Mercurial > hg > isophonics-drupal-site
view core/modules/media/tests/src/Functional/MediaAccessTest.php @ 19:fa3358dc1485 tip
Add ndrum files
author | Chris Cannam |
---|---|
date | Wed, 28 Aug 2019 13:14:47 +0100 |
parents | af1871eacc83 |
children |
line wrap: on
line source
<?php namespace Drupal\Tests\media\Functional; use Drupal\field\Entity\FieldConfig; use Drupal\field\Entity\FieldStorageConfig; use Drupal\media\Entity\Media; use Drupal\Tests\system\Functional\Cache\AssertPageCacheContextsAndTagsTrait; use Drupal\user\Entity\Role; use Drupal\user\RoleInterface; /** * Basic access tests for Media. * * @group media */ class MediaAccessTest extends MediaFunctionalTestBase { use AssertPageCacheContextsAndTagsTrait; /** * {@inheritdoc} */ public static $modules = [ 'block', 'media_test_source', ]; /** * {@inheritdoc} */ protected function setUp() { parent::setUp(); // This is needed to provide the user cache context for a below assertion. $this->drupalPlaceBlock('local_tasks_block'); } /** * Test some access control functionality. */ public function testMediaAccess() { $assert_session = $this->assertSession(); $media_type = $this->createMediaType('test'); \Drupal::configFactory() ->getEditable('media.settings') ->set('standalone_url', TRUE) ->save(TRUE); $this->container->get('router.builder')->rebuild(); // Create media. $media = Media::create([ 'bundle' => $media_type->id(), 'name' => 'Unnamed', ]); $media->save(); $user_media = Media::create([ 'bundle' => $media_type->id(), 'name' => 'Unnamed', 'uid' => $this->nonAdminUser->id(), ]); $user_media->save(); // We are logged in as admin, so test 'administer media' permission. $this->drupalGet('media/add/' . $media_type->id()); $this->assertCacheContext('user.permissions'); $assert_session->statusCodeEquals(200); $this->drupalGet('media/' . $user_media->id()); $this->assertCacheContext('user.permissions'); $assert_session->statusCodeEquals(200); $this->drupalGet('media/' . $user_media->id() . '/edit'); $this->assertCacheContext('user.permissions'); $assert_session->statusCodeEquals(200); $this->drupalGet('media/' . $user_media->id() . '/delete'); $this->assertCacheContext('user.permissions'); $assert_session->statusCodeEquals(200); $this->drupalLogin($this->nonAdminUser); /** @var \Drupal\user\RoleInterface $role */ $role = Role::load(RoleInterface::AUTHENTICATED_ID); user_role_revoke_permissions($role->id(), ['view media']); // Test 'create BUNDLE media' permission. $this->drupalGet('media/add/' . $media_type->id()); $this->assertCacheContext('user.permissions'); $assert_session->statusCodeEquals(403); $permissions = ['create ' . $media_type->id() . ' media']; $this->grantPermissions($role, $permissions); $this->drupalGet('media/add/' . $media_type->id()); $this->assertCacheContext('user.permissions'); $assert_session->statusCodeEquals(200); user_role_revoke_permissions($role->id(), $permissions); $role = Role::load(RoleInterface::AUTHENTICATED_ID); // Verify the author can not view the unpublished media item without // 'view own unpublished media' permission. $this->grantPermissions($role, ['view media']); $this->drupalGet('media/' . $user_media->id()); $this->assertNoCacheContext('user'); $this->assertCacheContext('user.permissions'); $assert_session->statusCodeEquals(200); $user_media->setUnpublished()->save(); $this->drupalGet('media/' . $user_media->id()); $this->assertCacheContext('user.permissions'); $assert_session->statusCodeEquals(403); $access_result = $user_media->access('view', NULL, TRUE); $this->assertSame("The user must be the owner and the 'view own unpublished media' permission is required when the media item is unpublished.", $access_result->getReason()); $this->grantPermissions($role, ['view own unpublished media']); $this->drupalGet('media/' . $user_media->id()); $this->assertCacheContext('user'); $assert_session->statusCodeEquals(200); // Test 'create media' permission. $this->drupalGet('media/add/' . $media_type->id()); $this->assertCacheContext('user.permissions'); $assert_session->statusCodeEquals(403); $permissions = ['create media']; $this->grantPermissions($role, $permissions); $this->drupalGet('media/add/' . $media_type->id()); $this->assertCacheContext('user.permissions'); $assert_session->statusCodeEquals(200); user_role_revoke_permissions($role->id(), $permissions); $role = Role::load(RoleInterface::AUTHENTICATED_ID); // Test 'edit own BUNDLE media' and 'delete own BUNDLE media' permissions. $this->drupalGet('media/' . $user_media->id() . '/edit'); $this->assertCacheContext('user.permissions'); $assert_session->statusCodeEquals(403); $this->drupalGet('media/' . $user_media->id() . '/delete'); $this->assertCacheContext('user.permissions'); $assert_session->statusCodeEquals(403); $permissions = [ 'edit own ' . $user_media->bundle() . ' media', 'delete own ' . $user_media->bundle() . ' media', ]; $this->grantPermissions($role, $permissions); $this->drupalGet('media/' . $user_media->id() . '/edit'); $this->assertCacheContext('user'); $assert_session->statusCodeEquals(200); $this->drupalGet('media/' . $user_media->id() . '/delete'); $this->assertCacheContext('user'); $assert_session->statusCodeEquals(200); user_role_revoke_permissions($role->id(), $permissions); $role = Role::load(RoleInterface::AUTHENTICATED_ID); // Test 'edit any BUNDLE media' and 'delete any BUNDLE media' permissions. $this->drupalGet('media/' . $media->id() . '/edit'); $this->assertCacheContext('user.permissions'); $assert_session->statusCodeEquals(403); $this->drupalGet('media/' . $media->id() . '/delete'); $this->assertCacheContext('user.permissions'); $assert_session->statusCodeEquals(403); $permissions = [ 'edit any ' . $media->bundle() . ' media', 'delete any ' . $media->bundle() . ' media', ]; $this->grantPermissions($role, $permissions); $this->drupalGet('media/' . $media->id() . '/edit'); $this->assertCacheContext('user.permissions'); $assert_session->statusCodeEquals(200); $this->drupalGet('media/' . $media->id() . '/delete'); $this->assertCacheContext('user.permissions'); $assert_session->statusCodeEquals(200); // Test the 'access media overview' permission. $this->grantPermissions($role, ['access content overview']); $this->drupalGet('admin/content'); $assert_session->linkByHrefNotExists('/admin/content/media'); $this->assertCacheContext('user'); // Create a new role, which implicitly checks if the permission exists. $mediaOverviewRole = $this->createRole(['access content overview', 'access media overview']); $this->nonAdminUser->addRole($mediaOverviewRole); $this->nonAdminUser->save(); $this->drupalGet('admin/content'); $assert_session->linkByHrefExists('/admin/content/media'); $this->clickLink('Media'); $this->assertCacheContext('user.permissions'); $assert_session->statusCodeEquals(200); $assert_session->elementExists('css', '.view-media'); $assert_session->pageTextContains($this->loggedInUser->getDisplayName()); $assert_session->pageTextContains($this->nonAdminUser->getDisplayName()); $assert_session->linkByHrefExists('/media/' . $media->id()); $assert_session->linkByHrefExists('/media/' . $user_media->id()); } /** * Test view access control on the canonical page. */ public function testCanonicalMediaAccess() { $media_type = $this->createMediaType('test'); $assert_session = $this->assertSession(); \Drupal::configFactory() ->getEditable('media.settings') ->set('standalone_url', TRUE) ->save(TRUE); $this->container->get('router.builder')->rebuild(); // Create media. $media = Media::create([ 'bundle' => $media_type->id(), 'name' => 'Unnamed', ]); $media->save(); $user_media = Media::create([ 'bundle' => $media_type->id(), 'name' => 'Unnamed', 'uid' => $this->nonAdminUser->id(), ]); $user_media->save(); $this->drupalLogin($this->nonAdminUser); /** @var \Drupal\user\RoleInterface $role */ $role = Role::load(RoleInterface::AUTHENTICATED_ID); user_role_revoke_permissions($role->id(), ['view media']); $this->drupalGet('media/' . $media->id()); $this->assertCacheContext('user.permissions'); $assert_session->statusCodeEquals(403); $access_result = $media->access('view', NULL, TRUE); $this->assertSame("The 'view media' permission is required when the media item is published.", $access_result->getReason()); $this->grantPermissions($role, ['view media']); $this->drupalGet('media/' . $media->id()); $this->assertCacheContext('user.permissions'); $assert_session->statusCodeEquals(200); } /** * Tests unpublished media access. */ public function testUnpublishedMediaUserAccess() { \Drupal::configFactory() ->getEditable('media.settings') ->set('standalone_url', TRUE) ->save(TRUE); $this->container->get('router.builder')->rebuild(); $assert_session = $this->assertSession(); $media_type = $this->createMediaType('test'); $permissions = [ 'view media', 'view own unpublished media', ]; $user_one = $this->drupalCreateUser($permissions); $user_two = $this->drupalCreateUser($permissions); // Create media as user one. $user_media = Media::create([ 'bundle' => $media_type->id(), 'name' => 'Unnamed', 'uid' => $user_one->id(), ]); $user_media->setUnpublished()->save(); // Make sure user two can't access unpublished media. $this->drupalLogin($user_two); $this->drupalGet('media/' . $user_media->id()); $assert_session->statusCodeEquals(403); $this->assertCacheContext('user'); $this->drupalLogout(); // Make sure user one can access own unpublished media. $this->drupalLogin($user_one); $this->drupalGet('media/' . $user_media->id()); $assert_session->statusCodeEquals(200); $this->assertCacheContext('user'); } /** * Tests media access of anonymous user. */ public function testMediaAnonymousUserAccess() { \Drupal::configFactory() ->getEditable('media.settings') ->set('standalone_url', TRUE) ->save(TRUE); $this->container->get('router.builder')->rebuild(); $assert_session = $this->assertSession(); $media_type = $this->createMediaType('test'); // Create media as anonymous user. $user_media = Media::create([ 'bundle' => $media_type->id(), 'name' => 'Unnamed', 'uid' => 0, ]); $user_media->save(); $role = Role::load(RoleInterface::ANONYMOUS_ID); $this->grantPermissions($role, ['view media', 'view own unpublished media']); $this->drupalLogout(); // Make sure anonymous users can access published media. $user_media->setPublished()->save(); $this->drupalGet('media/' . $user_media->id()); $assert_session->statusCodeEquals(200); // Make sure anonymous users can not access unpublished media // even though role has 'view own unpublished media' permission. $user_media->setUnpublished()->save(); $this->drupalGet('media/' . $user_media->id()); $assert_session->statusCodeEquals(403); $this->assertCacheContext('user'); } /** * Tests access for embedded medias. */ public function testReferencedRendering() { \Drupal::configFactory() ->getEditable('media.settings') ->set('standalone_url', TRUE) ->save(TRUE); $this->container->get('router.builder')->rebuild(); // Create a media type and a entity reference to itself. $media_type = $this->createMediaType('test'); FieldStorageConfig::create([ 'field_name' => 'field_reference', 'entity_type' => 'media', 'type' => 'entity_reference', 'settings' => [ 'target_type' => 'media', ], ])->save(); FieldConfig::create([ 'field_name' => 'field_reference', 'entity_type' => 'media', 'bundle' => $media_type->id(), ])->save(); $author = $this->drupalCreateUser([ 'view media', 'view own unpublished media', ]); $other_user = $this->drupalCreateUser([ 'view media', 'view own unpublished media', ]); $view_user = $this->drupalCreateUser(['view media']); $child_title = 'Child media'; $media_child = Media::create([ 'name' => $child_title, 'bundle' => $media_type->id(), 'uid' => $author->id(), ]); $media_child->setUnpublished()->save(); $media_parent = Media::create([ 'name' => 'Parent media', 'bundle' => $media_type->id(), 'field_reference' => $media_child->id(), ]); $media_parent->save(); entity_get_display('media', $media_type->id(), 'full') ->set('content', []) ->setComponent('title', ['type' => 'string']) ->setComponent('field_reference', [ 'type' => 'entity_reference_label', ]) ->save(); $assert_session = $this->assertSession(); // The author of the child media items should have access to both the parent // and child. $this->drupalLogin($author); $this->drupalGet($media_parent->toUrl()); $this->assertCacheContext('user'); $assert_session->pageTextContains($child_title); // Other users with the 'view own unpublished media' permission should not // be able to see the unpublished child media item. The 'user' cache context // should be added in this case. $this->drupalLogin($other_user); $this->drupalGet($media_parent->toUrl()); $this->assertCacheContext('user'); $assert_session->pageTextNotContains($child_title); // User with just the 'view media' permission should not be able to see the // child media item. The 'user' cache context should not be added in this // case. $this->drupalLogin($view_user); $this->drupalGet($media_parent->toUrl()); $this->assertNoCacheContext('user'); $assert_session->pageTextNotContains($child_title); } }