Mercurial > hg > isophonics-drupal-site

comparison core/modules/user/src/Tests/UserPermissionsTest.php @ 0:4c8ae668cc8c

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Initial import (non-working)
author Chris Cannam
date Wed, 29 Nov 2017 16:09:58 +0000
parents
children
comparison
equal deleted inserted replaced
-1:000000000000 0:4c8ae668cc8c
1 <?php
2
3 namespace Drupal\user\Tests;
4
5 use Drupal\simpletest\WebTestBase;
6 use Drupal\user\RoleInterface;
7 use Drupal\user\Entity\Role;
8
9 /**
10 * Verify that role permissions can be added and removed via the permissions
11 * page.
12 *
13 * @group user
14 */
15 class UserPermissionsTest extends WebTestBase {
16
17 /**
18 * User with admin privileges.
19 *
20 * @var \Drupal\user\UserInterface
21 */
22 protected $adminUser;
23
24 /**
25 * User's role ID.
26 *
27 * @var string
28 */
29 protected $rid;
30
31 protected function setUp() {
32 parent::setUp();
33
34 $this->adminUser = $this->drupalCreateUser(['administer permissions', 'access user profiles', 'administer site configuration', 'administer modules', 'administer account settings']);
35
36 // Find the new role ID.
37 $all_rids = $this->adminUser->getRoles();
38 unset($all_rids[array_search(RoleInterface::AUTHENTICATED_ID, $all_rids)]);
39 $this->rid = reset($all_rids);
40 }
41
42 /**
43 * Test changing user permissions through the permissions page.
44 */
45 public function testUserPermissionChanges() {
46 $permissions_hash_generator = $this->container->get('user_permissions_hash_generator');
47
48 $storage = $this->container->get('entity.manager')->getStorage('user_role');
49
50 // Create an additional role and mark it as admin role.
51 Role::create(['is_admin' => TRUE, 'id' => 'administrator', 'label' => 'Administrator'])->save();
52 $storage->resetCache();
53
54 $this->drupalLogin($this->adminUser);
55 $rid = $this->rid;
56 $account = $this->adminUser;
57 $previous_permissions_hash = $permissions_hash_generator->generate($account);
58 $this->assertIdentical($previous_permissions_hash, $permissions_hash_generator->generate($this->loggedInUser));
59
60 // Add a permission.
61 $this->assertFalse($account->hasPermission('administer users'), 'User does not have "administer users" permission.');
62 $edit = [];
63 $edit[$rid . '[administer users]'] = TRUE;
64 $this->drupalPostForm('admin/people/permissions', $edit, t('Save permissions'));
65 $this->assertText(t('The changes have been saved.'), 'Successful save message displayed.');
66 $storage->resetCache();
67 $this->assertTrue($account->hasPermission('administer users'), 'User now has "administer users" permission.');
68 $current_permissions_hash = $permissions_hash_generator->generate($account);
69 $this->assertIdentical($current_permissions_hash, $permissions_hash_generator->generate($this->loggedInUser));
70 $this->assertNotEqual($previous_permissions_hash, $current_permissions_hash, 'Permissions hash has changed.');
71 $previous_permissions_hash = $current_permissions_hash;
72
73 // Remove a permission.
74 $this->assertTrue($account->hasPermission('access user profiles'), 'User has "access user profiles" permission.');
75 $edit = [];
76 $edit[$rid . '[access user profiles]'] = FALSE;
77 $this->drupalPostForm('admin/people/permissions', $edit, t('Save permissions'));
78 $this->assertText(t('The changes have been saved.'), 'Successful save message displayed.');
79 $storage->resetCache();
80 $this->assertFalse($account->hasPermission('access user profiles'), 'User no longer has "access user profiles" permission.');
81 $current_permissions_hash = $permissions_hash_generator->generate($account);
82 $this->assertIdentical($current_permissions_hash, $permissions_hash_generator->generate($this->loggedInUser));
83 $this->assertNotEqual($previous_permissions_hash, $current_permissions_hash, 'Permissions hash has changed.');
84
85 // Ensure that the admin role doesn't have any checkboxes.
86 $this->drupalGet('admin/people/permissions');
87 foreach (array_keys($this->container->get('user.permissions')->getPermissions()) as $permission) {
88 $this->assertNoFieldByName('administrator[' . $permission . ']');
89 }
90 }
91
92 /**
93 * Test assigning of permissions for the administrator role.
94 */
95 public function testAdministratorRole() {
96 $this->drupalLogin($this->adminUser);
97 $this->drupalGet('admin/config/people/accounts');
98
99 // Verify that the administration role is none by default.
100 $this->assertOptionSelected('edit-user-admin-role', '', 'Administration role defaults to none.');
101
102 $this->assertFalse(Role::load($this->rid)->isAdmin());
103
104 // Set the user's role to be the administrator role.
105 $edit = [];
106 $edit['user_admin_role'] = $this->rid;
107 $this->drupalPostForm('admin/config/people/accounts', $edit, t('Save configuration'));
108
109 \Drupal::entityManager()->getStorage('user_role')->resetCache();
110 $this->assertTrue(Role::load($this->rid)->isAdmin());
111
112 // Enable aggregator module and ensure the 'administer news feeds'
113 // permission is assigned by default.
114 \Drupal::service('module_installer')->install(['aggregator']);
115
116 $this->assertTrue($this->adminUser->hasPermission('administer news feeds'), 'The permission was automatically assigned to the administrator role');
117
118 // Ensure that selecting '- None -' removes the admin role.
119 $edit = [];
120 $edit['user_admin_role'] = '';
121 $this->drupalPostForm('admin/config/people/accounts', $edit, t('Save configuration'));
122
123 \Drupal::entityManager()->getStorage('user_role')->resetCache();
124 \Drupal::configFactory()->reset();
125 $this->assertFalse(Role::load($this->rid)->isAdmin());
126
127 // Manually create two admin roles, in that case the single select should be
128 // hidden.
129 Role::create(['id' => 'admin_role_0', 'is_admin' => TRUE, 'label' => 'Admin role 0'])->save();
130 Role::create(['id' => 'admin_role_1', 'is_admin' => TRUE, 'label' => 'Admin role 1'])->save();
131 $this->drupalGet('admin/config/people/accounts');
132 $this->assertNoFieldByName('user_admin_role');
133 }
134
135 /**
136 * Verify proper permission changes by user_role_change_permissions().
137 */
138 public function testUserRoleChangePermissions() {
139 $permissions_hash_generator = $this->container->get('user_permissions_hash_generator');
140
141 $rid = $this->rid;
142 $account = $this->adminUser;
143 $previous_permissions_hash = $permissions_hash_generator->generate($account);
144
145 // Verify current permissions.
146 $this->assertFalse($account->hasPermission('administer users'), 'User does not have "administer users" permission.');
147 $this->assertTrue($account->hasPermission('access user profiles'), 'User has "access user profiles" permission.');
148 $this->assertTrue($account->hasPermission('administer site configuration'), 'User has "administer site configuration" permission.');
149
150 // Change permissions.
151 $permissions = [
152 'administer users' => 1,
153 'access user profiles' => 0,
154 ];
155 user_role_change_permissions($rid, $permissions);
156
157 // Verify proper permission changes.
158 $this->assertTrue($account->hasPermission('administer users'), 'User now has "administer users" permission.');
159 $this->assertFalse($account->hasPermission('access user profiles'), 'User no longer has "access user profiles" permission.');
160 $this->assertTrue($account->hasPermission('administer site configuration'), 'User still has "administer site configuration" permission.');
161
162 // Verify the permissions hash has changed.
163 $current_permissions_hash = $permissions_hash_generator->generate($account);
164 $this->assertNotEqual($previous_permissions_hash, $current_permissions_hash, 'Permissions hash has changed.');
165 }
166
167 }