jsonapi-8.x-2.x-dev/tests/src/Functional/JsonApiFunctionalTest.php
tests/src/Functional/JsonApiFunctionalTest.php
<?php namespace Drupal\Tests\jsonapi\Functional; use Drupal\Component\Serialization\Json; use Drupal\Core\Url; use Drupal\jsonapi\Query\OffsetPage; use Drupal\node\Entity\Node; /** * General functional test class. * * @group jsonapi * @group legacy * * @internal */ class JsonApiFunctionalTest extends JsonApiFunctionalTestBase { /** * {@inheritdoc} */ public static $modules = [ 'basic_auth', ]; /** * Test the GET method. */ public function testRead() { $this->createDefaultContent(61, 5, TRUE, TRUE, static::IS_NOT_MULTILINGUAL, FALSE); // Unpublish the last entity, so we can check access. $this->nodes[60]->setUnpublished()->save(); // Different databases have different sort orders, so a sort is required so // test expectations do not need to vary per database. $default_sort = ['sort' => 'drupal_internal__nid']; // 0. HEAD request allows a client to verify that JSON:API is installed. $this->httpClient->request('HEAD', $this->buildUrl('/jsonapi/node/article')); $this->assertSession()->statusCodeEquals(200); // 1. Load all articles (1st page). $collection_output = Json::decode($this->drupalGet('/jsonapi/node/article', [ 'query' => $default_sort, ])); $this->assertSession()->statusCodeEquals(200); $this->assertEquals(OffsetPage::SIZE_MAX, count($collection_output['data'])); $this->assertSession() ->responseHeaderEquals('Content-Type', 'application/vnd.api+json'); // 2. Load all articles (Offset 3). $collection_output = Json::decode($this->drupalGet('/jsonapi/node/article', [ 'query' => ['page' => ['offset' => 3]] + $default_sort, ])); $this->assertSession()->statusCodeEquals(200); $this->assertEquals(OffsetPage::SIZE_MAX, count($collection_output['data'])); $this->assertContains('page%5Boffset%5D=53', $collection_output['links']['next']['href']); // 3. Load all articles (1st page, 2 items) $collection_output = Json::decode($this->drupalGet('/jsonapi/node/article', [ 'query' => ['page' => ['limit' => 2]] + $default_sort, ])); $this->assertSession()->statusCodeEquals(200); $this->assertEquals(2, count($collection_output['data'])); // 4. Load all articles (2nd page, 2 items). $collection_output = Json::decode($this->drupalGet('/jsonapi/node/article', [ 'query' => [ 'page' => [ 'limit' => 2, 'offset' => 2, ], ] + $default_sort, ])); $this->assertSession()->statusCodeEquals(200); $this->assertEquals(2, count($collection_output['data'])); $this->assertContains('page%5Boffset%5D=4', $collection_output['links']['next']['href']); // 5. Single article. $uuid = $this->nodes[0]->uuid(); $single_output = Json::decode($this->drupalGet('/jsonapi/node/article/' . $uuid)); $this->assertSession()->statusCodeEquals(200); $this->assertArrayHasKey('type', $single_output['data']); $this->assertEquals($this->nodes[0]->getTitle(), $single_output['data']['attributes']['title']); // 5.1 Single article with access denied because unauthenticated. Json::decode($this->drupalGet('/jsonapi/node/article/' . $this->nodes[60]->uuid())); $this->assertSession()->statusCodeEquals(401); // 5.1 Single article with access denied while authenticated. $this->drupalLogin($this->userCanViewProfiles); $single_output = Json::decode($this->drupalGet('/jsonapi/node/article/' . $this->nodes[60]->uuid())); $this->assertSession()->statusCodeEquals(403); $this->assertEquals('/data', $single_output['errors'][0]['source']['pointer']); $this->drupalLogout(); // 6. Single relationship item. $single_output = Json::decode($this->drupalGet('/jsonapi/node/article/' . $uuid . '/relationships/node_type')); $this->assertSession()->statusCodeEquals(200); $this->assertArrayHasKey('type', $single_output['data']); $this->assertArrayNotHasKey('attributes', $single_output['data']); $this->assertArrayHasKey('related', $single_output['links']); // 7. Single relationship image. $single_output = Json::decode($this->drupalGet('/jsonapi/node/article/' . $uuid . '/relationships/field_image')); $this->assertSession()->statusCodeEquals(200); $this->assertArrayHasKey('type', $single_output['data']); $this->assertArrayNotHasKey('attributes', $single_output['data']); $this->assertArrayHasKey('related', $single_output['links']); // 8. Multiple relationship item. $single_output = Json::decode($this->drupalGet('/jsonapi/node/article/' . $uuid . '/relationships/field_tags')); $this->assertSession()->statusCodeEquals(200); $this->assertArrayHasKey('type', $single_output['data'][0]); $this->assertArrayNotHasKey('attributes', $single_output['data'][0]); $this->assertArrayHasKey('related', $single_output['links']); // 8b. Single related item, empty. $single_output = Json::decode($this->drupalGet('/jsonapi/node/article/' . $uuid . '/field_heroless')); $this->assertSession()->statusCodeEquals(200); $this->assertSame(NULL, $single_output['data']); // 9. Related tags with includes. $single_output = Json::decode($this->drupalGet('/jsonapi/node/article/' . $uuid . '/field_tags', [ 'query' => ['include' => 'vid'], ])); $this->assertSession()->statusCodeEquals(200); $this->assertEquals('taxonomy_term--tags', $single_output['data'][0]['type']); $this->assertArrayNotHasKey('tid', $single_output['data'][0]['attributes']); $this->assertContains( '/taxonomy_term/tags/', $single_output['data'][0]['links']['self']['href'] ); $this->assertEquals( 'taxonomy_vocabulary--taxonomy_vocabulary', $single_output['included'][0]['type'] ); // 10. Single article with includes. $single_output = Json::decode($this->drupalGet('/jsonapi/node/article/' . $uuid, [ 'query' => ['include' => 'uid,field_tags'], ])); $this->assertSession()->statusCodeEquals(200); $this->assertEquals('node--article', $single_output['data']['type']); $first_include = reset($single_output['included']); $this->assertEquals( 'user--user', $first_include['type'] ); $last_include = end($single_output['included']); $this->assertEquals( 'taxonomy_term--tags', $last_include['type'] ); // 10b. Single article with nested includes. $single_output = Json::decode($this->drupalGet('/jsonapi/node/article/' . $uuid, [ 'query' => ['include' => 'field_tags,field_tags.vid'], ])); $this->assertSession()->statusCodeEquals(200); $this->assertEquals('node--article', $single_output['data']['type']); $first_include = reset($single_output['included']); $this->assertEquals( 'taxonomy_term--tags', $first_include['type'] ); $last_include = end($single_output['included']); $this->assertEquals( 'taxonomy_vocabulary--taxonomy_vocabulary', $last_include['type'] ); // 11. Includes with relationships. $this->drupalGet('/jsonapi/node/article/' . $uuid . '/relationships/uid'); $single_output = Json::decode($this->drupalGet('/jsonapi/node/article/' . $uuid . '/relationships/uid', [ 'query' => ['include' => 'uid'], ])); $this->assertSession()->statusCodeEquals(200); $this->assertEquals('user--user', $single_output['data']['type']); $this->assertArrayHasKey('related', $single_output['links']); $this->assertArrayHasKey('included', $single_output); $first_include = reset($single_output['included']); $this->assertEquals( 'user--user', $first_include['type'] ); $this->assertFalse(empty($first_include['attributes'])); $this->assertTrue(empty($first_include['attributes']['mail'])); $this->assertTrue(empty($first_include['attributes']['pass'])); // 12. Collection with one access denied. $this->nodes[1]->set('status', FALSE); $this->nodes[1]->save(); $single_output = Json::decode($this->drupalGet('/jsonapi/node/article', [ 'query' => ['page' => ['limit' => 2]] + $default_sort, ])); $this->assertSession()->statusCodeEquals(200); $this->assertEquals(1, count($single_output['data'])); $this->assertEquals(1, count(array_filter(array_keys($single_output['meta']['omitted']['links']), function ($key) { return $key !== 'help'; }))); $link_keys = array_keys($single_output['meta']['omitted']['links']); $this->assertSame('help', reset($link_keys)); $this->assertRegExp('/^item:[a-zA-Z0-9]{7}$/', next($link_keys)); $this->nodes[1]->set('status', TRUE); $this->nodes[1]->save(); // 13. Test filtering when using short syntax. $filter = [ 'uid.id' => ['value' => $this->user->uuid()], 'field_tags.id' => ['value' => $this->tags[0]->uuid()], ]; $single_output = Json::decode($this->drupalGet('/jsonapi/node/article', [ 'query' => ['filter' => $filter, 'include' => 'uid,field_tags'], ])); $this->assertSession()->statusCodeEquals(200); $this->assertGreaterThan(0, count($single_output['data'])); // 14. Test filtering when using long syntax. $filter = [ 'and_group' => ['group' => ['conjunction' => 'AND']], 'filter_user' => [ 'condition' => [ 'path' => 'uid.id', 'value' => $this->user->uuid(), 'memberOf' => 'and_group', ], ], 'filter_tags' => [ 'condition' => [ 'path' => 'field_tags.id', 'value' => $this->tags[0]->uuid(), 'memberOf' => 'and_group', ], ], ]; $single_output = Json::decode($this->drupalGet('/jsonapi/node/article', [ 'query' => ['filter' => $filter, 'include' => 'uid,field_tags'], ])); $this->assertSession()->statusCodeEquals(200); $this->assertGreaterThan(0, count($single_output['data'])); // 15. Test filtering when using invalid syntax. $filter = [ 'and_group' => ['group' => ['conjunction' => 'AND']], 'filter_user' => [ 'condition' => [ 'name-with-a-typo' => 'uid.id', 'value' => $this->user->uuid(), 'memberOf' => 'and_group', ], ], ]; $this->drupalGet('/jsonapi/node/article', [ 'query' => ['filter' => $filter] + $default_sort, ]); $this->assertSession()->statusCodeEquals(400); // 16. Test filtering on the same field. $filter = [ 'or_group' => ['group' => ['conjunction' => 'OR']], 'filter_tags_1' => [ 'condition' => [ 'path' => 'field_tags.id', 'value' => $this->tags[0]->uuid(), 'memberOf' => 'or_group', ], ], 'filter_tags_2' => [ 'condition' => [ 'path' => 'field_tags.id', 'value' => $this->tags[1]->uuid(), 'memberOf' => 'or_group', ], ], ]; $single_output = Json::decode($this->drupalGet('/jsonapi/node/article', [ 'query' => ['filter' => $filter, 'include' => 'field_tags'] + $default_sort, ])); $this->assertSession()->statusCodeEquals(200); $this->assertGreaterThanOrEqual(2, count($single_output['included'])); // 17. Single user (check fields lacking 'view' access). $user_url = Url::fromRoute('jsonapi.user--user.individual', [ 'entity' => $this->user->uuid(), ]); $response = $this->request('GET', $user_url, [ 'auth' => [ $this->userCanViewProfiles->getUsername(), $this->userCanViewProfiles->pass_raw, ], ]); $single_output = Json::decode($response->getBody()->__toString()); $this->assertEquals(200, $response->getStatusCode()); $this->assertEquals('user--user', $single_output['data']['type']); $this->assertEquals($this->user->get('name')->value, $single_output['data']['attributes']['name']); $this->assertTrue(empty($single_output['data']['attributes']['mail'])); $this->assertTrue(empty($single_output['data']['attributes']['pass'])); // 18. Test filtering on the column of a link. $filter = [ 'linkUri' => [ 'condition' => [ 'path' => 'field_link.uri', 'value' => 'https://', 'operator' => 'STARTS_WITH', ], ], ]; $single_output = Json::decode($this->drupalGet('/jsonapi/node/article', [ 'query' => ['filter' => $filter] + $default_sort, ])); $this->assertSession()->statusCodeEquals(200); $this->assertGreaterThanOrEqual(1, count($single_output['data'])); // 19. Test non-existing route without 'Accept' header. $this->drupalGet('/jsonapi/node/article/broccoli'); $this->assertSession()->statusCodeEquals(404); // Even without the 'Accept' header the 404 error is formatted as JSON:API. $this->assertSession()->responseHeaderEquals('Content-Type', 'application/vnd.api+json'); // 20. Test non-existing route with 'Accept' header. $single_output = Json::decode($this->drupalGet('/jsonapi/node/article/broccoli', [], [ 'Accept' => 'application/vnd.api+json', ])); $this->assertEquals(404, $single_output['errors'][0]['status']); $this->assertSession()->statusCodeEquals(404); // With the 'Accept' header we can know we want the 404 error formatted as // JSON:API. $this->assertSession()->responseHeaderContains('Content-Type', 'application/vnd.api+json'); // 22. Test sort criteria on multiple fields: both ASC. $output = Json::decode($this->drupalGet('/jsonapi/node/article', [ 'query' => [ 'page[limit]' => 6, 'sort' => 'field_sort1,field_sort2', ], ])); $output_uuids = array_map(function ($result) { return $result['id']; }, $output['data']); $this->assertCount(6, $output_uuids); $this->assertSame([ Node::load(5)->uuid(), Node::load(4)->uuid(), Node::load(3)->uuid(), Node::load(2)->uuid(), Node::load(1)->uuid(), Node::load(10)->uuid(), ], $output_uuids); // 23. Test sort criteria on multiple fields: first ASC, second DESC. $output = Json::decode($this->drupalGet('/jsonapi/node/article', [ 'query' => [ 'page[limit]' => 6, 'sort' => 'field_sort1,-field_sort2', ], ])); $output_uuids = array_map(function ($result) { return $result['id']; }, $output['data']); $this->assertCount(6, $output_uuids); $this->assertSame([ Node::load(1)->uuid(), Node::load(2)->uuid(), Node::load(3)->uuid(), Node::load(4)->uuid(), Node::load(5)->uuid(), Node::load(6)->uuid(), ], $output_uuids); // 24. Test sort criteria on multiple fields: first DESC, second ASC. $output = Json::decode($this->drupalGet('/jsonapi/node/article', [ 'query' => [ 'page[limit]' => 6, 'sort' => '-field_sort1,field_sort2', ], ])); $output_uuids = array_map(function ($result) { return $result['id']; }, $output['data']); $this->assertCount(5, $output_uuids); $this->assertCount(2, $output['meta']['omitted']['links']); $this->assertSame([ Node::load(60)->uuid(), Node::load(59)->uuid(), Node::load(58)->uuid(), Node::load(57)->uuid(), Node::load(56)->uuid(), ], $output_uuids); // 25. Test sort criteria on multiple fields: both DESC. $output = Json::decode($this->drupalGet('/jsonapi/node/article', [ 'query' => [ 'page[limit]' => 6, 'sort' => '-field_sort1,-field_sort2', ], ])); $output_uuids = array_map(function ($result) { return $result['id']; }, $output['data']); $this->assertCount(5, $output_uuids); $this->assertCount(2, $output['meta']['omitted']['links']); $this->assertSame([ Node::load(56)->uuid(), Node::load(57)->uuid(), Node::load(58)->uuid(), Node::load(59)->uuid(), Node::load(60)->uuid(), ], $output_uuids); // 25. Test collection count. $this->container->get('module_installer')->install(['jsonapi_test_collection_count']); $collection_output = Json::decode($this->drupalGet('/jsonapi/node/article')); $this->assertSession()->statusCodeEquals(200); $this->assertEquals(61, $collection_output['meta']['count']); $this->container->get('module_installer')->uninstall(['jsonapi_test_collection_count']); // Test documentation filtering examples. // 1. Only get published nodes. $filter = [ 'status-filter' => [ 'condition' => [ 'path' => 'status', 'value' => 1, ], ], ]; $collection_output = Json::decode($this->drupalGet('/jsonapi/node/article', [ 'query' => ['filter' => $filter] + $default_sort, ])); $this->assertSession()->statusCodeEquals(200); $this->assertGreaterThanOrEqual(OffsetPage::SIZE_MAX, count($collection_output['data'])); // 2. Nested Filters: Get nodes created by user admin. $filter = [ 'name-filter' => [ 'condition' => [ 'path' => 'uid.name', 'value' => $this->user->getAccountName(), ], ], ]; $collection_output = Json::decode($this->drupalGet('/jsonapi/node/article', [ 'query' => ['filter' => $filter] + $default_sort, ])); $this->assertSession()->statusCodeEquals(200); $this->assertGreaterThanOrEqual(OffsetPage::SIZE_MAX, count($collection_output['data'])); // 3. Filtering with arrays: Get nodes created by users [admin, john]. $filter = [ 'name-filter' => [ 'condition' => [ 'path' => 'uid.name', 'operator' => 'IN', 'value' => [ $this->user->getAccountName(), $this->getRandomGenerator()->name(), ], ], ], ]; $collection_output = Json::decode($this->drupalGet('/jsonapi/node/article', [ 'query' => ['filter' => $filter] + $default_sort, ])); $this->assertSession()->statusCodeEquals(200); $this->assertGreaterThanOrEqual(OffsetPage::SIZE_MAX, count($collection_output['data'])); // 4. Grouping filters: Get nodes that are published and create by admin. $filter = [ 'and-group' => [ 'group' => [ 'conjunction' => 'AND', ], ], 'name-filter' => [ 'condition' => [ 'path' => 'uid.name', 'value' => $this->user->getAccountName(), 'memberOf' => 'and-group', ], ], 'status-filter' => [ 'condition' => [ 'path' => 'status', 'value' => 1, 'memberOf' => 'and-group', ], ], ]; $collection_output = Json::decode($this->drupalGet('/jsonapi/node/article', [ 'query' => ['filter' => $filter] + $default_sort, ])); $this->assertSession()->statusCodeEquals(200); $this->assertGreaterThanOrEqual(OffsetPage::SIZE_MAX, count($collection_output['data'])); // 5. Grouping grouped filters: Get nodes that are promoted or sticky and // created by admin. $filter = [ 'and-group' => [ 'group' => [ 'conjunction' => 'AND', ], ], 'or-group' => [ 'group' => [ 'conjunction' => 'OR', 'memberOf' => 'and-group', ], ], 'admin-filter' => [ 'condition' => [ 'path' => 'uid.name', 'value' => $this->user->getAccountName(), 'memberOf' => 'and-group', ], ], 'sticky-filter' => [ 'condition' => [ 'path' => 'sticky', 'value' => 1, 'memberOf' => 'or-group', ], ], 'promote-filter' => [ 'condition' => [ 'path' => 'promote', 'value' => 0, 'memberOf' => 'or-group', ], ], ]; $collection_output = Json::decode($this->drupalGet('/jsonapi/node/article', [ 'query' => ['filter' => $filter] + $default_sort, ])); $this->assertSession()->statusCodeEquals(200); $this->assertEquals(0, count($collection_output['data'])); } /** * Test the GET method on articles referencing the same tag twice. */ public function testReferencingTwiceRead() { $this->createDefaultContent(1, 1, FALSE, FALSE, static::IS_NOT_MULTILINGUAL, TRUE); // 1. Load all articles (1st page). $collection_output = Json::decode($this->drupalGet('/jsonapi/node/article')); $this->assertSession()->statusCodeEquals(200); $this->assertEquals(1, count($collection_output['data'])); $this->assertSession() ->responseHeaderEquals('Content-Type', 'application/vnd.api+json'); } /** * Test POST, PATCH and DELETE. */ public function testWrite() { $this->config('jsonapi.settings')->set('read_only', FALSE)->save(TRUE); $this->createDefaultContent(0, 3, FALSE, FALSE, static::IS_NOT_MULTILINGUAL, FALSE); // 1. Successful post. $collection_url = Url::fromRoute('jsonapi.node--article.collection.post'); $body = [ 'data' => [ 'type' => 'node--article', 'attributes' => [ 'langcode' => 'en', 'title' => 'My custom title', 'default_langcode' => '1', 'body' => [ 'value' => 'Custom value', 'format' => 'plain_text', 'summary' => 'Custom summary', ], ], 'relationships' => [ 'field_tags' => [ 'data' => [ [ 'type' => 'taxonomy_term--tags', 'id' => $this->tags[0]->uuid(), ], [ 'type' => 'taxonomy_term--tags', 'id' => $this->tags[1]->uuid(), ], ], ], ], ], ]; $response = $this->request('POST', $collection_url, [ 'body' => Json::encode($body), 'auth' => [$this->user->getUsername(), $this->user->pass_raw], 'headers' => ['Content-Type' => 'application/vnd.api+json'], ]); $created_response = Json::decode($response->getBody()->__toString()); $this->assertEquals(201, $response->getStatusCode()); $this->assertArrayNotHasKey('uuid', $created_response['data']['attributes']); $uuid = $created_response['data']['id']; $this->assertEquals(2, count($created_response['data']['relationships']['field_tags']['data'])); $this->assertEquals($created_response['data']['links']['self']['href'], $response->getHeader('Location')[0]); // 2. Authorization error. $response = $this->request('POST', $collection_url, [ 'body' => Json::encode($body), 'headers' => ['Content-Type' => 'application/vnd.api+json'], ]); $created_response = Json::decode($response->getBody()->__toString()); $this->assertEquals(401, $response->getStatusCode()); $this->assertNotEmpty($created_response['errors']); $this->assertEquals('Unauthorized', $created_response['errors'][0]['title']); // 2.1 Authorization error with a user without create permissions. $response = $this->request('POST', $collection_url, [ 'body' => Json::encode($body), 'auth' => [$this->userCanViewProfiles->getUsername(), $this->userCanViewProfiles->pass_raw], 'headers' => ['Content-Type' => 'application/vnd.api+json'], ]); $created_response = Json::decode($response->getBody()->__toString()); $this->assertEquals(403, $response->getStatusCode()); $this->assertNotEmpty($created_response['errors']); $this->assertEquals('Forbidden', $created_response['errors'][0]['title']); // 3. Missing Content-Type error. $response = $this->request('POST', $collection_url, [ 'body' => Json::encode($body), 'auth' => [$this->user->getUsername(), $this->user->pass_raw], 'headers' => ['Accept' => 'application/vnd.api+json'], ]); $created_response = Json::decode($response->getBody()->__toString()); $this->assertEquals(415, $response->getStatusCode()); // 4. Article with a duplicate ID. $invalid_body = $body; $invalid_body['data']['id'] = Node::load(1)->uuid(); $response = $this->request('POST', $collection_url, [ 'body' => Json::encode($invalid_body), 'auth' => [$this->user->getUsername(), $this->user->pass_raw], 'headers' => [ 'Accept' => 'application/vnd.api+json', 'Content-Type' => 'application/vnd.api+json', ], ]); $created_response = Json::decode($response->getBody()->__toString()); $this->assertEquals(409, $response->getStatusCode()); $this->assertNotEmpty($created_response['errors']); $this->assertEquals('Conflict', $created_response['errors'][0]['title']); // 5. Article with wrong reference UUIDs for tags. $body_invalid_tags = $body; $body_invalid_tags['data']['relationships']['field_tags']['data'][0]['id'] = 'lorem'; $body_invalid_tags['data']['relationships']['field_tags']['data'][1]['id'] = 'ipsum'; $response = $this->request('POST', $collection_url, [ 'body' => Json::encode($body_invalid_tags), 'auth' => [$this->user->getUsername(), $this->user->pass_raw], 'headers' => ['Content-Type' => 'application/vnd.api+json'], ]); $created_response = Json::decode($response->getBody()->__toString()); $this->assertEquals(404, $response->getStatusCode()); // 6. Decoding error. $response = $this->request('POST', $collection_url, [ 'body' => '{"bad json",,,}', 'auth' => [$this->user->getUsername(), $this->user->pass_raw], 'headers' => [ 'Content-Type' => 'application/vnd.api+json', 'Accept' => 'application/vnd.api+json', ], ]); $created_response = Json::decode($response->getBody()->__toString()); $this->assertEquals(400, $response->getStatusCode()); $this->assertNotEmpty($created_response['errors']); $this->assertEquals('Bad Request', $created_response['errors'][0]['title']); // 6.1 Denormalizing error. $response = $this->request('POST', $collection_url, [ 'body' => '{"data":{"type":"something"},"valid yet nonsensical json":[]}', 'auth' => [$this->user->getUsername(), $this->user->pass_raw], 'headers' => [ 'Content-Type' => 'application/vnd.api+json', 'Accept' => 'application/vnd.api+json', ], ]); $created_response = Json::decode($response->getBody()->__toString()); $this->assertEquals(422, $response->getStatusCode()); $this->assertNotEmpty($created_response['errors']); $this->assertEquals('Unprocessable Entity', $created_response['errors'][0]['title']); // 6.2 Relationships are not included in "data". $malformed_body = $body; unset($malformed_body['data']['relationships']); $malformed_body['relationships'] = $body['data']['relationships']; $response = $this->request('POST', $collection_url, [ 'body' => Json::encode($malformed_body), 'auth' => [$this->user->getUsername(), $this->user->pass_raw], 'headers' => [ 'Accept' => 'application/vnd.api+json', 'Content-Type' => 'application/vnd.api+json', ], ]); $created_response = Json::decode((string) $response->getBody()); $this->assertSame(400, $response->getStatusCode()); $this->assertNotEmpty($created_response['errors']); $this->assertSame("Bad Request", $created_response['errors'][0]['title']); $this->assertSame("Found \"relationships\" within the document's top level. The \"relationships\" key must be within resource object.", $created_response['errors'][0]['detail']); // 6.2 "type" not included in "data". $missing_type = $body; unset($missing_type['data']['type']); $response = $this->request('POST', $collection_url, [ 'body' => Json::encode($missing_type), 'auth' => [$this->user->getUsername(), $this->user->pass_raw], 'headers' => [ 'Accept' => 'application/vnd.api+json', 'Content-Type' => 'application/vnd.api+json', ], ]); $created_response = Json::decode((string) $response->getBody()); $this->assertSame(400, $response->getStatusCode()); $this->assertNotEmpty($created_response['errors']); $this->assertSame("Bad Request", $created_response['errors'][0]['title']); $this->assertSame("Resource object must include a \"type\".", $created_response['errors'][0]['detail']); // 7. Successful PATCH. $body = [ 'data' => [ 'id' => $uuid, 'type' => 'node--article', 'attributes' => ['title' => 'My updated title'], ], ]; $individual_url = Url::fromRoute('jsonapi.node--article.individual', [ 'entity' => $uuid, ]); $response = $this->request('PATCH', $individual_url, [ 'body' => Json::encode($body), 'auth' => [$this->user->getUsername(), $this->user->pass_raw], 'headers' => ['Content-Type' => 'application/vnd.api+json'], ]); $updated_response = Json::decode($response->getBody()->__toString()); $this->assertEquals(200, $response->getStatusCode()); $this->assertEquals('My updated title', $updated_response['data']['attributes']['title']); // 7.1 Unsuccessful PATCH due to access restrictions. $body = [ 'data' => [ 'id' => $uuid, 'type' => 'node--article', 'attributes' => ['title' => 'My updated title'], ], ]; $individual_url = Url::fromRoute('jsonapi.node--article.individual', [ 'entity' => $uuid, ]); $response = $this->request('PATCH', $individual_url, [ 'body' => Json::encode($body), 'auth' => [$this->userCanViewProfiles->getUsername(), $this->userCanViewProfiles->pass_raw], 'headers' => ['Content-Type' => 'application/vnd.api+json'], ]); $this->assertEquals(403, $response->getStatusCode()); // 8. Field access forbidden check. $body = [ 'data' => [ 'id' => $uuid, 'type' => 'node--article', 'attributes' => [ 'title' => 'My updated title', 'status' => 0, ], ], ]; $response = $this->request('PATCH', $individual_url, [ 'body' => Json::encode($body), 'auth' => [$this->user->getUsername(), $this->user->pass_raw], 'headers' => ['Content-Type' => 'application/vnd.api+json'], ]); $updated_response = Json::decode($response->getBody()->__toString()); $this->assertEquals(403, $response->getStatusCode()); $this->assertEquals("The current user is not allowed to PATCH the selected field (status). The 'administer nodes' permission is required.", $updated_response['errors'][0]['detail']); $node = \Drupal::entityManager()->loadEntityByUuid('node', $uuid); $this->assertEquals(1, $node->get('status')->value, 'Node status was not changed.'); // 9. Successful POST to related endpoint. $body = [ 'data' => [ [ 'id' => $this->tags[2]->uuid(), 'type' => 'taxonomy_term--tags', ], ], ]; $relationship_url = Url::fromRoute('jsonapi.node--article.field_tags.relationship.post', [ 'entity' => $uuid, ]); $response = $this->request('POST', $relationship_url, [ 'body' => Json::encode($body), 'auth' => [$this->user->getUsername(), $this->user->pass_raw], 'headers' => ['Content-Type' => 'application/vnd.api+json'], ]); $updated_response = Json::decode($response->getBody()->__toString()); $this->assertEquals(200, $response->getStatusCode()); $this->assertEquals(3, count($updated_response['data'])); $this->assertEquals('taxonomy_term--tags', $updated_response['data'][2]['type']); $this->assertEquals($this->tags[2]->uuid(), $updated_response['data'][2]['id']); // 10. Successful PATCH to related endpoint. $body = [ 'data' => [ [ 'id' => $this->tags[1]->uuid(), 'type' => 'taxonomy_term--tags', ], ], ]; $response = $this->request('PATCH', $relationship_url, [ 'body' => Json::encode($body), 'auth' => [$this->user->getUsername(), $this->user->pass_raw], 'headers' => ['Content-Type' => 'application/vnd.api+json'], ]); $this->assertEquals(204, $response->getStatusCode()); $this->assertEmpty($response->getBody()->__toString()); // 11. Successful DELETE to related endpoint. $response = $this->request('DELETE', $relationship_url, [ // Send a request with no body. 'auth' => [$this->user->getUsername(), $this->user->pass_raw], 'headers' => [ 'Content-Type' => 'application/vnd.api+json', 'Accept' => 'application/vnd.api+json', ], ]); $updated_response = Json::decode($response->getBody()->__toString()); $this->assertEquals( 'You need to provide a body for DELETE operations on a relationship (field_tags).', $updated_response['errors'][0]['detail'] ); $this->assertEquals(400, $response->getStatusCode()); $response = $this->request('DELETE', $relationship_url, [ // Send a request with no authentication. 'body' => Json::encode($body), 'headers' => ['Content-Type' => 'application/vnd.api+json'], ]); $this->assertEquals(401, $response->getStatusCode()); $response = $this->request('DELETE', $relationship_url, [ // Remove the existing relationship item. 'body' => Json::encode($body), 'auth' => [$this->user->getUsername(), $this->user->pass_raw], 'headers' => ['Content-Type' => 'application/vnd.api+json'], ]); $this->assertEquals(204, $response->getStatusCode()); $this->assertEmpty($response->getBody()->__toString()); // 12. PATCH with invalid title and body format. $body = [ 'data' => [ 'id' => $uuid, 'type' => 'node--article', 'attributes' => [ 'title' => '', 'body' => [ 'value' => 'Custom value', 'format' => 'invalid_format', 'summary' => 'Custom summary', ], ], ], ]; $response = $this->request('PATCH', $individual_url, [ 'body' => Json::encode($body), 'auth' => [$this->user->getUsername(), $this->user->pass_raw], 'headers' => [ 'Content-Type' => 'application/vnd.api+json', 'Accept' => 'application/vnd.api+json', ], ]); $updated_response = Json::decode($response->getBody()->__toString()); $this->assertEquals(422, $response->getStatusCode()); $this->assertCount(2, $updated_response['errors']); for ($i = 0; $i < 2; $i++) { $this->assertEquals("Unprocessable Entity", $updated_response['errors'][$i]['title']); $this->assertEquals(422, $updated_response['errors'][$i]['status']); } $this->assertEquals("title: This value should not be null.", $updated_response['errors'][0]['detail']); $this->assertEquals("body.0.format: The value you selected is not a valid choice.", $updated_response['errors'][1]['detail']); $this->assertEquals("/data/attributes/title", $updated_response['errors'][0]['source']['pointer']); $this->assertEquals("/data/attributes/body/format", $updated_response['errors'][1]['source']['pointer']); // 13. PATCH with field that doesn't exist on Entity. $body = [ 'data' => [ 'id' => $uuid, 'type' => 'node--article', 'attributes' => [ 'field_that_doesnt_exist' => 'foobar', ], ], ]; $response = $this->request('PATCH', $individual_url, [ 'body' => Json::encode($body), 'auth' => [$this->user->getUsername(), $this->user->pass_raw], 'headers' => [ 'Content-Type' => 'application/vnd.api+json', 'Accept' => 'application/vnd.api+json', ], ]); $updated_response = Json::decode($response->getBody()->__toString()); $this->assertEquals(422, $response->getStatusCode()); $this->assertEquals("The attribute field_that_doesnt_exist does not exist on the node--article resource type.", $updated_response['errors']['0']['detail']); // 14. Successful DELETE. $response = $this->request('DELETE', $individual_url, [ 'auth' => [$this->user->getUsername(), $this->user->pass_raw], ]); $this->assertEquals(204, $response->getStatusCode()); $response = $this->request('GET', $individual_url, []); $this->assertEquals(404, $response->getStatusCode()); } }