You are here

public function PaymentMethodAccessTest::testUnsupportedUpdate in Commerce Core 8.2

@covers ::checkAccess

File

modules/payment/tests/src/Kernel/PaymentMethodAccessTest.php, line 154

Class

PaymentMethodAccessTest
Tests the payment method access control.

Namespace

Drupal\Tests\commerce_payment\Kernel

Code

public function testUnsupportedUpdate() {

  // Commerce doesn't ship with an on-site gateway which doesn't support
  // updating payment methods, so we simulate it here with an off-site one.
  $payment_gateway = PaymentGateway::create([
    'id' => 'offsite',
    'label' => 'Off-site',
    'plugin' => 'example_offsite_redirect',
  ]);
  $payment_gateway
    ->save();

  /** @var \Drupal\commerce_payment\Entity\PaymentMethodInterface $payment_method */
  $payment_method = PaymentMethod::create([
    'type' => 'credit_card',
    'payment_gateway' => $payment_gateway
      ->id(),
  ]);
  $payment_method
    ->save();

  // Confirm that not even the administrator can update the payment
  // method if its gateway does not support it.
  $account = $this
    ->createUser([], [
    'administer commerce_payment_method',
  ]);
  $this
    ->assertTrue($payment_method
    ->access('view', $account));
  $this
    ->assertFalse($payment_method
    ->access('update', $account));
  $this
    ->assertTrue($payment_method
    ->access('delete', $account));
  $account = $this
    ->createUser([], [
    'view any commerce_payment_method',
  ]);
  $this
    ->assertTrue($payment_method
    ->access('view', $account));
  $this
    ->assertFalse($payment_method
    ->access('update', $account));
  $this
    ->assertFalse($payment_method
    ->access('delete', $account));
  $account = $this
    ->createUser([], [
    'update any commerce_payment_method',
  ]);
  $this
    ->assertFalse($payment_method
    ->access('view', $account));
  $this
    ->assertFalse($payment_method
    ->access('update', $account));
  $this
    ->assertFalse($payment_method
    ->access('delete', $account));
  $account = $this
    ->createUser([], [
    'delete any commerce_payment_method',
  ]);
  $this
    ->assertFalse($payment_method
    ->access('view', $account));
  $this
    ->assertFalse($payment_method
    ->access('update', $account));
  $this
    ->assertTrue($payment_method
    ->access('delete', $account));
}