Mercurial > hg > cmmr2012-drupal-site

comparison core/modules/media/tests/src/Kernel/MediaAccessControlHandlerTest.php @ 5:12f9dff5fda9 tip

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Update to Drupal core 8.7.1
author Chris Cannam
date Thu, 09 May 2019 15:34:47 +0100
parents
children
comparison
equal deleted inserted replaced
4:a9cd425dd02b 5:12f9dff5fda9
1 <?php
2
3 namespace Drupal\Tests\media\Kernel;
4
5 use Drupal\Core\Access\AccessResult;
6 use Drupal\Core\Access\AccessResultInterface;
7 use Drupal\media\Entity\Media;
8 use Drupal\Tests\user\Traits\UserCreationTrait;
9
10 /**
11 * Tests the media access control handler.
12 *
13 * @group media
14 *
15 * @coversDefaultClass \Drupal\media\MediaAccessControlHandler
16 */
17 class MediaAccessControlHandlerTest extends MediaKernelTestBase {
18
19 use UserCreationTrait;
20
21 /**
22 * Tests the media access control handler.
23 *
24 * @param string[] $permissions
25 * The permissions that the user should be given.
26 * @param array $entity_values
27 * Initial values from which to create the media entity.
28 * @param string $operation
29 * The operation, one of 'view', 'update' or 'delete'.
30 * @param \Drupal\Core\Access\AccessResultInterface $expected_result
31 * Expected result.
32 * @param string[] $expected_cache_contexts
33 * Expected cache contexts.
34 * @param string[] $expected_cache_tags
35 * Expected cache tags.
36 *
37 * @covers ::checkAccess
38 * @dataProvider providerAccess
39 */
40 public function testAccess(array $permissions, array $entity_values, $operation, AccessResultInterface $expected_result, array $expected_cache_contexts, array $expected_cache_tags) {
41 // Set a fixed ID so the type specific permissions match.
42 $media_type = $this->createMediaType('test', [
43 'id' => 'test',
44 ]);
45
46 $user = $this->createUser($permissions);
47
48 $entity_values += [
49 'status' => FALSE,
50 'uid' => $user->id(),
51 'bundle' => $media_type->id(),
52 ];
53
54 $entity = Media::create($entity_values);
55 $entity->save();
56 /** @var \Drupal\Core\Entity\EntityAccessControlHandlerInterface $access_handler */
57 $access_handler = $this->container->get('entity_type.manager')->getAccessControlHandler('media');
58 $this->assertAccess($expected_result, $expected_cache_contexts, $expected_cache_tags, $access_handler->access($entity, $operation, $user, TRUE));
59 }
60
61 /**
62 * @param string[] $permissions
63 * User permissions.
64 * @param \Drupal\Core\Access\AccessResultInterface $expected_result
65 * Expected result.
66 * @param string[] $expected_cache_contexts
67 * Expected cache contexts.
68 * @param string[] $expected_cache_tags
69 * Expected cache tags.
70 *
71 * @covers ::checkCreateAccess
72 * @dataProvider providerCreateAccess
73 */
74 public function testCreateAccess(array $permissions, AccessResultInterface $expected_result, array $expected_cache_contexts, array $expected_cache_tags) {
75 $user = $this->createUser($permissions);
76
77 /** @var \Drupal\Core\Entity\EntityAccessControlHandlerInterface $access_handler */
78 $access_handler = $this->container->get('entity_type.manager')->getAccessControlHandler('media');
79 $this->assertAccess($expected_result, $expected_cache_contexts, $expected_cache_tags, $access_handler->createAccess('test', $user, [], TRUE));
80 }
81
82 /**
83 * Asserts an access result.
84 *
85 * @param \Drupal\Core\Access\AccessResultInterface $expected_access_result
86 * The expected access result.
87 * @param string[] $expected_cache_contexts
88 * Expected contexts.
89 * @param string[] $expected_cache_tags
90 * Expected cache tags
91 * @param \Drupal\Core\Access\AccessResultInterface $actual
92 * The actual access result.
93 */
94 protected function assertAccess(AccessResultInterface $expected_access_result, array $expected_cache_contexts, array $expected_cache_tags, AccessResultInterface $actual) {
95 $this->assertSame($expected_access_result->isAllowed(), $actual->isAllowed());
96 $this->assertSame($expected_access_result->isForbidden(), $actual->isForbidden());
97 $this->assertSame($expected_access_result->isNeutral(), $actual->isNeutral());
98
99 $actual_cache_contexts = $actual->getCacheContexts();
100 sort($expected_cache_contexts);
101 sort($actual_cache_contexts);
102 $this->assertSame($expected_cache_contexts, $actual_cache_contexts);
103
104 $actual_cache_tags = $actual->getCacheTags();
105 sort($expected_cache_tags);
106 sort($actual_cache_tags);
107 $this->assertSame($expected_cache_tags, $actual_cache_tags);
108 }
109
110 /**
111 * Data provider for testAccess().
112 *
113 * @return array
114 * The data sets to test.
115 */
116 public function providerAccess() {
117 $test_data = [];
118
119 // Check published / unpublished media access for a user owning the media
120 // item without permissions.
121 $test_data['owner, no permissions / published / view'] = [
122 [],
123 ['status' => TRUE],
124 'view',
125 AccessResult::neutral(),
126 ['user.permissions'],
127 ['media:1'],
128 ];
129 $test_data['owner, no permissions / published / update'] = [
130 [],
131 ['status' => TRUE],
132 'update',
133 AccessResult::neutral(),
134 ['user.permissions'],
135 [],
136 ];
137 $test_data['owner, no permissions / published / delete'] = [
138 [],
139 ['status' => TRUE],
140 'delete',
141 AccessResult::neutral(),
142 ['user.permissions'],
143 [],
144 ];
145 $test_data['owner, no permissions / unpublished / view'] = [
146 [],
147 [],
148 'view',
149 AccessResult::neutral(),
150 ['user.permissions'],
151 ['media:1'],
152 ];
153 $test_data['owner, no permissions / unpublished / update'] = [
154 [],
155 [],
156 'update',
157 AccessResult::neutral(),
158 ['user.permissions'],
159 [],
160 ];
161 $test_data['owner, no permissions / unpublished / delete'] = [
162 [],
163 [],
164 'delete',
165 AccessResult::neutral(),
166 ['user.permissions'],
167 [],
168 ];
169
170 // Check published / unpublished media access for a user not owning the
171 // media item without permissions.
172 $test_data['not owner, no permissions / published / view'] = [
173 [],
174 ['uid' => 0, 'status' => TRUE],
175 'view',
176 AccessResult::neutral(),
177 ['user.permissions'],
178 ['media:1'],
179 ];
180 $test_data['not owner, no permissions / published / update'] = [
181 [],
182 ['uid' => 0, 'status' => TRUE],
183 'update',
184 AccessResult::neutral(),
185 ['user.permissions'],
186 [],
187 ];
188 $test_data['not owner, no permissions / published / delete'] = [
189 [],
190 ['uid' => 0, 'status' => TRUE],
191 'delete',
192 AccessResult::neutral(),
193 ['user.permissions'],
194 [],
195 ];
196 $test_data['not owner, no permissions / unpublished / view'] = [
197 [],
198 ['uid' => 0],
199 'view',
200 AccessResult::neutral(),
201 ['user.permissions'],
202 ['media:1'],
203 ];
204 $test_data['not owner, no permissions / unpublished / update'] = [
205 [],
206 ['uid' => 0],
207 'update',
208 AccessResult::neutral(),
209 ['user.permissions'],
210 [],
211 ];
212 $test_data['not owner, no permissions / unpublished / delete'] = [
213 [],
214 ['uid' => 0],
215 'delete',
216 AccessResult::neutral(),
217 ['user.permissions'],
218 [],
219 ];
220
221 // Check published / unpublished media access for a user owning the media
222 // item with only the 'view media' permission.
223 $test_data['owner, can view media / published / view'] = [
224 ['view media'],
225 ['status' => TRUE],
226 'view',
227 AccessResult::allowed(),
228 ['user.permissions'],
229 ['media:1'],
230 ];
231 $test_data['owner, can view media / published / update'] = [
232 ['view media'],
233 ['status' => TRUE],
234 'update',
235 AccessResult::neutral(),
236 ['user.permissions'],
237 [],
238 ];
239 $test_data['owner, can view media / published / delete'] = [
240 ['view media'],
241 ['status' => TRUE],
242 'delete',
243 AccessResult::neutral(),
244 ['user.permissions'],
245 [],
246 ];
247 $test_data['owner, can view media / unpublished / view'] = [
248 ['view media'],
249 [],
250 'view',
251 AccessResult::neutral(),
252 ['user.permissions'],
253 ['media:1'],
254 ];
255 $test_data['owner, can view media / unpublished / update'] = [
256 ['view media'],
257 [],
258 'update',
259 AccessResult::neutral(),
260 ['user.permissions'],
261 [],
262 ];
263 $test_data['owner, can view media / unpublished / delete'] = [
264 ['view media'],
265 [],
266 'delete',
267 AccessResult::neutral(),
268 ['user.permissions'],
269 [],
270 ];
271
272 // Check published / unpublished media access for a user not owning the
273 // media item with only the 'view media' permission.
274 $test_data['not owner, can view media / published / view'] = [
275 ['view media'],
276 ['uid' => 0, 'status' => TRUE],
277 'view',
278 AccessResult::allowed(),
279 ['user.permissions'],
280 ['media:1'],
281 ];
282 $test_data['not owner, can view media / published / update'] = [
283 ['view media'],
284 ['uid' => 0, 'status' => TRUE],
285 'update',
286 AccessResult::neutral(),
287 ['user.permissions'],
288 [],
289 ];
290 $test_data['not owner, can view media / published / delete'] = [
291 ['view media'],
292 ['uid' => 0, 'status' => TRUE],
293 'delete',
294 AccessResult::neutral(),
295 ['user.permissions'],
296 [],
297 ];
298 $test_data['not owner, can view media / unpublished / view'] = [
299 ['view media'],
300 ['uid' => 0],
301 'view',
302 AccessResult::neutral(),
303 ['user.permissions'],
304 ['media:1'],
305 ];
306 $test_data['not owner, can view media / unpublished / update'] = [
307 ['view media'],
308 ['uid' => 0],
309 'update',
310 AccessResult::neutral(),
311 ['user.permissions'],
312 [],
313 ];
314 $test_data['not owner, can view media / unpublished / delete'] = [
315 ['view media'],
316 ['uid' => 0],
317 'delete',
318 AccessResult::neutral(),
319 ['user.permissions'],
320 [],
321 ];
322
323 // Check published / unpublished media access for a user owning the media
324 // item with the 'view media' and 'view own unpublished' permission.
325 $test_data['owner, can view own unpublished media / published / view'] = [
326 ['view media', 'view own unpublished media'],
327 ['status' => TRUE],
328 'view',
329 AccessResult::allowed(),
330 ['user.permissions'],
331 ['media:1'],
332 ];
333 $test_data['owner, can view own unpublished media / published / update'] = [
334 ['view media', 'view own unpublished media'],
335 ['status' => TRUE],
336 'update',
337 AccessResult::neutral(),
338 ['user.permissions'],
339 [],
340 ];
341 $test_data['owner, can view own unpublished media / published / delete'] = [
342 ['view media', 'view own unpublished media'],
343 ['status' => TRUE],
344 'delete',
345 AccessResult::neutral(),
346 ['user.permissions'],
347 [],
348 ];
349 $test_data['owner, can view own unpublished media / unpublished / view'] = [
350 ['view media', 'view own unpublished media'],
351 [],
352 'view',
353 AccessResult::allowed(),
354 ['user.permissions', 'user'],
355 ['media:1'],
356 ];
357 $test_data['owner, can view own unpublished media / unpublished / update'] = [
358 ['view media', 'view own unpublished media'],
359 [],
360 'update',
361 AccessResult::neutral(),
362 ['user.permissions'],
363 [],
364 ];
365 $test_data['owner, can view own unpublished media / unpublished / delete'] = [
366 ['view media', 'view own unpublished media'],
367 [],
368 'delete',
369 AccessResult::neutral(),
370 ['user.permissions'],
371 [],
372 ];
373
374 // Check published / unpublished media access for a user not owning the
375 // media item with the 'view media' and 'view own unpublished' permission.
376 $test_data['not owner, can view own unpublished media / published / view'] = [
377 ['view media', 'view own unpublished media'],
378 ['uid' => 0, 'status' => TRUE],
379 'view',
380 AccessResult::allowed(),
381 ['user.permissions'],
382 ['media:1'],
383 ];
384 $test_data['not owner, can view own unpublished media / published / update'] = [
385 ['view media', 'view own unpublished media'],
386 ['uid' => 0, 'status' => TRUE],
387 'update',
388 AccessResult::neutral(),
389 ['user.permissions'],
390 [],
391 ];
392 $test_data['not owner, can view own unpublished media / published / delete'] = [
393 ['view media', 'view own unpublished media'],
394 ['uid' => 0, 'status' => TRUE],
395 'delete',
396 AccessResult::neutral(),
397 ['user.permissions'],
398 [],
399 ];
400 $test_data['not owner, can view own unpublished media / unpublished / view'] = [
401 ['view media', 'view own unpublished media'],
402 ['uid' => 0],
403 'view',
404 AccessResult::neutral(),
405 ['user.permissions', 'user'],
406 ['media:1'],
407 ];
408 $test_data['not owner, can view own unpublished media / unpublished / update'] = [
409 ['view media', 'view own unpublished media'],
410 ['uid' => 0],
411 'update',
412 AccessResult::neutral(),
413 ['user.permissions'],
414 [],
415 ];
416 $test_data['not owner, can view own unpublished media / unpublished / delete'] = [
417 ['view media', 'view own unpublished media'],
418 ['uid' => 0],
419 'delete',
420 AccessResult::neutral(),
421 ['user.permissions'],
422 [],
423 ];
424
425 return $test_data;
426 }
427
428 /**
429 * Data provider for testCreateAccess().
430 *
431 * @return array
432 * The data sets to test.
433 */
434 public function providerCreateAccess() {
435 $test_data = [];
436
437 // Check create access for a user without permissions.
438 $test_data['user, no permissions / create'] = [
439 [],
440 AccessResult::neutral()->setReason("The following permissions are required: 'administer media' OR 'create media'."),
441 ['user.permissions'],
442 [],
443 ];
444
445 // Check create access for a user with the 'view media' permission.
446 $test_data['user, can view media / create'] = [
447 [
448 'view media',
449 ],
450 AccessResult::neutral("The following permissions are required: 'administer media' OR 'create media'."),
451 ['user.permissions'],
452 [],
453 ];
454
455 // Check create access for a user with the 'view media' and 'view own
456 // unpublished media' permission.
457 $test_data['user, can view own unpublished media / create'] = [
458 [
459 'view media',
460 'view own unpublished media',
461 ],
462 AccessResult::neutral("The following permissions are required: 'administer media' OR 'create media'."),
463 ['user.permissions'],
464 [],
465 ];
466
467 // Check create access for a user with the 'view media', 'view own
468 // unpublished media', 'update any media' and 'delete any media' permission.
469 $test_data['user, can view own unpublished media and update or delete any media / create'] = [
470 [
471 'view media',
472 'view own unpublished media',
473 'update any media',
474 'delete any media',
475 ],
476 AccessResult::neutral("The following permissions are required: 'administer media' OR 'create media'."),
477 ['user.permissions'],
478 [],
479 ];
480
481 // Check create access for a user with the 'view media', 'view own
482 // unpublished media', 'update media' and 'delete media' permission.
483 $test_data['user, can view own unpublished media and update or delete own media / create'] = [
484 [
485 'view media',
486 'view own unpublished media',
487 'update media',
488 'delete media',
489 ],
490 AccessResult::neutral("The following permissions are required: 'administer media' OR 'create media'."),
491 ['user.permissions'],
492 [],
493 ];
494
495 // Check create access for a user with the 'view media', 'view own
496 // unpublished media', 'update any media', 'delete any media', 'update
497 // media' and 'delete media' permission.
498 $test_data['user, can view own unpublished media and update or delete all media / create'] = [
499 [
500 'view media',
501 'view own unpublished media',
502 'update any media',
503 'delete any media',
504 'update media',
505 'delete media',
506 ],
507 AccessResult::neutral("The following permissions are required: 'administer media' OR 'create media'."),
508 ['user.permissions'],
509 [],
510 ];
511
512 // Check create access for a user with all media permissions except 'create
513 // media' or 'administer media'.
514 $test_data['user, can not create or administer media / create'] = [
515 [
516 'access media overview',
517 'view media',
518 'view own unpublished media',
519 'update any media',
520 'delete any media',
521 'update media',
522 'delete media',
523 ],
524 AccessResult::neutral("The following permissions are required: 'administer media' OR 'create media'."),
525 ['user.permissions'],
526 [],
527 ];
528
529 // Check create access for a user with the 'create media' permission.
530 $test_data['user, can create media / create'] = [
531 [
532 'create media',
533 ],
534 AccessResult::allowed(),
535 ['user.permissions'],
536 [],
537 ];
538
539 // Check create access for a user with the 'administer media' permission.
540 $test_data['user, can administer media / create'] = [
541 [
542 'administer media',
543 ],
544 AccessResult::allowed(),
545 ['user.permissions'],
546 [],
547 ];
548
549 return $test_data;
550 }
551
552 }