DrupalWebTestCase and changing permissions of authenticate user role
Hello all, I'm currently in the process of writing a 7.x patch to create the 'edit own comments' permission, to give admins the option to prohibit editing of comments. The functionality is working, but I would like to write a testcase for it, just to be complete. Here I found either a limitation of my understanding of the drupal testing framework, or a limitation of the framework itself. Because the 'edit own comments' permission is on by default, (the 'authenticated user' role has the permission checked by default), any user created with drupalCreateUser($roles) will inherit the right to edit their own comment. Therefore, I can't make a test that checks that a person gets a 403 when trying to edit their post without the right permissions, because I can't disable the permission in the testing environment. What I need, and can not find, is a function that will change the role_permission values for the 'authenticated user'-role, something like DrupalWebTestCase->drupalSetPermissions($role-id, $permissions). Am I right to conclude that this can't be done with the current state of the Drupal WebTestCase? If so, do you have an idea how to solve this in an other way, or should I just leave the testcase out of the patch? Thanks, Maarten
If you pass an array of permissions to drupalCreateUser() then it'll get those permissions, rather than the default ones for authenticated user. See the documentation here: http://drupal.org/node/265762 Nat On Mon, Aug 25, 2008 at 12:39 PM, Maarten van Grootel <mvgrootel@gmail.com>wrote:
Hello all,
I'm currently in the process of writing a 7.x patch to create the 'edit own comments' permission, to give admins the option to prohibit editing of comments. The functionality is working, but I would like to write a testcase for it, just to be complete. Here I found either a limitation of my understanding of the drupal testing framework, or a limitation of the framework itself.
Because the 'edit own comments' permission is on by default, (the 'authenticated user' role has the permission checked by default), any user created with drupalCreateUser($roles) will inherit the right to edit their own comment. Therefore, I can't make a test that checks that a person gets a 403 when trying to edit their post without the right permissions, because I can't disable the permission in the testing environment.
What I need, and can not find, is a function that will change the role_permission values for the 'authenticated user'-role, something like DrupalWebTestCase->drupalSetPermissions($role-id, $permissions).
Am I right to conclude that this can't be done with the current state of the Drupal WebTestCase? If so, do you have an idea how to solve this in an other way, or should I just leave the testcase out of the patch?
Thanks, Maarten
Hi Nat, That's not what it says, or at least not what's happening. It says that if null, it receives the default permissions stated in _drupalCreateRole() (which is array('access comments', 'access content', 'post comments', 'post comments without approval') according to http://api.drupal.org/api/file/modules/simpletest/drupal_web_test_case.php/7...). But, this does not influence the permissions every user receives by the hard coded Authenticated User role. Not directly, but by association/inheritance. This behavior is expected, because it's the Drupal way of permission inheritance. But to test the behavior I still need to find a way to alter the permissions not my newly created user+role, but of the global Authenticated User Role. You can try it by removing 'post comments' from row 27 of comment.test. You'd expect al sorts of failures, because you just made web_user not able to create comments, but everything passes effortlessly. So if anybody has a way to change permissions of the 2 default roles from within the testsuite, or has some other tips, it would be greatly appreciated. Maarten This is contrary to what you expect when you create a user with only 'access content' permissions. On Mon, Aug 25, 2008 at 2:46 PM, Nathaniel Catchpole <catch56@googlemail.com
wrote:
If you pass an array of permissions to drupalCreateUser() then it'll get those permissions, rather than the default ones for authenticated user. See the documentation here: http://drupal.org/node/265762
Nat
On Mon, Aug 25, 2008 at 12:39 PM, Maarten van Grootel <mvgrootel@gmail.com
wrote:
Hello all,
I'm currently in the process of writing a 7.x patch to create the 'edit own comments' permission, to give admins the option to prohibit editing of comments. The functionality is working, but I would like to write a testcase for it, just to be complete. Here I found either a limitation of my understanding of the drupal testing framework, or a limitation of the framework itself.
Because the 'edit own comments' permission is on by default, (the 'authenticated user' role has the permission checked by default), any user created with drupalCreateUser($roles) will inherit the right to edit their own comment. Therefore, I can't make a test that checks that a person gets a 403 when trying to edit their post without the right permissions, because I can't disable the permission in the testing environment.
What I need, and can not find, is a function that will change the role_permission values for the 'authenticated user'-role, something like DrupalWebTestCase->drupalSetPermissions($role-id, $permissions).
Am I right to conclude that this can't be done with the current state of the Drupal WebTestCase? If so, do you have an idea how to solve this in an other way, or should I just leave the testcase out of the patch?
Thanks, Maarten
Hmm. I think you're probably right. There's nothing stopping you from changing the permissions as part of your test though, you can visit admin/user/permissions and save the form with different values, or just delete the row from the permissions table directly with db_query(). That said, I'm not sure how much this is by design, or an omission in drupal_web_test_case, Nat On Mon, Aug 25, 2008 at 3:20 PM, Maarten van Grootel wrote:
Hi Nat,
That's not what it says, or at least not what's happening. It says that if null, it receives the default permissions stated in _drupalCreateRole() (which is array('access comments', 'access content', 'post comments', 'post comments without approval') according to http://api.drupal.org/api/file/modules/simpletest/drupal_web_test_case.php/7...). But, this does not influence the permissions every user receives by the hard coded Authenticated User role. Not directly, but by association/inheritance.
This behavior is expected, because it's the Drupal way of permission inheritance. But to test the behavior I still need to find a way to alter the permissions not my newly created user+role, but of the global Authenticated User Role. You can try it by removing 'post comments' from row 27 of comment.test. You'd expect al sorts of failures, because you just made web_user not able to create comments, but everything passes effortlessly.
You're right, I can just work around it. I have to admit that I didn't think of 'visiting' admin/user/permissions, but that's what this mailinglist is for. :) Thanks for your input, Maarten On Mon, Aug 25, 2008 at 4:45 PM, Nathaniel Catchpole <catch56@googlemail.com
wrote:
Hmm. I think you're probably right.
There's nothing stopping you from changing the permissions as part of your test though, you can visit admin/user/permissions and save the form with different values, or just delete the row from the permissions table directly with db_query().
That said, I'm not sure how much this is by design, or an omission in drupal_web_test_case,
Nat
On Mon, Aug 25, 2008 at 3:20 PM, Maarten van Grootel wrote:
Hi Nat,
That's not what it says, or at least not what's happening. It says that if null, it receives the default permissions stated in _drupalCreateRole() (which is array('access comments', 'access content', 'post comments', 'post comments without approval') according to http://api.drupal.org/api/file/modules/simpletest/drupal_web_test_case.php/7...). But, this does not influence the permissions every user receives by the hard coded Authenticated User role. Not directly, but by association/inheritance.
This behavior is expected, because it's the Drupal way of permission inheritance. But to test the behavior I still need to find a way to alter the permissions not my newly created user+role, but of the global Authenticated User Role. You can try it by removing 'post comments' from row 27 of comment.test. You'd expect al sorts of failures, because you just made web_user not able to create comments, but everything passes effortlessly.
participants (2)
-
Maarten van Grootel -
Nathaniel Catchpole