protected function CommentResourceTestBase::setUpAuthorization in Drupal 9
Same name and namespace in other branches
- 8 core/modules/comment/tests/src/Functional/Rest/CommentResourceTestBase.php \Drupal\Tests\comment\Functional\Rest\CommentResourceTestBase::setUpAuthorization()
- 10 core/modules/comment/tests/src/Functional/Rest/CommentResourceTestBase.php \Drupal\Tests\comment\Functional\Rest\CommentResourceTestBase::setUpAuthorization()
Sets up the necessary authorization.
In case of a test verifying publicly accessible REST resources: grant permissions to the anonymous user role.
In case of a test verifying behavior when using a particular authentication provider: create a user with a particular set of permissions.
Because of the $method parameter, it's possible to first set up authentication for only GET, then add POST, et cetera. This then also allows for verifying a 403 in case of missing authorization.
Parameters
string $method: The HTTP method for which to set up authentication.
Overrides ResourceTestBase::setUpAuthorization
See also
::grantPermissionsToAnonymousRole()
::grantPermissionsToAuthenticatedRole()
2 calls to CommentResourceTestBase::setUpAuthorization()
- CommentResourceTestBase::testPostDxWithoutCriticalBaseFields in core/
modules/ comment/ tests/ src/ Functional/ Rest/ CommentResourceTestBase.php - Tests POSTing a comment without critical base fields.
- CommentResourceTestBase::testPostSkipCommentApproval in core/
modules/ comment/ tests/ src/ Functional/ Rest/ CommentResourceTestBase.php - Tests POSTing a comment with and without 'skip comment approval'.
File
- core/
modules/ comment/ tests/ src/ Functional/ Rest/ CommentResourceTestBase.php, line 53
Class
Namespace
Drupal\Tests\comment\Functional\RestCode
protected function setUpAuthorization($method) {
switch ($method) {
case 'GET':
$this
->grantPermissionsToTestedRole([
'access comments',
'view test entity',
]);
break;
case 'POST':
$this
->grantPermissionsToTestedRole([
'post comments',
]);
break;
case 'PATCH':
// Anonymous users are not ever allowed to edit their own comments. To
// be able to test PATCHing comments as the anonymous user, the more
// permissive 'administer comments' permission must be granted.
// @see \Drupal\comment\CommentAccessControlHandler::checkAccess
if (static::$auth) {
$this
->grantPermissionsToTestedRole([
'edit own comments',
]);
}
else {
$this
->grantPermissionsToTestedRole([
'administer comments',
]);
}
break;
case 'DELETE':
$this
->grantPermissionsToTestedRole([
'administer comments',
]);
break;
}
}