annotate core/modules/user/tests/src/Functional/UserPermissionsTest.php @ 19:fa3358dc1485 tip

Add ndrum files
author Chris Cannam
date Wed, 28 Aug 2019 13:14:47 +0100
parents 1fec387a4317
children
rev   line source
Chris@14 1 <?php
Chris@14 2
Chris@14 3 namespace Drupal\Tests\user\Functional;
Chris@14 4
Chris@14 5 use Drupal\Tests\BrowserTestBase;
Chris@14 6 use Drupal\user\RoleInterface;
Chris@14 7 use Drupal\user\Entity\Role;
Chris@14 8
Chris@14 9 /**
Chris@14 10 * Verify that role permissions can be added and removed via the permissions
Chris@14 11 * page.
Chris@14 12 *
Chris@14 13 * @group user
Chris@14 14 */
Chris@14 15 class UserPermissionsTest extends BrowserTestBase {
Chris@14 16
Chris@14 17 /**
Chris@14 18 * User with admin privileges.
Chris@14 19 *
Chris@14 20 * @var \Drupal\user\UserInterface
Chris@14 21 */
Chris@14 22 protected $adminUser;
Chris@14 23
Chris@14 24 /**
Chris@14 25 * User's role ID.
Chris@14 26 *
Chris@14 27 * @var string
Chris@14 28 */
Chris@14 29 protected $rid;
Chris@14 30
Chris@14 31 protected function setUp() {
Chris@14 32 parent::setUp();
Chris@14 33
Chris@14 34 $this->adminUser = $this->drupalCreateUser(['administer permissions', 'access user profiles', 'administer site configuration', 'administer modules', 'administer account settings']);
Chris@14 35
Chris@14 36 // Find the new role ID.
Chris@14 37 $all_rids = $this->adminUser->getRoles();
Chris@14 38 unset($all_rids[array_search(RoleInterface::AUTHENTICATED_ID, $all_rids)]);
Chris@14 39 $this->rid = reset($all_rids);
Chris@14 40 }
Chris@14 41
Chris@14 42 /**
Chris@14 43 * Test changing user permissions through the permissions page.
Chris@14 44 */
Chris@14 45 public function testUserPermissionChanges() {
Chris@14 46 $permissions_hash_generator = $this->container->get('user_permissions_hash_generator');
Chris@14 47
Chris@14 48 $storage = $this->container->get('entity.manager')->getStorage('user_role');
Chris@14 49
Chris@14 50 // Create an additional role and mark it as admin role.
Chris@14 51 Role::create(['is_admin' => TRUE, 'id' => 'administrator', 'label' => 'Administrator'])->save();
Chris@14 52 $storage->resetCache();
Chris@14 53
Chris@14 54 $this->drupalLogin($this->adminUser);
Chris@14 55 $rid = $this->rid;
Chris@14 56 $account = $this->adminUser;
Chris@14 57 $previous_permissions_hash = $permissions_hash_generator->generate($account);
Chris@14 58 $this->assertIdentical($previous_permissions_hash, $permissions_hash_generator->generate($this->loggedInUser));
Chris@14 59
Chris@14 60 // Add a permission.
Chris@14 61 $this->assertFalse($account->hasPermission('administer users'), 'User does not have "administer users" permission.');
Chris@14 62 $edit = [];
Chris@14 63 $edit[$rid . '[administer users]'] = TRUE;
Chris@14 64 $this->drupalPostForm('admin/people/permissions', $edit, t('Save permissions'));
Chris@14 65 $this->assertText(t('The changes have been saved.'), 'Successful save message displayed.');
Chris@14 66 $storage->resetCache();
Chris@14 67 $this->assertTrue($account->hasPermission('administer users'), 'User now has "administer users" permission.');
Chris@14 68 $current_permissions_hash = $permissions_hash_generator->generate($account);
Chris@14 69 $this->assertIdentical($current_permissions_hash, $permissions_hash_generator->generate($this->loggedInUser));
Chris@14 70 $this->assertNotEqual($previous_permissions_hash, $current_permissions_hash, 'Permissions hash has changed.');
Chris@14 71 $previous_permissions_hash = $current_permissions_hash;
Chris@14 72
Chris@14 73 // Remove a permission.
Chris@14 74 $this->assertTrue($account->hasPermission('access user profiles'), 'User has "access user profiles" permission.');
Chris@14 75 $edit = [];
Chris@14 76 $edit[$rid . '[access user profiles]'] = FALSE;
Chris@14 77 $this->drupalPostForm('admin/people/permissions', $edit, t('Save permissions'));
Chris@14 78 $this->assertText(t('The changes have been saved.'), 'Successful save message displayed.');
Chris@14 79 $storage->resetCache();
Chris@14 80 $this->assertFalse($account->hasPermission('access user profiles'), 'User no longer has "access user profiles" permission.');
Chris@14 81 $current_permissions_hash = $permissions_hash_generator->generate($account);
Chris@14 82 $this->assertIdentical($current_permissions_hash, $permissions_hash_generator->generate($this->loggedInUser));
Chris@14 83 $this->assertNotEqual($previous_permissions_hash, $current_permissions_hash, 'Permissions hash has changed.');
Chris@14 84
Chris@14 85 // Ensure that the admin role doesn't have any checkboxes.
Chris@14 86 $this->drupalGet('admin/people/permissions');
Chris@14 87 foreach (array_keys($this->container->get('user.permissions')->getPermissions()) as $permission) {
Chris@14 88 $this->assertSession()->checkboxChecked('administrator[' . $permission . ']');
Chris@14 89 $this->assertSession()->fieldDisabled('administrator[' . $permission . ']');
Chris@14 90 }
Chris@14 91 }
Chris@14 92
Chris@14 93 /**
Chris@14 94 * Test assigning of permissions for the administrator role.
Chris@14 95 */
Chris@14 96 public function testAdministratorRole() {
Chris@14 97 $this->drupalLogin($this->adminUser);
Chris@14 98 $this->drupalGet('admin/config/people/accounts');
Chris@14 99
Chris@14 100 // Verify that the administration role is none by default.
Chris@14 101 $this->assertOptionSelected('edit-user-admin-role', '', 'Administration role defaults to none.');
Chris@14 102
Chris@14 103 $this->assertFalse(Role::load($this->rid)->isAdmin());
Chris@14 104
Chris@14 105 // Set the user's role to be the administrator role.
Chris@14 106 $edit = [];
Chris@14 107 $edit['user_admin_role'] = $this->rid;
Chris@14 108 $this->drupalPostForm('admin/config/people/accounts', $edit, t('Save configuration'));
Chris@14 109
Chris@14 110 \Drupal::entityManager()->getStorage('user_role')->resetCache();
Chris@14 111 $this->assertTrue(Role::load($this->rid)->isAdmin());
Chris@14 112
Chris@14 113 // Enable aggregator module and ensure the 'administer news feeds'
Chris@14 114 // permission is assigned by default.
Chris@14 115 \Drupal::service('module_installer')->install(['aggregator']);
Chris@14 116
Chris@14 117 $this->assertTrue($this->adminUser->hasPermission('administer news feeds'), 'The permission was automatically assigned to the administrator role');
Chris@14 118
Chris@14 119 // Ensure that selecting '- None -' removes the admin role.
Chris@14 120 $edit = [];
Chris@14 121 $edit['user_admin_role'] = '';
Chris@14 122 $this->drupalPostForm('admin/config/people/accounts', $edit, t('Save configuration'));
Chris@14 123
Chris@14 124 \Drupal::entityManager()->getStorage('user_role')->resetCache();
Chris@14 125 \Drupal::configFactory()->reset();
Chris@14 126 $this->assertFalse(Role::load($this->rid)->isAdmin());
Chris@14 127
Chris@14 128 // Manually create two admin roles, in that case the single select should be
Chris@14 129 // hidden.
Chris@14 130 Role::create(['id' => 'admin_role_0', 'is_admin' => TRUE, 'label' => 'Admin role 0'])->save();
Chris@14 131 Role::create(['id' => 'admin_role_1', 'is_admin' => TRUE, 'label' => 'Admin role 1'])->save();
Chris@14 132 $this->drupalGet('admin/config/people/accounts');
Chris@14 133 $this->assertNoFieldByName('user_admin_role');
Chris@14 134 }
Chris@14 135
Chris@14 136 /**
Chris@14 137 * Verify proper permission changes by user_role_change_permissions().
Chris@14 138 */
Chris@14 139 public function testUserRoleChangePermissions() {
Chris@14 140 $permissions_hash_generator = $this->container->get('user_permissions_hash_generator');
Chris@14 141
Chris@14 142 $rid = $this->rid;
Chris@14 143 $account = $this->adminUser;
Chris@14 144 $previous_permissions_hash = $permissions_hash_generator->generate($account);
Chris@14 145
Chris@14 146 // Verify current permissions.
Chris@14 147 $this->assertFalse($account->hasPermission('administer users'), 'User does not have "administer users" permission.');
Chris@14 148 $this->assertTrue($account->hasPermission('access user profiles'), 'User has "access user profiles" permission.');
Chris@14 149 $this->assertTrue($account->hasPermission('administer site configuration'), 'User has "administer site configuration" permission.');
Chris@14 150
Chris@14 151 // Change permissions.
Chris@14 152 $permissions = [
Chris@14 153 'administer users' => 1,
Chris@14 154 'access user profiles' => 0,
Chris@14 155 ];
Chris@14 156 user_role_change_permissions($rid, $permissions);
Chris@14 157
Chris@14 158 // Verify proper permission changes.
Chris@14 159 $this->assertTrue($account->hasPermission('administer users'), 'User now has "administer users" permission.');
Chris@14 160 $this->assertFalse($account->hasPermission('access user profiles'), 'User no longer has "access user profiles" permission.');
Chris@14 161 $this->assertTrue($account->hasPermission('administer site configuration'), 'User still has "administer site configuration" permission.');
Chris@14 162
Chris@14 163 // Verify the permissions hash has changed.
Chris@14 164 $current_permissions_hash = $permissions_hash_generator->generate($account);
Chris@14 165 $this->assertNotEqual($previous_permissions_hash, $current_permissions_hash, 'Permissions hash has changed.');
Chris@14 166 }
Chris@14 167
Chris@14 168 /**
Chris@14 169 * Verify 'access content' is listed in the correct location.
Chris@14 170 */
Chris@14 171 public function testAccessContentPermission() {
Chris@14 172 $this->drupalLogin($this->adminUser);
Chris@14 173
Chris@14 174 // When Node is not installed the 'access content' permission is listed next
Chris@14 175 // to 'access site reports'.
Chris@14 176 $this->drupalGet('admin/people/permissions');
Chris@14 177 $next_row = $this->xpath('//tr[@data-drupal-selector=\'edit-permissions-access-content\']/following-sibling::tr[1]');
Chris@14 178 $this->assertEqual('edit-permissions-access-site-reports', $next_row[0]->getAttribute('data-drupal-selector'));
Chris@14 179
Chris@14 180 // When Node is installed the 'access content' permission is listed next to
Chris@14 181 // to 'view own unpublished content'.
Chris@14 182 \Drupal::service('module_installer')->install(['node']);
Chris@14 183 $this->drupalGet('admin/people/permissions');
Chris@14 184 $next_row = $this->xpath('//tr[@data-drupal-selector=\'edit-permissions-access-content\']/following-sibling::tr[1]');
Chris@14 185 $this->assertEqual('edit-permissions-view-own-unpublished-content', $next_row[0]->getAttribute('data-drupal-selector'));
Chris@14 186 }
Chris@14 187
Chris@14 188 }