Mercurial > hg > isophonics-drupal-site

diff core/modules/taxonomy/tests/src/Functional/TermAccessTest.php @ 17:129ea1e6d783

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Update, including to Drupal core 8.6.10
author Chris Cannam
date Thu, 28 Feb 2019 13:21:36 +0000
parents
children
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/core/modules/taxonomy/tests/src/Functional/TermAccessTest.php	Thu Feb 28 13:21:36 2019 +0000
@@ -0,0 +1,124 @@
+<?php
+
+namespace Drupal\Tests\taxonomy\Functional;
+
+use Drupal\taxonomy\Entity\Term;
+use Drupal\taxonomy\TermInterface;
+use Drupal\Tests\system\Functional\Cache\AssertPageCacheContextsAndTagsTrait;
+
+/**
+ * Tests the taxonomy term access permissions.
+ *
+ * @group taxonomy
+ */
+class TermAccessTest extends TaxonomyTestBase {
+
+  use AssertPageCacheContextsAndTagsTrait;
+
+  /**
+   * Test access control functionality for taxonomy terms.
+   */
+  public function testTermAccess() {
+    $assert_session = $this->assertSession();
+
+    $vocabulary = $this->createVocabulary();
+
+    // Create two terms.
+    $published_term = Term::create([
+      'vid' => $vocabulary->id(),
+      'name' => 'Published term',
+      'status' => 1,
+    ]);
+    $published_term->save();
+    $unpublished_term = Term::create([
+      'vid' => $vocabulary->id(),
+      'name' => 'Unpublished term',
+      'status' => 0,
+    ]);
+    $unpublished_term->save();
+
+    // Start off logged in as admin.
+    $this->drupalLogin($this->drupalCreateUser(['administer taxonomy']));
+
+    // Test the 'administer taxonomy' permission.
+    $this->drupalGet('taxonomy/term/' . $published_term->id());
+    $assert_session->statusCodeEquals(200);
+    $this->assertTermAccess($published_term, 'view', TRUE);
+    $this->drupalGet('taxonomy/term/' . $unpublished_term->id());
+    $assert_session->statusCodeEquals(200);
+    $this->assertTermAccess($unpublished_term, 'view', TRUE);
+
+    $this->drupalGet('taxonomy/term/' . $published_term->id() . '/edit');
+    $assert_session->statusCodeEquals(200);
+    $this->assertTermAccess($published_term, 'update', TRUE);
+    $this->drupalGet('taxonomy/term/' . $unpublished_term->id() . '/edit');
+    $assert_session->statusCodeEquals(200);
+    $this->assertTermAccess($unpublished_term, 'update', TRUE);
+
+    $this->drupalGet('taxonomy/term/' . $published_term->id() . '/delete');
+    $assert_session->statusCodeEquals(200);
+    $this->assertTermAccess($published_term, 'delete', TRUE);
+    $this->drupalGet('taxonomy/term/' . $unpublished_term->id() . '/delete');
+    $assert_session->statusCodeEquals(200);
+    $this->assertTermAccess($unpublished_term, 'delete', TRUE);
+
+    // Test the 'access content' permission.
+    $this->drupalLogin($this->drupalCreateUser(['access content']));
+
+    $this->drupalGet('taxonomy/term/' . $published_term->id());
+    $assert_session->statusCodeEquals(200);
+    $this->assertTermAccess($published_term, 'view', TRUE);
+
+    $this->drupalGet('taxonomy/term/' . $unpublished_term->id());
+    $assert_session->statusCodeEquals(403);
+    $this->assertTermAccess($unpublished_term, 'view', FALSE, "The 'access content' permission is required and the taxonomy term must be published.");
+
+    $this->drupalGet('taxonomy/term/' . $published_term->id() . '/edit');
+    $assert_session->statusCodeEquals(403);
+    $this->assertTermAccess($published_term, 'update', FALSE, "The following permissions are required: 'edit terms in {$vocabulary->id()}' OR 'administer taxonomy'.");
+    $this->drupalGet('taxonomy/term/' . $unpublished_term->id() . '/edit');
+    $assert_session->statusCodeEquals(403);
+    $this->assertTermAccess($unpublished_term, 'update', FALSE, "The following permissions are required: 'edit terms in {$vocabulary->id()}' OR 'administer taxonomy'.");
+
+    $this->drupalGet('taxonomy/term/' . $published_term->id() . '/delete');
+    $assert_session->statusCodeEquals(403);
+    $this->assertTermAccess($published_term, 'delete', FALSE, "The following permissions are required: 'delete terms in {$vocabulary->id()}' OR 'administer taxonomy'.");
+    $this->drupalGet('taxonomy/term/' . $unpublished_term->id() . '/delete');
+    $assert_session->statusCodeEquals(403);
+    $this->assertTermAccess($unpublished_term, 'delete', FALSE, "The following permissions are required: 'delete terms in {$vocabulary->id()}' OR 'administer taxonomy'.");
+
+    // Install the Views module and repeat the checks for the 'view' permission.
+    \Drupal::service('module_installer')->install(['views'], TRUE);
+    $this->rebuildContainer();
+
+    $this->drupalGet('taxonomy/term/' . $published_term->id());
+    $assert_session->statusCodeEquals(200);
+
+    // @todo Change this assertion to expect a 403 status code when
+    //   https://www.drupal.org/project/drupal/issues/2983070 is fixed.
+    $this->drupalGet('taxonomy/term/' . $unpublished_term->id());
+    $assert_session->statusCodeEquals(404);
+  }
+
+  /**
+   * Checks access on taxonomy term.
+   *
+   * @param \Drupal\taxonomy\TermInterface $term
+   *   A taxonomy term entity.
+   * @param $access_operation
+   *   The entity operation, e.g. 'view', 'edit', 'delete', etc.
+   * @param bool $access_allowed
+   *   Whether the current use has access to the given operation or not.
+   * @param string $access_reason
+   *   (optional) The reason of the access result.
+   */
+  protected function assertTermAccess(TermInterface $term, $access_operation, $access_allowed, $access_reason = '') {
+    $access_result = $term->access($access_operation, NULL, TRUE);
+    $this->assertSame($access_allowed, $access_result->isAllowed());
+
+    if ($access_reason) {
+      $this->assertSame($access_reason, $access_result->getReason());
+    }
+  }
+
+}