You are here

Home » API reference » Commerce Core 8.2 » CartEntityAccessTest.php » CartEntityAccessTest

public function CartEntityAccessTest::testAdministrativeAccess in Commerce Core 8.2

Tests that cart access does not grant administrative access.

File

modules/cart/tests/src/Functional/CartEntityAccessTest.php, line 193

Class

CartEntityAccessTest
Tests cart access.

Namespace

Drupal\Tests\commerce_cart\Functional

Code

public function testAdministrativeAccess() {
  $customer = $this
    ->drupalCreateUser([
    'view own commerce_order',
  ]);

  // Authorized cart.
  $cart = \Drupal::service('commerce_cart.cart_provider')
    ->createCart('default', $this->store, $customer);
  assert($cart instanceof OrderInterface);
  $this
    ->drupalLogin($customer);
  foreach ($cart
    ->getEntityType()
    ->getLinkTemplates() as $rel => $link_template) {
    if ($rel === 'state-transition-form') {
      continue;
    }
    $this
      ->drupalGet($cart
      ->toUrl($rel));
    $this
      ->assertSession()
      ->statusCodeEquals(403);
  }

  // Anonymous active cart.
  $this
    ->switchSession('anonymous');
  $this
    ->drupalGet('product/' . $this->variation
    ->getProductId());
  $this
    ->submitForm([], 'Add to cart');
  $cart = Order::load(3);
  foreach ($cart
    ->getEntityType()
    ->getLinkTemplates() as $rel => $link_template) {
    if ($rel === 'state-transition-form') {
      continue;
    }
    $this
      ->drupalGet($cart
      ->toUrl($rel));
    $this
      ->assertSession()
      ->statusCodeEquals(403);
  }
}