Chris@17
|
1 <?php
|
Chris@17
|
2
|
Chris@17
|
3 namespace Drupal\Tests\taxonomy\Functional;
|
Chris@17
|
4
|
Chris@17
|
5 use Drupal\taxonomy\Entity\Term;
|
Chris@17
|
6 use Drupal\taxonomy\TermInterface;
|
Chris@17
|
7 use Drupal\Tests\system\Functional\Cache\AssertPageCacheContextsAndTagsTrait;
|
Chris@17
|
8
|
Chris@17
|
9 /**
|
Chris@17
|
10 * Tests the taxonomy term access permissions.
|
Chris@17
|
11 *
|
Chris@17
|
12 * @group taxonomy
|
Chris@17
|
13 */
|
Chris@17
|
14 class TermAccessTest extends TaxonomyTestBase {
|
Chris@17
|
15
|
Chris@17
|
16 use AssertPageCacheContextsAndTagsTrait;
|
Chris@17
|
17
|
Chris@17
|
18 /**
|
Chris@17
|
19 * Test access control functionality for taxonomy terms.
|
Chris@17
|
20 */
|
Chris@17
|
21 public function testTermAccess() {
|
Chris@17
|
22 $assert_session = $this->assertSession();
|
Chris@17
|
23
|
Chris@17
|
24 $vocabulary = $this->createVocabulary();
|
Chris@17
|
25
|
Chris@17
|
26 // Create two terms.
|
Chris@17
|
27 $published_term = Term::create([
|
Chris@17
|
28 'vid' => $vocabulary->id(),
|
Chris@17
|
29 'name' => 'Published term',
|
Chris@17
|
30 'status' => 1,
|
Chris@17
|
31 ]);
|
Chris@17
|
32 $published_term->save();
|
Chris@17
|
33 $unpublished_term = Term::create([
|
Chris@17
|
34 'vid' => $vocabulary->id(),
|
Chris@17
|
35 'name' => 'Unpublished term',
|
Chris@17
|
36 'status' => 0,
|
Chris@17
|
37 ]);
|
Chris@17
|
38 $unpublished_term->save();
|
Chris@17
|
39
|
Chris@17
|
40 // Start off logged in as admin.
|
Chris@17
|
41 $this->drupalLogin($this->drupalCreateUser(['administer taxonomy']));
|
Chris@17
|
42
|
Chris@17
|
43 // Test the 'administer taxonomy' permission.
|
Chris@17
|
44 $this->drupalGet('taxonomy/term/' . $published_term->id());
|
Chris@17
|
45 $assert_session->statusCodeEquals(200);
|
Chris@17
|
46 $this->assertTermAccess($published_term, 'view', TRUE);
|
Chris@17
|
47 $this->drupalGet('taxonomy/term/' . $unpublished_term->id());
|
Chris@17
|
48 $assert_session->statusCodeEquals(200);
|
Chris@17
|
49 $this->assertTermAccess($unpublished_term, 'view', TRUE);
|
Chris@17
|
50
|
Chris@17
|
51 $this->drupalGet('taxonomy/term/' . $published_term->id() . '/edit');
|
Chris@17
|
52 $assert_session->statusCodeEquals(200);
|
Chris@17
|
53 $this->assertTermAccess($published_term, 'update', TRUE);
|
Chris@17
|
54 $this->drupalGet('taxonomy/term/' . $unpublished_term->id() . '/edit');
|
Chris@17
|
55 $assert_session->statusCodeEquals(200);
|
Chris@17
|
56 $this->assertTermAccess($unpublished_term, 'update', TRUE);
|
Chris@17
|
57
|
Chris@17
|
58 $this->drupalGet('taxonomy/term/' . $published_term->id() . '/delete');
|
Chris@17
|
59 $assert_session->statusCodeEquals(200);
|
Chris@17
|
60 $this->assertTermAccess($published_term, 'delete', TRUE);
|
Chris@17
|
61 $this->drupalGet('taxonomy/term/' . $unpublished_term->id() . '/delete');
|
Chris@17
|
62 $assert_session->statusCodeEquals(200);
|
Chris@17
|
63 $this->assertTermAccess($unpublished_term, 'delete', TRUE);
|
Chris@17
|
64
|
Chris@17
|
65 // Test the 'access content' permission.
|
Chris@17
|
66 $this->drupalLogin($this->drupalCreateUser(['access content']));
|
Chris@17
|
67
|
Chris@17
|
68 $this->drupalGet('taxonomy/term/' . $published_term->id());
|
Chris@17
|
69 $assert_session->statusCodeEquals(200);
|
Chris@17
|
70 $this->assertTermAccess($published_term, 'view', TRUE);
|
Chris@17
|
71
|
Chris@17
|
72 $this->drupalGet('taxonomy/term/' . $unpublished_term->id());
|
Chris@17
|
73 $assert_session->statusCodeEquals(403);
|
Chris@17
|
74 $this->assertTermAccess($unpublished_term, 'view', FALSE, "The 'access content' permission is required and the taxonomy term must be published.");
|
Chris@17
|
75
|
Chris@17
|
76 $this->drupalGet('taxonomy/term/' . $published_term->id() . '/edit');
|
Chris@17
|
77 $assert_session->statusCodeEquals(403);
|
Chris@17
|
78 $this->assertTermAccess($published_term, 'update', FALSE, "The following permissions are required: 'edit terms in {$vocabulary->id()}' OR 'administer taxonomy'.");
|
Chris@17
|
79 $this->drupalGet('taxonomy/term/' . $unpublished_term->id() . '/edit');
|
Chris@17
|
80 $assert_session->statusCodeEquals(403);
|
Chris@17
|
81 $this->assertTermAccess($unpublished_term, 'update', FALSE, "The following permissions are required: 'edit terms in {$vocabulary->id()}' OR 'administer taxonomy'.");
|
Chris@17
|
82
|
Chris@17
|
83 $this->drupalGet('taxonomy/term/' . $published_term->id() . '/delete');
|
Chris@17
|
84 $assert_session->statusCodeEquals(403);
|
Chris@17
|
85 $this->assertTermAccess($published_term, 'delete', FALSE, "The following permissions are required: 'delete terms in {$vocabulary->id()}' OR 'administer taxonomy'.");
|
Chris@17
|
86 $this->drupalGet('taxonomy/term/' . $unpublished_term->id() . '/delete');
|
Chris@17
|
87 $assert_session->statusCodeEquals(403);
|
Chris@17
|
88 $this->assertTermAccess($unpublished_term, 'delete', FALSE, "The following permissions are required: 'delete terms in {$vocabulary->id()}' OR 'administer taxonomy'.");
|
Chris@17
|
89
|
Chris@17
|
90 // Install the Views module and repeat the checks for the 'view' permission.
|
Chris@17
|
91 \Drupal::service('module_installer')->install(['views'], TRUE);
|
Chris@17
|
92 $this->rebuildContainer();
|
Chris@17
|
93
|
Chris@17
|
94 $this->drupalGet('taxonomy/term/' . $published_term->id());
|
Chris@17
|
95 $assert_session->statusCodeEquals(200);
|
Chris@17
|
96
|
Chris@17
|
97 // @todo Change this assertion to expect a 403 status code when
|
Chris@17
|
98 // https://www.drupal.org/project/drupal/issues/2983070 is fixed.
|
Chris@17
|
99 $this->drupalGet('taxonomy/term/' . $unpublished_term->id());
|
Chris@17
|
100 $assert_session->statusCodeEquals(404);
|
Chris@17
|
101 }
|
Chris@17
|
102
|
Chris@17
|
103 /**
|
Chris@17
|
104 * Checks access on taxonomy term.
|
Chris@17
|
105 *
|
Chris@17
|
106 * @param \Drupal\taxonomy\TermInterface $term
|
Chris@17
|
107 * A taxonomy term entity.
|
Chris@17
|
108 * @param $access_operation
|
Chris@17
|
109 * The entity operation, e.g. 'view', 'edit', 'delete', etc.
|
Chris@17
|
110 * @param bool $access_allowed
|
Chris@17
|
111 * Whether the current use has access to the given operation or not.
|
Chris@17
|
112 * @param string $access_reason
|
Chris@17
|
113 * (optional) The reason of the access result.
|
Chris@17
|
114 */
|
Chris@17
|
115 protected function assertTermAccess(TermInterface $term, $access_operation, $access_allowed, $access_reason = '') {
|
Chris@17
|
116 $access_result = $term->access($access_operation, NULL, TRUE);
|
Chris@17
|
117 $this->assertSame($access_allowed, $access_result->isAllowed());
|
Chris@17
|
118
|
Chris@17
|
119 if ($access_reason) {
|
Chris@17
|
120 $this->assertSame($access_reason, $access_result->getReason());
|
Chris@17
|
121 }
|
Chris@17
|
122 }
|
Chris@17
|
123
|
Chris@17
|
124 }
|