[drupal-devel] [SimpleTest] preparing to test xxxxx_access hook

Gerhard Killesreiter killesreiter at physik.uni-freiburg.de
Sun Jun 19 09:38:22 UTC 2005 


On Sat, 18 Jun 2005, Kuba Zygmunt wrote:

> After reading once more time, from Drupal.org site :
> Deliverables
>
>    * Build a few tests which exercise Drupal's access control
> mechanism. In particular,
>      the user_access() function. Assure that the right page is shown
> when denied
>      access.
>
> I was thinking how to test Drupal. I've found two ways:
>  One -> testing user_access function, by starting xxx_access (for ex.
> story_access) function in Drupal test unit.
>  Second -> testing web response on specific request, in this way, I
> will have to simulate browser.

Right. I think the way the proposal is worded aims for the first.

> Yesterday night I focused on story_access function. I write simple
> test which needs to be improved:
> function testStoryAccess() {
>    global $user;
>
>        $tempUser = $user; // store global variable in a templ
>        $op = 'create';
>        unset($user);  // or $user =""; to delete global variable;
>        $user->uid = 2; // $user_id
>        $node->uid = 2; // $node_id
>        $result = story_access($op, $node );

You are confusing two functions (which probably should be named
differently).

1) user_access('foo') checks for a permission that a user has (or
doesn't).
2) <module>_access($op, $node) is an implementation of a hook that
allows to check for permissions that relate to specific nodes

>
>
>        $this->assertTrue($result, 'Bad access hook');
>
>        // przywroc usera
>        $user = $tempUser; // restore global variable,
>  }
>
> so I can change $user->uid, and $node->uid, and $op (create, edit etc)
>  to test behavior of story_access(), I can also put it in the loop to
> test all uids existing in our installation. But it isn't necessary, I
> think.

Depends.

> Maybe the solution is to test all uid which belong to different
> roles.

That would be sufficient for user_access('foo') but not for the access
hook as every user can have different access permissions that can be
granted through a variety of ways (node provacy by role, taxonomy
access, ...).

Cheers,
	Gerhard

More information about the drupal-devel mailing list