outline-8.x-1.x-dev/tests/src/Functional/OutlinePermissionsTest.php
tests/src/Functional/OutlinePermissionsTest.php
<?php
namespace Drupal\Tests\outline\Functional;
use Drupal\Component\Utility\Unicode;
/**
* Tests the outline outline permissions.
*
* @group outline
*/
class OutlinePermissionsTest extends OutlineTestBase {
/**
* Modules to enable.
*
* @var array
*/
protected static $modules = ['help'];
/**
* {@inheritdoc}
*/
protected $defaultTheme = 'stark';
protected function setUp(): void {
parent::setUp();
$this->drupalPlaceBlock('page_title_block');
$this->drupalPlaceBlock('local_actions_block');
$this->drupalPlaceBlock('help_block');
}
/**
* Create, edit and delete a outline via the user interface.
*/
public function testOutlinePermissionsOutline() {
// OutlineTest.php already tests for user with "administer outline"
// permission.
// Test as user without proper permissions.
$authenticated_user = $this->drupalCreateUser([]);
$this->drupalLogin($authenticated_user);
$assert_session = $this->assertSession();
// Visit the main outline administration page.
$this->drupalGet('admin/structure/outline');
$assert_session->statusCodeEquals(403);
// Test as user with "access outline overview" permissions.
$proper_user = $this->drupalCreateUser(['access outline overview']);
$this->drupalLogin($proper_user);
// Visit the main outline administration page.
$this->drupalGet('admin/structure/outline');
$assert_session->statusCodeEquals(200);
$assert_session->pageTextContains('Outline name');
$assert_session->linkNotExists('Add outline');
}
/**
* Test the outline overview permission.
*/
public function testOutlineOutlineOverviewPermissions() {
// Create two outlines, one with two entries, the other without any entry.
/** @var \Drupal\outline\Entity\Outline $outline1 , $outline2 */
$outline1 = $this->createOutline();
$outline2 = $this->createOutline();
$outline1_id = $outline1->id();
$outline2_id = $outline2->id();
$this->createEntry($outline1);
$this->createEntry($outline1);
// Assert expected help texts on first outline.
$edit_help_text = t('You can reorganize the entries in @capital_name using their drag-and-drop handles, and group entries under a parent entry by sliding them under and to the right of the parent.', ['@capital_name' => Unicode::ucfirst($outline1->label())]);
$no_edit_help_text = t('@capital_name contains the following entries.', ['@capital_name' => Unicode::ucfirst($outline1->label())]);
$assert_session = $this->assertSession();
// Logged in as admin user with 'administer outline' permission.
$admin_user = $this->drupalCreateUser(['administer outline']);
$this->drupalLogin($admin_user);
$this->drupalGet('admin/structure/outline/manage/' . $outline1_id . '/overview');
$assert_session->statusCodeEquals(200);
$assert_session->linkExists('Edit');
$assert_session->linkExists('Delete');
$assert_session->linkExists('Add entry');
$assert_session->buttonExists('Save');
$assert_session->pageTextContains('Weight');
$assert_session->fieldExists('Weight');
$assert_session->pageTextContains($edit_help_text);
// Visit outline overview without entries. 'Add entry' should be shown.
$this->drupalGet('admin/structure/outline/manage/' . $outline2_id . '/overview');
$assert_session->statusCodeEquals(200);
$assert_session->pageTextContains('No entries available');
$assert_session->linkExists('Add entry');
// Login as a user without any of the required permissions.
$no_permission_user = $this->drupalCreateUser();
$this->drupalLogin($no_permission_user);
$this->drupalGet('admin/structure/outline/manage/' . $outline1_id . '/overview');
$assert_session->statusCodeEquals(403);
$this->drupalGet('admin/structure/outline/manage/' . $outline2_id . '/overview');
$assert_session->statusCodeEquals(403);
// Log in as a user with only the overview permission, neither edit nor
// delete operations must be available and no Save button.
$overview_only_user = $this->drupalCreateUser(['access outline overview']);
$this->drupalLogin($overview_only_user);
$this->drupalGet('admin/structure/outline/manage/' . $outline1_id . '/overview');
$assert_session->statusCodeEquals(200);
$assert_session->linkNotExists('Edit');
$assert_session->linkNotExists('Delete');
$assert_session->buttonNotExists('Save');
$assert_session->pageTextContains('Weight');
$assert_session->fieldNotExists('Weight');
$assert_session->linkNotExists('Add entry');
$assert_session->pageTextContains($no_edit_help_text);
// Visit outline overview without entries. 'Add entry' should not be shown.
$this->drupalGet('admin/structure/outline/manage/' . $outline2_id . '/overview');
$assert_session->statusCodeEquals(200);
$assert_session->pageTextContains('No entries available');
$assert_session->linkNotExists('Add entry');
// Login as a user with permission to edit entries, only edit link should be
// visible.
$edit_user = $this->createUser([
'access outline overview',
'edit entries in ' . $outline1_id,
'edit entries in ' . $outline2_id,
]);
$this->drupalLogin($edit_user);
$this->drupalGet('admin/structure/outline/manage/' . $outline1_id . '/overview');
$assert_session->statusCodeEquals(200);
$assert_session->linkExists('Edit');
$assert_session->linkNotExists('Delete');
$assert_session->buttonExists('Save');
$assert_session->pageTextContains('Weight');
$assert_session->fieldExists('Weight');
$assert_session->linkNotExists('Add entry');
$assert_session->pageTextContains($edit_help_text);
// Visit outline overview without entries. 'Add entry' should not be shown.
$this->drupalGet('admin/structure/outline/manage/' . $outline2_id . '/overview');
$assert_session->statusCodeEquals(200);
$assert_session->pageTextContains('No entries available');
$assert_session->linkNotExists('Add entry');
// Login as a user with permission only to delete entries.
$edit_delete_user = $this->createUser([
'access outline overview',
'delete entries in ' . $outline1_id,
'delete entries in ' . $outline2_id,
]);
$this->drupalLogin($edit_delete_user);
$this->drupalGet('admin/structure/outline/manage/' . $outline1_id . '/overview');
$assert_session->statusCodeEquals(200);
$assert_session->linkNotExists('Edit');
$assert_session->linkExists('Delete');
$assert_session->linkNotExists('Add entry');
$assert_session->buttonNotExists('Save');
$assert_session->pageTextContains('Weight');
$assert_session->fieldNotExists('Weight');
$assert_session->pageTextContains($no_edit_help_text);
// Visit outline overview without entries. 'Add entry' should not be shown.
$this->drupalGet('admin/structure/outline/manage/' . $outline2_id . '/overview');
$assert_session->statusCodeEquals(200);
$assert_session->pageTextContains('No entries available');
$assert_session->linkNotExists('Add entry');
// Login as a user with permission to edit and delete entries.
$edit_delete_user = $this->createUser([
'access outline overview',
'edit entries in ' . $outline1_id,
'delete entries in ' . $outline1_id,
'edit entries in ' . $outline2_id,
'delete entries in ' . $outline2_id,
]);
$this->drupalLogin($edit_delete_user);
$this->drupalGet('admin/structure/outline/manage/' . $outline1_id . '/overview');
$assert_session->statusCodeEquals(200);
$assert_session->linkExists('Edit');
$assert_session->linkExists('Delete');
$assert_session->linkNotExists('Add entry');
$assert_session->buttonExists('Save');
$assert_session->pageTextContains('Weight');
$assert_session->fieldExists('Weight');
$assert_session->pageTextContains($edit_help_text);
// Visit outline overview without entries. 'Add entry' should not be shown.
$this->drupalGet('admin/structure/outline/manage/' . $outline2_id . '/overview');
$assert_session->statusCodeEquals(200);
$assert_session->pageTextContains('No entries available');
$assert_session->linkNotExists('Add entry');
// Login as a user with permission to create new entries, only add new entry
// link should be visible.
$edit_user = $this->createUser([
'access outline overview',
'create entries in ' . $outline1_id,
'create entries in ' . $outline2_id,
]);
$this->drupalLogin($edit_user);
$this->drupalGet('admin/structure/outline/manage/' . $outline1_id . '/overview');
$assert_session->statusCodeEquals(200);
$assert_session->linkNotExists('Edit');
$assert_session->linkNotExists('Delete');
$assert_session->linkExists('Add entry');
$assert_session->buttonNotExists('Save');
$assert_session->pageTextContains('Weight');
$assert_session->fieldNotExists('Weight');
$assert_session->pageTextContains($no_edit_help_text);
// Visit outline overview without entries. 'Add entry' should not be shown.
$this->drupalGet('admin/structure/outline/manage/' . $outline2_id . '/overview');
$assert_session->statusCodeEquals(200);
$assert_session->pageTextContains('No entries available');
$assert_session->linkExists('Add entry');
}
/**
* Create, edit and delete a outline entry via the user interface.
*/
public function testOutlinePermissionsOutlineEntry() {
// Outline used for creating, removing and editing entries.
$outline = $this->createOutline();
// Test as admin user.
$user = $this->drupalCreateUser(['administer outline']);
$this->drupalLogin($user);
// Visit the main outline administration page.
$this->drupalGet('admin/structure/outline/manage/' . $outline->id() . '/add');
$this->assertSession()->statusCodeEquals(200);
$this->assertField('edit-name-0-value', 'Add outline entry form opened successfully.');
// Submit the entry.
$edit = [];
$edit['name[0][value]'] = $this->randomMachineName();
$this->drupalPostForm(NULL, $edit, t('Save'));
$this->assertText(t('Created new entry @name.', ['@name' => $edit['name[0][value]']]), 'Entry created successfully.');
// Verify that the creation message contains a link to a entry.
$view_link = $this->xpath('//div[@class="messages"]//a[contains(@href, :href)]', [':href' => 'entry/']);
$this->assert(isset($view_link), 'The message area contains a link to a entry');
$entries = \Drupal::entityTypeManager()
->getStorage('outline_entry')
->loadByProperties(['name' => $edit['name[0][value]']]);
$entry = reset($entries);
// Edit the entry.
$this->drupalGet('outline/entry/' . $entry->id() . '/edit');
$this->assertSession()->statusCodeEquals(200);
$this->assertText($edit['name[0][value]'], 'Edit outline entry form opened successfully.');
$edit['name[0][value]'] = $this->randomMachineName();
$this->drupalPostForm(NULL, $edit, t('Save'));
$this->assertText(t('Updated entry @name.', ['@name' => $edit['name[0][value]']]), 'Entry updated successfully.');
// Delete the outline.
$this->drupalGet('outline/entry/' . $entry->id() . '/delete');
$this->assertRaw(t('Are you sure you want to delete the @entity-type %label?', ['@entity-type' => 'outline entry', '%label' => $edit['name[0][value]']]), 'Delete outline entry form opened successfully.');
// Confirm deletion.
$this->drupalPostForm(NULL, NULL, t('Delete'));
$this->assertRaw(t('Deleted entry %name.', ['%name' => $edit['name[0][value]']]), 'Entry deleted.');
// Test as user with "create" permissions.
$user = $this->drupalCreateUser(["create entries in {$outline->id()}"]);
$this->drupalLogin($user);
$assert_session = $this->assertSession();
// Create a new entry.
$this->drupalGet('admin/structure/outline/manage/' . $outline->id() . '/add');
$assert_session->statusCodeEquals(200);
$assert_session->fieldExists('name[0][value]');
// Submit the entry.
$edit = [];
$edit['name[0][value]'] = $this->randomMachineName();
$this->drupalPostForm(NULL, $edit, t('Save'));
$assert_session->pageTextContains(t('Created new entry @name.', ['@name' => $edit['name[0][value]']]));
$entries = \Drupal::entityTypeManager()
->getStorage('outline_entry')
->loadByProperties(['name' => $edit['name[0][value]']]);
$entry = reset($entries);
// Ensure that edit and delete access is denied.
$this->drupalGet('outline/entry/' . $entry->id() . '/edit');
$assert_session->statusCodeEquals(403);
$this->drupalGet('outline/entry/' . $entry->id() . '/delete');
$assert_session->statusCodeEquals(403);
// Test as user with "edit" permissions.
$user = $this->drupalCreateUser(["edit entries in {$outline->id()}"]);
$this->drupalLogin($user);
// Ensure the outline entry add form is denied.
$this->drupalGet('admin/structure/outline/manage/' . $outline->id() . '/add');
$this->assertSession()->statusCodeEquals(403);
// Create a test entry.
$entry = $this->createEntry($outline);
// Edit the entry.
$this->drupalGet('outline/entry/' . $entry->id() . '/edit');
$this->assertSession()->statusCodeEquals(200);
$this->assertText($entry->getName(), 'Edit outline entry form opened successfully.');
$edit['name[0][value]'] = $this->randomMachineName();
$this->drupalPostForm(NULL, $edit, t('Save'));
$this->assertText(t('Updated entry @name.', ['@name' => $edit['name[0][value]']]), 'Entry updated successfully.');
// Verify that the update message contains a link to a entry.
$view_link = $this->xpath('//div[@class="messages"]//a[contains(@href, :href)]', [':href' => 'entry/']);
$this->assert(isset($view_link), 'The message area contains a link to a entry');
// Ensure the entry cannot be deleted.
$this->drupalGet('outline/entry/' . $entry->id() . '/delete');
$this->assertSession()->statusCodeEquals(403);
// Test as user with "delete" permissions.
$user = $this->drupalCreateUser(["delete entries in {$outline->id()}"]);
$this->drupalLogin($user);
// Ensure the outline entry add form is denied.
$this->drupalGet('admin/structure/outline/manage/' . $outline->id() . '/add');
$this->assertSession()->statusCodeEquals(403);
// Create a test entry.
$entry = $this->createEntry($outline);
// Ensure that the entry cannot be edited.
$this->drupalGet('outline/entry/' . $entry->id() . '/edit');
$this->assertSession()->statusCodeEquals(403);
// Delete the outline.
$this->drupalGet('outline/entry/' . $entry->id() . '/delete');
$this->assertRaw(t('Are you sure you want to delete the @entity-type %label?', ['@entity-type' => 'outline entry', '%label' => $entry->getName()]), 'Delete outline entry form opened successfully.');
// Confirm deletion.
$this->drupalPostForm(NULL, NULL, t('Delete'));
$this->assertRaw(t('Deleted entry %name.', ['%name' => $entry->getName()]), 'Entry deleted.');
// Test as user without proper permissions.
$user = $this->drupalCreateUser();
$this->drupalLogin($user);
// Ensure the outline entry add form is denied.
$this->drupalGet('admin/structure/outline/manage/' . $outline->id() . '/add');
$this->assertSession()->statusCodeEquals(403);
// Create a test entry.
$entry = $this->createEntry($outline);
// Ensure that the entry cannot be edited.
$this->drupalGet('outline/entry/' . $entry->id() . '/edit');
$this->assertSession()->statusCodeEquals(403);
// Ensure the entry cannot be deleted.
$this->drupalGet('outline/entry/' . $entry->id() . '/delete');
$this->assertSession()->statusCodeEquals(403);
}
}
