public function CartAccessApiResourceTest::testInvalidCart in Commerce Cart API 8

Check no access for non-draft/non-cart cart.

File

tests/src/Functional/CartAccessApiResourceTest.php, line 74

Class

CartAccessApiResourceTest

Tests cart api access check.

Namespace

Drupal\Tests\commerce_cart_api\Functional

Code

public function testInvalidCart() {
  $request_options = $this
    ->getAuthenticationRequestOptions('GET');

  // Create non-draft cart.
  $cart = $this->cartProvider
    ->createCart('default', $this->store, $this->account);
  $this
    ->assertInstanceOf(OrderInterface::class, $cart);
  $transition = $cart
    ->getState()
    ->getWorkflow()
    ->getTransition('place');
  $cart
    ->getState()
    ->applyTransition($transition);
  $this
    ->assertEquals($cart
    ->getState()
    ->getLabel(), 'Completed');
  $cart
    ->save();
  $cart = Order::load($cart
    ->id());
  $url = Url::fromUri('base:cart/' . $cart
    ->id());
  $url
    ->setOption('query', [
    '_format' => static::$format,
  ]);
  $response = $this
    ->request('GET', $url, $request_options);
  $this
    ->assertResourceErrorResponse(403, "", $response, [
    '4xx-response',
    'commerce_order:1',
    'http_response',
  ], [
    '',
  ], FALSE);

  // Create non-cart order.
  $order = $this
    ->createEntity('commerce_order', [
    'type' => 'default',
    'mail' => $this->account
      ->getEmail(),
    'uid' => $this->account
      ->id(),
    'store_id' => $this->store
      ->id(),
    'state' => 'draft',
  ]);
  $this
    ->assertInstanceOf(OrderInterface::class, $order);
  $url = Url::fromUri('base:cart/' . $cart
    ->id());
  $url
    ->setOption('query', [
    '_format' => static::$format,
  ]);
  $response = $this
    ->request('GET', $url, $request_options);
  $this
    ->assertResourceErrorResponse(403, "", $response, [
    '4xx-response',
    'commerce_order:1',
    'http_response',
  ], [
    '',
  ], FALSE);
}