Chris@0: drupalPlaceBlock('local_tasks_block'); Chris@14: } Chris@14: Chris@14: /** Chris@0: * Test some access control functionality. Chris@0: */ Chris@0: public function testMediaAccess() { Chris@0: $assert_session = $this->assertSession(); Chris@0: Chris@0: $media_type = $this->createMediaType(); Chris@0: Chris@0: // Create media. Chris@0: $media = Media::create([ Chris@0: 'bundle' => $media_type->id(), Chris@0: 'name' => 'Unnamed', Chris@0: ]); Chris@0: $media->save(); Chris@0: $user_media = Media::create([ Chris@0: 'bundle' => $media_type->id(), Chris@0: 'name' => 'Unnamed', Chris@0: 'uid' => $this->nonAdminUser->id(), Chris@0: ]); Chris@0: $user_media->save(); Chris@0: Chris@0: // We are logged in as admin, so test 'administer media' permission. Chris@0: $this->drupalGet('media/add/' . $media_type->id()); Chris@0: $this->assertCacheContext('user.permissions'); Chris@0: $assert_session->statusCodeEquals(200); Chris@0: $this->drupalGet('media/' . $user_media->id()); Chris@0: $this->assertCacheContext('user.permissions'); Chris@0: $assert_session->statusCodeEquals(200); Chris@0: $this->drupalGet('media/' . $user_media->id() . '/edit'); Chris@0: $this->assertCacheContext('user.permissions'); Chris@0: $assert_session->statusCodeEquals(200); Chris@0: $this->drupalGet('media/' . $user_media->id() . '/delete'); Chris@0: $this->assertCacheContext('user.permissions'); Chris@0: $assert_session->statusCodeEquals(200); Chris@0: Chris@0: $this->drupalLogin($this->nonAdminUser); Chris@0: /** @var \Drupal\user\RoleInterface $role */ Chris@0: $role = Role::load(RoleInterface::AUTHENTICATED_ID); Chris@0: Chris@0: // Test 'view media' permission. Chris@0: user_role_revoke_permissions($role->id(), ['view media']); Chris@0: $this->drupalGet('media/' . $media->id()); Chris@0: $this->assertCacheContext('user.permissions'); Chris@0: $assert_session->statusCodeEquals(403); Chris@0: $access_result = $media->access('view', NULL, TRUE); Chris@0: $this->assertSame("The 'view media' permission is required and the media item must be published.", $access_result->getReason()); Chris@0: $this->grantPermissions($role, ['view media']); Chris@0: $this->drupalGet('media/' . $media->id()); Chris@14: $this->assertCacheContext('user.permissions'); Chris@0: $assert_session->statusCodeEquals(200); Chris@0: Chris@14: // Test 'create BUNDLE media' permission. Chris@14: $this->drupalGet('media/add/' . $media_type->id()); Chris@14: $this->assertCacheContext('user.permissions'); Chris@14: $assert_session->statusCodeEquals(403); Chris@14: $permissions = ['create ' . $media_type->id() . ' media']; Chris@14: $this->grantPermissions($role, $permissions); Chris@14: $this->drupalGet('media/add/' . $media_type->id()); Chris@14: $this->assertCacheContext('user.permissions'); Chris@14: $assert_session->statusCodeEquals(200); Chris@14: user_role_revoke_permissions($role->id(), $permissions); Chris@14: $role = Role::load(RoleInterface::AUTHENTICATED_ID); Chris@14: Chris@0: // Test 'create media' permission. Chris@0: $this->drupalGet('media/add/' . $media_type->id()); Chris@0: $this->assertCacheContext('user.permissions'); Chris@0: $assert_session->statusCodeEquals(403); Chris@14: $permissions = ['create media']; Chris@14: $this->grantPermissions($role, $permissions); Chris@0: $this->drupalGet('media/add/' . $media_type->id()); Chris@0: $this->assertCacheContext('user.permissions'); Chris@0: $assert_session->statusCodeEquals(200); Chris@14: user_role_revoke_permissions($role->id(), $permissions); Chris@14: $role = Role::load(RoleInterface::AUTHENTICATED_ID); Chris@0: Chris@14: // Test 'edit own BUNDLE media' and 'delete own BUNDLE media' permissions. Chris@0: $this->drupalGet('media/' . $user_media->id() . '/edit'); Chris@14: $this->assertCacheContext('user.permissions'); Chris@0: $assert_session->statusCodeEquals(403); Chris@0: $this->drupalGet('media/' . $user_media->id() . '/delete'); Chris@14: $this->assertCacheContext('user.permissions'); Chris@0: $assert_session->statusCodeEquals(403); Chris@14: $permissions = [ Chris@14: 'edit own ' . $user_media->bundle() . ' media', Chris@14: 'delete own ' . $user_media->bundle() . ' media', Chris@14: ]; Chris@14: $this->grantPermissions($role, $permissions); Chris@0: $this->drupalGet('media/' . $user_media->id() . '/edit'); Chris@0: $this->assertCacheContext('user'); Chris@0: $assert_session->statusCodeEquals(200); Chris@0: $this->drupalGet('media/' . $user_media->id() . '/delete'); Chris@0: $this->assertCacheContext('user'); Chris@0: $assert_session->statusCodeEquals(200); Chris@14: user_role_revoke_permissions($role->id(), $permissions); Chris@14: $role = Role::load(RoleInterface::AUTHENTICATED_ID); Chris@0: Chris@14: // Test 'edit any BUNDLE media' and 'delete any BUNDLE media' permissions. Chris@0: $this->drupalGet('media/' . $media->id() . '/edit'); Chris@14: $this->assertCacheContext('user.permissions'); Chris@0: $assert_session->statusCodeEquals(403); Chris@0: $this->drupalGet('media/' . $media->id() . '/delete'); Chris@14: $this->assertCacheContext('user.permissions'); Chris@0: $assert_session->statusCodeEquals(403); Chris@14: $permissions = [ Chris@14: 'edit any ' . $media->bundle() . ' media', Chris@14: 'delete any ' . $media->bundle() . ' media', Chris@14: ]; Chris@14: $this->grantPermissions($role, $permissions); Chris@0: $this->drupalGet('media/' . $media->id() . '/edit'); Chris@0: $this->assertCacheContext('user.permissions'); Chris@0: $assert_session->statusCodeEquals(200); Chris@0: $this->drupalGet('media/' . $media->id() . '/delete'); Chris@0: $this->assertCacheContext('user.permissions'); Chris@0: $assert_session->statusCodeEquals(200); Chris@0: Chris@0: // Test the 'access media overview' permission. Chris@0: $this->grantPermissions($role, ['access content overview']); Chris@0: $this->drupalGet('admin/content'); Chris@0: $assert_session->linkByHrefNotExists('/admin/content/media'); Chris@0: $this->assertCacheContext('user'); Chris@0: Chris@0: // Create a new role, which implicitly checks if the permission exists. Chris@0: $mediaOverviewRole = $this->createRole(['access content overview', 'access media overview']); Chris@0: $this->nonAdminUser->addRole($mediaOverviewRole); Chris@0: $this->nonAdminUser->save(); Chris@0: Chris@0: $this->drupalGet('admin/content'); Chris@0: $assert_session->linkByHrefExists('/admin/content/media'); Chris@0: $this->clickLink('Media'); Chris@0: $this->assertCacheContext('user.permissions'); Chris@0: $assert_session->statusCodeEquals(200); Chris@0: $assert_session->elementExists('css', '.view-media'); Chris@0: $assert_session->pageTextContains($this->loggedInUser->getDisplayName()); Chris@0: $assert_session->pageTextContains($this->nonAdminUser->getDisplayName()); Chris@0: $assert_session->linkByHrefExists('/media/' . $media->id()); Chris@0: $assert_session->linkByHrefExists('/media/' . $user_media->id()); Chris@0: } Chris@0: Chris@0: }