public function CommerceOrderUIAdminTest::testCommerceOrderUIViewOrderOtherUser in Commerce Core 7
Test if one user can access orders belonging to other user.
File
- modules/
order/ tests/ commerce_order_ui.test, line 302 - Functional tests for the commerce order UI module.
Class
- CommerceOrderUIAdminTest
- Functional tests for the commerce order UI module.
Code
public function testCommerceOrderUIViewOrderOtherUser() {
// Create an additional user.
$this->other_user = $this
->drupalCreateUser();
// Log in as the additional user.
$this
->drupalLogin($this->other_user);
// Access the order profile menu page.
$this
->drupalGet('user/' . $this->store_customer->uid . '/orders');
$this
->assertResponse(404, t('Users are not able to access other user\'s orders listing'));
// Access the order details.
$this
->drupalGet('user/' . $this->store_customer->uid . '/orders/' . $this->order->order_id);
$this
->assertResponse(403, t('Users are not able to access other user\'s order details'));
}