workbench_access-8.x-1.x-dev/tests/src/Kernel/EntityTestAccessTest.php
tests/src/Kernel/EntityTestAccessTest.php
<?php
namespace Drupal\Tests\workbench_access\Kernel;
use Drupal\entity_test\Entity\EntityTest;
use Drupal\KernelTests\KernelTestBase;
use Drupal\taxonomy\Entity\Term;
use Drupal\Tests\node\Traits\ContentTypeCreationTrait;
use Drupal\Tests\UiHelperTrait;
use Drupal\Tests\user\Traits\UserCreationTrait;
use Drupal\Tests\workbench_access\Traits\WorkbenchAccessTestTrait;
use Drupal\workbench_access\Entity\AccessScheme;
use Drupal\workbench_access\WorkbenchAccessManagerInterface;
/**
* Tests workbench_access integration with entity_test.
*
* @group workbench_access
*/
class EntityTestAccessTest extends KernelTestBase {
use ContentTypeCreationTrait;
use UiHelperTrait;
use UserCreationTrait;
use WorkbenchAccessTestTrait;
/**
* Access vocabulary.
*
* @var \Drupal\taxonomy\VocabularyInterface
*/
protected $vocabulary;
/**
* Access control scheme.
*
* @var \Drupal\workbench_access\Entity\AccessSchemeInterface
*/
protected $scheme;
/**
* User section storage.
*
* @var \Drupal\workbench_access\UserSectionStorage
*/
protected $userStorage;
/**
* {@inheritdoc}
*/
protected static $modules = [
'entity_test',
'text',
'system',
'user',
'workbench_access',
'field',
'filter',
'taxonomy',
'options',
];
/**
* Access handler.
*
* @var \Drupal\Core\Entity\EntityAccessControlHandlerInterface
*/
protected $accessHandler;
/**
* {@inheritdoc}
*/
protected function setUp(): void {
parent::setUp();
$this->installEntitySchema('entity_test');
entity_test_create_bundle('access_controlled');
entity_test_create_bundle('not_access_controlled');
$this->installConfig(['filter', 'entity_test', 'workbench_access']);
$this->installEntitySchema('access_scheme');
$this->scheme = AccessScheme::create([
'id' => 'editorial_section',
'label' => 'Editorial section',
'plural_label' => 'Editorial sections',
'scheme' => 'taxonomy',
'scheme_settings' => [
'vocabularies' => ['workbench_access'],
'fields' => [
[
'entity_type' => 'entity_test',
'bundle' => 'access_controlled',
'field' => WorkbenchAccessManagerInterface::FIELD_NAME,
],
],
],
]);
$this->scheme->save();
$this->installEntitySchema('user');
$this->installEntitySchema('taxonomy_term');
$this->installEntitySchema('section_association');
$this->installSchema('system', ['sequences']);
$this->vocabulary = $this->setUpVocabulary();
$this->accessHandler = $this->container->get('entity_type.manager')
->getAccessControlHandler('entity_test');
$this->setUpTaxonomyFieldForEntityType('entity_test', 'access_controlled', $this->vocabulary->id());
$this->userStorage = \Drupal::service('workbench_access.user_section_storage');
}
/**
* Test create access integration.
*/
public function testCreateAccess() {
// The first user in a kernel test gets UID 1, so we need to make sure we're
// not testing with that user.
$this->createUser();
// Create a section.
$term = Term::create([
'vid' => $this->vocabulary->id(),
'name' => 'Some section',
]);
$term->save();
// Create two users with equal permissions but assign one of them to the
// section.
$permissions = [
'administer entity_test content',
'view test entity',
];
$allowed_editor = $this->createUser($permissions);
$allowed_editor->save();
$this->userStorage->addUser($this->scheme, $allowed_editor, [$term->id()]);
$editor_with_no_access = $this->createUser($permissions);
$permissions[] = 'bypass workbench access';
$editor_with_bypass_access = $this->createUser($permissions);
$this->assertTrue($this->accessHandler->createAccess('access_controlled', $allowed_editor));
$this->assertFalse($this->accessHandler->createAccess('access_controlled', $editor_with_no_access));
$this->assertTrue($this->accessHandler->createAccess('access_controlled', $editor_with_bypass_access));
}
/**
* Test edit access integration.
*/
public function testEditAccess() {
// The first user in a kernel test gets UID 1, so we need to make sure we're
// not testing with that user.
$this->createUser();
// Create a section.
$term = Term::create([
'vid' => $this->vocabulary->id(),
'name' => 'Some section',
]);
$term->save();
// Create two users with equal permissions but assign one of them to the
// section.
$permissions = [
'administer entity_test content',
'view test entity',
];
$allowed_editor = $this->createUser($permissions);
$allowed_editor->save();
$this->userStorage->addUser($this->scheme, $allowed_editor, [$term->id()]);
$editor_with_no_access = $this->createUser($permissions);
// Test an entity that is not subject to access control.
$entity = EntityTest::create([
'type' => 'not_access_controlled',
'name' => 'come on in',
]);
$this->assertTrue($this->accessHandler->access($entity, 'update', $allowed_editor));
$this->assertTrue($this->accessHandler->access($entity, 'update', $editor_with_no_access));
// Test an entity that is not assigned to a section. Both should be allowed
// because we do not assert access control by default.
$entity1 = EntityTest::create([
'type' => 'access_controlled',
'name' => 'come on in',
]);
$this->assertTrue($this->accessHandler->access($entity1, 'update', $allowed_editor));
$this->assertTrue($this->accessHandler->access($entity1, 'update', $editor_with_no_access));
// Create an entity that is assigned to a section.
$entity2 = EntityTest::create([
'type' => 'access_controlled',
'name' => 'restricted',
WorkbenchAccessManagerInterface::FIELD_NAME => $term->id(),
]);
$this->assertTrue($this->accessHandler->access($entity2, 'update', $allowed_editor));
$this->assertFalse($this->accessHandler->access($entity2, 'update', $editor_with_no_access));
// With strict checking, entities that are not assigned to a section return
// false.
$this->config('workbench_access.settings')
->set('deny_on_empty', 1)
->save();
// Test a new entity because the results for $entity1 are cached.
$entity3 = EntityTest::create([
'type' => 'access_controlled',
'name' => 'restricted',
]);
$this->assertFalse($this->accessHandler->access($entity3, 'update', $allowed_editor));
$this->assertFalse($this->accessHandler->access($entity3, 'update', $editor_with_no_access));
// Delete the scheme.
$this->scheme->delete();
// Should now allow access.
$this->accessHandler->resetCache();
$this->assertTrue($this->accessHandler->access($entity2, 'update', $editor_with_no_access));
}
}
