jsonapi-8.x-2.x-dev/tests/src/Functional/CommentTest.php
tests/src/Functional/CommentTest.php
<?php namespace Drupal\Tests\jsonapi\Functional; use Drupal\comment\Entity\Comment; use Drupal\comment\Entity\CommentType; use Drupal\comment\Tests\CommentTestTrait; use Drupal\Component\Serialization\Json; use Drupal\Component\Utility\NestedArray; use Drupal\Core\Cache\Cache; use Drupal\Core\Entity\EntityInterface; use Drupal\Core\Session\AccountInterface; use Drupal\Core\Url; use Drupal\entity_test\Entity\EntityTest; use Drupal\Tests\jsonapi\Traits\CommonCollectionFilterAccessTestPatternsTrait; use Drupal\user\Entity\User; use GuzzleHttp\RequestOptions; /** * JSON:API integration test for the "Comment" content entity type. * * @group jsonapi */ class CommentTest extends ResourceTestBase { use CommentTestTrait; use CommonCollectionFilterAccessTestPatternsTrait; /** * {@inheritdoc} */ public static $modules = ['comment', 'entity_test']; /** * {@inheritdoc} */ protected static $entityTypeId = 'comment'; /** * {@inheritdoc} */ protected static $resourceTypeName = 'comment--comment'; /** * {@inheritdoc} */ protected static $patchProtectedFieldNames = [ 'status' => "The 'administer comments' permission is required.", 'name' => "The 'administer comments' permission is required.", 'homepage' => "The 'administer comments' permission is required.", 'created' => "The 'administer comments' permission is required.", 'changed' => NULL, 'thread' => NULL, 'entity_type' => NULL, 'field_name' => NULL, // @todo Uncomment this after https://www.drupal.org/project/drupal/issues/1847608 lands. Until then, it's impossible to test this. // 'pid' => NULL, 'uid' => "The 'administer comments' permission is required.", 'entity_id' => NULL, ]; /** * {@inheritdoc} * * @var \Drupal\comment\CommentInterface */ protected $entity; /** * {@inheritdoc} */ public function setUp() { parent::setUp(); // @todo Remove this when only Drupal >= 8.7 is supported; validation order changed in 8.7. if (floatval(\Drupal::VERSION) < 8.7) { $tmp = static::$patchProtectedFieldNames['uid']; unset(static::$patchProtectedFieldNames['uid']); static::$patchProtectedFieldNames['uid'] = $tmp; } } /** * {@inheritdoc} */ protected function setUpAuthorization($method) { switch ($method) { case 'GET': $this->grantPermissionsToTestedRole(['access comments', 'view test entity']); break; case 'POST': $this->grantPermissionsToTestedRole(['post comments']); break; case 'PATCH': $this->grantPermissionsToTestedRole(['edit own comments']); break; case 'DELETE': $this->grantPermissionsToTestedRole(['administer comments']); break; } } /** * {@inheritdoc} */ protected function createEntity() { // Create a "bar" bundle for the "entity_test" entity type and create. $bundle = 'bar'; entity_test_create_bundle($bundle, NULL, 'entity_test'); // Create a comment field on this bundle. $this->addDefaultCommentField('entity_test', 'bar', 'comment'); // Create a "Camelids" test entity that the comment will be assigned to. $commented_entity = EntityTest::create([ 'name' => 'Camelids', 'type' => 'bar', ]); $commented_entity->save(); // Create a "Llama" comment. $comment = Comment::create([ 'comment_body' => [ 'value' => 'The name "llama" was adopted by European settlers from native Peruvians.', 'format' => 'plain_text', ], 'entity_id' => $commented_entity->id(), 'entity_type' => 'entity_test', 'field_name' => 'comment', ]); $comment->setSubject('Llama') ->setOwnerId($this->account->id()) ->setPublished() ->setCreatedTime(123456789) ->setChangedTime(123456789); $comment->save(); return $comment; } /** * {@inheritdoc} */ protected function getExpectedDocument() { $self_url = Url::fromUri('base:/jsonapi/comment/comment/' . $this->entity->uuid())->setAbsolute()->toString(TRUE)->getGeneratedUrl(); $author = User::load($this->entity->getOwnerId()); return [ 'jsonapi' => [ 'meta' => [ 'links' => [ 'self' => ['href' => 'http://jsonapi.org/format/1.0/'], ], ], 'version' => '1.0', ], 'links' => [ 'self' => ['href' => $self_url], ], 'data' => [ 'id' => $this->entity->uuid(), 'type' => 'comment--comment', 'links' => [ 'self' => ['href' => $self_url], ], 'attributes' => [ 'created' => '1973-11-29T21:33:09+00:00', 'changed' => (new \DateTime())->setTimestamp($this->entity->getChangedTime())->setTimezone(new \DateTimeZone('UTC'))->format(\DateTime::RFC3339), 'comment_body' => [ 'value' => 'The name "llama" was adopted by European settlers from native Peruvians.', 'format' => 'plain_text', 'processed' => "<p>The name "llama" was adopted by European settlers from native Peruvians.</p>\n", ], 'default_langcode' => TRUE, 'entity_type' => 'entity_test', 'field_name' => 'comment', 'homepage' => NULL, 'langcode' => 'en', 'name' => NULL, 'status' => TRUE, 'subject' => 'Llama', 'thread' => '01/', 'drupal_internal__cid' => 1, ], 'relationships' => [ 'uid' => [ 'data' => [ 'id' => $author->uuid(), 'type' => 'user--user', ], 'links' => [ 'related' => ['href' => $self_url . '/uid'], 'self' => ['href' => $self_url . '/relationships/uid'], ], ], 'comment_type' => [ 'data' => [ 'id' => CommentType::load('comment')->uuid(), 'type' => 'comment_type--comment_type', ], 'links' => [ 'related' => ['href' => $self_url . '/comment_type'], 'self' => ['href' => $self_url . '/relationships/comment_type'], ], ], 'entity_id' => [ 'data' => [ 'id' => EntityTest::load(1)->uuid(), 'type' => 'entity_test--bar', ], 'links' => [ 'related' => ['href' => $self_url . '/entity_id'], 'self' => ['href' => $self_url . '/relationships/entity_id'], ], ], 'pid' => [ 'data' => NULL, 'links' => [ 'related' => ['href' => $self_url . '/pid'], 'self' => ['href' => $self_url . '/relationships/pid'], ], ], ], ], ]; } /** * {@inheritdoc} */ protected function getPostDocument() { return [ 'data' => [ 'type' => 'comment--comment', 'attributes' => [ 'entity_type' => 'entity_test', 'field_name' => 'comment', 'subject' => 'Dramallama', 'comment_body' => [ 'value' => 'Llamas are awesome.', 'format' => 'plain_text', ], ], 'relationships' => [ 'entity_id' => [ 'data' => [ 'type' => 'entity_test--bar', 'id' => EntityTest::load(1)->uuid(), ], ], ], ], ]; } /** * {@inheritdoc} */ protected function getExpectedCacheTags(array $sparse_fieldset = NULL) { $tags = parent::getExpectedCacheTags($sparse_fieldset); if ($sparse_fieldset === NULL || in_array('comment_body', $sparse_fieldset)) { $tags = Cache::mergeTags($tags, ['config:filter.format.plain_text']); } return $tags; } /** * {@inheritdoc} */ protected function getExpectedCacheContexts(array $sparse_fieldset = NULL) { $contexts = parent::getExpectedCacheContexts($sparse_fieldset); if ($sparse_fieldset === NULL || in_array('comment_body', $sparse_fieldset)) { $contexts = Cache::mergeContexts($contexts, ['languages:language_interface', 'theme']); } return $contexts; } /** * {@inheritdoc} */ protected function getExpectedUnauthorizedAccessMessage($method) { switch ($method) { case 'GET'; return "The 'access comments' permission is required and the comment must be published."; case 'POST'; return "The 'post comments' permission is required."; case 'PATCH': // @todo Make this unconditional when JSON:API requires Drupal 8.6 or newer. if (floatval(\Drupal::VERSION) >= 8.6) { return "The 'edit own comments' permission is required, the user must be the comment author, and the comment must be published."; } default: return parent::getExpectedUnauthorizedAccessMessage($method); } } /** * Tests POSTing a comment without critical base fields. * * Note that testPostIndividual() is testing with the most minimal * normalization possible: the one returned by ::getNormalizedPostEntity(). * * But Comment entities have some very special edge cases: * - base fields that are not marked as required in * \Drupal\comment\Entity\Comment::baseFieldDefinitions() yet in fact are * required. * - base fields that are marked as required, but yet can still result in * validation errors other than "missing required field". */ public function testPostIndividualDxWithoutCriticalBaseFields() { $this->setUpAuthorization('POST'); $this->config('jsonapi.settings')->set('read_only', FALSE)->save(TRUE); $url = Url::fromRoute(sprintf('jsonapi.%s.collection.post', static::$resourceTypeName)); $request_options = []; $request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json'; $request_options[RequestOptions::HEADERS]['Content-Type'] = 'application/vnd.api+json'; $request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions()); $remove_field = function (array $normalization, $type, $attribute_name) { unset($normalization['data'][$type][$attribute_name]); return $normalization; }; // DX: 422 when missing 'entity_type' field. $request_options[RequestOptions::BODY] = Json::encode($remove_field($this->getPostDocument(), 'attributes', 'entity_type')); $response = $this->request('POST', $url, $request_options); if (floatval(\Drupal::VERSION) >= 8.7) { $this->assertResourceErrorResponse(422, 'entity_type: This value should not be null.', NULL, $response, '/data/attributes/entity_type'); } else { $this->assertResourceErrorResponse(500, 'The "" entity type does not exist.', $url, $response, FALSE); } // DX: 422 when missing 'entity_id' field. $request_options[RequestOptions::BODY] = Json::encode($remove_field($this->getPostDocument(), 'relationships', 'entity_id')); // @todo Remove the try/catch in https://www.drupal.org/node/2820364. try { $response = $this->request('POST', $url, $request_options); if (floatval(\Drupal::VERSION) >= 8.7) { $this->assertResourceErrorResponse(422, 'entity_id: This value should not be null.', NULL, $response, '/data/attributes/entity_id'); } } catch (\Exception $e) { if (version_compare(phpversion(), '7.0') >= 0) { $this->assertSame("Error: Call to a member function get() on null\nDrupal\\comment\\Plugin\\Validation\\Constraint\\CommentNameConstraintValidator->getAnonymousContactDetailsSetting()() (Line: 96)\n", $e->getMessage()); } else { $this->assertSame(500, $response->getStatusCode()); } } // DX: 422 when missing 'field_name' field. $request_options[RequestOptions::BODY] = Json::encode($remove_field($this->getPostDocument(), 'attributes', 'field_name')); $response = $this->request('POST', $url, $request_options); if (floatval(\Drupal::VERSION) >= 8.7) { $this->assertResourceErrorResponse(422, 'field_name: This value should not be null.', NULL, $response, '/data/attributes/field_name'); } else { $this->assertSame(500, $response->getStatusCode()); } } /** * Tests POSTing a comment with and without 'skip comment approval'. */ public function testPostIndividualSkipCommentApproval() { $this->setUpAuthorization('POST'); $this->config('jsonapi.settings')->set('read_only', FALSE)->save(TRUE); // Create request. $request_options = []; $request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json'; $request_options[RequestOptions::HEADERS]['Content-Type'] = 'application/vnd.api+json'; $request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions()); $request_options[RequestOptions::BODY] = Json::encode($this->getPostDocument()); $url = Url::fromRoute('jsonapi.comment--comment.collection.post'); // Status should be FALSE when posting as anonymous. $response = $this->request('POST', $url, $request_options); $this->assertResourceResponse(201, FALSE, $response); $this->assertFalse(Json::decode((string) $response->getBody())['data']['attributes']['status']); $this->assertFalse($this->entityStorage->loadUnchanged(2)->isPublished()); // Grant anonymous permission to skip comment approval. $this->grantPermissionsToTestedRole(['skip comment approval']); // Status must be TRUE when posting as anonymous and skip comment approval. $response = $this->request('POST', $url, $request_options); $this->assertResourceResponse(201, FALSE, $response); $this->assertTrue(Json::decode((string) $response->getBody())['data']['attributes']['status']); $this->assertTrue($this->entityStorage->loadUnchanged(3)->isPublished()); } /** * {@inheritdoc} */ protected function getExpectedUnauthorizedAccessCacheability() { // @see \Drupal\comment\CommentAccessControlHandler::checkAccess() return parent::getExpectedUnauthorizedAccessCacheability() ->addCacheTags(['comment:1']); } /** * {@inheritdoc} */ protected static function entityAccess(EntityInterface $entity, $operation, AccountInterface $account) { // Also reset the 'entity_test' entity access control handler because // comment access also depends on access to the commented entity type. \Drupal::entityTypeManager()->getAccessControlHandler('entity_test')->resetCache(); return parent::entityAccess($entity, $operation, $account); } /** * {@inheritdoc} */ public function testRelated() { $this->markTestSkipped('Remove this in https://www.drupal.org/project/jsonapi/issues/2940339'); } /** * {@inheritdoc} */ protected static function getIncludePermissions() { return [ 'type' => ['administer comment types'], 'uid' => ['access user profiles'], ]; } /** * {@inheritdoc} */ public function testCollectionFilterAccess() { // Verify the expected behavior in the common case. $this->doTestCollectionFilterAccessForPublishableEntities('subject', 'access comments', 'administer comments'); $collection_url = Url::fromRoute('jsonapi.entity_test--bar.collection'); $request_options = []; $request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json'; $request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions()); // Go back to a simpler scenario: revoke the admin permission, publish the // comment and uninstall the query access test module. $this->revokePermissionsFromTestedRole(['administer comments']); $this->entity->setPublished()->save(); $this->assertTrue($this->container->get('module_installer')->uninstall(['jsonapi_test_field_filter_access'], TRUE), 'Uninstalled modules.'); // ?filter[spotlight.LABEL]: 1 result. Just as already tested above in // ::doTestCollectionFilterAccessForPublishableEntities(). $collection_filter_url = $collection_url->setOption('query', ["filter[spotlight.subject]" => $this->entity->label()]); $response = $this->request('GET', $collection_filter_url, $request_options); $doc = Json::decode((string) $response->getBody()); $this->assertCount(1, $doc['data']); // Mark the commented entity as inaccessible. \Drupal::state()->set('jsonapi__entity_test_filter_access_blacklist', [$this->entity->getCommentedEntityId()]); Cache::invalidateTags(['state:jsonapi__entity_test_filter_access_blacklist']); // ?filter[spotlight.LABEL]: 0 results. $response = $this->request('GET', $collection_filter_url, $request_options); $doc = Json::decode((string) $response->getBody()); $this->assertCount(0, $doc['data']); } /** * {@inheritdoc} */ protected static function getExpectedCollectionCacheability(AccountInterface $account, array $collection, array $sparse_fieldset = NULL, $filtered = FALSE) { $cacheability = parent::getExpectedCollectionCacheability($account, $collection, $sparse_fieldset, $filtered); if ($filtered) { $cacheability->addCacheTags(['state:jsonapi__entity_test_filter_access_blacklist']); } return $cacheability; } /** * {@inheritdoc} */ public function testPatchIndividual() { // Ensure ::getModifiedEntityForPatchTesting() can pick an alternative value // for the 'entity_id' field. EntityTest::create([ 'name' => $this->randomString(), 'type' => 'bar', ])->save(); return parent::testPatchIndividual(); } }