Chris@14: adminUser = $this->drupalCreateUser(['administer permissions', 'access user profiles', 'administer site configuration', 'administer modules', 'administer account settings']); Chris@14: Chris@14: // Find the new role ID. Chris@14: $all_rids = $this->adminUser->getRoles(); Chris@14: unset($all_rids[array_search(RoleInterface::AUTHENTICATED_ID, $all_rids)]); Chris@14: $this->rid = reset($all_rids); Chris@14: } Chris@14: Chris@14: /** Chris@14: * Test changing user permissions through the permissions page. Chris@14: */ Chris@14: public function testUserPermissionChanges() { Chris@14: $permissions_hash_generator = $this->container->get('user_permissions_hash_generator'); Chris@14: Chris@14: $storage = $this->container->get('entity.manager')->getStorage('user_role'); Chris@14: Chris@14: // Create an additional role and mark it as admin role. Chris@14: Role::create(['is_admin' => TRUE, 'id' => 'administrator', 'label' => 'Administrator'])->save(); Chris@14: $storage->resetCache(); Chris@14: Chris@14: $this->drupalLogin($this->adminUser); Chris@14: $rid = $this->rid; Chris@14: $account = $this->adminUser; Chris@14: $previous_permissions_hash = $permissions_hash_generator->generate($account); Chris@14: $this->assertIdentical($previous_permissions_hash, $permissions_hash_generator->generate($this->loggedInUser)); Chris@14: Chris@14: // Add a permission. Chris@14: $this->assertFalse($account->hasPermission('administer users'), 'User does not have "administer users" permission.'); Chris@14: $edit = []; Chris@14: $edit[$rid . '[administer users]'] = TRUE; Chris@14: $this->drupalPostForm('admin/people/permissions', $edit, t('Save permissions')); Chris@14: $this->assertText(t('The changes have been saved.'), 'Successful save message displayed.'); Chris@14: $storage->resetCache(); Chris@14: $this->assertTrue($account->hasPermission('administer users'), 'User now has "administer users" permission.'); Chris@14: $current_permissions_hash = $permissions_hash_generator->generate($account); Chris@14: $this->assertIdentical($current_permissions_hash, $permissions_hash_generator->generate($this->loggedInUser)); Chris@14: $this->assertNotEqual($previous_permissions_hash, $current_permissions_hash, 'Permissions hash has changed.'); Chris@14: $previous_permissions_hash = $current_permissions_hash; Chris@14: Chris@14: // Remove a permission. Chris@14: $this->assertTrue($account->hasPermission('access user profiles'), 'User has "access user profiles" permission.'); Chris@14: $edit = []; Chris@14: $edit[$rid . '[access user profiles]'] = FALSE; Chris@14: $this->drupalPostForm('admin/people/permissions', $edit, t('Save permissions')); Chris@14: $this->assertText(t('The changes have been saved.'), 'Successful save message displayed.'); Chris@14: $storage->resetCache(); Chris@14: $this->assertFalse($account->hasPermission('access user profiles'), 'User no longer has "access user profiles" permission.'); Chris@14: $current_permissions_hash = $permissions_hash_generator->generate($account); Chris@14: $this->assertIdentical($current_permissions_hash, $permissions_hash_generator->generate($this->loggedInUser)); Chris@14: $this->assertNotEqual($previous_permissions_hash, $current_permissions_hash, 'Permissions hash has changed.'); Chris@14: Chris@14: // Ensure that the admin role doesn't have any checkboxes. Chris@14: $this->drupalGet('admin/people/permissions'); Chris@14: foreach (array_keys($this->container->get('user.permissions')->getPermissions()) as $permission) { Chris@14: $this->assertSession()->checkboxChecked('administrator[' . $permission . ']'); Chris@14: $this->assertSession()->fieldDisabled('administrator[' . $permission . ']'); Chris@14: } Chris@14: } Chris@14: Chris@14: /** Chris@14: * Test assigning of permissions for the administrator role. Chris@14: */ Chris@14: public function testAdministratorRole() { Chris@14: $this->drupalLogin($this->adminUser); Chris@14: $this->drupalGet('admin/config/people/accounts'); Chris@14: Chris@14: // Verify that the administration role is none by default. Chris@14: $this->assertOptionSelected('edit-user-admin-role', '', 'Administration role defaults to none.'); Chris@14: Chris@14: $this->assertFalse(Role::load($this->rid)->isAdmin()); Chris@14: Chris@14: // Set the user's role to be the administrator role. Chris@14: $edit = []; Chris@14: $edit['user_admin_role'] = $this->rid; Chris@14: $this->drupalPostForm('admin/config/people/accounts', $edit, t('Save configuration')); Chris@14: Chris@14: \Drupal::entityManager()->getStorage('user_role')->resetCache(); Chris@14: $this->assertTrue(Role::load($this->rid)->isAdmin()); Chris@14: Chris@14: // Enable aggregator module and ensure the 'administer news feeds' Chris@14: // permission is assigned by default. Chris@14: \Drupal::service('module_installer')->install(['aggregator']); Chris@14: Chris@14: $this->assertTrue($this->adminUser->hasPermission('administer news feeds'), 'The permission was automatically assigned to the administrator role'); Chris@14: Chris@14: // Ensure that selecting '- None -' removes the admin role. Chris@14: $edit = []; Chris@14: $edit['user_admin_role'] = ''; Chris@14: $this->drupalPostForm('admin/config/people/accounts', $edit, t('Save configuration')); Chris@14: Chris@14: \Drupal::entityManager()->getStorage('user_role')->resetCache(); Chris@14: \Drupal::configFactory()->reset(); Chris@14: $this->assertFalse(Role::load($this->rid)->isAdmin()); Chris@14: Chris@14: // Manually create two admin roles, in that case the single select should be Chris@14: // hidden. Chris@14: Role::create(['id' => 'admin_role_0', 'is_admin' => TRUE, 'label' => 'Admin role 0'])->save(); Chris@14: Role::create(['id' => 'admin_role_1', 'is_admin' => TRUE, 'label' => 'Admin role 1'])->save(); Chris@14: $this->drupalGet('admin/config/people/accounts'); Chris@14: $this->assertNoFieldByName('user_admin_role'); Chris@14: } Chris@14: Chris@14: /** Chris@14: * Verify proper permission changes by user_role_change_permissions(). Chris@14: */ Chris@14: public function testUserRoleChangePermissions() { Chris@14: $permissions_hash_generator = $this->container->get('user_permissions_hash_generator'); Chris@14: Chris@14: $rid = $this->rid; Chris@14: $account = $this->adminUser; Chris@14: $previous_permissions_hash = $permissions_hash_generator->generate($account); Chris@14: Chris@14: // Verify current permissions. Chris@14: $this->assertFalse($account->hasPermission('administer users'), 'User does not have "administer users" permission.'); Chris@14: $this->assertTrue($account->hasPermission('access user profiles'), 'User has "access user profiles" permission.'); Chris@14: $this->assertTrue($account->hasPermission('administer site configuration'), 'User has "administer site configuration" permission.'); Chris@14: Chris@14: // Change permissions. Chris@14: $permissions = [ Chris@14: 'administer users' => 1, Chris@14: 'access user profiles' => 0, Chris@14: ]; Chris@14: user_role_change_permissions($rid, $permissions); Chris@14: Chris@14: // Verify proper permission changes. Chris@14: $this->assertTrue($account->hasPermission('administer users'), 'User now has "administer users" permission.'); Chris@14: $this->assertFalse($account->hasPermission('access user profiles'), 'User no longer has "access user profiles" permission.'); Chris@14: $this->assertTrue($account->hasPermission('administer site configuration'), 'User still has "administer site configuration" permission.'); Chris@14: Chris@14: // Verify the permissions hash has changed. Chris@14: $current_permissions_hash = $permissions_hash_generator->generate($account); Chris@14: $this->assertNotEqual($previous_permissions_hash, $current_permissions_hash, 'Permissions hash has changed.'); Chris@14: } Chris@14: Chris@14: /** Chris@14: * Verify 'access content' is listed in the correct location. Chris@14: */ Chris@14: public function testAccessContentPermission() { Chris@14: $this->drupalLogin($this->adminUser); Chris@14: Chris@14: // When Node is not installed the 'access content' permission is listed next Chris@14: // to 'access site reports'. Chris@14: $this->drupalGet('admin/people/permissions'); Chris@14: $next_row = $this->xpath('//tr[@data-drupal-selector=\'edit-permissions-access-content\']/following-sibling::tr[1]'); Chris@14: $this->assertEqual('edit-permissions-access-site-reports', $next_row[0]->getAttribute('data-drupal-selector')); Chris@14: Chris@14: // When Node is installed the 'access content' permission is listed next to Chris@14: // to 'view own unpublished content'. Chris@14: \Drupal::service('module_installer')->install(['node']); Chris@14: $this->drupalGet('admin/people/permissions'); Chris@14: $next_row = $this->xpath('//tr[@data-drupal-selector=\'edit-permissions-access-content\']/following-sibling::tr[1]'); Chris@14: $this->assertEqual('edit-permissions-view-own-unpublished-content', $next_row[0]->getAttribute('data-drupal-selector')); Chris@14: } Chris@14: Chris@14: }