weather-3.0.0-alpha1/tests/src/Functional/PermissionsTest.php
tests/src/Functional/PermissionsTest.php
<?php namespace Drupal\Tests\weather\Functional; use Drupal\Tests\BrowserTestBase; /** * Tests permissions and access settings for different users. * * @group Weather * * @requires module weather * @requires module block */ class PermissionsTest extends BrowserTestBase { /** * Modules to enable. * * @var array */ protected static $modules = ['weather', 'block']; use WeatherCommonTestTrait; /** * The tests don't need markup, so use 'stark' as theme. * * @var string */ protected $defaultTheme = 'stark'; /** * Permissions of weather block. * * This test requires that at least one system wide block is enabled. * * @throws \Drupal\Core\Entity\EntityStorageException * @throws \ReflectionException */ public function testPermissions() { // Set a fixed time for testing to 2013-10-07 20:00:00 UTC. $config = \Drupal::configFactory()->getEditable('weather.settings'); $config->set('weather_time_for_testing', 1381176000)->save(); // Fill database with a test data. $this->weatherFillWeatherSchema('geonames_703448.xml'); // This user is allowed to view the system block. $normal_user = $this->drupalCreateUser([ 'access content', ]); // This user is allowed to administer a custom weather block. $weather_user_1 = $this->drupalCreateUser([ 'access content', 'administer blocks', ]); // This user is also allowed to administer a custom weather block, // like weather_user_1. However, they are not allowed to edit the // custom block of weather_user_1. $weather_user_2 = $this->drupalCreateUser([ 'access content', 'administer blocks', ]); // This user may setup a system-wide weather block. $admin_user = $this->drupalCreateUser([ 'access content', 'administer system-wide weather', 'administer blocks', ]); // Test with admin user. $this->drupalLogin($admin_user); // Get different pages. $this->drupalGet('node'); $this->drupalGet('admin/config/user-interface/weather'); $this->assertSession()->pageTextContains('Directory for custom images'); // Enable a system-wide weather block. $this->drupalGet('admin/config/user-interface/weather/system-wide/add'); $this->submitForm([], 'Save'); // Make sure that the weather block is not // displayed without a configured place. $this->drupalGet('node'); $this->assertSession()->responseNotContains('<div class="weather">'); $this->assertSession()->linkNotExists('Kyiv'); $this->assertSession()->linkByHrefNotExists('weather/Ukraine/Kiev/Kyiv/1'); // Configure the default place. $this->drupalGet('admin/config/user-interface/weather/system-wide/1/add'); $this->submitForm([], 'Save'); // Enable & place block. $this->drupalGet('admin/structure/block/add/weather_system_display_block:1/stark'); $this->submitForm(['region' => 'sidebar_first'], 'Save block'); $this->drupalGet('admin/config/user-interface/weather'); $this->assertSession()->pageTextContains('Directory for custom images'); $this->assertSession()->pageTextContains('Kyiv'); $this->assertSession()->pageTextContains('Add location to this display'); // Make sure that the weather block is displayed now. $this->drupalGet('node'); $this->assertSession()->responseContains('<div class="weather">'); $this->assertSession()->linkExists('Kyiv'); $this->assertSession()->linkByHrefExists('weather/Ukraine/Kiev/Kyiv/1'); // Logout current user. $this->drupalLogout(); // Test with normal user. $this->drupalLogin($normal_user); // Get front page. $this->drupalGet('node'); $this->assertSession()->pageTextContains('Weather'); $this->assertSession()->responseContains('<div class="weather">'); $this->assertSession()->linkExists('Kyiv'); $this->assertSession()->linkByHrefExists('weather/Ukraine/Kiev/Kyiv/1'); // Administration of weather module should be forbidden. $this->drupalGet('admin/config/user-interface/weather'); $this->assertSession()->statusCodeEquals(403); $this->assertSession()->pageTextContains('You are not authorized to access this page'); // Search page should be forbidden. $this->drupalGet('weather'); $this->assertSession()->statusCodeEquals(404); $this->assertSession()->pageTextContains('The requested page could not be found'); // The user may view the page with the detailed forecast of the // system-wide display. $this->drupalGet('weather/Ukraine/Kiev/Kyiv/1'); $this->assertSession()->statusCodeEquals(200); $this->assertSession()->pageTextContains('Weather forecast'); $this->assertSession()->pageTextContains('Kyiv'); // Logout current user. $this->drupalLogout(); // Test with weather user 1. $this->drupalLogin($weather_user_1); // Get front page. $this->drupalGet('node'); $this->assertSession()->pageTextContains('Weather'); $this->assertSession()->responseContains('<div class="weather">'); $this->assertSession()->linkExists('Kyiv'); $this->assertSession()->linkByHrefExists('weather/Ukraine/Kiev/Kyiv/1'); // Administration of weather module should be forbidden. $this->drupalGet('admin/config/user-interface/weather'); $this->assertSession()->statusCodeEquals(403); $this->assertSession()->pageTextContains('You are not authorized to access this page'); // Search page should be forbidden. $this->drupalGet('weather'); $this->assertSession()->statusCodeEquals(404); $this->assertSession()->pageTextContains('The requested page could not be found'); // Using the direct search URL should be forbidden. $this->drupalGet('weather/zollenspieker'); $this->assertSession()->statusCodeEquals(404); $this->assertSession()->pageTextContains('The requested page could not be found'); // The user may view the page with the detailed forecast of the // system-wide display. $this->drupalGet('weather/Ukraine/Kiev/Kyiv/1'); $this->assertSession()->statusCodeEquals(200); // But the user may not view any other detailed forecasts. // This needs the permission to access the search page. $this->drupalGet('weather/Germany/Hamburg/Zollenspieker'); $this->assertSession()->statusCodeEquals(404); $this->assertSession()->pageTextNotContains('Zollenspieker'); // Logout current user. $this->drupalLogout(); // Test with weather user 2. $this->drupalLogin($weather_user_2); // Get front page. $this->drupalGet('node'); $this->assertSession()->pageTextContains('Weather'); $this->assertSession()->responseContains('<div class="weather">'); $this->assertSession()->linkExists('Kyiv'); $this->assertSession()->linkByHrefExists('weather/Ukraine/Kiev/Kyiv/1'); // Administration of weather module should be forbidden. $this->drupalGet('admin/config/user-interface/weather'); $this->assertSession()->statusCodeEquals(403); $this->assertSession()->pageTextContains('You are not authorized to access this page'); // Search page should be forbidden. $this->drupalGet('weather'); $this->assertSession()->statusCodeEquals(404); $this->assertSession()->pageTextContains('The requested page could not be found'); // Using the direct search URL should be forbidden. $this->drupalGet('weather/zollenspieker'); $this->assertSession()->statusCodeEquals(404); $this->assertSession()->pageTextContains('The requested page could not be found'); // The user may view the page with the detailed forecast of the // system-wide display. $this->drupalGet('weather/Ukraine/Kiev/Kyiv/1'); $this->assertSession()->statusCodeEquals(200); // But the user may not view any other detailed forecasts. $this->drupalGet('weather/Germany/Hamburg/Zollenspieker'); $this->assertSession()->statusCodeEquals(404); $this->assertSession()->pageTextNotContains('Zollenspieker'); // Logout current user. $this->drupalLogout(); } }