View source
<?php
namespace Drupal\Tests\commerce_shipping\Kernel;
use Drupal\commerce_order\Entity\Order;
use Drupal\commerce_shipping\Entity\Shipment;
class ShipmentAccessControlHandlerTest extends ShippingKernelTestBase {
protected function setUp() : void {
parent::setUp();
$admin_user = $this
->createUser();
}
public function testAccess() {
$order = Order::create([
'type' => 'default',
'state' => 'canceled',
]);
$order
->save();
$shipment = Shipment::create([
'type' => 'default',
'title' => 'Shipment',
'order_id' => $order
->id(),
]);
$shipment
->save();
$shipment = $this
->reloadEntity($shipment);
$account = $this
->createUser([], [
'access administration pages',
]);
$this
->assertFalse($shipment
->access('view', $account));
$this
->assertFalse($shipment
->access('update', $account));
$this
->assertFalse($shipment
->access('delete', $account));
$account = $this
->createUser([], [
'view commerce_order',
]);
$this
->assertTrue($shipment
->access('view', $account));
$this
->assertFalse($shipment
->access('update', $account));
$this
->assertFalse($shipment
->access('delete', $account));
$account = $this
->createUser([], [
'update default commerce_order',
]);
$this
->assertFalse($shipment
->access('view', $account));
$this
->assertFalse($shipment
->access('update', $account));
$this
->assertFalse($shipment
->access('delete', $account));
$account = $this
->createUser([], [
'manage default commerce_shipment',
]);
$this
->assertFalse($shipment
->access('view', $account));
$this
->assertTrue($shipment
->access('update', $account));
$this
->assertTrue($shipment
->access('delete', $account));
$account = $this
->createUser([], [
'administer commerce_shipment',
]);
$this
->assertTrue($shipment
->access('view', $account));
$this
->assertTrue($shipment
->access('update', $account));
$this
->assertTrue($shipment
->access('delete', $account));
$shipment
->set('order_id', '999');
$account = $this
->createUser([], [
'manage default commerce_order_item',
]);
$this
->assertFalse($shipment
->access('view', $account));
$this
->assertFalse($shipment
->access('update', $account));
$this
->assertFalse($shipment
->access('delete', $account));
}
public function testCreateAccess() {
$access_control_handler = \Drupal::entityTypeManager()
->getAccessControlHandler('commerce_shipment');
$account = $this
->createUser([], [
'access content',
]);
$this
->assertFalse($access_control_handler
->createAccess('default', $account));
$account = $this
->createUser([], [
'administer commerce_shipment',
]);
$this
->assertTrue($access_control_handler
->createAccess('default', $account));
$account = $this
->createUser([], [
'manage default commerce_shipment',
]);
$this
->assertTrue($access_control_handler
->createAccess('default', $account));
}
}