You are here

Home » API reference » Apigee Edge 8 » ApiProductRoleBasedAccessMissingAttributeTest.php » ApiProductRoleBasedAccessMissingAttributeTest

protected function ApiProductRoleBasedAccessMissingAttributeTest::entityAccessTest in Apigee Edge 8

Tests entity access with empty/missing attributes.

Overrides ApiProductAccessTest::entityAccessTest

1 call to ApiProductRoleBasedAccessMissingAttributeTest::entityAccessTest()
ApiProductRoleBasedAccessMissingAttributeTest::testApiProductAccess in modules/apigee_edge_apiproduct_rbac/tests/src/FunctionalJavascript/ApiProductRoleBasedAccessMissingAttributeTest.php
\Drupal\Tests\apigee_edge\FunctionalJavascript\ApiProductAccessTest validates developerAppEditFormTest().

File

modules/apigee_edge_apiproduct_rbac/tests/src/FunctionalJavascript/ApiProductRoleBasedAccessMissingAttributeTest.php, line 52

Class

ApiProductRoleBasedAccessMissingAttributeTest
Validates role based access control on API products.

Namespace

Drupal\Tests\apigee_edge_apiproduct_rbac\FunctionalJavascript

Code

protected function entityAccessTest() {

  // Some utility functions that we are going to use here.
  $checkRoles = function (callable $checkViewAccess, callable $checkAssignAccess, string $messageSuffix) {
    foreach (self::SUPPORTED_OPERATIONS as $operation) {
      foreach ([
        AccountInterface::ANONYMOUS_ROLE,
        AccountInterface::AUTHENTICATED_ROLE,
      ] as $role) {
        if ('assign' === $operation) {
          $checkAssignAccess($operation, $role, $messageSuffix);
        }
        else {
          $checkViewAccess($operation, $role, $messageSuffix);
        }
      }
    }
  };
  $shouldNotHaveAccess = function (string $operation, string $role, string $messageSuffix) {
    $this
      ->assertFalse($this->apiProducts[self::PUBLIC_VISIBILITY]
      ->access($operation, $this->users[$role]), "\"{$role}\" user should not had \"{$operation}\" access when {$messageSuffix}.");
  };
  $shouldHaveAccess = function (string $operation, string $role, string $messageSuffix) {
    $this
      ->assertTrue($this->apiProducts[self::PUBLIC_VISIBILITY]
      ->access($operation, $this->users[$role]), "\"{$role}\" user should had \"{$operation}\" access when {$messageSuffix}.");
  };

  // Ensure default configuration.
  $this
    ->config('apigee_edge_apiproduct_rbac.settings')
    ->set('grant_access_if_attribute_missing', FALSE)
    ->save();
  $this->accessControlHandler
    ->resetCache();

  // It should not have, but just to make it sure.
  if ($this->apiProducts[self::PUBLIC_VISIBILITY]
    ->hasAttribute($this->rbacAttributeName)) {
    $this->apiProducts[self::PUBLIC_VISIBILITY]
      ->deleteAttribute($this->rbacAttributeName);
  }

  // No attribute.
  $checkRoles($shouldNotHaveAccess, $shouldNotHaveAccess, 'attribute did not exist');

  // Empty attribute value.
  $this->apiProducts[self::PUBLIC_VISIBILITY]
    ->setAttribute($this->rbacAttributeName, '');
  $checkRoles($shouldNotHaveAccess, $shouldNotHaveAccess, 'attribute value was empty');
  $this
    ->config('apigee_edge_apiproduct_rbac.settings')
    ->set('grant_access_if_attribute_missing', TRUE)
    ->save();
  $this->accessControlHandler
    ->resetCache();

  // Empty attribute value.
  $checkRoles($shouldHaveAccess, $shouldNotHaveAccess, 'attribute value was empty');

  // No attribute.
  $this->apiProducts[self::PUBLIC_VISIBILITY]
    ->deleteAttribute($this->rbacAttributeName);
  $checkRoles($shouldHaveAccess, $shouldNotHaveAccess, 'attribute did not exist');

  // Revert to the original configuration.
  $this
    ->config('apigee_edge_apiproduct_rbac.settings')
    ->set('grant_access_if_attribute_missing', FALSE)
    ->save();
}