public function AddressBookTest::testCreateAccess in Commerce Core 8.2
Tests the add form access checking.
File
- modules/
order/ tests/ src/ FunctionalJavascript/ AddressBookTest.php, line 166
Class
- AddressBookTest
- Tests the address book pages.
Namespace
Drupal\Tests\commerce_order\FunctionalJavascriptCode
public function testCreateAccess() {
$first_user = $this
->createUser([
'view own customer profile',
]);
$second_user = $this
->createUser([
'create customer profile',
'view any profile',
'access user profiles',
]);
$third_user = $this
->createUser([
'administer profile',
'access user profiles',
]);
$this
->createEntity('profile', [
'type' => 'customer',
'uid' => $first_user
->id(),
'address' => $this->firstAddress,
'status' => TRUE,
]);
$overview_url = Url::fromRoute('commerce_order.address_book.overview', [
'user' => $first_user
->id(),
]);
// Confirm that the user with only "view" permissions can see
// the overview page, but not the "add" page.
$this
->drupalLogin($first_user);
$this
->drupalGet($overview_url);
$this
->assertSession()
->pageTextNotContains('Access Denied');
$this
->assertSession()
->pageTextContains('9 Drupal Ave');
$this
->assertSession()
->linkNotExists('Add address');
$add_url = Url::fromRoute('commerce_order.address_book.add_form', [
'user' => $first_user
->id(),
'profile_type' => 'customer',
]);
$this
->drupalGet($add_url);
$this
->assertSession()
->pageTextContains('Access denied');
// Confirm that the second user can't add a profile for the first user.
$this
->drupalLogin($second_user);
$this
->drupalGet($overview_url);
$this
->assertSession()
->pageTextNotContains('Access Denied');
$this
->assertSession()
->pageTextContains('9 Drupal Ave');
$this
->assertSession()
->linkNotExists('Add address');
$this
->drupalGet($add_url);
$this
->assertSession()
->pageTextContains('Access denied');
// Confirm that the third user can add a profile for the first user.
$this
->drupalLogin($third_user);
$this
->drupalGet($overview_url);
$this
->assertSession()
->pageTextContains('9 Drupal Ave');
$this
->assertSession()
->linkExists('Add address');
$this
->getSession()
->getPage()
->clickLink('Add address');
$this
->getSession()
->getPage()
->fillField('address[0][address][country_code]', 'FR');
$this
->assertSession()
->assertWaitOnAjaxRequest();
foreach ($this->fourthAddress as $property => $value) {
$this
->getSession()
->getPage()
->fillField("address[0][address][{$property}]", $value);
}
$this
->submitForm([], 'Save');
$this
->assertSession()
->pageTextContains('Saved the 38 Rue du Sentier address.');
$profile = Profile::load('2');
$this
->assertNotEmpty($profile);
$this
->assertEquals('38 Rue du Sentier', $profile
->get('address')->address_line1);
$this
->assertEquals($first_user
->id(), $profile
->getOwnerId());
$this
->drupalGet($add_url);
$this
->assertSession()
->pageTextNotContains('Access denied');
// Confirm that no further profiles can be added if the profile type
// only allows a single profile per user.
$profile = ProfileType::load('customer');
$profile
->setMultiple(FALSE);
$profile
->save();
$this
->drupalGet($add_url);
$this
->assertSession()
->pageTextContains('Access denied');
}