public function ContentModerationAccessTest::testAccessWithValidToken in Access unpublished 8
Checks entity access before and after token creation.
File
- tests/
src/ Functional/ ContentModerationAccessTest.php, line 73
Class
- ContentModerationAccessTest
- Tests the article creation.
Namespace
Drupal\Tests\access_unpublished\FunctionalCode
public function testAccessWithValidToken() {
$assert_session = $this
->assertSession();
// Create a token for the entity.
$validToken = AccessToken::create([
'entity_type' => 'node',
'entity_id' => $this->entity
->id(),
'value' => 'iAmValid',
'expire' => \Drupal::time()
->getRequestTime() + 10000,
]);
$validToken
->save();
// Verify that entity is accessible, but only with the correct hash.
$this
->drupalGet($this->entity
->toUrl('canonical'), [
'query' => [
'auHash' => 'iAmValid',
],
]);
$assert_session
->statusCodeEquals(200);
$this
->drupalGet($this->entity
->toUrl('canonical'), [
'query' => [
'auHash' => 123456,
],
]);
$assert_session
->statusCodeEquals(403);
$this
->drupalGet($this->entity
->toUrl());
$assert_session
->statusCodeEquals(403);
$this->entity
->set('moderation_state', 'published');
$this->entity
->save();
$this->entity
->set('moderation_state', 'draft');
$this->entity
->save();
$this
->drupalGet($this->entity
->toUrl('latest-version'), [
'query' => [
'auHash' => 'iAmValid',
],
]);
$assert_session
->statusCodeEquals(200);
$this
->drupalGet($this->entity
->toUrl('latest-version'), [
'query' => [
'auHash' => 123456,
],
]);
$assert_session
->statusCodeEquals(403);
$this
->drupalGet($this->entity
->toUrl());
$assert_session
->statusCodeEquals(200);
// Delete the token.
$validToken
->delete();
// Verify that the entity is not accessible.
$this
->drupalGet($this->entity
->toUrl('latest-version'), [
'query' => [
'auHash' => 'iAmValid',
],
]);
$assert_session
->statusCodeEquals(403);
}