public function PaymentAccessTest::testAccess in Commerce Core 8.2

@covers ::checkAccess

File

modules/payment/tests/src/Kernel/PaymentAccessTest.php, line 79

Class

PaymentAccessTest: Tests the payment access control.

Namespace

Code

public function testAccess() {
  $payment_gateway = PaymentGateway::create([
    'id' => 'onsite',
    'label' => 'On-site',
    'plugin' => 'example_onsite',
    'configuration' => [
      'mode' => 'live',
    ],
  ]);
  $payment_gateway
    ->save();

  /** @var \Drupal\commerce_payment\Entity\PaymentInterface $payment */
  $payment = Payment::create([
    'type' => 'payment_default',
    'payment_gateway' => $payment_gateway
      ->id(),
    'order_id' => $this->order
      ->id(),
    'amount' => new Price('39.99', 'USD'),
    'state' => 'completed',
  ]);
  $payment
    ->save();
  $insufficient_permissions = [
    'access administration pages',
    'view default commerce_order',
    'administer commerce_payment',
  ];
  foreach ($insufficient_permissions as $insufficient_permission) {
    $account = $this
      ->createUser([], [
      $insufficient_permission,
    ]);
    $this
      ->assertFalse($payment
      ->access('view', $account));
    $this
      ->assertFalse($payment
      ->access('delete', $account));
    $this
      ->assertFalse($payment
      ->access('capture', $account));
    $this
      ->assertFalse($payment
      ->access('refund', $account));
  }
  $account = $this
    ->createUser([], [
    'administer commerce_payment',
    'view default commerce_order',
  ]);
  $this
    ->assertTrue($payment
    ->access('view', $account));
  $this
    ->assertFalse($payment
    ->access('delete', $account));
  $this
    ->assertFalse($payment
    ->access('capture', $account));
  $this
    ->assertTrue($payment
    ->access('refund', $account));

  // Payments can be deleted if they were made in test mode.
  $account = $this
    ->createUser([], [
    'administer commerce_payment',
    'view default commerce_order',
  ]);
  $payment
    ->set('payment_gateway_mode', 'test');
  $this
    ->assertTrue($payment
    ->access('delete', $account));

  // Gateway-specific operation access (e.g. "refund") is denied if the
  // gateway is missing.
  $payment_gateway
    ->delete();
  $payment = $this
    ->reloadEntity($payment);
  $account = $this
    ->createUser([], [
    'administer commerce_payment',
    'view default commerce_order',
  ]);
  $this
    ->assertTrue($payment
    ->access('view', $account));
  $this
    ->assertFalse($payment
    ->access('delete', $account));
  $this
    ->assertFalse($payment
    ->access('capture', $account));
  $this
    ->assertFalse($payment
    ->access('refund', $account));
}

You are here

public function PaymentAccessTest::testAccess in Commerce Core 8.2

File

Class

Namespace

Code

API Navigation