|
Chris@14
|
1 <?php
|
|
Chris@14
|
2
|
|
Chris@14
|
3 namespace Drupal\Tests\user\Functional;
|
|
Chris@14
|
4
|
|
Chris@14
|
5 use Drupal\Tests\BrowserTestBase;
|
|
Chris@14
|
6 use Drupal\user\RoleInterface;
|
|
Chris@14
|
7 use Drupal\user\Entity\Role;
|
|
Chris@14
|
8
|
|
Chris@14
|
9 /**
|
|
Chris@14
|
10 * Verify that role permissions can be added and removed via the permissions
|
|
Chris@14
|
11 * page.
|
|
Chris@14
|
12 *
|
|
Chris@14
|
13 * @group user
|
|
Chris@14
|
14 */
|
|
Chris@14
|
15 class UserPermissionsTest extends BrowserTestBase {
|
|
Chris@14
|
16
|
|
Chris@14
|
17 /**
|
|
Chris@14
|
18 * User with admin privileges.
|
|
Chris@14
|
19 *
|
|
Chris@14
|
20 * @var \Drupal\user\UserInterface
|
|
Chris@14
|
21 */
|
|
Chris@14
|
22 protected $adminUser;
|
|
Chris@14
|
23
|
|
Chris@14
|
24 /**
|
|
Chris@14
|
25 * User's role ID.
|
|
Chris@14
|
26 *
|
|
Chris@14
|
27 * @var string
|
|
Chris@14
|
28 */
|
|
Chris@14
|
29 protected $rid;
|
|
Chris@14
|
30
|
|
Chris@14
|
31 protected function setUp() {
|
|
Chris@14
|
32 parent::setUp();
|
|
Chris@14
|
33
|
|
Chris@14
|
34 $this->adminUser = $this->drupalCreateUser(['administer permissions', 'access user profiles', 'administer site configuration', 'administer modules', 'administer account settings']);
|
|
Chris@14
|
35
|
|
Chris@14
|
36 // Find the new role ID.
|
|
Chris@14
|
37 $all_rids = $this->adminUser->getRoles();
|
|
Chris@14
|
38 unset($all_rids[array_search(RoleInterface::AUTHENTICATED_ID, $all_rids)]);
|
|
Chris@14
|
39 $this->rid = reset($all_rids);
|
|
Chris@14
|
40 }
|
|
Chris@14
|
41
|
|
Chris@14
|
42 /**
|
|
Chris@14
|
43 * Test changing user permissions through the permissions page.
|
|
Chris@14
|
44 */
|
|
Chris@14
|
45 public function testUserPermissionChanges() {
|
|
Chris@14
|
46 $permissions_hash_generator = $this->container->get('user_permissions_hash_generator');
|
|
Chris@14
|
47
|
|
Chris@14
|
48 $storage = $this->container->get('entity.manager')->getStorage('user_role');
|
|
Chris@14
|
49
|
|
Chris@14
|
50 // Create an additional role and mark it as admin role.
|
|
Chris@14
|
51 Role::create(['is_admin' => TRUE, 'id' => 'administrator', 'label' => 'Administrator'])->save();
|
|
Chris@14
|
52 $storage->resetCache();
|
|
Chris@14
|
53
|
|
Chris@14
|
54 $this->drupalLogin($this->adminUser);
|
|
Chris@14
|
55 $rid = $this->rid;
|
|
Chris@14
|
56 $account = $this->adminUser;
|
|
Chris@14
|
57 $previous_permissions_hash = $permissions_hash_generator->generate($account);
|
|
Chris@14
|
58 $this->assertIdentical($previous_permissions_hash, $permissions_hash_generator->generate($this->loggedInUser));
|
|
Chris@14
|
59
|
|
Chris@14
|
60 // Add a permission.
|
|
Chris@14
|
61 $this->assertFalse($account->hasPermission('administer users'), 'User does not have "administer users" permission.');
|
|
Chris@14
|
62 $edit = [];
|
|
Chris@14
|
63 $edit[$rid . '[administer users]'] = TRUE;
|
|
Chris@14
|
64 $this->drupalPostForm('admin/people/permissions', $edit, t('Save permissions'));
|
|
Chris@14
|
65 $this->assertText(t('The changes have been saved.'), 'Successful save message displayed.');
|
|
Chris@14
|
66 $storage->resetCache();
|
|
Chris@14
|
67 $this->assertTrue($account->hasPermission('administer users'), 'User now has "administer users" permission.');
|
|
Chris@14
|
68 $current_permissions_hash = $permissions_hash_generator->generate($account);
|
|
Chris@14
|
69 $this->assertIdentical($current_permissions_hash, $permissions_hash_generator->generate($this->loggedInUser));
|
|
Chris@14
|
70 $this->assertNotEqual($previous_permissions_hash, $current_permissions_hash, 'Permissions hash has changed.');
|
|
Chris@14
|
71 $previous_permissions_hash = $current_permissions_hash;
|
|
Chris@14
|
72
|
|
Chris@14
|
73 // Remove a permission.
|
|
Chris@14
|
74 $this->assertTrue($account->hasPermission('access user profiles'), 'User has "access user profiles" permission.');
|
|
Chris@14
|
75 $edit = [];
|
|
Chris@14
|
76 $edit[$rid . '[access user profiles]'] = FALSE;
|
|
Chris@14
|
77 $this->drupalPostForm('admin/people/permissions', $edit, t('Save permissions'));
|
|
Chris@14
|
78 $this->assertText(t('The changes have been saved.'), 'Successful save message displayed.');
|
|
Chris@14
|
79 $storage->resetCache();
|
|
Chris@14
|
80 $this->assertFalse($account->hasPermission('access user profiles'), 'User no longer has "access user profiles" permission.');
|
|
Chris@14
|
81 $current_permissions_hash = $permissions_hash_generator->generate($account);
|
|
Chris@14
|
82 $this->assertIdentical($current_permissions_hash, $permissions_hash_generator->generate($this->loggedInUser));
|
|
Chris@14
|
83 $this->assertNotEqual($previous_permissions_hash, $current_permissions_hash, 'Permissions hash has changed.');
|
|
Chris@14
|
84
|
|
Chris@14
|
85 // Ensure that the admin role doesn't have any checkboxes.
|
|
Chris@14
|
86 $this->drupalGet('admin/people/permissions');
|
|
Chris@14
|
87 foreach (array_keys($this->container->get('user.permissions')->getPermissions()) as $permission) {
|
|
Chris@14
|
88 $this->assertSession()->checkboxChecked('administrator[' . $permission . ']');
|
|
Chris@14
|
89 $this->assertSession()->fieldDisabled('administrator[' . $permission . ']');
|
|
Chris@14
|
90 }
|
|
Chris@14
|
91 }
|
|
Chris@14
|
92
|
|
Chris@14
|
93 /**
|
|
Chris@14
|
94 * Test assigning of permissions for the administrator role.
|
|
Chris@14
|
95 */
|
|
Chris@14
|
96 public function testAdministratorRole() {
|
|
Chris@14
|
97 $this->drupalLogin($this->adminUser);
|
|
Chris@14
|
98 $this->drupalGet('admin/config/people/accounts');
|
|
Chris@14
|
99
|
|
Chris@14
|
100 // Verify that the administration role is none by default.
|
|
Chris@14
|
101 $this->assertOptionSelected('edit-user-admin-role', '', 'Administration role defaults to none.');
|
|
Chris@14
|
102
|
|
Chris@14
|
103 $this->assertFalse(Role::load($this->rid)->isAdmin());
|
|
Chris@14
|
104
|
|
Chris@14
|
105 // Set the user's role to be the administrator role.
|
|
Chris@14
|
106 $edit = [];
|
|
Chris@14
|
107 $edit['user_admin_role'] = $this->rid;
|
|
Chris@14
|
108 $this->drupalPostForm('admin/config/people/accounts', $edit, t('Save configuration'));
|
|
Chris@14
|
109
|
|
Chris@14
|
110 \Drupal::entityManager()->getStorage('user_role')->resetCache();
|
|
Chris@14
|
111 $this->assertTrue(Role::load($this->rid)->isAdmin());
|
|
Chris@14
|
112
|
|
Chris@14
|
113 // Enable aggregator module and ensure the 'administer news feeds'
|
|
Chris@14
|
114 // permission is assigned by default.
|
|
Chris@14
|
115 \Drupal::service('module_installer')->install(['aggregator']);
|
|
Chris@14
|
116
|
|
Chris@14
|
117 $this->assertTrue($this->adminUser->hasPermission('administer news feeds'), 'The permission was automatically assigned to the administrator role');
|
|
Chris@14
|
118
|
|
Chris@14
|
119 // Ensure that selecting '- None -' removes the admin role.
|
|
Chris@14
|
120 $edit = [];
|
|
Chris@14
|
121 $edit['user_admin_role'] = '';
|
|
Chris@14
|
122 $this->drupalPostForm('admin/config/people/accounts', $edit, t('Save configuration'));
|
|
Chris@14
|
123
|
|
Chris@14
|
124 \Drupal::entityManager()->getStorage('user_role')->resetCache();
|
|
Chris@14
|
125 \Drupal::configFactory()->reset();
|
|
Chris@14
|
126 $this->assertFalse(Role::load($this->rid)->isAdmin());
|
|
Chris@14
|
127
|
|
Chris@14
|
128 // Manually create two admin roles, in that case the single select should be
|
|
Chris@14
|
129 // hidden.
|
|
Chris@14
|
130 Role::create(['id' => 'admin_role_0', 'is_admin' => TRUE, 'label' => 'Admin role 0'])->save();
|
|
Chris@14
|
131 Role::create(['id' => 'admin_role_1', 'is_admin' => TRUE, 'label' => 'Admin role 1'])->save();
|
|
Chris@14
|
132 $this->drupalGet('admin/config/people/accounts');
|
|
Chris@14
|
133 $this->assertNoFieldByName('user_admin_role');
|
|
Chris@14
|
134 }
|
|
Chris@14
|
135
|
|
Chris@14
|
136 /**
|
|
Chris@14
|
137 * Verify proper permission changes by user_role_change_permissions().
|
|
Chris@14
|
138 */
|
|
Chris@14
|
139 public function testUserRoleChangePermissions() {
|
|
Chris@14
|
140 $permissions_hash_generator = $this->container->get('user_permissions_hash_generator');
|
|
Chris@14
|
141
|
|
Chris@14
|
142 $rid = $this->rid;
|
|
Chris@14
|
143 $account = $this->adminUser;
|
|
Chris@14
|
144 $previous_permissions_hash = $permissions_hash_generator->generate($account);
|
|
Chris@14
|
145
|
|
Chris@14
|
146 // Verify current permissions.
|
|
Chris@14
|
147 $this->assertFalse($account->hasPermission('administer users'), 'User does not have "administer users" permission.');
|
|
Chris@14
|
148 $this->assertTrue($account->hasPermission('access user profiles'), 'User has "access user profiles" permission.');
|
|
Chris@14
|
149 $this->assertTrue($account->hasPermission('administer site configuration'), 'User has "administer site configuration" permission.');
|
|
Chris@14
|
150
|
|
Chris@14
|
151 // Change permissions.
|
|
Chris@14
|
152 $permissions = [
|
|
Chris@14
|
153 'administer users' => 1,
|
|
Chris@14
|
154 'access user profiles' => 0,
|
|
Chris@14
|
155 ];
|
|
Chris@14
|
156 user_role_change_permissions($rid, $permissions);
|
|
Chris@14
|
157
|
|
Chris@14
|
158 // Verify proper permission changes.
|
|
Chris@14
|
159 $this->assertTrue($account->hasPermission('administer users'), 'User now has "administer users" permission.');
|
|
Chris@14
|
160 $this->assertFalse($account->hasPermission('access user profiles'), 'User no longer has "access user profiles" permission.');
|
|
Chris@14
|
161 $this->assertTrue($account->hasPermission('administer site configuration'), 'User still has "administer site configuration" permission.');
|
|
Chris@14
|
162
|
|
Chris@14
|
163 // Verify the permissions hash has changed.
|
|
Chris@14
|
164 $current_permissions_hash = $permissions_hash_generator->generate($account);
|
|
Chris@14
|
165 $this->assertNotEqual($previous_permissions_hash, $current_permissions_hash, 'Permissions hash has changed.');
|
|
Chris@14
|
166 }
|
|
Chris@14
|
167
|
|
Chris@14
|
168 /**
|
|
Chris@14
|
169 * Verify 'access content' is listed in the correct location.
|
|
Chris@14
|
170 */
|
|
Chris@14
|
171 public function testAccessContentPermission() {
|
|
Chris@14
|
172 $this->drupalLogin($this->adminUser);
|
|
Chris@14
|
173
|
|
Chris@14
|
174 // When Node is not installed the 'access content' permission is listed next
|
|
Chris@14
|
175 // to 'access site reports'.
|
|
Chris@14
|
176 $this->drupalGet('admin/people/permissions');
|
|
Chris@14
|
177 $next_row = $this->xpath('//tr[@data-drupal-selector=\'edit-permissions-access-content\']/following-sibling::tr[1]');
|
|
Chris@14
|
178 $this->assertEqual('edit-permissions-access-site-reports', $next_row[0]->getAttribute('data-drupal-selector'));
|
|
Chris@14
|
179
|
|
Chris@14
|
180 // When Node is installed the 'access content' permission is listed next to
|
|
Chris@14
|
181 // to 'view own unpublished content'.
|
|
Chris@14
|
182 \Drupal::service('module_installer')->install(['node']);
|
|
Chris@14
|
183 $this->drupalGet('admin/people/permissions');
|
|
Chris@14
|
184 $next_row = $this->xpath('//tr[@data-drupal-selector=\'edit-permissions-access-content\']/following-sibling::tr[1]');
|
|
Chris@14
|
185 $this->assertEqual('edit-permissions-view-own-unpublished-content', $next_row[0]->getAttribute('data-drupal-selector'));
|
|
Chris@14
|
186 }
|
|
Chris@14
|
187
|
|
Chris@14
|
188 }
|
