Chris@0: adminUser = $this->drupalCreateUser(['administer permissions', 'access user profiles', 'administer site configuration', 'administer modules', 'administer account settings']); Chris@0: Chris@0: // Find the new role ID. Chris@0: $all_rids = $this->adminUser->getRoles(); Chris@0: unset($all_rids[array_search(RoleInterface::AUTHENTICATED_ID, $all_rids)]); Chris@0: $this->rid = reset($all_rids); Chris@0: } Chris@0: Chris@0: /** Chris@0: * Test changing user permissions through the permissions page. Chris@0: */ Chris@0: public function testUserPermissionChanges() { Chris@0: $permissions_hash_generator = $this->container->get('user_permissions_hash_generator'); Chris@0: Chris@0: $storage = $this->container->get('entity.manager')->getStorage('user_role'); Chris@0: Chris@0: // Create an additional role and mark it as admin role. Chris@0: Role::create(['is_admin' => TRUE, 'id' => 'administrator', 'label' => 'Administrator'])->save(); Chris@0: $storage->resetCache(); Chris@0: Chris@0: $this->drupalLogin($this->adminUser); Chris@0: $rid = $this->rid; Chris@0: $account = $this->adminUser; Chris@0: $previous_permissions_hash = $permissions_hash_generator->generate($account); Chris@0: $this->assertIdentical($previous_permissions_hash, $permissions_hash_generator->generate($this->loggedInUser)); Chris@0: Chris@0: // Add a permission. Chris@0: $this->assertFalse($account->hasPermission('administer users'), 'User does not have "administer users" permission.'); Chris@0: $edit = []; Chris@0: $edit[$rid . '[administer users]'] = TRUE; Chris@0: $this->drupalPostForm('admin/people/permissions', $edit, t('Save permissions')); Chris@0: $this->assertText(t('The changes have been saved.'), 'Successful save message displayed.'); Chris@0: $storage->resetCache(); Chris@0: $this->assertTrue($account->hasPermission('administer users'), 'User now has "administer users" permission.'); Chris@0: $current_permissions_hash = $permissions_hash_generator->generate($account); Chris@0: $this->assertIdentical($current_permissions_hash, $permissions_hash_generator->generate($this->loggedInUser)); Chris@0: $this->assertNotEqual($previous_permissions_hash, $current_permissions_hash, 'Permissions hash has changed.'); Chris@0: $previous_permissions_hash = $current_permissions_hash; Chris@0: Chris@0: // Remove a permission. Chris@0: $this->assertTrue($account->hasPermission('access user profiles'), 'User has "access user profiles" permission.'); Chris@0: $edit = []; Chris@0: $edit[$rid . '[access user profiles]'] = FALSE; Chris@0: $this->drupalPostForm('admin/people/permissions', $edit, t('Save permissions')); Chris@0: $this->assertText(t('The changes have been saved.'), 'Successful save message displayed.'); Chris@0: $storage->resetCache(); Chris@0: $this->assertFalse($account->hasPermission('access user profiles'), 'User no longer has "access user profiles" permission.'); Chris@0: $current_permissions_hash = $permissions_hash_generator->generate($account); Chris@0: $this->assertIdentical($current_permissions_hash, $permissions_hash_generator->generate($this->loggedInUser)); Chris@0: $this->assertNotEqual($previous_permissions_hash, $current_permissions_hash, 'Permissions hash has changed.'); Chris@0: Chris@0: // Ensure that the admin role doesn't have any checkboxes. Chris@0: $this->drupalGet('admin/people/permissions'); Chris@0: foreach (array_keys($this->container->get('user.permissions')->getPermissions()) as $permission) { Chris@0: $this->assertNoFieldByName('administrator[' . $permission . ']'); Chris@0: } Chris@0: } Chris@0: Chris@0: /** Chris@0: * Test assigning of permissions for the administrator role. Chris@0: */ Chris@0: public function testAdministratorRole() { Chris@0: $this->drupalLogin($this->adminUser); Chris@0: $this->drupalGet('admin/config/people/accounts'); Chris@0: Chris@0: // Verify that the administration role is none by default. Chris@0: $this->assertOptionSelected('edit-user-admin-role', '', 'Administration role defaults to none.'); Chris@0: Chris@0: $this->assertFalse(Role::load($this->rid)->isAdmin()); Chris@0: Chris@0: // Set the user's role to be the administrator role. Chris@0: $edit = []; Chris@0: $edit['user_admin_role'] = $this->rid; Chris@0: $this->drupalPostForm('admin/config/people/accounts', $edit, t('Save configuration')); Chris@0: Chris@0: \Drupal::entityManager()->getStorage('user_role')->resetCache(); Chris@0: $this->assertTrue(Role::load($this->rid)->isAdmin()); Chris@0: Chris@0: // Enable aggregator module and ensure the 'administer news feeds' Chris@0: // permission is assigned by default. Chris@0: \Drupal::service('module_installer')->install(['aggregator']); Chris@0: Chris@0: $this->assertTrue($this->adminUser->hasPermission('administer news feeds'), 'The permission was automatically assigned to the administrator role'); Chris@0: Chris@0: // Ensure that selecting '- None -' removes the admin role. Chris@0: $edit = []; Chris@0: $edit['user_admin_role'] = ''; Chris@0: $this->drupalPostForm('admin/config/people/accounts', $edit, t('Save configuration')); Chris@0: Chris@0: \Drupal::entityManager()->getStorage('user_role')->resetCache(); Chris@0: \Drupal::configFactory()->reset(); Chris@0: $this->assertFalse(Role::load($this->rid)->isAdmin()); Chris@0: Chris@0: // Manually create two admin roles, in that case the single select should be Chris@0: // hidden. Chris@0: Role::create(['id' => 'admin_role_0', 'is_admin' => TRUE, 'label' => 'Admin role 0'])->save(); Chris@0: Role::create(['id' => 'admin_role_1', 'is_admin' => TRUE, 'label' => 'Admin role 1'])->save(); Chris@0: $this->drupalGet('admin/config/people/accounts'); Chris@0: $this->assertNoFieldByName('user_admin_role'); Chris@0: } Chris@0: Chris@0: /** Chris@0: * Verify proper permission changes by user_role_change_permissions(). Chris@0: */ Chris@0: public function testUserRoleChangePermissions() { Chris@0: $permissions_hash_generator = $this->container->get('user_permissions_hash_generator'); Chris@0: Chris@0: $rid = $this->rid; Chris@0: $account = $this->adminUser; Chris@0: $previous_permissions_hash = $permissions_hash_generator->generate($account); Chris@0: Chris@0: // Verify current permissions. Chris@0: $this->assertFalse($account->hasPermission('administer users'), 'User does not have "administer users" permission.'); Chris@0: $this->assertTrue($account->hasPermission('access user profiles'), 'User has "access user profiles" permission.'); Chris@0: $this->assertTrue($account->hasPermission('administer site configuration'), 'User has "administer site configuration" permission.'); Chris@0: Chris@0: // Change permissions. Chris@0: $permissions = [ Chris@0: 'administer users' => 1, Chris@0: 'access user profiles' => 0, Chris@0: ]; Chris@0: user_role_change_permissions($rid, $permissions); Chris@0: Chris@0: // Verify proper permission changes. Chris@0: $this->assertTrue($account->hasPermission('administer users'), 'User now has "administer users" permission.'); Chris@0: $this->assertFalse($account->hasPermission('access user profiles'), 'User no longer has "access user profiles" permission.'); Chris@0: $this->assertTrue($account->hasPermission('administer site configuration'), 'User still has "administer site configuration" permission.'); Chris@0: Chris@0: // Verify the permissions hash has changed. Chris@0: $current_permissions_hash = $permissions_hash_generator->generate($account); Chris@0: $this->assertNotEqual($previous_permissions_hash, $current_permissions_hash, 'Permissions hash has changed.'); Chris@0: } Chris@0: Chris@0: }