Chris@18: createMediaType('test', [ Chris@18: 'id' => 'test', Chris@18: ]); Chris@18: Chris@18: $user = $this->createUser($permissions); Chris@18: Chris@18: $entity_values += [ Chris@18: 'status' => FALSE, Chris@18: 'uid' => $user->id(), Chris@18: 'bundle' => $media_type->id(), Chris@18: ]; Chris@18: Chris@18: $entity = Media::create($entity_values); Chris@18: $entity->save(); Chris@18: /** @var \Drupal\Core\Entity\EntityAccessControlHandlerInterface $access_handler */ Chris@18: $access_handler = $this->container->get('entity_type.manager')->getAccessControlHandler('media'); Chris@18: $this->assertAccess($expected_result, $expected_cache_contexts, $expected_cache_tags, $access_handler->access($entity, $operation, $user, TRUE)); Chris@18: } Chris@18: Chris@18: /** Chris@18: * @param string[] $permissions Chris@18: * User permissions. Chris@18: * @param \Drupal\Core\Access\AccessResultInterface $expected_result Chris@18: * Expected result. Chris@18: * @param string[] $expected_cache_contexts Chris@18: * Expected cache contexts. Chris@18: * @param string[] $expected_cache_tags Chris@18: * Expected cache tags. Chris@18: * Chris@18: * @covers ::checkCreateAccess Chris@18: * @dataProvider providerCreateAccess Chris@18: */ Chris@18: public function testCreateAccess(array $permissions, AccessResultInterface $expected_result, array $expected_cache_contexts, array $expected_cache_tags) { Chris@18: $user = $this->createUser($permissions); Chris@18: Chris@18: /** @var \Drupal\Core\Entity\EntityAccessControlHandlerInterface $access_handler */ Chris@18: $access_handler = $this->container->get('entity_type.manager')->getAccessControlHandler('media'); Chris@18: $this->assertAccess($expected_result, $expected_cache_contexts, $expected_cache_tags, $access_handler->createAccess('test', $user, [], TRUE)); Chris@18: } Chris@18: Chris@18: /** Chris@18: * Asserts an access result. Chris@18: * Chris@18: * @param \Drupal\Core\Access\AccessResultInterface $expected_access_result Chris@18: * The expected access result. Chris@18: * @param string[] $expected_cache_contexts Chris@18: * Expected contexts. Chris@18: * @param string[] $expected_cache_tags Chris@18: * Expected cache tags Chris@18: * @param \Drupal\Core\Access\AccessResultInterface $actual Chris@18: * The actual access result. Chris@18: */ Chris@18: protected function assertAccess(AccessResultInterface $expected_access_result, array $expected_cache_contexts, array $expected_cache_tags, AccessResultInterface $actual) { Chris@18: $this->assertSame($expected_access_result->isAllowed(), $actual->isAllowed()); Chris@18: $this->assertSame($expected_access_result->isForbidden(), $actual->isForbidden()); Chris@18: $this->assertSame($expected_access_result->isNeutral(), $actual->isNeutral()); Chris@18: Chris@18: $actual_cache_contexts = $actual->getCacheContexts(); Chris@18: sort($expected_cache_contexts); Chris@18: sort($actual_cache_contexts); Chris@18: $this->assertSame($expected_cache_contexts, $actual_cache_contexts); Chris@18: Chris@18: $actual_cache_tags = $actual->getCacheTags(); Chris@18: sort($expected_cache_tags); Chris@18: sort($actual_cache_tags); Chris@18: $this->assertSame($expected_cache_tags, $actual_cache_tags); Chris@18: } Chris@18: Chris@18: /** Chris@18: * Data provider for testAccess(). Chris@18: * Chris@18: * @return array Chris@18: * The data sets to test. Chris@18: */ Chris@18: public function providerAccess() { Chris@18: $test_data = []; Chris@18: Chris@18: // Check published / unpublished media access for a user owning the media Chris@18: // item without permissions. Chris@18: $test_data['owner, no permissions / published / view'] = [ Chris@18: [], Chris@18: ['status' => TRUE], Chris@18: 'view', Chris@18: AccessResult::neutral(), Chris@18: ['user.permissions'], Chris@18: ['media:1'], Chris@18: ]; Chris@18: $test_data['owner, no permissions / published / update'] = [ Chris@18: [], Chris@18: ['status' => TRUE], Chris@18: 'update', Chris@18: AccessResult::neutral(), Chris@18: ['user.permissions'], Chris@18: [], Chris@18: ]; Chris@18: $test_data['owner, no permissions / published / delete'] = [ Chris@18: [], Chris@18: ['status' => TRUE], Chris@18: 'delete', Chris@18: AccessResult::neutral(), Chris@18: ['user.permissions'], Chris@18: [], Chris@18: ]; Chris@18: $test_data['owner, no permissions / unpublished / view'] = [ Chris@18: [], Chris@18: [], Chris@18: 'view', Chris@18: AccessResult::neutral(), Chris@18: ['user.permissions'], Chris@18: ['media:1'], Chris@18: ]; Chris@18: $test_data['owner, no permissions / unpublished / update'] = [ Chris@18: [], Chris@18: [], Chris@18: 'update', Chris@18: AccessResult::neutral(), Chris@18: ['user.permissions'], Chris@18: [], Chris@18: ]; Chris@18: $test_data['owner, no permissions / unpublished / delete'] = [ Chris@18: [], Chris@18: [], Chris@18: 'delete', Chris@18: AccessResult::neutral(), Chris@18: ['user.permissions'], Chris@18: [], Chris@18: ]; Chris@18: Chris@18: // Check published / unpublished media access for a user not owning the Chris@18: // media item without permissions. Chris@18: $test_data['not owner, no permissions / published / view'] = [ Chris@18: [], Chris@18: ['uid' => 0, 'status' => TRUE], Chris@18: 'view', Chris@18: AccessResult::neutral(), Chris@18: ['user.permissions'], Chris@18: ['media:1'], Chris@18: ]; Chris@18: $test_data['not owner, no permissions / published / update'] = [ Chris@18: [], Chris@18: ['uid' => 0, 'status' => TRUE], Chris@18: 'update', Chris@18: AccessResult::neutral(), Chris@18: ['user.permissions'], Chris@18: [], Chris@18: ]; Chris@18: $test_data['not owner, no permissions / published / delete'] = [ Chris@18: [], Chris@18: ['uid' => 0, 'status' => TRUE], Chris@18: 'delete', Chris@18: AccessResult::neutral(), Chris@18: ['user.permissions'], Chris@18: [], Chris@18: ]; Chris@18: $test_data['not owner, no permissions / unpublished / view'] = [ Chris@18: [], Chris@18: ['uid' => 0], Chris@18: 'view', Chris@18: AccessResult::neutral(), Chris@18: ['user.permissions'], Chris@18: ['media:1'], Chris@18: ]; Chris@18: $test_data['not owner, no permissions / unpublished / update'] = [ Chris@18: [], Chris@18: ['uid' => 0], Chris@18: 'update', Chris@18: AccessResult::neutral(), Chris@18: ['user.permissions'], Chris@18: [], Chris@18: ]; Chris@18: $test_data['not owner, no permissions / unpublished / delete'] = [ Chris@18: [], Chris@18: ['uid' => 0], Chris@18: 'delete', Chris@18: AccessResult::neutral(), Chris@18: ['user.permissions'], Chris@18: [], Chris@18: ]; Chris@18: Chris@18: // Check published / unpublished media access for a user owning the media Chris@18: // item with only the 'view media' permission. Chris@18: $test_data['owner, can view media / published / view'] = [ Chris@18: ['view media'], Chris@18: ['status' => TRUE], Chris@18: 'view', Chris@18: AccessResult::allowed(), Chris@18: ['user.permissions'], Chris@18: ['media:1'], Chris@18: ]; Chris@18: $test_data['owner, can view media / published / update'] = [ Chris@18: ['view media'], Chris@18: ['status' => TRUE], Chris@18: 'update', Chris@18: AccessResult::neutral(), Chris@18: ['user.permissions'], Chris@18: [], Chris@18: ]; Chris@18: $test_data['owner, can view media / published / delete'] = [ Chris@18: ['view media'], Chris@18: ['status' => TRUE], Chris@18: 'delete', Chris@18: AccessResult::neutral(), Chris@18: ['user.permissions'], Chris@18: [], Chris@18: ]; Chris@18: $test_data['owner, can view media / unpublished / view'] = [ Chris@18: ['view media'], Chris@18: [], Chris@18: 'view', Chris@18: AccessResult::neutral(), Chris@18: ['user.permissions'], Chris@18: ['media:1'], Chris@18: ]; Chris@18: $test_data['owner, can view media / unpublished / update'] = [ Chris@18: ['view media'], Chris@18: [], Chris@18: 'update', Chris@18: AccessResult::neutral(), Chris@18: ['user.permissions'], Chris@18: [], Chris@18: ]; Chris@18: $test_data['owner, can view media / unpublished / delete'] = [ Chris@18: ['view media'], Chris@18: [], Chris@18: 'delete', Chris@18: AccessResult::neutral(), Chris@18: ['user.permissions'], Chris@18: [], Chris@18: ]; Chris@18: Chris@18: // Check published / unpublished media access for a user not owning the Chris@18: // media item with only the 'view media' permission. Chris@18: $test_data['not owner, can view media / published / view'] = [ Chris@18: ['view media'], Chris@18: ['uid' => 0, 'status' => TRUE], Chris@18: 'view', Chris@18: AccessResult::allowed(), Chris@18: ['user.permissions'], Chris@18: ['media:1'], Chris@18: ]; Chris@18: $test_data['not owner, can view media / published / update'] = [ Chris@18: ['view media'], Chris@18: ['uid' => 0, 'status' => TRUE], Chris@18: 'update', Chris@18: AccessResult::neutral(), Chris@18: ['user.permissions'], Chris@18: [], Chris@18: ]; Chris@18: $test_data['not owner, can view media / published / delete'] = [ Chris@18: ['view media'], Chris@18: ['uid' => 0, 'status' => TRUE], Chris@18: 'delete', Chris@18: AccessResult::neutral(), Chris@18: ['user.permissions'], Chris@18: [], Chris@18: ]; Chris@18: $test_data['not owner, can view media / unpublished / view'] = [ Chris@18: ['view media'], Chris@18: ['uid' => 0], Chris@18: 'view', Chris@18: AccessResult::neutral(), Chris@18: ['user.permissions'], Chris@18: ['media:1'], Chris@18: ]; Chris@18: $test_data['not owner, can view media / unpublished / update'] = [ Chris@18: ['view media'], Chris@18: ['uid' => 0], Chris@18: 'update', Chris@18: AccessResult::neutral(), Chris@18: ['user.permissions'], Chris@18: [], Chris@18: ]; Chris@18: $test_data['not owner, can view media / unpublished / delete'] = [ Chris@18: ['view media'], Chris@18: ['uid' => 0], Chris@18: 'delete', Chris@18: AccessResult::neutral(), Chris@18: ['user.permissions'], Chris@18: [], Chris@18: ]; Chris@18: Chris@18: // Check published / unpublished media access for a user owning the media Chris@18: // item with the 'view media' and 'view own unpublished' permission. Chris@18: $test_data['owner, can view own unpublished media / published / view'] = [ Chris@18: ['view media', 'view own unpublished media'], Chris@18: ['status' => TRUE], Chris@18: 'view', Chris@18: AccessResult::allowed(), Chris@18: ['user.permissions'], Chris@18: ['media:1'], Chris@18: ]; Chris@18: $test_data['owner, can view own unpublished media / published / update'] = [ Chris@18: ['view media', 'view own unpublished media'], Chris@18: ['status' => TRUE], Chris@18: 'update', Chris@18: AccessResult::neutral(), Chris@18: ['user.permissions'], Chris@18: [], Chris@18: ]; Chris@18: $test_data['owner, can view own unpublished media / published / delete'] = [ Chris@18: ['view media', 'view own unpublished media'], Chris@18: ['status' => TRUE], Chris@18: 'delete', Chris@18: AccessResult::neutral(), Chris@18: ['user.permissions'], Chris@18: [], Chris@18: ]; Chris@18: $test_data['owner, can view own unpublished media / unpublished / view'] = [ Chris@18: ['view media', 'view own unpublished media'], Chris@18: [], Chris@18: 'view', Chris@18: AccessResult::allowed(), Chris@18: ['user.permissions', 'user'], Chris@18: ['media:1'], Chris@18: ]; Chris@18: $test_data['owner, can view own unpublished media / unpublished / update'] = [ Chris@18: ['view media', 'view own unpublished media'], Chris@18: [], Chris@18: 'update', Chris@18: AccessResult::neutral(), Chris@18: ['user.permissions'], Chris@18: [], Chris@18: ]; Chris@18: $test_data['owner, can view own unpublished media / unpublished / delete'] = [ Chris@18: ['view media', 'view own unpublished media'], Chris@18: [], Chris@18: 'delete', Chris@18: AccessResult::neutral(), Chris@18: ['user.permissions'], Chris@18: [], Chris@18: ]; Chris@18: Chris@18: // Check published / unpublished media access for a user not owning the Chris@18: // media item with the 'view media' and 'view own unpublished' permission. Chris@18: $test_data['not owner, can view own unpublished media / published / view'] = [ Chris@18: ['view media', 'view own unpublished media'], Chris@18: ['uid' => 0, 'status' => TRUE], Chris@18: 'view', Chris@18: AccessResult::allowed(), Chris@18: ['user.permissions'], Chris@18: ['media:1'], Chris@18: ]; Chris@18: $test_data['not owner, can view own unpublished media / published / update'] = [ Chris@18: ['view media', 'view own unpublished media'], Chris@18: ['uid' => 0, 'status' => TRUE], Chris@18: 'update', Chris@18: AccessResult::neutral(), Chris@18: ['user.permissions'], Chris@18: [], Chris@18: ]; Chris@18: $test_data['not owner, can view own unpublished media / published / delete'] = [ Chris@18: ['view media', 'view own unpublished media'], Chris@18: ['uid' => 0, 'status' => TRUE], Chris@18: 'delete', Chris@18: AccessResult::neutral(), Chris@18: ['user.permissions'], Chris@18: [], Chris@18: ]; Chris@18: $test_data['not owner, can view own unpublished media / unpublished / view'] = [ Chris@18: ['view media', 'view own unpublished media'], Chris@18: ['uid' => 0], Chris@18: 'view', Chris@18: AccessResult::neutral(), Chris@18: ['user.permissions', 'user'], Chris@18: ['media:1'], Chris@18: ]; Chris@18: $test_data['not owner, can view own unpublished media / unpublished / update'] = [ Chris@18: ['view media', 'view own unpublished media'], Chris@18: ['uid' => 0], Chris@18: 'update', Chris@18: AccessResult::neutral(), Chris@18: ['user.permissions'], Chris@18: [], Chris@18: ]; Chris@18: $test_data['not owner, can view own unpublished media / unpublished / delete'] = [ Chris@18: ['view media', 'view own unpublished media'], Chris@18: ['uid' => 0], Chris@18: 'delete', Chris@18: AccessResult::neutral(), Chris@18: ['user.permissions'], Chris@18: [], Chris@18: ]; Chris@18: Chris@18: return $test_data; Chris@18: } Chris@18: Chris@18: /** Chris@18: * Data provider for testCreateAccess(). Chris@18: * Chris@18: * @return array Chris@18: * The data sets to test. Chris@18: */ Chris@18: public function providerCreateAccess() { Chris@18: $test_data = []; Chris@18: Chris@18: // Check create access for a user without permissions. Chris@18: $test_data['user, no permissions / create'] = [ Chris@18: [], Chris@18: AccessResult::neutral()->setReason("The following permissions are required: 'administer media' OR 'create media'."), Chris@18: ['user.permissions'], Chris@18: [], Chris@18: ]; Chris@18: Chris@18: // Check create access for a user with the 'view media' permission. Chris@18: $test_data['user, can view media / create'] = [ Chris@18: [ Chris@18: 'view media', Chris@18: ], Chris@18: AccessResult::neutral("The following permissions are required: 'administer media' OR 'create media'."), Chris@18: ['user.permissions'], Chris@18: [], Chris@18: ]; Chris@18: Chris@18: // Check create access for a user with the 'view media' and 'view own Chris@18: // unpublished media' permission. Chris@18: $test_data['user, can view own unpublished media / create'] = [ Chris@18: [ Chris@18: 'view media', Chris@18: 'view own unpublished media', Chris@18: ], Chris@18: AccessResult::neutral("The following permissions are required: 'administer media' OR 'create media'."), Chris@18: ['user.permissions'], Chris@18: [], Chris@18: ]; Chris@18: Chris@18: // Check create access for a user with the 'view media', 'view own Chris@18: // unpublished media', 'update any media' and 'delete any media' permission. Chris@18: $test_data['user, can view own unpublished media and update or delete any media / create'] = [ Chris@18: [ Chris@18: 'view media', Chris@18: 'view own unpublished media', Chris@18: 'update any media', Chris@18: 'delete any media', Chris@18: ], Chris@18: AccessResult::neutral("The following permissions are required: 'administer media' OR 'create media'."), Chris@18: ['user.permissions'], Chris@18: [], Chris@18: ]; Chris@18: Chris@18: // Check create access for a user with the 'view media', 'view own Chris@18: // unpublished media', 'update media' and 'delete media' permission. Chris@18: $test_data['user, can view own unpublished media and update or delete own media / create'] = [ Chris@18: [ Chris@18: 'view media', Chris@18: 'view own unpublished media', Chris@18: 'update media', Chris@18: 'delete media', Chris@18: ], Chris@18: AccessResult::neutral("The following permissions are required: 'administer media' OR 'create media'."), Chris@18: ['user.permissions'], Chris@18: [], Chris@18: ]; Chris@18: Chris@18: // Check create access for a user with the 'view media', 'view own Chris@18: // unpublished media', 'update any media', 'delete any media', 'update Chris@18: // media' and 'delete media' permission. Chris@18: $test_data['user, can view own unpublished media and update or delete all media / create'] = [ Chris@18: [ Chris@18: 'view media', Chris@18: 'view own unpublished media', Chris@18: 'update any media', Chris@18: 'delete any media', Chris@18: 'update media', Chris@18: 'delete media', Chris@18: ], Chris@18: AccessResult::neutral("The following permissions are required: 'administer media' OR 'create media'."), Chris@18: ['user.permissions'], Chris@18: [], Chris@18: ]; Chris@18: Chris@18: // Check create access for a user with all media permissions except 'create Chris@18: // media' or 'administer media'. Chris@18: $test_data['user, can not create or administer media / create'] = [ Chris@18: [ Chris@18: 'access media overview', Chris@18: 'view media', Chris@18: 'view own unpublished media', Chris@18: 'update any media', Chris@18: 'delete any media', Chris@18: 'update media', Chris@18: 'delete media', Chris@18: ], Chris@18: AccessResult::neutral("The following permissions are required: 'administer media' OR 'create media'."), Chris@18: ['user.permissions'], Chris@18: [], Chris@18: ]; Chris@18: Chris@18: // Check create access for a user with the 'create media' permission. Chris@18: $test_data['user, can create media / create'] = [ Chris@18: [ Chris@18: 'create media', Chris@18: ], Chris@18: AccessResult::allowed(), Chris@18: ['user.permissions'], Chris@18: [], Chris@18: ]; Chris@18: Chris@18: // Check create access for a user with the 'administer media' permission. Chris@18: $test_data['user, can administer media / create'] = [ Chris@18: [ Chris@18: 'administer media', Chris@18: ], Chris@18: AccessResult::allowed(), Chris@18: ['user.permissions'], Chris@18: [], Chris@18: ]; Chris@18: Chris@18: return $test_data; Chris@18: } Chris@18: Chris@18: }