isophonics-drupal-site: core/modules/user/tests/src/Unit/UserAccessControlHandlerTest.php comparison

comparison core/modules/user/tests/src/Unit/UserAccessControlHandlerTest.php @ 0:4c8ae668cc8c

Initial import (non-working)

author	Chris Cannam
date	Wed, 29 Nov 2017 16:09:58 +0000
parents
children

comparison

equal deleted inserted replaced

--1:000000000000
+:4c8ae668cc8c
+<?php
+namespace Drupal\Tests\user\Unit;
+use Drupal\Core\Access\AccessResult;
+use Drupal\Core\Cache\Context\CacheContextsManager;
+use Drupal\Core\DependencyInjection\Container;
+use Drupal\Tests\UnitTestCase;
+use Drupal\user\UserAccessControlHandler;
+/**
+* Tests the user access controller.
+*
+* @group Drupal
+* @group User
+*
+* @coversDefaultClass \Drupal\user\UserAccessControlHandler
+*/
+class UserAccessControlHandlerTest extends UnitTestCase {
+/**
+* The user access controller to test.
+*
+* @var \Drupal\user\UserAccessControlHandler
+*/
+protected $accessControlHandler;
+/**
+* The mock user account with view access.
+*
+* @var \Drupal\Core\Session\AccountInterface
+*/
+protected $viewer;
+/**
+* The mock user account that is able to change their own account name.
+*
+* @var \Drupal\Core\Session\AccountInterface
+*/
+protected $owner;
+/**
+* The mock administrative test user.
+*
+* @var \Drupal\Core\Session\AccountInterface
+*/
+protected $admin;
+/**
+* The mocked test field items.
+*
+* @var \Drupal\Core\Field\FieldItemList
+*/
+protected $items;
+/**
+* {@inheritdoc}
+*/
+protected function setUp() {
+parent::setUp();
+$cache_contexts_manager = $this->prophesize(CacheContextsManager::class);
+$cache_contexts_manager->assertValidTokens()->willReturn(TRUE);
+$cache_contexts_manager->reveal();
+$container = new Container();
+$container->set('cache_contexts_manager', $cache_contexts_manager);
+\Drupal::setContainer($container);
+$this->viewer = $this->getMock('\Drupal\Core\Session\AccountInterface');
+$this->viewer
+->expects($this->any())
+->method('hasPermission')
+->will($this->returnValue(FALSE));
+$this->viewer
+->expects($this->any())
+->method('id')
+->will($this->returnValue(1));
+$this->owner = $this->getMock('\Drupal\Core\Session\AccountInterface');
+$this->owner
+->expects($this->any())
+->method('hasPermission')
+->will($this->returnValueMap([
+['administer users', FALSE],
+['change own username', TRUE],
+]));
+$this->owner
+->expects($this->any())
+->method('id')
+->will($this->returnValue(2));
+$this->admin = $this->getMock('\Drupal\Core\Session\AccountInterface');
+$this->admin
+->expects($this->any())
+->method('hasPermission')
+->will($this->returnValue(TRUE));
+$entity_type = $this->getMock('Drupal\Core\Entity\EntityTypeInterface');
+$this->accessControlHandler = new UserAccessControlHandler($entity_type);
+$module_handler = $this->getMock('Drupal\Core\Extension\ModuleHandlerInterface');
+$module_handler->expects($this->any())
+->method('getImplementations')
+->will($this->returnValue([]));
+$this->accessControlHandler->setModuleHandler($module_handler);
+$this->items = $this->getMockBuilder('Drupal\Core\Field\FieldItemList')
+->disableOriginalConstructor()
+->getMock();
+$this->items
+->expects($this->any())
+->method('defaultAccess')
+->will($this->returnValue(AccessResult::allowed()));
+}
+/**
+* Asserts correct field access grants for a field.
+*/
+public function assertFieldAccess($field, $viewer, $target, $view, $edit) {
+$field_definition = $this->getMock('Drupal\Core\Field\FieldDefinitionInterface');
+$field_definition->expects($this->any())
+->method('getName')
+->will($this->returnValue($field));
+$this->items
+->expects($this->any())
+->method('getEntity')
+->will($this->returnValue($this->{$target}));
+foreach (['view' => $view, 'edit' => $edit] as $operation => $result) {
+$result_text = !isset($result) ? 'null' : ($result ? 'true' : 'false');
+$message = "User '$field' field access returns '$result_text' with operation '$operation' for '$viewer' accessing '$target'";
+$this->assertSame($result, $this->accessControlHandler->fieldAccess($operation, $field_definition, $this->{$viewer}, $this->items), $message);
+}
+}
+/**
+* Ensures user name access is working properly.
+*
+* @dataProvider userNameProvider
+*/
+public function testUserNameAccess($viewer, $target, $view, $edit) {
+$this->assertFieldAccess('name', $viewer, $target, $view, $edit);
+}
+/**
+* Provides test data for testUserNameAccess().
+*/
+public function userNameProvider() {
+$name_access = [
+// The viewer user is allowed to see user names on all accounts.
+[
+'viewer' => 'viewer',
+'target' => 'viewer',
+'view' => TRUE,
+'edit' => FALSE,
+],
+[
+'viewer' => 'owner',
+'target' => 'viewer',
+'view' => TRUE,
+'edit' => FALSE,
+],
+[
+'viewer' => 'viewer',
+'target' => 'owner',
+'view' => TRUE,
+'edit' => FALSE,
+],
+// The owner user is allowed to change its own user name.
+[
+'viewer' => 'owner',
+'target' => 'owner',
+'view' => TRUE,
+'edit' => TRUE,
+],
+// The users-administrator user has full access.
+[
+'viewer' => 'admin',
+'target' => 'owner',
+'view' => TRUE,
+'edit' => TRUE,
+],
+];
+return $name_access;
+}
+/**
+* Tests that private user settings cannot be viewed by other users.
+*
+* @dataProvider hiddenUserSettingsProvider
+*/
+public function testHiddenUserSettings($field, $viewer, $target, $view, $edit) {
+$this->assertFieldAccess($field, $viewer, $target, $view, $edit);
+}
+/**
+* Provides test data for testHiddenUserSettings().
+*/
+public function hiddenUserSettingsProvider() {
+$access_info = [];
+$fields = [
+'preferred_langcode',
+'preferred_admin_langcode',
+'timezone',
+'mail',
+];
+foreach ($fields as $field) {
+$access_info[] = [
+'field' => $field,
+'viewer' => 'viewer',
+'target' => 'viewer',
+'view' => TRUE,
+'edit' => TRUE,
+];
+$access_info[] = [
+'field' => $field,
+'viewer' => 'viewer',
+'target' => 'owner',
+'view' => FALSE,
+// Anyone with edit access to the user can also edit these fields. In
+// reality edit access will already be checked on entity level and the
+// user without view access will typically not be able to edit.
+'edit' => TRUE,
+];
+$access_info[] = [
+'field' => $field,
+'viewer' => 'owner',
+'target' => 'owner',
+'view' => TRUE,
+'edit' => TRUE,
+];
+$access_info[] = [
+'field' => $field,
+'viewer' => 'admin',
+'target' => 'owner',
+'view' => TRUE,
+'edit' => TRUE,
+];
+}
+return $access_info;
+}
+/**
+* Tests that private user settings cannot be viewed by other users.
+*
+* @dataProvider adminFieldAccessProvider
+*/
+public function testAdminFieldAccess($field, $viewer, $target, $view, $edit) {
+$this->assertFieldAccess($field, $viewer, $target, $view, $edit);
+}
+/**
+* Provides test data for testAdminFieldAccess().
+*/
+public function adminFieldAccessProvider() {
+$access_info = [];
+$fields = [
+'roles',
+'status',
+'access',
+'login',
+'init',
+];
+foreach ($fields as $field) {
+$access_info[] = [
+'field' => $field,
+'viewer' => 'viewer',
+'target' => 'viewer',
+'view' => FALSE,
+'edit' => FALSE,
+];
+$access_info[] = [
+'field' => $field,
+'viewer' => 'viewer',
+'target' => 'owner',
+'view' => FALSE,
+'edit' => FALSE,
+];
+$access_info[] = [
+'field' => $field,
+'viewer' => 'admin',
+'target' => 'owner',
+'view' => TRUE,
+'edit' => TRUE,
+];
+}
+return $access_info;
+}
+/**
+* Tests that passwords cannot be viewed, just edited.
+*
+* @dataProvider passwordAccessProvider
+*/
+public function testPasswordAccess($viewer, $target, $view, $edit) {
+$this->assertFieldAccess('pass', $viewer, $target, $view, $edit);
+}
+/**
+* Provides test data for passwordAccessProvider().
+*/
+public function passwordAccessProvider() {
+$pass_access = [
+[
+'viewer' => 'viewer',
+'target' => 'viewer',
+'view' => FALSE,
+'edit' => TRUE,
+],
+[
+'viewer' => 'viewer',
+'target' => 'owner',
+'view' => FALSE,
+// Anyone with edit access to the user can also edit these fields. In
+// reality edit access will already be checked on entity level and the
+// user without view access will typically not be able to edit.
+'edit' => TRUE,
+],
+[
+'viewer' => 'owner',
+'target' => 'viewer',
+'view' => FALSE,
+'edit' => TRUE,
+],
+[
+'viewer' => 'admin',
+'target' => 'owner',
+'view' => FALSE,
+'edit' => TRUE,
+],
+];
+return $pass_access;
+}
+/**
+* Tests the user created field access.
+*
+* @dataProvider createdAccessProvider
+*/
+public function testCreatedAccess($viewer, $target, $view, $edit) {
+$this->assertFieldAccess('created', $viewer, $target, $view, $edit);
+}
+/**
+* Provides test data for testCreatedAccess().
+*/
+public function createdAccessProvider() {
+$created_access = [
+[
+'viewer' => 'viewer',
+'target' => 'viewer',
+'view' => TRUE,
+'edit' => FALSE,
+],
+[
+'viewer' => 'owner',
+'target' => 'viewer',
+'view' => TRUE,
+'edit' => FALSE,
+],
+[
+'viewer' => 'admin',
+'target' => 'owner',
+'view' => TRUE,
+'edit' => TRUE,
+],
+];
+return $created_access;
+}
+/**
+* Tests access to a non-existing base field.
+*
+* @dataProvider NonExistingFieldAccessProvider
+*/
+public function testNonExistingFieldAccess($viewer, $target, $view, $edit) {
+// By default everyone has access to all fields that do not have explicit
+// access control.
+// @see EntityAccessControlHandler::checkFieldAccess()
+$this->assertFieldAccess('some_non_existing_field', $viewer, $target, $view, $edit);
+}
+/**
+* Provides test data for testNonExistingFieldAccess().
+*/
+public function NonExistingFieldAccessProvider() {
+$created_access = [
+[
+'viewer' => 'viewer',
+'target' => 'viewer',
+'view' => TRUE,
+'edit' => TRUE,
+],
+[
+'viewer' => 'owner',
+'target' => 'viewer',
+'view' => TRUE,
+'edit' => TRUE,
+],
+[
+'viewer' => 'admin',
+'target' => 'owner',
+'view' => TRUE,
+'edit' => TRUE,
+],
+];
+return $created_access;
+}
+}

Mercurial > hg > isophonics-drupal-site

comparison core/modules/user/tests/src/Unit/UserAccessControlHandlerTest.php @ 0:4c8ae668cc8c