protected function ApiProductAccessTest::entityAccessTest in Apigee Edge 8
Tests "Access by visibility" access control.
3 calls to ApiProductAccessTest::entityAccessTest()
- ApiProductAccessTest::testApiProductAccess in tests/
src/ FunctionalJavascript/ ApiProductAccessTest.php - Tests API product entity access.
- ApiProductRoleBasedAccessAnonymousAuthenticatedTest::testApiProductAccess in modules/
apigee_edge_apiproduct_rbac/ tests/ src/ FunctionalJavascript/ ApiProductRoleBasedAccessAnonymousAuthenticatedTest.php - \Drupal\Tests\apigee_edge\FunctionalJavascript\ApiProductAccessTest validates developerAppEditFormTest().
- ApiProductRoleBasedAccessAnonymousInternalTest::testApiProductAccess in modules/
apigee_edge_apiproduct_rbac/ tests/ src/ FunctionalJavascript/ ApiProductRoleBasedAccessAnonymousInternalTest.php - \Drupal\Tests\apigee_edge\FunctionalJavascript\ApiProductAccessTest validates developerAppEditFormTest().
1 method overrides ApiProductAccessTest::entityAccessTest()
- ApiProductRoleBasedAccessMissingAttributeTest::entityAccessTest in modules/
apigee_edge_apiproduct_rbac/ tests/ src/ FunctionalJavascript/ ApiProductRoleBasedAccessMissingAttributeTest.php - Tests entity access with empty/missing attributes.
File
- tests/
src/ FunctionalJavascript/ ApiProductAccessTest.php, line 161
Class
- ApiProductAccessTest
- Validates built-in access control on API products.
Namespace
Drupal\Tests\apigee_edge\FunctionalJavascriptCode
protected function entityAccessTest() {
$authenticatedRoles = array_filter(array_keys($this->roleStorage
->loadMultiple()), function ($rid) {
return $rid !== AccountInterface::ANONYMOUS_ROLE;
});
$visibilityCombinations = $this
->calculateTestCombinations();
// We calculated all possible combinations from roles and visibilities
// but existence of Authenticated user role introduces redundant tests.
$testScenarios = [];
foreach ($visibilityCombinations as $visibilityCombination) {
foreach ($this->ridCombinations as $ridCombination) {
$settings = array_combine($visibilityCombination, array_fill(0, count($visibilityCombination), $ridCombination));
// Ensure we always have these 3 keys.
$settings += [
self::PUBLIC_VISIBILITY => [],
self::PRIVATE_VISIBILITY => [],
self::INTERNAL_VISIBILITY => [],
];
$this
->saveAccessSettings($settings);
// We have to clear entity access control handler's static cache because
// otherwise access results comes from there instead of getting
// recalculated.
$this->accessControlHandler
->resetCache();
foreach ($this->users as $userRole => $user) {
foreach ($this->apiProducts as $product) {
$rolesWithAccess = $this
->getRolesWithAccess($product);
// Saved configuration designedly contains only the authenticated
// role and not all (authenticated) roles.
if (in_array(AccountInterface::AUTHENTICATED_ROLE, $rolesWithAccess)) {
$rolesWithAccess = array_merge($rolesWithAccess, $authenticatedRoles);
}
// Eliminate redundant test scenarios caused by auth.user role.
sort($rolesWithAccess);
$testId = md5(sprintf('test-%s-%s-%s', $product
->id(), $user
->id(), implode('-', $rolesWithAccess) ?? 'empty'));
if (array_key_exists($testId, $testScenarios)) {
continue;
}
$testScenarios[$testId] = $rolesWithAccess;
foreach (self::SUPPORTED_OPERATIONS as $operation) {
$accessGranted = $product
->access($operation, $user);
if (in_array($userRole, $rolesWithAccess)) {
$this
->assertTrue($accessGranted, $this
->messageIfUserShouldHaveAccessByRole($operation, $user, $userRole, $rolesWithAccess, $product));
}
elseif ($this->users[self::USER_WITH_BYPASS_PERM]
->id() === $user
->id()) {
$this
->assertTrue($accessGranted, $this
->messageIfUserShouldHaveAccessWithBypassPerm($operation, $user));
}
else {
$this
->assertFalse($accessGranted, $this
->messageIfUserShouldNotHaveAccess($operation, $user, $userRole, $rolesWithAccess, $product));
}
}
}
}
}
}
}