On Sat, 18 Jun 2005, Kuba Zygmunt wrote:
After reading once more time, from Drupal.org site : Deliverables
* Build a few tests which exercise Drupal's access control mechanism. In particular, the user_access() function. Assure that the right page is shown when denied access.
I was thinking how to test Drupal. I've found two ways: One -> testing user_access function, by starting xxx_access (for ex. story_access) function in Drupal test unit. Second -> testing web response on specific request, in this way, I will have to simulate browser.
Right. I think the way the proposal is worded aims for the first.
Yesterday night I focused on story_access function. I write simple test which needs to be improved: function testStoryAccess() { global $user;
$tempUser = $user; // store global variable in a templ $op = 'create'; unset($user); // or $user =""; to delete global variable; $user->uid = 2; // $user_id $node->uid = 2; // $node_id $result = story_access($op, $node );
You are confusing two functions (which probably should be named differently). 1) user_access('foo') checks for a permission that a user has (or doesn't). 2) <module>_access($op, $node) is an implementation of a hook that allows to check for permissions that relate to specific nodes
$this->assertTrue($result, 'Bad access hook');
// przywroc usera $user = $tempUser; // restore global variable, }
so I can change $user->uid, and $node->uid, and $op (create, edit etc) to test behavior of story_access(), I can also put it in the loop to test all uids existing in our installation. But it isn't necessary, I think.
Depends.
Maybe the solution is to test all uid which belong to different roles.
That would be sufficient for user_access('foo') but not for the access hook as every user can have different access permissions that can be granted through a variety of ways (node provacy by role, taxonomy access, ...). Cheers, Gerhard