public function QuickEditIntegrationLoadingTest::testUsersWithoutPermission in Drupal 8
Test loading of untransformed text when a user doesn't have access to it.
File
- core/
modules/ editor/ tests/ src/ Functional/ QuickEditIntegrationLoadingTest.php, line 73
Class
- QuickEditIntegrationLoadingTest
- Tests Quick Edit module integration endpoints.
Namespace
Drupal\Tests\editor\FunctionalCode
public function testUsersWithoutPermission() {
// Create 3 users, each with insufficient permissions, i.e. without either
// or both of the following permissions:
// - the 'access in-place editing' permission
// - the 'edit any article content' permission (necessary to edit node 1)
$users = [
$this
->drupalCreateUser(static::$basicPermissions),
$this
->drupalCreateUser(array_merge(static::$basicPermissions, [
'edit any article content',
])),
$this
->drupalCreateUser(array_merge(static::$basicPermissions, [
'access in-place editing',
])),
];
// Now test with each of the 3 users with insufficient permissions.
foreach ($users as $user) {
$this
->drupalLogin($user);
$this
->drupalGet('node/1');
// Ensure the text is transformed.
$this
->assertRaw('<p>Do you also love Drupal?</p><figure role="group" class="caption caption-img"><img src="druplicon.png" /><figcaption>Druplicon</figcaption></figure>');
$client = $this
->getHttpClient();
// Retrieving the untransformed text should result in an 403 response and
// return a different error message depending of the missing permission.
$response = $client
->post($this
->buildUrl('editor/node/1/body/en/full'), [
'query' => http_build_query([
MainContentViewSubscriber::WRAPPER_FORMAT => 'drupal_ajax',
]),
'cookies' => $this
->getSessionCookies(),
'headers' => [
'Accept' => 'application/json',
'Content-Type' => 'application/x-www-form-urlencoded',
],
'http_errors' => FALSE,
]);
$this
->assertEquals(403, $response
->getStatusCode());
if (!$user
->hasPermission('access in-place editing')) {
$message = "The 'access in-place editing' permission is required.";
}
else {
$message = "The 'edit any article content' permission is required.";
}
$body = Json::decode($response
->getBody());
$this
->assertSame($message, $body['message']);
}
}