outline-8.x-1.x-dev/tests/src/Functional/EntryAccessTest.php

tests/src/Functional/EntryAccessTest.php
<?php

namespace Drupal\Tests\outline\Functional;

use Drupal\outline\Entity\Entry;
use Drupal\outline\EntryInterface;
use Drupal\Tests\system\Functional\Cache\AssertPageCacheContextsAndTagsTrait;

/**
 * Tests the outline entry access permissions.
 *
 * @group outline
 */
class EntryAccessTest extends OutlineTestBase {

  use AssertPageCacheContextsAndTagsTrait;

  /**
   * {@inheritdoc}
   */
  protected $defaultTheme = 'stark';

  /**
   * Test access control functionality for outline entries.
   */
  public function testEntryAccess() {
    $assert_session = $this->assertSession();

    $outline = $this->createOutline();

    // Create two entries.
    $published_entry = Entry::create([
      'oid' => $outline->id(),
      'name' => 'Published entry',
      'status' => 1,
    ]);
    $published_entry->save();
    $unpublished_entry = Entry::create([
      'oid' => $outline->id(),
      'name' => 'Unpublished entry',
      'status' => 0,
    ]);
    $unpublished_entry->save();

    // Start off logged in as admin.
    $this->drupalLogin($this->drupalCreateUser(['administer outline']));

    // Test the 'administer outline' permission.
    $this->drupalGet('outline/entry/' . $published_entry->id());
    $assert_session->statusCodeEquals(200);
    $this->assertEntryAccess($published_entry, 'view', TRUE);
    $this->drupalGet('outline/entry/' . $unpublished_entry->id());
    $assert_session->statusCodeEquals(200);
    $this->assertEntryAccess($unpublished_entry, 'view', TRUE);

    $this->drupalGet('outline/entry/' . $published_entry->id() . '/edit');
    $assert_session->statusCodeEquals(200);
    $this->assertEntryAccess($published_entry, 'update', TRUE);
    $this->drupalGet('outline/entry/' . $unpublished_entry->id() . '/edit');
    $assert_session->statusCodeEquals(200);
    $this->assertEntryAccess($unpublished_entry, 'update', TRUE);

    $this->drupalGet('outline/entry/' . $published_entry->id() . '/delete');
    $assert_session->statusCodeEquals(200);
    $this->assertEntryAccess($published_entry, 'delete', TRUE);
    $this->drupalGet('outline/entry/' . $unpublished_entry->id() . '/delete');
    $assert_session->statusCodeEquals(200);
    $this->assertEntryAccess($unpublished_entry, 'delete', TRUE);

    // Test the 'access content' permission.
    $this->drupalLogin($this->drupalCreateUser(['access content']));

    $this->drupalGet('outline/entry/' . $published_entry->id());
    $assert_session->statusCodeEquals(200);
    $this->assertEntryAccess($published_entry, 'view', TRUE);

    $this->drupalGet('outline/entry/' . $unpublished_entry->id());
    $assert_session->statusCodeEquals(403);
    $this->assertEntryAccess($unpublished_entry, 'view', FALSE, "The 'access content' permission is required and the outline entry must be published.");

    $this->drupalGet('outline/entry/' . $published_entry->id() . '/edit');
    $assert_session->statusCodeEquals(403);
    $this->assertEntryAccess($published_entry, 'update', FALSE, "The following permissions are required: 'edit entries in {$outline->id()}' OR 'administer outline'.");
    $this->drupalGet('outline/entry/' . $unpublished_entry->id() . '/edit');
    $assert_session->statusCodeEquals(403);
    $this->assertEntryAccess($unpublished_entry, 'update', FALSE, "The following permissions are required: 'edit entries in {$outline->id()}' OR 'administer outline'.");

    $this->drupalGet('outline/entry/' . $published_entry->id() . '/delete');
    $assert_session->statusCodeEquals(403);
    $this->assertEntryAccess($published_entry, 'delete', FALSE, "The following permissions are required: 'delete entries in {$outline->id()}' OR 'administer outline'.");
    $this->drupalGet('outline/entry/' . $unpublished_entry->id() . '/delete');
    $assert_session->statusCodeEquals(403);
    $this->assertEntryAccess($unpublished_entry, 'delete', FALSE, "The following permissions are required: 'delete entries in {$outline->id()}' OR 'administer outline'.");

    // Install the Views module and repeat the checks for the 'view' permission.
    \Drupal::service('module_installer')->install(['views'], TRUE);
    $this->rebuildContainer();

    $this->drupalGet('outline/entry/' . $published_entry->id());
    $assert_session->statusCodeEquals(200);

    // @todo Change this assertion to expect a 403 status code when
    //   https://www.drupal.org/project/drupal/issues/2983070 is fixed.
    $this->drupalGet('outline/entry/' . $unpublished_entry->id());
    $assert_session->statusCodeEquals(404);
  }

  /**
   * Checks access on outline entry.
   *
   * @param \Drupal\outline\EntryInterface $entry
   *   A outline entry entity.
   * @param $access_operation
   *   The entity operation, e.g. 'view', 'edit', 'delete', etc.
   * @param bool $access_allowed
   *   Whether the current use has access to the given operation or not.
   * @param string $access_reason
   *   (optional) The reason of the access result.
   */
  protected function assertEntryAccess(EntryInterface $entry, $access_operation, $access_allowed, $access_reason = '') {
    $access_result = $entry->access($access_operation, NULL, TRUE);
    $this->assertSame($access_allowed, $access_result->isAllowed());

    if ($access_reason) {
      $this->assertSame($access_reason, $access_result->getReason());
    }
  }

}
Главная | Обратная связь
You are here

outline-8.x-1.x-dev/tests/src/Functional/EntryAccessTest.php
