protected function AccessTest::validateTeamAccess in Apigee Edge 8
Checks whether the user has access to team pages.
Parameters
bool $admin_access: TRUE if the user has access to every team page.
3 calls to AccessTest::validateTeamAccess()
- AccessTest::teamAccessTest in modules/
apigee_edge_teams/ tests/ src/ Functional/ AccessTest.php - Tests team, team membership level and admin permissions.
- AccessTest::teamExpansionTest in modules/
apigee_edge_teams/ tests/ src/ Functional/ AccessTest.php - Tests apigee_edge_teams_test module.
- AccessTest::teamRoleAccessTest in modules/
apigee_edge_teams/ tests/ src/ Functional/ AccessTest.php - Tests team roles related UIs, permissions.
File
- modules/
apigee_edge_teams/ tests/ src/ Functional/ AccessTest.php, line 487
Class
- AccessTest
- Teams module access test.
Namespace
Drupal\Tests\apigee_edge_teams\FunctionalCode
protected function validateTeamAccess(bool $admin_access = FALSE) {
$route_ids_with_access = [];
if ($admin_access) {
$route_ids_with_access = array_map(function (string $route_id) {
return str_replace('entity.team.', '', $route_id);
}, array_keys($this->teamEntityRoutes));
}
else {
foreach (array_keys(self::TEAM_PERMISSION_MATRIX) as $permission) {
if ($this->account
->hasPermission($permission)) {
$route_ids_with_access = array_merge($route_ids_with_access, self::TEAM_PERMISSION_MATRIX[$permission]);
}
}
if ($this
->drupalUserIsLoggedIn($this->account)) {
// Authenticated users always have access to team collection.
$route_ids_with_access[] = 'collection';
}
// Team members always have access to the team canonical page.
if (in_array($this->account
->getEmail(), $this->teamMembershipManager
->getMembers($this->team
->getName()))) {
$route_ids_with_access[] = 'canonical';
}
// The developer is not necessarily a member of the team.
if (in_array('team_manage_members', $this->teamPermissionHandler
->getDeveloperPermissionsByTeam($this->team, $this->account))) {
$route_ids_with_access = array_merge($route_ids_with_access, self::TEAM_MEMBER_PERMISSION_MATRIX['team_manage_members']);
}
}
foreach ($this->teamEntityRoutes as $route_id => $route) {
$short_route_id = str_replace('entity.team.', '', $route_id);
$rel = str_replace('_', '-', $short_route_id);
// First try to use the entity to generate the url - and with that
// make sure the url parameter resolver works on the entity.
if ($this->team
->hasLinkTemplate($rel)) {
$url = $this->team
->toUrl($rel);
if (in_array($short_route_id, $route_ids_with_access)) {
$this
->validateAccess($url, Response::HTTP_OK);
}
else {
$this
->validateAccess($url, Response::HTTP_FORBIDDEN);
}
}
else {
// If the route is not registered as link in entity links - because
// it contains a route parameter that the entity can not resolve -
// fallback to the URL resolver. At this time these are the member.edit
// and member.remove routes. Use a developer parameter in the route
// which belongs to a member of the team and which belongs to a
// non-member of the team and an email address of a non-existing
// developer.
$params = [
'team' => $this->team
->id(),
];
$this
->validateAccess(Url::fromRoute($route_id, $params + [
'developer' => $this->teamMemberAccount
->getEmail(),
]), in_array($short_route_id, $route_ids_with_access) ? Response::HTTP_OK : Response::HTTP_FORBIDDEN);
$this
->validateAccess(Url::fromRoute($route_id, $params + [
'developer' => $this->nonTeamMemberAccount
->getEmail(),
]), Response::HTTP_FORBIDDEN);
$this
->validateAccess(Url::fromRoute($route_id, $params + [
'developer' => $this
->randomMachineName() . '@example.com',
]), Response::HTTP_NOT_FOUND);
}
}
}