protected function ApiProductAccessTest::developerAppEditFormTest in Apigee Edge 8
Test for developer app/edit form.
The testEntityAccess() has already ensured that "Access by visibility" access control is working properly on API products. We just have to confirm that developer app/edit forms as leveraging it properly.
1 call to ApiProductAccessTest::developerAppEditFormTest()
- ApiProductAccessTest::testApiProductAccess in tests/
src/ FunctionalJavascript/ ApiProductAccessTest.php - Tests API product entity access.
File
- tests/
src/ FunctionalJavascript/ ApiProductAccessTest.php, line 225
Class
- ApiProductAccessTest
- Validates built-in access control on API products.
Namespace
Drupal\Tests\apigee_edge\FunctionalJavascriptCode
protected function developerAppEditFormTest() {
// Some utility functions that we are going to use here.
$onlyPublicProductVisible = function () {
$this
->checkProductVisibility([
self::PUBLIC_VISIBILITY,
], [
self::PRIVATE_VISIBILITY,
self::INTERNAL_VISIBILITY,
]);
};
$allProductsVisible = function () {
$this
->checkProductVisibility([
self::PUBLIC_VISIBILITY,
self::PRIVATE_VISIBILITY,
self::INTERNAL_VISIBILITY,
]);
};
$justPublicAndPrivateVisible = function () {
$this
->checkProductVisibility([
self::PUBLIC_VISIBILITY,
self::PRIVATE_VISIBILITY,
], [
self::INTERNAL_VISIBILITY,
]);
};
// Enforce this "Access by visibility" configuration.
$this
->saveAccessSettings([
self::PUBLIC_VISIBILITY => [
AccountInterface::AUTHENTICATED_ROLE,
],
self::PRIVATE_VISIBILITY => [],
self::INTERNAL_VISIBILITY => [],
]);
/** @var \Drupal\apigee_edge\Entity\DeveloperAppInterface $auth_user_app */
$auth_user_app = DeveloperApp::create([
'name' => $this
->randomMachineName(),
'status' => App::STATUS_APPROVED,
'developerId' => $this->users[AccountInterface::AUTHENTICATED_ROLE]
->get('apigee_edge_developer_id')->value,
]);
$auth_user_app
->setOwner($this->users[AccountInterface::AUTHENTICATED_ROLE]);
$auth_user_app
->save();
/** @var \Drupal\apigee_edge\Entity\DeveloperAppInterface $bypass_user_app */
$bypass_user_app = DeveloperApp::create([
'name' => $this
->randomMachineName(),
'status' => App::STATUS_APPROVED,
'developerId' => $this->users[self::USER_WITH_BYPASS_PERM]
->get('apigee_edge_developer_id')->value,
]);
$bypass_user_app
->setOwner($this->users[self::USER_WITH_BYPASS_PERM]);
$bypass_user_app
->save();
// >> Authenticated user.
$this
->drupalLogin($this->users[AccountInterface::AUTHENTICATED_ROLE]);
// Only public API products should be visible by default on the add/edit
// app forms for authenticated user.
$this
->drupalGet(Url::fromRoute('entity.developer_app.add_form_for_developer', [
'user' => $this->users[AccountInterface::AUTHENTICATED_ROLE]
->id(),
]));
$onlyPublicProductVisible();
$this
->drupalGet(Url::fromRoute('entity.developer_app.edit_form_for_developer', [
'user' => $this->users[AccountInterface::AUTHENTICATED_ROLE]
->id(),
'app' => $auth_user_app
->getName(),
]));
$onlyPublicProductVisible();
$this
->drupalLogout();
// << Authenticated user.
// Ensure that user can access to other's developer app add/edit form.
/** @var \Drupal\user\RoleStorageInterface $roleStorage */
$role = $this
->createRole([
'administer developer_app',
]);
$this->users[self::USER_WITH_BYPASS_PERM]
->addRole($role);
$this->users[self::USER_WITH_BYPASS_PERM]
->save();
// >> Bypass user.
$this
->drupalLogin($this->users[self::USER_WITH_BYPASS_PERM]);
// Even if a user has bypass permission they should see only those API
// Products on another user's add/edit form that the other user has
// access.
$this
->drupalGet(Url::fromRoute('entity.developer_app.add_form_for_developer', [
'user' => $this->users[AccountInterface::AUTHENTICATED_ROLE]
->id(),
]));
$onlyPublicProductVisible();
$this
->drupalGet(Url::fromRoute('entity.developer_app.edit_form_for_developer', [
'user' => $this->users[AccountInterface::AUTHENTICATED_ROLE]
->id(),
'app' => $auth_user_app
->getName(),
]));
$onlyPublicProductVisible();
// But on the its own add/edit app forms they should see all API products.
$this
->drupalGet(Url::fromRoute('entity.developer_app.add_form_for_developer', [
'user' => $this->users[self::USER_WITH_BYPASS_PERM]
->id(),
]));
$allProductsVisible();
$this
->drupalGet(Url::fromRoute('entity.developer_app.edit_form_for_developer', [
'user' => $this->users[self::USER_WITH_BYPASS_PERM]
->id(),
'app' => $bypass_user_app
->getName(),
]));
$allProductsVisible();
$this
->drupalLogout();
// Remove extra role from the user.
$this->users[self::USER_WITH_BYPASS_PERM]
->removeRole($role);
$this->users[self::USER_WITH_BYPASS_PERM]
->save();
// << Bypass user.
// Add a private API Product to auth. user's app.
/** @var \Drupal\apigee_edge\SDKConnectorInterface $connector */
$dacc = $this->container
->get('apigee_edge.controller.developer_app_credential_factory')
->developerAppCredentialController($this->users[AccountInterface::AUTHENTICATED_ROLE]
->get('apigee_edge_developer_id')->value, $auth_user_app
->getName());
/** @var \Apigee\Edge\Api\Management\Entity\AppCredentialInterface $credential */
$credentials = $auth_user_app
->getCredentials();
$credential = reset($credentials);
$dacc
->addProducts($credential
->getConsumerKey(), [
$this->apiProducts[self::PRIVATE_VISIBILITY]
->id(),
]);
// >> Auth. user.
$this
->drupalLogin($this->users[AccountInterface::AUTHENTICATED_ROLE]);
// On the add app form still only public API products should be
// visible.
$this
->drupalGet(Url::fromRoute('entity.developer_app.add_form_for_developer', [
'user' => $this->users[AccountInterface::AUTHENTICATED_ROLE]
->id(),
]));
$onlyPublicProductVisible();
// But on the app's edit form that contains the private API product that
// should be visible as well.
$this
->drupalGet(Url::fromRoute('entity.developer_app.edit_form_for_developer', [
'user' => $this->users[AccountInterface::AUTHENTICATED_ROLE]
->id(),
'app' => $auth_user_app
->getName(),
]));
$justPublicAndPrivateVisible();
$this
->drupalLogout();
// << Auth. user.
}