View source
<?php
namespace Drupal\Tests\apigee_edge_apiproduct_rbac\FunctionalJavascript;
use Drupal\apigee_edge\Entity\ApiProductInterface;
use Drupal\Core\Url;
use Drupal\Tests\apigee_edge\FunctionalJavascript\ApiProductAccessTest;
use Drupal\user\UserInterface;
abstract class ApiProductRoleBasedAccessTestBase extends ApiProductAccessTest {
protected const USER_WITH_ADMIN_PERM = 'user_with_admin_perm';
protected $rbacAttributeName;
public static $modules = [
'apigee_edge_apiproduct_rbac_test',
];
protected function setUp() {
parent::setUp();
$this->users[self::USER_WITH_ADMIN_PERM] = $this
->createAccount([
'administer apigee edge',
]);
$this
->config('apigee_edge.api_product_settings')
->set('access', [
self::PUBLIC_VISIBILITY => [],
self::PRIVATE_VISIBILITY => [],
self::INTERNAL_VISIBILITY => [],
])
->save();
$this->rbacAttributeName = $this
->config('apigee_edge_apiproduct_rbac.settings')
->get('attribute_name');
}
protected function saveAccessSettings(array $settings) {
$post = [];
foreach (array_keys($this->roleStorage
->loadMultiple()) as $rid) {
foreach ($settings as $visibility => $roles) {
if (in_array($rid, $roles)) {
$post["rbac[{$rid}][{$this->apiProducts[$visibility]->id()}]"] = TRUE;
}
else {
$post["rbac[{$rid}][{$this->apiProducts[$visibility]->id()}]"] = FALSE;
}
}
}
$this
->drupalLogin($this->users[self::USER_WITH_ADMIN_PERM]);
$this
->drupalPostForm(Url::fromRoute('apigee_edge.settings.developer.api_product_access'), $post, 'Save configuration');
$this
->drupalLogout();
}
protected function getRolesWithAccess(ApiProductInterface $product) : array {
$value = $product
->getAttributeValue($this->rbacAttributeName) ?? '';
return explode(APIGEE_EDGE_APIPRODUCT_RBAC_ATTRIBUTE_VALUE_DELIMITER, $value);
}
protected function messageIfUserShouldHaveAccessByRole(string $operation, UserInterface $user, string $user_rid, array $rids_with_access, ApiProductInterface $product) : string {
return sprintf('User with "%s" role should have "%s" access to this API Product. RBAC attribute value: "%s". Roles with access granted: %s.', $user_rid, $operation, $product
->getAttributeValue($this->rbacAttributeName), implode(', ', $rids_with_access));
}
protected function messageIfUserShouldNotHaveAccess(string $operation, UserInterface $user, string $user_rid, array $rids_with_access, ApiProductInterface $product) : string {
return sprintf('"%s" user without "Bypass API Product access control" permission should not have "%s" access to this API Product. RBAC attribute value: "%s". Roles with access granted: %s.', $user_rid, $operation, $product
->getAttributeValue($this->rbacAttributeName), implode(', ', $rids_with_access));
}
}