You are here

public function CommerceOrderUIAdminTest::testCommerceOrderUIViewOrderOtherUser in Commerce Core 7

Test if one user can access orders belonging to other user.

File

modules/order/tests/commerce_order_ui.test, line 302
Functional tests for the commerce order UI module.

Class

CommerceOrderUIAdminTest
Functional tests for the commerce order UI module.

Code

public function testCommerceOrderUIViewOrderOtherUser() {

  // Create an additional user.
  $this->other_user = $this
    ->drupalCreateUser();

  // Log in as the additional user.
  $this
    ->drupalLogin($this->other_user);

  // Access the order profile menu page.
  $this
    ->drupalGet('user/' . $this->store_customer->uid . '/orders');
  $this
    ->assertResponse(404, t('Users are not able to access other user\'s orders listing'));

  // Access the order details.
  $this
    ->drupalGet('user/' . $this->store_customer->uid . '/orders/' . $this->order->order_id);
  $this
    ->assertResponse(403, t('Users are not able to access other user\'s order details'));
}