Chris@0: <?php
Chris@0: 
Chris@0: namespace Drupal\Tests\system\Kernel;
Chris@0: 
Chris@0: use Drupal\Core\Access\AccessResult;
Chris@0: use Drupal\Core\Cache\Context\CacheContextsManager;
Chris@0: use Drupal\Core\DependencyInjection\ContainerBuilder;
Chris@0: use Drupal\KernelTests\KernelTestBase;
Chris@0: use Drupal\system\Entity\Menu;
Chris@18: use Drupal\Tests\user\Traits\UserCreationTrait;
Chris@0: 
Chris@0: /**
Chris@0:  * @coversDefaultClass \Drupal\system\MenuAccessControlHandler
Chris@0:  * @group system
Chris@0:  */
Chris@0: class MenuAccessControlHandlerTest extends KernelTestBase {
Chris@0: 
Chris@0:   use UserCreationTrait {
Chris@0:     createUser as drupalCreateUser;
Chris@0:   }
Chris@0: 
Chris@0:   /**
Chris@0:    * Modules to enable.
Chris@0:    *
Chris@0:    * @var array
Chris@0:    */
Chris@0:   public static $modules = [
Chris@0:     'system',
Chris@0:     'user',
Chris@0:   ];
Chris@0: 
Chris@0:   /**
Chris@0:    * The menu access control handler.
Chris@0:    *
Chris@0:    * @var \Drupal\Core\Entity\EntityAccessControlHandlerInterface
Chris@0:    */
Chris@0:   protected $accessControlHandler;
Chris@0: 
Chris@0:   /**
Chris@0:    * {@inheritdoc}
Chris@0:    */
Chris@0:   protected function setUp() {
Chris@0:     parent::setUp();
Chris@0:     $this->installEntitySchema('menu');
Chris@0:     $this->installEntitySchema('user');
Chris@0:     $this->installSchema('system', 'sequences');
Chris@0:     $this->accessControlHandler = $this->container->get('entity_type.manager')->getAccessControlHandler('menu');
Chris@0:   }
Chris@0: 
Chris@0:   /**
Chris@0:    * @covers ::checkAccess
Chris@0:    * @covers ::checkCreateAccess
Chris@0:    * @dataProvider testAccessProvider
Chris@0:    */
Chris@0:   public function testAccess($which_user, $which_entity, $view_label_access_result, $view_access_result, $update_access_result, $delete_access_result, $create_access_result) {
Chris@0:     // We must always create user 1, so that a "normal" user has a ID >1.
Chris@0:     $root_user = $this->drupalCreateUser();
Chris@0: 
Chris@0:     if ($which_user === 'user1') {
Chris@0:       $user = $root_user;
Chris@0:     }
Chris@0:     else {
Chris@0:       $permissions = ($which_user === 'admin')
Chris@0:         ? ['administer menu']
Chris@0:         : [];
Chris@0:       $user = $this->drupalCreateUser($permissions);
Chris@0:     }
Chris@0: 
Chris@0:     $entity_values = ($which_entity === 'unlocked')
Chris@0:       ? ['locked' => FALSE]
Chris@0:       : ['locked' => TRUE];
Chris@0:     $entity_values['id'] = 'llama';
Chris@0:     $entity = Menu::create($entity_values);
Chris@0:     $entity->save();
Chris@0: 
Chris@0:     static::assertEquals($view_label_access_result, $this->accessControlHandler->access($entity, 'view label', $user, TRUE));
Chris@0:     static::assertEquals($view_access_result, $this->accessControlHandler->access($entity, 'view', $user, TRUE));
Chris@0:     static::assertEquals($update_access_result, $this->accessControlHandler->access($entity, 'update', $user, TRUE));
Chris@0:     static::assertEquals($delete_access_result, $this->accessControlHandler->access($entity, 'delete', $user, TRUE));
Chris@0:     static::assertEquals($create_access_result, $this->accessControlHandler->createAccess(NULL, $user, [], TRUE));
Chris@0:   }
Chris@0: 
Chris@0:   public function testAccessProvider() {
Chris@0:     $c = new ContainerBuilder();
Chris@0:     $cache_contexts_manager = $this->prophesize(CacheContextsManager::class);
Chris@0:     $cache_contexts_manager->assertValidTokens()->willReturn(TRUE);
Chris@0:     $cache_contexts_manager->reveal();
Chris@0:     $c->set('cache_contexts_manager', $cache_contexts_manager);
Chris@0:     \Drupal::setContainer($c);
Chris@0: 
Chris@0:     return [
Chris@0:       'permissionless + unlocked' => [
Chris@0:         'permissionless',
Chris@0:         'unlocked',
Chris@0:         AccessResult::allowed(),
Chris@0:         AccessResult::neutral()->addCacheContexts(['user.permissions'])->setReason("The 'administer menu' permission is required."),
Chris@0:         AccessResult::neutral()->addCacheContexts(['user.permissions'])->setReason("The 'administer menu' permission is required."),
Chris@0:         AccessResult::neutral()->addCacheContexts(['user.permissions'])->setReason("The 'administer menu' permission is required.")->addCacheTags(['config:system.menu.llama']),
Chris@0:         AccessResult::neutral()->addCacheContexts(['user.permissions'])->setReason("The 'administer menu' permission is required."),
Chris@0:       ],
Chris@0:       'permissionless + locked' => [
Chris@0:         'permissionless',
Chris@0:         'locked',
Chris@0:         AccessResult::allowed(),
Chris@0:         AccessResult::neutral()->addCacheContexts(['user.permissions'])->setReason("The 'administer menu' permission is required."),
Chris@0:         AccessResult::neutral()->addCacheContexts(['user.permissions'])->setReason("The 'administer menu' permission is required."),
Chris@0:         AccessResult::forbidden()->addCacheTags(['config:system.menu.llama'])->setReason("The Menu config entity is locked."),
Chris@0:         AccessResult::neutral()->addCacheContexts(['user.permissions'])->setReason("The 'administer menu' permission is required."),
Chris@0:       ],
Chris@0:       'admin + unlocked' => [
Chris@0:         'admin',
Chris@0:         'unlocked',
Chris@0:         AccessResult::allowed(),
Chris@0:         AccessResult::allowed()->addCacheContexts(['user.permissions']),
Chris@0:         AccessResult::allowed()->addCacheContexts(['user.permissions']),
Chris@0:         AccessResult::allowed()->addCacheContexts(['user.permissions'])->addCacheTags(['config:system.menu.llama']),
Chris@0:         AccessResult::allowed()->addCacheContexts(['user.permissions']),
Chris@0:       ],
Chris@0:       'admin + locked' => [
Chris@0:         'admin',
Chris@0:         'locked',
Chris@0:         AccessResult::allowed(),
Chris@0:         AccessResult::allowed()->addCacheContexts(['user.permissions']),
Chris@0:         AccessResult::allowed()->addCacheContexts(['user.permissions']),
Chris@0:         AccessResult::forbidden()->addCacheTags(['config:system.menu.llama'])->setReason("The Menu config entity is locked."),
Chris@0:         AccessResult::allowed()->addCacheContexts(['user.permissions']),
Chris@0:       ],
Chris@0:       'user1 + unlocked' => [
Chris@0:         'user1',
Chris@0:         'unlocked',
Chris@0:         AccessResult::allowed(),
Chris@0:         AccessResult::allowed()->addCacheContexts(['user.permissions']),
Chris@0:         AccessResult::allowed()->addCacheContexts(['user.permissions']),
Chris@0:         AccessResult::allowed()->addCacheContexts(['user.permissions'])->addCacheTags(['config:system.menu.llama']),
Chris@0:         AccessResult::allowed()->addCacheContexts(['user.permissions']),
Chris@0:       ],
Chris@0:       'user1 + locked' => [
Chris@0:         'user1',
Chris@0:         'locked',
Chris@0:         AccessResult::allowed(),
Chris@0:         AccessResult::allowed()->addCacheContexts(['user.permissions']),
Chris@0:         AccessResult::allowed()->addCacheContexts(['user.permissions']),
Chris@0:         AccessResult::forbidden()->addCacheTags(['config:system.menu.llama'])->setReason("The Menu config entity is locked."),
Chris@0:         AccessResult::allowed()->addCacheContexts(['user.permissions']),
Chris@0:       ],
Chris@0:     ];
Chris@0:   }
Chris@0: 
Chris@0: }