid' => 0,
+                'status' => 0,
+            ]),
+            "Emilia's published document" => $this->createMediaEntity('document', [
+                'uid' => $accounts['Emilia']->id(),
+            ]),
+            "Emilia's unpublished document" => $this->createMediaEntity('document', [
+                'uid' => $accounts['Emilia']->id(),
+                'status' => 0,
+            ]),
+        ];
+
+        $this->assertEntityAccess(
+            [
+                'anonymous' => [],
+                'Emilia' => [],
+            ],
+            $accounts,
+            $media_entities,
+            [
+                'preview in collabora',
+                'edit in collabora',
+            ],
+        );
+
+        user_role_grant_permissions(RoleInterface::ANONYMOUS_ID, [
+            'preview document in collabora',
+            'edit any document in collabora',
+        ]);
+        drupal_flush_all_caches();
+
+        $this->assertEntityAccess(
+            [
+                'anonymous' => [
+                    "published document" => ['preview in collabora', 'edit in collabora'],
+                    "unpublished document" => ['preview in collabora', 'edit in collabora'],
+                    "Emilia's published document" => ['preview in collabora', 'edit in collabora'],
+                    "Emilia's unpublished document" => ['preview in collabora', 'edit in collabora'],
+                ],
+                'Emilia' => [],
+            ],
+            $accounts,
+            $media_entities,
+            [
+                'preview in collabora',
+                'edit in collabora',
+            ],
+        );
+    }
+
     /**
      * Asserts which users can access which entity operations.
      *