View source
<?php
namespace Drupal\Tests\apigee_api_catalog\Functional;
use Drupal\apigee_api_catalog\Entity\ApiDoc;
use Drupal\Core\Url;
use Drupal\Tests\BrowserTestBase;
class ApiDocsAccessTest extends BrowserTestBase {
public static $modules = [
'apigee_api_catalog',
'block',
'field_ui',
];
protected $apidocPublished;
protected $apidocUnpublished;
protected function setUp() {
parent::setUp();
$this
->setupMenus();
$apidoc_published = ApiDoc::create([
'name' => 'API 1',
'description' => 'Test API 1',
'spec' => NULL,
'status' => 1,
]);
$apidoc_published
->save();
$this->apidocPublished = $apidoc_published;
$apidoc_unpublished = ApiDoc::create([
'name' => 'API 2',
'description' => 'Test API 2',
'spec' => NULL,
'status' => 0,
]);
$apidoc_unpublished
->save();
$this->apidocUnpublished = $apidoc_unpublished;
}
protected function setupMenus() {
$this
->drupalPlaceBlock('system_menu_block:tools', [
'region' => 'primary_menu',
]);
$this
->drupalPlaceBlock('local_tasks_block', [
'region' => 'secondary_menu',
]);
$this
->drupalPlaceBlock('local_actions_block', [
'region' => 'content',
]);
$this
->drupalPlaceBlock('page_title_block', [
'region' => 'content',
]);
}
public function testApiDocAccessAdmin() {
$assert_session = $this
->assertSession();
$this
->drupalLogin($this
->drupalCreateUser([
'administer apigee api catalog',
'administer apidoc display',
'administer apidoc fields',
'administer apidoc form display',
]));
$this
->drupalGet($this->apidocPublished
->toUrl());
$assert_session
->statusCodeEquals(200);
$this
->assertApiDocAccess($this->apidocPublished, 'view', TRUE);
$this
->drupalGet($this->apidocUnpublished
->toUrl());
$assert_session
->statusCodeEquals(200);
$this
->assertApiDocAccess($this->apidocUnpublished, 'view', TRUE);
$this
->drupalGet($this->apidocPublished
->toUrl('edit-form'));
$assert_session
->statusCodeEquals(200);
$this
->assertApiDocAccess($this->apidocPublished, 'update', TRUE);
$this
->drupalGet($this->apidocUnpublished
->toUrl('edit-form'));
$assert_session
->statusCodeEquals(200);
$this
->assertApiDocAccess($this->apidocUnpublished, 'update', TRUE);
$this
->drupalGet($this->apidocPublished
->toUrl('delete-form'));
$assert_session
->statusCodeEquals(200);
$this
->assertApiDocAccess($this->apidocPublished, 'delete', TRUE);
$this
->drupalGet($this->apidocUnpublished
->toUrl('delete-form'));
$assert_session
->statusCodeEquals(200);
$this
->assertApiDocAccess($this->apidocUnpublished, 'delete', TRUE);
$this
->drupalGet(Url::fromRoute('entity.apidoc.collection'));
$assert_session
->statusCodeEquals(200);
$this
->drupalGet(Url::fromRoute('entity.apidoc.add_form'));
$assert_session
->statusCodeEquals(200);
$this
->drupalGet(Url::fromRoute('entity.apidoc.settings'));
$assert_session
->statusCodeEquals(200);
$assert_session
->linkExists('Settings');
$assert_session
->linkExists('Manage fields');
$assert_session
->linkExists('Manage form display');
$assert_session
->linkExists('Manage display');
}
public function testApiDocAccessNoPermissions() {
$assert_session = $this
->assertSession();
$this
->drupalLogin($this
->drupalCreateUser());
$this
->drupalGet($this->apidocPublished
->toUrl());
$assert_session
->statusCodeEquals(403);
$this
->assertApiDocAccess($this->apidocPublished, 'view', FALSE);
$this
->drupalGet($this->apidocUnpublished
->toUrl());
$assert_session
->statusCodeEquals(403);
$this
->assertApiDocAccess($this->apidocUnpublished, 'view', FALSE);
$this
->drupalGet($this->apidocPublished
->toUrl('edit-form'));
$assert_session
->statusCodeEquals(403);
$this
->assertApiDocAccess($this->apidocPublished, 'update', FALSE);
$this
->drupalGet($this->apidocUnpublished
->toUrl('edit-form'));
$assert_session
->statusCodeEquals(403);
$this
->assertApiDocAccess($this->apidocUnpublished, 'update', FALSE);
$this
->drupalGet($this->apidocPublished
->toUrl('delete-form'));
$assert_session
->statusCodeEquals(403);
$this
->assertApiDocAccess($this->apidocPublished, 'delete', FALSE);
$this
->drupalGet($this->apidocUnpublished
->toUrl('delete-form'));
$assert_session
->statusCodeEquals(403);
$this
->assertApiDocAccess($this->apidocUnpublished, 'delete', FALSE);
$this
->drupalGet(Url::fromRoute('entity.apidoc.collection'));
$assert_session
->statusCodeEquals(403);
$this
->drupalGet(Url::fromRoute('entity.apidoc.add_form'));
$assert_session
->statusCodeEquals(403);
$this
->drupalGet(Url::fromRoute('entity.apidoc.settings'));
$assert_session
->statusCodeEquals(403);
}
public function testApiDocAccessAdd() {
$assert_session = $this
->assertSession();
$this
->drupalLogin($this
->drupalCreateUser([
'add apidoc entities',
]));
$this
->drupalGet($this->apidocPublished
->toUrl());
$assert_session
->statusCodeEquals(403);
$this
->assertApiDocAccess($this->apidocPublished, 'view', FALSE);
$this
->drupalGet($this->apidocUnpublished
->toUrl());
$assert_session
->statusCodeEquals(403);
$this
->assertApiDocAccess($this->apidocUnpublished, 'view', FALSE);
$this
->drupalGet($this->apidocPublished
->toUrl('edit-form'));
$assert_session
->statusCodeEquals(403);
$this
->assertApiDocAccess($this->apidocPublished, 'update', FALSE);
$this
->drupalGet($this->apidocUnpublished
->toUrl('edit-form'));
$assert_session
->statusCodeEquals(403);
$this
->assertApiDocAccess($this->apidocUnpublished, 'update', FALSE);
$this
->drupalGet($this->apidocPublished
->toUrl('delete-form'));
$assert_session
->statusCodeEquals(403);
$this
->assertApiDocAccess($this->apidocPublished, 'delete', FALSE);
$this
->drupalGet($this->apidocUnpublished
->toUrl('delete-form'));
$assert_session
->statusCodeEquals(403);
$this
->assertApiDocAccess($this->apidocUnpublished, 'delete', FALSE);
$this
->drupalGet(Url::fromRoute('entity.apidoc.collection'));
$assert_session
->statusCodeEquals(403);
$this
->drupalGet(Url::fromRoute('entity.apidoc.add_form'));
$assert_session
->statusCodeEquals(200);
$this
->drupalGet(Url::fromRoute('entity.apidoc.settings'));
$assert_session
->statusCodeEquals(403);
}
public function testApiDocAccessEdit() {
$assert_session = $this
->assertSession();
$this
->drupalLogin($this
->drupalCreateUser([
'edit apidoc entities',
]));
$this
->drupalGet($this->apidocPublished
->toUrl());
$assert_session
->statusCodeEquals(403);
$this
->assertApiDocAccess($this->apidocPublished, 'view', FALSE);
$this
->drupalGet($this->apidocUnpublished
->toUrl());
$assert_session
->statusCodeEquals(403);
$this
->assertApiDocAccess($this->apidocUnpublished, 'view', FALSE);
$this
->drupalGet($this->apidocPublished
->toUrl('edit-form'));
$assert_session
->statusCodeEquals(200);
$this
->assertApiDocAccess($this->apidocPublished, 'update', TRUE);
$this
->drupalGet($this->apidocUnpublished
->toUrl('edit-form'));
$assert_session
->statusCodeEquals(200);
$this
->assertApiDocAccess($this->apidocUnpublished, 'update', TRUE);
$this
->drupalGet($this->apidocPublished
->toUrl('delete-form'));
$assert_session
->statusCodeEquals(403);
$this
->assertApiDocAccess($this->apidocPublished, 'delete', FALSE);
$this
->drupalGet($this->apidocUnpublished
->toUrl('delete-form'));
$assert_session
->statusCodeEquals(403);
$this
->assertApiDocAccess($this->apidocUnpublished, 'delete', FALSE);
$this
->drupalGet(Url::fromRoute('entity.apidoc.collection'));
$assert_session
->statusCodeEquals(403);
$this
->drupalGet(Url::fromRoute('entity.apidoc.add_form'));
$assert_session
->statusCodeEquals(403);
$this
->drupalGet(Url::fromRoute('entity.apidoc.settings'));
$assert_session
->statusCodeEquals(403);
}
public function testApiDocAccessDelete() {
$assert_session = $this
->assertSession();
$this
->drupalLogin($this
->drupalCreateUser([
'delete apidoc entities',
]));
$this
->drupalGet($this->apidocPublished
->toUrl());
$assert_session
->statusCodeEquals(403);
$this
->assertApiDocAccess($this->apidocPublished, 'view', FALSE);
$this
->drupalGet($this->apidocUnpublished
->toUrl());
$assert_session
->statusCodeEquals(403);
$this
->assertApiDocAccess($this->apidocUnpublished, 'view', FALSE);
$this
->drupalGet($this->apidocPublished
->toUrl('edit-form'));
$assert_session
->statusCodeEquals(403);
$this
->assertApiDocAccess($this->apidocPublished, 'update', FALSE);
$this
->drupalGet($this->apidocUnpublished
->toUrl('edit-form'));
$assert_session
->statusCodeEquals(403);
$this
->assertApiDocAccess($this->apidocUnpublished, 'update', FALSE);
$this
->drupalGet($this->apidocPublished
->toUrl('delete-form'));
$assert_session
->statusCodeEquals(200);
$this
->assertApiDocAccess($this->apidocPublished, 'delete', TRUE);
$this
->drupalGet($this->apidocUnpublished
->toUrl('delete-form'));
$assert_session
->statusCodeEquals(200);
$this
->assertApiDocAccess($this->apidocUnpublished, 'delete', TRUE);
$this
->drupalGet(Url::fromRoute('entity.apidoc.collection'));
$assert_session
->statusCodeEquals(403);
$this
->drupalGet(Url::fromRoute('entity.apidoc.add_form'));
$assert_session
->statusCodeEquals(403);
$this
->drupalGet(Url::fromRoute('entity.apidoc.settings'));
$assert_session
->statusCodeEquals(403);
}
public function testApiDocAccessPublished() {
$assert_session = $this
->assertSession();
$this
->drupalLogin($this
->drupalCreateUser([
'view published apidoc entities',
]));
$this
->drupalGet($this->apidocPublished
->toUrl());
$assert_session
->statusCodeEquals(200);
$this
->assertApiDocAccess($this->apidocPublished, 'view', TRUE);
$this
->drupalGet($this->apidocUnpublished
->toUrl());
$assert_session
->statusCodeEquals(403);
$this
->assertApiDocAccess($this->apidocUnpublished, 'view', FALSE);
$this
->drupalGet($this->apidocPublished
->toUrl('edit-form'));
$assert_session
->statusCodeEquals(403);
$this
->assertApiDocAccess($this->apidocPublished, 'update', FALSE);
$this
->drupalGet($this->apidocUnpublished
->toUrl('edit-form'));
$assert_session
->statusCodeEquals(403);
$this
->assertApiDocAccess($this->apidocUnpublished, 'update', FALSE);
$this
->drupalGet($this->apidocPublished
->toUrl('delete-form'));
$assert_session
->statusCodeEquals(403);
$this
->assertApiDocAccess($this->apidocPublished, 'delete', FALSE);
$this
->drupalGet($this->apidocUnpublished
->toUrl('delete-form'));
$assert_session
->statusCodeEquals(403);
$this
->assertApiDocAccess($this->apidocUnpublished, 'delete', FALSE);
$this
->drupalGet(Url::fromRoute('entity.apidoc.collection'));
$assert_session
->statusCodeEquals(403);
$this
->drupalGet(Url::fromRoute('entity.apidoc.add_form'));
$assert_session
->statusCodeEquals(403);
$this
->drupalGet(Url::fromRoute('entity.apidoc.settings'));
$assert_session
->statusCodeEquals(403);
}
public function testApiDocAccessUnpublished() {
$assert_session = $this
->assertSession();
$this
->drupalLogin($this
->drupalCreateUser([
'view unpublished apidoc entities',
]));
$this
->drupalGet($this->apidocPublished
->toUrl());
$assert_session
->statusCodeEquals(403);
$this
->assertApiDocAccess($this->apidocPublished, 'view', FALSE);
$this
->drupalGet($this->apidocUnpublished
->toUrl());
$assert_session
->statusCodeEquals(200);
$this
->assertApiDocAccess($this->apidocUnpublished, 'view', TRUE);
$this
->drupalGet($this->apidocPublished
->toUrl('edit-form'));
$assert_session
->statusCodeEquals(403);
$this
->assertApiDocAccess($this->apidocPublished, 'update', FALSE);
$this
->drupalGet($this->apidocUnpublished
->toUrl('edit-form'));
$assert_session
->statusCodeEquals(403);
$this
->assertApiDocAccess($this->apidocUnpublished, 'update', FALSE);
$this
->drupalGet($this->apidocPublished
->toUrl('delete-form'));
$assert_session
->statusCodeEquals(403);
$this
->assertApiDocAccess($this->apidocPublished, 'delete', FALSE);
$this
->drupalGet($this->apidocUnpublished
->toUrl('delete-form'));
$assert_session
->statusCodeEquals(403);
$this
->assertApiDocAccess($this->apidocUnpublished, 'delete', FALSE);
$this
->drupalGet(Url::fromRoute('entity.apidoc.collection'));
$assert_session
->statusCodeEquals(403);
$this
->drupalGet(Url::fromRoute('entity.apidoc.add_form'));
$assert_session
->statusCodeEquals(403);
$this
->drupalGet(Url::fromRoute('entity.apidoc.settings'));
$assert_session
->statusCodeEquals(403);
}
protected function assertApiDocAccess(ApiDoc $apidoc, $access_operation, $access_allowed, $access_reason = '') {
$access_result = $apidoc
->access($access_operation, NULL, TRUE);
$this
->assertSame($access_allowed, $access_result
->isAllowed());
if ($access_reason) {
$this
->assertSame($access_reason, $access_result
->getReason());
}
}
}