WIP: [CFM-861-tests] Add Behat tests for permissions.

.travis.yml

@@ -5,6 +5,10 @@ env:
     BEHAT_TAG="api"
     CODE_REVIEW=0
     SIMPLETEST=1
+  - INSTALL_PROFILE=1
+    BEHAT_TAG="permission"
+    CODE_REVIEW=0
+    SIMPLETEST=0
   - INSTALL_PROFILE=1
     BEHAT_TAG="javascript"
     CODE_REVIEW=0

ci/bin/run_behat.sh

@@ -26,6 +26,11 @@ if [ "$BEHAT_TAG" = "api" ]; then
   ./bin/behat --tags='@api&&~@wip'
 fi
 
+# Run tests for the permission tag.
+if [ "$BEHAT_TAG" = "permission" ]; then
+  ./bin/behat --tags='@permission&&~@wip'
+fi
+
 # Run tests for the javascript tag.
 if [ "$BEHAT_TAG" = "javascript" ]; then
   ./bin/behat -p phantomjs --tags='@javascript&&~@wip'

project/profiles/capacity4more/modules/c4m/content/c4m_content/c4m_content.module

@@ -1087,61 +1087,73 @@ function _c4m_content_taxonomy_extract_root_item(&$items) {
 /**
  * Manages access to 'create group content' form.
  *
- * For OG type 'group', allows access for group members and power users.
+ * Allows access for group power users. Members allowed access, when creating
+ * all content types, besides wiki page.
  */
 function c4m_content_create_group_content_access() {
   $item = menu_get_item();
 
-  // Build regular expression that will look like
-  // '/node\/add\/(discussion|document|event|news|photo|photoalbum|wiki-page)/'.
-  $bundles = c4m_og_get_all_group_content_bundles('node');
-  $regex = '/node\/add\/(' . implode('|', array_keys($bundles)) . ')/';
+  $regex = '/node\/add\/(discussion|document|event|news|photo|photoalbum|wiki-page)/';
 
   // Making sure the current request is for the node/add form.
   preg_match($regex, $item['path'], $matches);
   if (empty($matches[0])) {
     return;
   }
 
-  // If not under og context, return early.
+  // If not under og context, deny access.
   if (!$context = og_context()) {
-    drupal_access_denied();
-    drupal_exit();
+    c4m_content_deny_access();
   }
 
-  if (c4m_user_is_site_admin()) {
-    return TRUE;
-  }
-
-  $deny_access = FALSE;
   // We allow access only for draft / published groups.
   $group = node_load($context['gid']);
   $group_state = c4m_og_get_group_status($group);
-  $allowed_states = array('draft', 'published');
 
-  // Can't resolve group state, or group state is not allowed.
-  if (!$group_state || !in_array($group_state, $allowed_states)) {
-    $deny_access = TRUE;
+  // Site admin may not add content to pending/deleted group.
+  // No other restrictions.
+  if (c4m_user_is_site_admin()) {
+
+    if ($group_state == 'pending' || $group_state == 'deleted') {
+      c4m_content_deny_access();
+    }
+    else {
+      return;
+    }
+  }
+
+  $allowed_states = array('draft', 'published');
+  // Deny access, if group state is not allowed.
+  if (!in_array($group_state, $allowed_states)) {
+    c4m_content_deny_access();
   }
   else {
     $user_type = _c4m_features_og_members_get_user_type();
 
     $allowed_user_types = array(
-      C4M_USER_TYPE_MEMBER,
-      C4M_USER_TYPE_ADMIN,
-      C4M_USER_TYPE_OWNER,
+      C4M_USER_TYPE_GA,
+      C4M_USER_TYPE_GO,
     );
 
+    // If content is not wiki page, allow it's creation by group member.
+    $bundle = explode('/', $item['path']);
+    if ($bundle[2] != 'wiki-page') {
+      $allowed_user_types[] = C4M_USER_TYPE_GM;
+    }
+
     // We allow access to power users, and members, when creating content.
     if (!in_array($user_type, $allowed_user_types)) {
-      $deny_access = TRUE;
+      c4m_content_deny_access();
     }
   }
+}
 
-  if ($deny_access) {
-    drupal_access_denied();
-    drupal_exit();
-  }
+/**
+ * Redirects to page 'Access denied'.
+ */
+function c4m_content_deny_access() {
+  drupal_access_denied();
+  drupal_exit();
 }
 
 /**

project/profiles/capacity4more/modules/c4m/demo/c4m_demo_content/csv/node/group.csv

@@ -6,11 +6,11 @@ group_4,user_4,"Music Lovers",music-lovers,0,music.jpg,,"Music is an art form wh
 group_5,user_5,Geologists,geology,0,geology.jpg,,"Geology (from the Greek γῆ, gē, i.e. 'earth' and -λoγία, -logia, i.e. 'study of, discourse') is the science comprising the study of solid Earth, the rocks of which it is composed, and the processes by which they change. Geology can also refer generally to the study of the solid features of any celestial body (such as the geology of the Moon or Mars).",t_fire|t_water,Western Africa|Sub-Saharan Africa,group_1|group_2|group_3,,0,1,,published,"You are very welcome to this group."
 group_6,user_1,Architecture,architecture,0,architecture.jpg,,"Architecture (Latin architectura, after the Greek ἀρχιτέκτων – arkhitekton – from ἀρχι- 'chief' and τέκτων 'builder, carpenter, mason') is both the process and the product of planning, designing, and constructing buildings and other physical structures. Architectural works, in the material form of buildings, are often perceived as cultural symbols and asworks of art. Historical civilizations are often identified with their surviving architectural achievements.",t_earth|t_wind|t_fire|t_water,Swaziland|Burundi,,project_1,0,1,,published,"You are very welcome to this group."
 group_7,user_8,"Nobel Prize",nobelprize,1,nobelprize.jpg,nobel-prize-eu.jpg,"The Nobel Prize (Swedish pronunciation: [noˈbɛl], Swedish definite form, singular: Nobelpriset; Norwegian: Nobelprisen) is a set of annual international awards bestowed in a number of categories by Swedish and Norwegian committees in recognition of cultural and/or scientific advances. The will of the Swedish inventor Alfred Nobel established the prizes in 1895.",t_earth|t_wind|t_fire|t_water,Sweden|Worldwide,,,0,0,,published,"You are very welcome to this group."
-group_8,user_8,"Pending group",pending,0,geology.jpg,,"Some description",t_earth|t_wind|t_fire|t_water,Sweden|Worldwide,,,0,0,,pending,"You are very welcome to this group."
-group_10,user_8,"Draft group",draft,0,geology.jpg,,"Some description",t_earth|t_wind|t_fire|t_water|t_erosion|t_gas,Sweden|Worldwide,,,0,0,,draft,"You are very welcome to this group."
-group_11,user_8,"Published group",published,0,geology.jpg,,"Some description",t_earth|t_wind|t_fire|t_water,Sweden|Worldwide,,,0,0,,published,"You are very welcome to this group."
-group_12,user_8,"Archived group",archived,0,geology.jpg,,"Some description",t_earth|t_wind|t_fire|t_water,Sweden|Worldwide,,,0,0,,archived,"You are very welcome to this group."
-group_13,user_8,"Deleted group",deleted,0,nobelprize.jpg,,"Some description",t_earth|t_wind|t_fire|t_water,Sweden|Worldwide,,,0,0,,deleted,"You are very welcome to this group."
+group_8,user_8,"Pending group",pending,0,geology.jpg,geology.jpg,"Some description",t_earth|t_wind|t_fire|t_water,Sweden|Worldwide,,,0,0,,pending,"You are very welcome to this group."
+group_10,user_8,"Draft group",draft,0,geology.jpg,geology.jpg,"Some description",t_earth|t_wind|t_fire|t_water|t_erosion|t_gas,Sweden|Worldwide,,,0,0,,draft,"You are very welcome to this group."
+group_11,user_8,"Published group",published,0,geology.jpg,geology.jpg,"Some description",t_earth|t_wind|t_fire|t_water,Sweden|Worldwide,,,0,0,,published,"You are very welcome to this group."
+group_12,user_8,"Archived group",archived,0,geology.jpg,geology.jpg,"Some description",t_earth|t_wind|t_fire|t_water,Sweden|Worldwide,,,0,0,,archived,"You are very welcome to this group."
+group_13,user_8,"Deleted group",deleted,0,geology.jpg,geology.jpg,"Some description",t_earth|t_wind|t_fire|t_water,Sweden|Worldwide,,,0,0,,deleted,"You are very welcome to this group."
 group_14,user_2,"Restricted group with partner access",restrictedparnters,0,,,"Restricted, only partners have access",t_earth,Israel|Belgium,,,1,1,organisation_3|organisation_4,published,"You are very welcome to this group."
 group_15,user_1,"Restricted group with EC/EEAS",eceeas,0,,,"Restricted, only EC/EEAS has access",t_earth,Europe,,,1,1,organisation_1,published,"You are very welcome to this group."
 group_16,user_1,"Restricted group with EU",eu,1,,,"Restricted, only EU has access",t_earth,Europe,,,1,1,organisation_1|organisation_2,published,"You are very welcome to this group."

project/profiles/capacity4more/modules/c4m/features_og/c4m_features_og_members/c4m_features_og_members.module

@@ -463,12 +463,12 @@ function _c4m_features_og_members_is_power_user($group = NULL, $user = NULL) {
  * Returns the type of user, globally, or within a group.
  *
  * Possible types:
- * - C4M_USER_TYPE_SITE_ADMIN -> site administrator.
- * - C4M_USER_TYPE_OWNER -> group owner.
- * - C4M_USER_TYPE_ADMIN -> group administrator.
- * - C4M_USER_TYPE_MEMBER -> group member.
+ * - C4M_USER_TYPE_SA -> site administrator.
+ * - C4M_USER_TYPE_GO -> group owner.
+ * - C4M_USER_TYPE_GA -> group administrator.
+ * - C4M_USER_TYPE_GM -> group member.
  * - C4M_USER_TYPE_NON_MEMBER -> authenticated, not a group member.
- * - C4M_USER_TYPE_NON_VISITOR -> anonymous user.
+ * - C4M_USER_TYPE_VISITOR -> anonymous user.
  *
  * @param object $group
  *   The group for which we want to check the user.
@@ -490,7 +490,7 @@ function _c4m_features_og_members_get_user_type($group = NULL, $user = NULL) {
 
   // The user has the site wide role 'administrator'.
   if (in_array('administrator', $user->roles)) {
-    return C4M_USER_TYPE_SITE_ADMIN;
+    return C4M_USER_TYPE_SA;
   }
 
   if (!isset($group)) {
@@ -506,15 +506,15 @@ function _c4m_features_og_members_get_user_type($group = NULL, $user = NULL) {
   // The user is the group owner.
   // What is a group owner? see https://www.drupal.org/node/1114858.
   if ($group->uid === $user->uid) {
-    return C4M_USER_TYPE_OWNER;
+    return C4M_USER_TYPE_GO;
   }
 
   // The user has the group role 'administrator member'.
   if (in_array('administrator member', og_get_user_roles('node', $group->nid, $user->uid))) {
-    return C4M_USER_TYPE_ADMIN;
+    return C4M_USER_TYPE_GA;
   }
 
-  return og_is_member('node', $group->nid) ? C4M_USER_TYPE_MEMBER : C4M_USER_TYPE_NON_MEMBER;
+  return og_is_member('node', $group->nid) ? C4M_USER_TYPE_GM : C4M_USER_TYPE_NON_MEMBER;
 }
 
 /**

project/profiles/capacity4more/modules/c4m/og/c4m_og/c4m_og.module

@@ -2196,9 +2196,9 @@ function c4m_og_view_node_access($node, $account) {
     $allowed_states = array(
       C4M_USER_TYPE_VISITOR => array(),
       C4M_USER_TYPE_NON_MEMBER => array(),
-      C4M_USER_TYPE_MEMBER => array('draft', 'archived', 'published'),
-      C4M_USER_TYPE_ADMIN => array('draft', 'archived', 'published'),
-      C4M_USER_TYPE_OWNER => array('pending', 'draft', 'archived', 'published'),
+      C4M_USER_TYPE_GM => array('draft', 'archived', 'published'),
+      C4M_USER_TYPE_GA => array('draft', 'archived', 'published'),
+      C4M_USER_TYPE_GO => array('pending', 'draft', 'archived', 'published'),
     );
 
     $group_access = c4m_og_get_access_type($node);
@@ -2302,9 +2302,9 @@ function c4m_og_update_node_access($node, $account) {
     $allowed_states = array(
       C4M_USER_TYPE_VISITOR => array(),
       C4M_USER_TYPE_NON_MEMBER => array(),
-      C4M_USER_TYPE_MEMBER => array(),
-      C4M_USER_TYPE_ADMIN => array('draft', 'published'),
-      C4M_USER_TYPE_OWNER => array('pending', 'draft', 'published'),
+      C4M_USER_TYPE_GM => array(),
+      C4M_USER_TYPE_GA => array('draft', 'published'),
+      C4M_USER_TYPE_GO => array('pending', 'draft', 'published'),
     );
 
     $user_type = _c4m_features_og_members_get_user_type($node, $account);
@@ -2331,7 +2331,7 @@ function c4m_og_update_node_access($node, $account) {
     // When updating published wiki page, deny access to group members,
     // if 'editable by members' option is not enabled for this page.
     if ($node->type == 'wiki_page' && $node->status == NODE_PUBLISHED) {
-      if ($user_type == C4M_USER_TYPE_MEMBER && !c4m_content_wiki_page_is_editable_by_members($node)) {
+      if ($user_type == C4M_USER_TYPE_GM && !c4m_content_wiki_page_is_editable_by_members($node)) {
         return NODE_ACCESS_DENY;
       }
       else {
@@ -2350,15 +2350,15 @@ function c4m_og_update_node_access($node, $account) {
 
     // We allow access to power users, and member that is also content author.
     $allowed_user_types = array(
-      C4M_USER_TYPE_ADMIN,
-      C4M_USER_TYPE_OWNER,
-      C4M_USER_TYPE_SITE_ADMIN,
+      C4M_USER_TYPE_GA,
+      C4M_USER_TYPE_GO,
+      C4M_USER_TYPE_SA,
     );
 
     if (in_array($user_type, $allowed_user_types)) {
       return NODE_ACCESS_ALLOW;
     }
-    elseif ($user_type == C4M_USER_TYPE_MEMBER) {
+    elseif ($user_type == C4M_USER_TYPE_GM) {
       // User is content author, or not.
       return ($node->uid == $account->uid) ? NODE_ACCESS_ALLOW : NODE_ACCESS_DENY;
     }
@@ -2403,15 +2403,15 @@ function c4m_og_delete_node_access($node, $account) {
 
     // We allow access to power user, and member that is also content author.
     $allowed_user_types = array(
-      C4M_USER_TYPE_ADMIN,
-      C4M_USER_TYPE_OWNER,
-      C4M_USER_TYPE_SITE_ADMIN,
+      C4M_USER_TYPE_GA,
+      C4M_USER_TYPE_GO,
+      C4M_USER_TYPE_SA,
     );
 
     if (in_array($user_type, $allowed_user_types)) {
       return NODE_ACCESS_ALLOW;
     }
-    elseif ($user_type == C4M_USER_TYPE_MEMBER) {
+    elseif ($user_type == C4M_USER_TYPE_GM) {
       // User is content author, or not.
       return ($node->uid == $account->uid) ? NODE_ACCESS_ALLOW : NODE_ACCESS_DENY;
     }
@@ -2627,7 +2627,7 @@ function c4m_og_invite_access($group_type, $gid) {
   $group_access = c4m_og_get_access_type($group);
 
   // Group members can't invite to private group, or group that is moderated.
-  if ($user_type == C4M_USER_TYPE_MEMBER && ($group_access == 'private' || $group_moderation_state != 'open')) {
+  if ($user_type == C4M_USER_TYPE_GM && ($group_access == 'private' || $group_moderation_state != 'open')) {
     return FALSE;
   }
 

project/profiles/capacity4more/modules/c4m/og/c4m_og/plugins/entityreference/selection/C4MOgSelectionHandler.class.php

@@ -163,7 +163,6 @@ public function buildEntityFieldQuery(
 
     // No additional modifications to query. If creating content from a form,
     // permissions will be rechecked at form access.
-
     return $query;
   }
 

project/profiles/capacity4more/modules/c4m/user/c4m_user/c4m_user.module

@@ -9,10 +9,10 @@ include_once 'c4m_user.features.inc';
 
 define('C4M_USER_TYPE_VISITOR', 'visitor');
 define('C4M_USER_TYPE_NON_MEMBER', 'non member');
-define('C4M_USER_TYPE_MEMBER', 'member');
-define('C4M_USER_TYPE_OWNER', 'owner');
-define('C4M_USER_TYPE_ADMIN', 'admin');
-define('C4M_USER_TYPE_SITE_ADMIN', 'site admin');
+define('C4M_USER_TYPE_GM', 'member');
+define('C4M_USER_TYPE_GO', 'owner');
+define('C4M_USER_TYPE_GA', 'admin');
+define('C4M_USER_TYPE_SA', 'site admin');
 
 /**
  * Define active user status.