You are here

public function QuickEditIntegrationLoadingTest::testUsersWithoutPermission in Drupal 8

Test loading of untransformed text when a user doesn't have access to it.

File

core/modules/editor/tests/src/Functional/QuickEditIntegrationLoadingTest.php, line 73

Class

QuickEditIntegrationLoadingTest
Tests Quick Edit module integration endpoints.

Namespace

Drupal\Tests\editor\Functional

Code

public function testUsersWithoutPermission() {

  // Create 3 users, each with insufficient permissions, i.e. without either
  // or both of the following permissions:
  // - the 'access in-place editing' permission
  // - the 'edit any article content' permission (necessary to edit node 1)
  $users = [
    $this
      ->drupalCreateUser(static::$basicPermissions),
    $this
      ->drupalCreateUser(array_merge(static::$basicPermissions, [
      'edit any article content',
    ])),
    $this
      ->drupalCreateUser(array_merge(static::$basicPermissions, [
      'access in-place editing',
    ])),
  ];

  // Now test with each of the 3 users with insufficient permissions.
  foreach ($users as $user) {
    $this
      ->drupalLogin($user);
    $this
      ->drupalGet('node/1');

    // Ensure the text is transformed.
    $this
      ->assertRaw('<p>Do you also love Drupal?</p><figure role="group" class="caption caption-img"><img src="druplicon.png" /><figcaption>Druplicon</figcaption></figure>');
    $client = $this
      ->getHttpClient();

    // Retrieving the untransformed text should result in an 403 response and
    // return a different error message depending of the missing permission.
    $response = $client
      ->post($this
      ->buildUrl('editor/node/1/body/en/full'), [
      'query' => http_build_query([
        MainContentViewSubscriber::WRAPPER_FORMAT => 'drupal_ajax',
      ]),
      'cookies' => $this
        ->getSessionCookies(),
      'headers' => [
        'Accept' => 'application/json',
        'Content-Type' => 'application/x-www-form-urlencoded',
      ],
      'http_errors' => FALSE,
    ]);
    $this
      ->assertEquals(403, $response
      ->getStatusCode());
    if (!$user
      ->hasPermission('access in-place editing')) {
      $message = "The 'access in-place editing' permission is required.";
    }
    else {
      $message = "The 'edit any article content' permission is required.";
    }
    $body = Json::decode($response
      ->getBody());
    $this
      ->assertSame($message, $body['message']);
  }
}