'Islandora Manage Permissions', 'description' => 'Ensure the manage tab is shown based on the corrent permissions.', 'group' => 'Islandora', ); } /** * Prepares enviroment for testing. * * @see IslandoraWebTestCase::setUp() */ public function setUp() { parent::setUp(array('islandora')); } /** * Test manage permissions. */ public function testManagePermissions() { // Test permission ISLANDORA_VIEW_OBJECTS. // Create a user with permission. $user = $this->drupalCreateUser(array(ISLANDORA_VIEW_OBJECTS)); // Log the user in. $this->drupalLogin($user); $this->clickLink(t('Islandora Repository')); $this->assertNoLink('Manage', 'Manage tab is not on current page.'); // Test permission ISLANDORA_VIEW_OBJECTS, ISLANDORA_MANAGE_PROPERTIES. $user = $this->drupalCreateUser(array(ISLANDORA_VIEW_OBJECTS, ISLANDORA_MANAGE_PROPERTIES)); $this->drupalLogin($user); $this->clickLink(t('Islandora Repository')); $this->assertLink('Manage', 0, 'Manage tab is on current page.'); $this->clickLink(t('Manage')); $this->assertLink('Properties', 0, 'Properties tab is on current page.'); $this->assertNoLink('Datastreams', 'Datastreams tab is not on current page.'); $this->assertNoLink('Collection', 'Collection tab is not on current page.'); // Test permission ISLANDORA_VIEW_OBJECTS, ISLANDORA_ADD_DS. $user = $this->drupalCreateUser(array(ISLANDORA_VIEW_OBJECTS, ISLANDORA_ADD_DS)); $this->drupalLogin($user); $this->clickLink(t('Islandora Repository')); $this->assertLink('Manage', 0, 'Manage tab is on current page.'); $this->clickLink(t('Manage')); $this->assertLink('Datastreams', 0, 'Datastreams tab is on current page.'); $this->assertNoLink('Properties', 'Properties tab is not on current page.'); $this->assertNoLink('Collection', 'Collection tab is not on current page.'); // Test permission ISLANDORA_VIEW_OBJECTS, ISLANDORA_METADATA_EDIT. $user = $this->drupalCreateUser(array(ISLANDORA_VIEW_OBJECTS, ISLANDORA_METADATA_EDIT)); $this->drupalLogin($user); $this->clickLink(t('Islandora Repository')); $this->assertLink('Manage', 0, 'Manage tab is on current page.'); $this->clickLink(t('Manage')); $this->assertLink('Datastreams', 0, 'Datastreams tab is on current page.'); $this->assertNoLink('Properties', 'Properties tab is not on current page.'); $this->assertNoLink('Collection', 'Collection tab is not on current page.'); // Test permission ISLANDORA_VIEW_OBJECTS, ISLANDORA_PURGE. $user = $this->drupalCreateUser(array(ISLANDORA_VIEW_OBJECTS, ISLANDORA_PURGE)); $this->drupalLogin($user); $this->clickLink(t('Islandora Repository')); $this->assertLink('Manage', 0, 'Manage tab is on current page.'); $this->clickLink(t('Manage')); $this->assertLink('Datastreams', 0, 'Datastreams tab is on current page.'); $this->assertNoLink('Properties', 'Properties tab is not on current page.'); $this->assertNoLink('Collection', 'Collection tab is not on current page.'); } /** * Test generic access functions. * * Note that we can't test with the Global user as SimpleTest doesn't support * it. Therefore we can't test the authtoken support. */ public function testAccessFunctions() { $object = islandora_object_load(variable_get('islandora_repository_pid', 'islandora:root')); // Test islandora_user_access(). // Test no object/permissions. $ret = islandora_user_access(NULL, array()); $this->assertFalse($ret, 'User access denied when no object/permissions are provided.'); // Test with object no permissions. $ret = islandora_user_access($object, array()); $this->assertFalse($ret, 'User access denied when no permissions are provided.'); // Test access with matching permission. $user = $this->drupalCreateUser(array(ISLANDORA_VIEW_OBJECTS)); $ret = islandora_user_access($object, array(ISLANDORA_VIEW_OBJECTS), array(), TRUE, $user); $this->assertTrue($ret, 'User access granted when permissions match.'); // Test access with matching permission but access any is FALSE. $user = $this->drupalCreateUser(array(ISLANDORA_VIEW_OBJECTS)); $ret = islandora_user_access($object, array(ISLANDORA_VIEW_OBJECTS, ISLANDORA_PURGE), array(), FALSE, $user); $this->assertFalse($ret, 'User access denied for matching permission but with access any set to FALSE.'); // Test access with non-matching permission. $user = $this->drupalCreateUser(array(ISLANDORA_PURGE)); $ret = islandora_user_access($object, array(ISLANDORA_VIEW_OBJECTS), array(), TRUE, $user); $this->assertFalse($ret, 'User access denied when permissions did not match.'); // Test access with both permissions and content model. $user = $this->drupalCreateUser(array(ISLANDORA_VIEW_OBJECTS)); $model = $object->models; $model = reset($model); $ret = islandora_user_access($object, array(ISLANDORA_VIEW_OBJECTS), array($model), TRUE, $user); $this->assertTrue($ret, 'User access granted for matching permission and model.'); // Test access with matching permissions and non-matching content model. $user = $this->drupalCreateUser(array(ISLANDORA_VIEW_OBJECTS)); $ret = islandora_user_access($object, array(ISLANDORA_VIEW_OBJECTS), array('islandora:obviouslyNotACModel'), TRUE, $user); $this->assertFalse($ret, 'User access denied for matching permission and non-matching model.'); // Test access with all matching permissions and one matching model but // access any is FALSE. $user = $this->drupalCreateUser(array(ISLANDORA_VIEW_OBJECTS, ISLANDORA_PURGE)); $model = $object->models; $model = reset($model); $ret = islandora_user_access($object, array(ISLANDORA_VIEW_OBJECTS, ISLANDORA_PURGE), array($model, 'islandora:obviouslyNotACModel'), FALSE, $user); $this->assertFalse($ret, 'User access denied for all matching permissions and one matching model but with access any set to FALSE.'); $ret = islandora_user_access($object, array(ISLANDORA_VIEW_OBJECTS, ISLANDORA_PURGE), array($model), FALSE, $user); $this->assertTrue($ret, 'User access granted for all matching permissions and matching models with access any set to FALSE.'); // Test passing in a Datastream. $user = $this->drupalCreateUser(array(ISLANDORA_VIEW_OBJECTS, ISLANDORA_PURGE)); $ret = islandora_user_access($object['DC'], array(ISLANDORA_VIEW_OBJECTS), array(), TRUE, $user); $this->assertTrue($ret, 'User access granted for matching permissions, with a datastream given instead of an object.'); } }