jsonapi-8.x-2.x-dev/tests/src/Functional/CommentTest.php
tests/src/Functional/CommentTest.php
<?php
namespace Drupal\Tests\jsonapi\Functional;
use Drupal\comment\Entity\Comment;
use Drupal\comment\Entity\CommentType;
use Drupal\comment\Tests\CommentTestTrait;
use Drupal\Component\Serialization\Json;
use Drupal\Component\Utility\NestedArray;
use Drupal\Core\Cache\Cache;
use Drupal\Core\Entity\EntityInterface;
use Drupal\Core\Session\AccountInterface;
use Drupal\Core\Url;
use Drupal\entity_test\Entity\EntityTest;
use Drupal\Tests\jsonapi\Traits\CommonCollectionFilterAccessTestPatternsTrait;
use Drupal\user\Entity\User;
use GuzzleHttp\RequestOptions;
/**
* JSON:API integration test for the "Comment" content entity type.
*
* @group jsonapi
*/
class CommentTest extends ResourceTestBase {
use CommentTestTrait;
use CommonCollectionFilterAccessTestPatternsTrait;
/**
* {@inheritdoc}
*/
public static $modules = ['comment', 'entity_test'];
/**
* {@inheritdoc}
*/
protected static $entityTypeId = 'comment';
/**
* {@inheritdoc}
*/
protected static $resourceTypeName = 'comment--comment';
/**
* {@inheritdoc}
*/
protected static $patchProtectedFieldNames = [
'status' => "The 'administer comments' permission is required.",
'name' => "The 'administer comments' permission is required.",
'homepage' => "The 'administer comments' permission is required.",
'created' => "The 'administer comments' permission is required.",
'changed' => NULL,
'thread' => NULL,
'entity_type' => NULL,
'field_name' => NULL,
// @todo Uncomment this after https://www.drupal.org/project/drupal/issues/1847608 lands. Until then, it's impossible to test this.
// 'pid' => NULL,
'uid' => "The 'administer comments' permission is required.",
'entity_id' => NULL,
];
/**
* {@inheritdoc}
*
* @var \Drupal\comment\CommentInterface
*/
protected $entity;
/**
* {@inheritdoc}
*/
public function setUp() {
parent::setUp();
// @todo Remove this when only Drupal >= 8.7 is supported; validation order changed in 8.7.
if (floatval(\Drupal::VERSION) < 8.7) {
$tmp = static::$patchProtectedFieldNames['uid'];
unset(static::$patchProtectedFieldNames['uid']);
static::$patchProtectedFieldNames['uid'] = $tmp;
}
}
/**
* {@inheritdoc}
*/
protected function setUpAuthorization($method) {
switch ($method) {
case 'GET':
$this->grantPermissionsToTestedRole(['access comments', 'view test entity']);
break;
case 'POST':
$this->grantPermissionsToTestedRole(['post comments']);
break;
case 'PATCH':
$this->grantPermissionsToTestedRole(['edit own comments']);
break;
case 'DELETE':
$this->grantPermissionsToTestedRole(['administer comments']);
break;
}
}
/**
* {@inheritdoc}
*/
protected function createEntity() {
// Create a "bar" bundle for the "entity_test" entity type and create.
$bundle = 'bar';
entity_test_create_bundle($bundle, NULL, 'entity_test');
// Create a comment field on this bundle.
$this->addDefaultCommentField('entity_test', 'bar', 'comment');
// Create a "Camelids" test entity that the comment will be assigned to.
$commented_entity = EntityTest::create([
'name' => 'Camelids',
'type' => 'bar',
]);
$commented_entity->save();
// Create a "Llama" comment.
$comment = Comment::create([
'comment_body' => [
'value' => 'The name "llama" was adopted by European settlers from native Peruvians.',
'format' => 'plain_text',
],
'entity_id' => $commented_entity->id(),
'entity_type' => 'entity_test',
'field_name' => 'comment',
]);
$comment->setSubject('Llama')
->setOwnerId($this->account->id())
->setPublished()
->setCreatedTime(123456789)
->setChangedTime(123456789);
$comment->save();
return $comment;
}
/**
* {@inheritdoc}
*/
protected function getExpectedDocument() {
$self_url = Url::fromUri('base:/jsonapi/comment/comment/' . $this->entity->uuid())->setAbsolute()->toString(TRUE)->getGeneratedUrl();
$author = User::load($this->entity->getOwnerId());
return [
'jsonapi' => [
'meta' => [
'links' => [
'self' => ['href' => 'http://jsonapi.org/format/1.0/'],
],
],
'version' => '1.0',
],
'links' => [
'self' => ['href' => $self_url],
],
'data' => [
'id' => $this->entity->uuid(),
'type' => 'comment--comment',
'links' => [
'self' => ['href' => $self_url],
],
'attributes' => [
'created' => '1973-11-29T21:33:09+00:00',
'changed' => (new \DateTime())->setTimestamp($this->entity->getChangedTime())->setTimezone(new \DateTimeZone('UTC'))->format(\DateTime::RFC3339),
'comment_body' => [
'value' => 'The name "llama" was adopted by European settlers from native Peruvians.',
'format' => 'plain_text',
'processed' => "<p>The name "llama" was adopted by European settlers from native Peruvians.</p>\n",
],
'default_langcode' => TRUE,
'entity_type' => 'entity_test',
'field_name' => 'comment',
'homepage' => NULL,
'langcode' => 'en',
'name' => NULL,
'status' => TRUE,
'subject' => 'Llama',
'thread' => '01/',
'drupal_internal__cid' => 1,
],
'relationships' => [
'uid' => [
'data' => [
'id' => $author->uuid(),
'type' => 'user--user',
],
'links' => [
'related' => ['href' => $self_url . '/uid'],
'self' => ['href' => $self_url . '/relationships/uid'],
],
],
'comment_type' => [
'data' => [
'id' => CommentType::load('comment')->uuid(),
'type' => 'comment_type--comment_type',
],
'links' => [
'related' => ['href' => $self_url . '/comment_type'],
'self' => ['href' => $self_url . '/relationships/comment_type'],
],
],
'entity_id' => [
'data' => [
'id' => EntityTest::load(1)->uuid(),
'type' => 'entity_test--bar',
],
'links' => [
'related' => ['href' => $self_url . '/entity_id'],
'self' => ['href' => $self_url . '/relationships/entity_id'],
],
],
'pid' => [
'data' => NULL,
'links' => [
'related' => ['href' => $self_url . '/pid'],
'self' => ['href' => $self_url . '/relationships/pid'],
],
],
],
],
];
}
/**
* {@inheritdoc}
*/
protected function getPostDocument() {
return [
'data' => [
'type' => 'comment--comment',
'attributes' => [
'entity_type' => 'entity_test',
'field_name' => 'comment',
'subject' => 'Dramallama',
'comment_body' => [
'value' => 'Llamas are awesome.',
'format' => 'plain_text',
],
],
'relationships' => [
'entity_id' => [
'data' => [
'type' => 'entity_test--bar',
'id' => EntityTest::load(1)->uuid(),
],
],
],
],
];
}
/**
* {@inheritdoc}
*/
protected function getExpectedCacheTags(array $sparse_fieldset = NULL) {
$tags = parent::getExpectedCacheTags($sparse_fieldset);
if ($sparse_fieldset === NULL || in_array('comment_body', $sparse_fieldset)) {
$tags = Cache::mergeTags($tags, ['config:filter.format.plain_text']);
}
return $tags;
}
/**
* {@inheritdoc}
*/
protected function getExpectedCacheContexts(array $sparse_fieldset = NULL) {
$contexts = parent::getExpectedCacheContexts($sparse_fieldset);
if ($sparse_fieldset === NULL || in_array('comment_body', $sparse_fieldset)) {
$contexts = Cache::mergeContexts($contexts, ['languages:language_interface', 'theme']);
}
return $contexts;
}
/**
* {@inheritdoc}
*/
protected function getExpectedUnauthorizedAccessMessage($method) {
switch ($method) {
case 'GET';
return "The 'access comments' permission is required and the comment must be published.";
case 'POST';
return "The 'post comments' permission is required.";
case 'PATCH':
// @todo Make this unconditional when JSON:API requires Drupal 8.6 or newer.
if (floatval(\Drupal::VERSION) >= 8.6) {
return "The 'edit own comments' permission is required, the user must be the comment author, and the comment must be published.";
}
default:
return parent::getExpectedUnauthorizedAccessMessage($method);
}
}
/**
* Tests POSTing a comment without critical base fields.
*
* Note that testPostIndividual() is testing with the most minimal
* normalization possible: the one returned by ::getNormalizedPostEntity().
*
* But Comment entities have some very special edge cases:
* - base fields that are not marked as required in
* \Drupal\comment\Entity\Comment::baseFieldDefinitions() yet in fact are
* required.
* - base fields that are marked as required, but yet can still result in
* validation errors other than "missing required field".
*/
public function testPostIndividualDxWithoutCriticalBaseFields() {
$this->setUpAuthorization('POST');
$this->config('jsonapi.settings')->set('read_only', FALSE)->save(TRUE);
$url = Url::fromRoute(sprintf('jsonapi.%s.collection.post', static::$resourceTypeName));
$request_options = [];
$request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
$request_options[RequestOptions::HEADERS]['Content-Type'] = 'application/vnd.api+json';
$request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions());
$remove_field = function (array $normalization, $type, $attribute_name) {
unset($normalization['data'][$type][$attribute_name]);
return $normalization;
};
// DX: 422 when missing 'entity_type' field.
$request_options[RequestOptions::BODY] = Json::encode($remove_field($this->getPostDocument(), 'attributes', 'entity_type'));
$response = $this->request('POST', $url, $request_options);
if (floatval(\Drupal::VERSION) >= 8.7) {
$this->assertResourceErrorResponse(422, 'entity_type: This value should not be null.', NULL, $response, '/data/attributes/entity_type');
}
else {
$this->assertResourceErrorResponse(500, 'The "" entity type does not exist.', $url, $response, FALSE);
}
// DX: 422 when missing 'entity_id' field.
$request_options[RequestOptions::BODY] = Json::encode($remove_field($this->getPostDocument(), 'relationships', 'entity_id'));
// @todo Remove the try/catch in https://www.drupal.org/node/2820364.
try {
$response = $this->request('POST', $url, $request_options);
if (floatval(\Drupal::VERSION) >= 8.7) {
$this->assertResourceErrorResponse(422, 'entity_id: This value should not be null.', NULL, $response, '/data/attributes/entity_id');
}
}
catch (\Exception $e) {
if (version_compare(phpversion(), '7.0') >= 0) {
$this->assertSame("Error: Call to a member function get() on null\nDrupal\\comment\\Plugin\\Validation\\Constraint\\CommentNameConstraintValidator->getAnonymousContactDetailsSetting()() (Line: 96)\n", $e->getMessage());
}
else {
$this->assertSame(500, $response->getStatusCode());
}
}
// DX: 422 when missing 'field_name' field.
$request_options[RequestOptions::BODY] = Json::encode($remove_field($this->getPostDocument(), 'attributes', 'field_name'));
$response = $this->request('POST', $url, $request_options);
if (floatval(\Drupal::VERSION) >= 8.7) {
$this->assertResourceErrorResponse(422, 'field_name: This value should not be null.', NULL, $response, '/data/attributes/field_name');
}
else {
$this->assertSame(500, $response->getStatusCode());
}
}
/**
* Tests POSTing a comment with and without 'skip comment approval'.
*/
public function testPostIndividualSkipCommentApproval() {
$this->setUpAuthorization('POST');
$this->config('jsonapi.settings')->set('read_only', FALSE)->save(TRUE);
// Create request.
$request_options = [];
$request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
$request_options[RequestOptions::HEADERS]['Content-Type'] = 'application/vnd.api+json';
$request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions());
$request_options[RequestOptions::BODY] = Json::encode($this->getPostDocument());
$url = Url::fromRoute('jsonapi.comment--comment.collection.post');
// Status should be FALSE when posting as anonymous.
$response = $this->request('POST', $url, $request_options);
$this->assertResourceResponse(201, FALSE, $response);
$this->assertFalse(Json::decode((string) $response->getBody())['data']['attributes']['status']);
$this->assertFalse($this->entityStorage->loadUnchanged(2)->isPublished());
// Grant anonymous permission to skip comment approval.
$this->grantPermissionsToTestedRole(['skip comment approval']);
// Status must be TRUE when posting as anonymous and skip comment approval.
$response = $this->request('POST', $url, $request_options);
$this->assertResourceResponse(201, FALSE, $response);
$this->assertTrue(Json::decode((string) $response->getBody())['data']['attributes']['status']);
$this->assertTrue($this->entityStorage->loadUnchanged(3)->isPublished());
}
/**
* {@inheritdoc}
*/
protected function getExpectedUnauthorizedAccessCacheability() {
// @see \Drupal\comment\CommentAccessControlHandler::checkAccess()
return parent::getExpectedUnauthorizedAccessCacheability()
->addCacheTags(['comment:1']);
}
/**
* {@inheritdoc}
*/
protected static function entityAccess(EntityInterface $entity, $operation, AccountInterface $account) {
// Also reset the 'entity_test' entity access control handler because
// comment access also depends on access to the commented entity type.
\Drupal::entityTypeManager()->getAccessControlHandler('entity_test')->resetCache();
return parent::entityAccess($entity, $operation, $account);
}
/**
* {@inheritdoc}
*/
public function testRelated() {
$this->markTestSkipped('Remove this in https://www.drupal.org/project/jsonapi/issues/2940339');
}
/**
* {@inheritdoc}
*/
protected static function getIncludePermissions() {
return [
'type' => ['administer comment types'],
'uid' => ['access user profiles'],
];
}
/**
* {@inheritdoc}
*/
public function testCollectionFilterAccess() {
// Verify the expected behavior in the common case.
$this->doTestCollectionFilterAccessForPublishableEntities('subject', 'access comments', 'administer comments');
$collection_url = Url::fromRoute('jsonapi.entity_test--bar.collection');
$request_options = [];
$request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
$request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions());
// Go back to a simpler scenario: revoke the admin permission, publish the
// comment and uninstall the query access test module.
$this->revokePermissionsFromTestedRole(['administer comments']);
$this->entity->setPublished()->save();
$this->assertTrue($this->container->get('module_installer')->uninstall(['jsonapi_test_field_filter_access'], TRUE), 'Uninstalled modules.');
// ?filter[spotlight.LABEL]: 1 result. Just as already tested above in
// ::doTestCollectionFilterAccessForPublishableEntities().
$collection_filter_url = $collection_url->setOption('query', ["filter[spotlight.subject]" => $this->entity->label()]);
$response = $this->request('GET', $collection_filter_url, $request_options);
$doc = Json::decode((string) $response->getBody());
$this->assertCount(1, $doc['data']);
// Mark the commented entity as inaccessible.
\Drupal::state()->set('jsonapi__entity_test_filter_access_blacklist', [$this->entity->getCommentedEntityId()]);
Cache::invalidateTags(['state:jsonapi__entity_test_filter_access_blacklist']);
// ?filter[spotlight.LABEL]: 0 results.
$response = $this->request('GET', $collection_filter_url, $request_options);
$doc = Json::decode((string) $response->getBody());
$this->assertCount(0, $doc['data']);
}
/**
* {@inheritdoc}
*/
protected static function getExpectedCollectionCacheability(AccountInterface $account, array $collection, array $sparse_fieldset = NULL, $filtered = FALSE) {
$cacheability = parent::getExpectedCollectionCacheability($account, $collection, $sparse_fieldset, $filtered);
if ($filtered) {
$cacheability->addCacheTags(['state:jsonapi__entity_test_filter_access_blacklist']);
}
return $cacheability;
}
/**
* {@inheritdoc}
*/
public function testPatchIndividual() {
// Ensure ::getModifiedEntityForPatchTesting() can pick an alternative value
// for the 'entity_id' field.
EntityTest::create([
'name' => $this->randomString(),
'type' => 'bar',
])->save();
return parent::testPatchIndividual();
}
}
