t('[226853] upload.module hard-codes \'upload files\' permission check'), 'desc' => t('The short version: _upload_form() should be using a form #access property to set its requirement for upload files permission, and not hard-code it in the module logic. Because it does not do this, the only way to extend this form from a contributed module is to hack core.'), 'group' => t('Drupal 7 Tests'), ); } function testIssue() { global $user; $orig_user = $user; // function _upload_form() uses general $user $this->drupalModuleEnable('upload'); $node = (object)array('type' => 'page'); // a stub node // user can upload files by 'upload files' $user = $this->drupalCreateUserRolePerm(array('upload files')); $this->drupalLoginUser($user); $form = _upload_form($node); $this->assertTrue(isset($form['new']), 'Check for new upload field (\'upload files\')'); $this->drupalGet('logout'); // user can upload files by new perm 'upload files to comments' (for example) $user = $this->drupalCreateUserRolePerm(array('upload files to comments')); $this->drupalLoginUser($user); $form = _upload_form($node); $this->assertTrue(isset($form['new']), 'Check for new upload field (\'upload files to comments\')'); $this->drupalGet('logout'); $user = $orig_user; // restore original user } }