View source
<?php
namespace Drupal\Tests\apigee_edge_apiproduct_rbac\FunctionalJavascript;
use Drupal\Core\Session\AccountInterface;
class ApiProductRoleBasedAccessMissingAttributeTest extends ApiProductRoleBasedAccessTestBase {
public function testApiProductAccess() {
$this
->entityAccessTest();
}
protected function entityAccessTest() {
$checkRoles = function (callable $checkViewAccess, callable $checkAssignAccess, string $messageSuffix) {
foreach (self::SUPPORTED_OPERATIONS as $operation) {
foreach ([
AccountInterface::ANONYMOUS_ROLE,
AccountInterface::AUTHENTICATED_ROLE,
] as $role) {
if ('assign' === $operation) {
$checkAssignAccess($operation, $role, $messageSuffix);
}
else {
$checkViewAccess($operation, $role, $messageSuffix);
}
}
}
};
$shouldNotHaveAccess = function (string $operation, string $role, string $messageSuffix) {
$this
->assertFalse($this->apiProducts[self::PUBLIC_VISIBILITY]
->access($operation, $this->users[$role]), "\"{$role}\" user should not had \"{$operation}\" access when {$messageSuffix}.");
};
$shouldHaveAccess = function (string $operation, string $role, string $messageSuffix) {
$this
->assertTrue($this->apiProducts[self::PUBLIC_VISIBILITY]
->access($operation, $this->users[$role]), "\"{$role}\" user should had \"{$operation}\" access when {$messageSuffix}.");
};
$this
->config('apigee_edge_apiproduct_rbac.settings')
->set('grant_access_if_attribute_missing', FALSE)
->save();
$this->accessControlHandler
->resetCache();
if ($this->apiProducts[self::PUBLIC_VISIBILITY]
->hasAttribute($this->rbacAttributeName)) {
$this->apiProducts[self::PUBLIC_VISIBILITY]
->deleteAttribute($this->rbacAttributeName);
}
$checkRoles($shouldNotHaveAccess, $shouldNotHaveAccess, 'attribute did not exist');
$this->apiProducts[self::PUBLIC_VISIBILITY]
->setAttribute($this->rbacAttributeName, '');
$checkRoles($shouldNotHaveAccess, $shouldNotHaveAccess, 'attribute value was empty');
$this
->config('apigee_edge_apiproduct_rbac.settings')
->set('grant_access_if_attribute_missing', TRUE)
->save();
$this->accessControlHandler
->resetCache();
$checkRoles($shouldHaveAccess, $shouldNotHaveAccess, 'attribute value was empty');
$this->apiProducts[self::PUBLIC_VISIBILITY]
->deleteAttribute($this->rbacAttributeName);
$checkRoles($shouldHaveAccess, $shouldNotHaveAccess, 'attribute did not exist');
$this
->config('apigee_edge_apiproduct_rbac.settings')
->set('grant_access_if_attribute_missing', FALSE)
->save();
}
}