View source
<?php
namespace Drupal\Tests\filter\Functional;
use Drupal\Core\Access\AccessResult;
use Drupal\filter\Entity\FilterFormat;
use Drupal\Tests\BrowserTestBase;
class FilterFormatAccessTest extends BrowserTestBase {
protected static $modules = [
'block',
'filter',
'node',
];
protected $defaultTheme = 'stark';
protected $adminUser;
protected $filterAdminUser;
protected $webUser;
protected $allowedFormat;
protected $secondAllowedFormat;
protected $disallowedFormat;
protected function setUp() : void {
parent::setUp();
$this
->drupalPlaceBlock('page_title_block');
$this
->drupalCreateContentType([
'type' => 'page',
'name' => 'Basic page',
]);
$this->filterAdminUser = $this
->drupalCreateUser([
'administer filters',
'create page content',
'edit any page content',
]);
$this
->drupalLogin($this->filterAdminUser);
$formats = [];
for ($i = 0; $i < 3; $i++) {
$edit = [
'format' => mb_strtolower($this
->randomMachineName()),
'name' => $this
->randomMachineName(),
];
$this
->drupalGet('admin/config/content/formats/add');
$this
->submitForm($edit, 'Save configuration');
$this
->resetFilterCaches();
$formats[] = FilterFormat::load($edit['format']);
}
list($this->allowedFormat, $this->secondAllowedFormat, $this->disallowedFormat) = $formats;
$this
->drupalLogout();
$this->webUser = $this
->drupalCreateUser([
'create page content',
'edit any page content',
$this->allowedFormat
->getPermissionName(),
$this->secondAllowedFormat
->getPermissionName(),
]);
$this->adminUser = $this
->drupalCreateUser([
'administer filters',
'create page content',
'edit any page content',
$this->allowedFormat
->getPermissionName(),
$this->secondAllowedFormat
->getPermissionName(),
$this->disallowedFormat
->getPermissionName(),
]);
$this
->drupalPlaceBlock('local_tasks_block');
}
public function testFormatPermissions() {
$fallback_format = FilterFormat::load(filter_fallback_format());
$disallowed_format_name = $this->disallowedFormat
->getPermissionName();
$this
->assertTrue($this->allowedFormat
->access('use', $this->webUser), 'A regular user has access to use a text format they were granted access to.');
$this
->assertEquals(AccessResult::allowed()
->addCacheContexts([
'user.permissions',
]), $this->allowedFormat
->access('use', $this->webUser, TRUE), 'A regular user has access to use a text format they were granted access to.');
$this
->assertFalse($this->disallowedFormat
->access('use', $this->webUser), 'A regular user does not have access to use a text format they were not granted access to.');
$this
->assertEquals(AccessResult::neutral("The '{$disallowed_format_name}' permission is required.")
->cachePerPermissions(), $this->disallowedFormat
->access('use', $this->webUser, TRUE), 'A regular user does not have access to use a text format they were not granted access to.');
$this
->assertTrue($fallback_format
->access('use', $this->webUser), 'A regular user has access to use the fallback format.');
$this
->assertEquals(AccessResult::allowed(), $fallback_format
->access('use', $this->webUser, TRUE), 'A regular user has access to use the fallback format.');
$this
->assertContains($this->allowedFormat
->id(), array_keys(filter_formats($this->webUser)), 'The allowed format appears in the list of available formats for a regular user.');
$this
->assertNotContains($this->disallowedFormat
->id(), array_keys(filter_formats($this->webUser)), 'The disallowed format does not appear in the list of available formats for a regular user.');
$this
->assertContains(filter_fallback_format(), array_keys(filter_formats($this->webUser)), 'The fallback format appears in the list of available formats for a regular user.');
$this
->assertTrue($this->webUser
->hasPermission($this->allowedFormat
->getPermissionName()), 'A regular user has permission to use the allowed text format.');
$this
->assertFalse($this->webUser
->hasPermission($this->disallowedFormat
->getPermissionName()), 'A regular user does not have permission to use the disallowed text format.');
$this
->drupalLogin($this->webUser);
$this
->drupalGet('node/add/page');
$this
->assertSession()
->optionExists('body[0][format]', $this->allowedFormat
->id());
$this
->assertSession()
->optionNotExists('body[0][format]', $this->disallowedFormat
->id());
$this
->assertSession()
->optionNotExists('body[0][format]', filter_fallback_format());
$this
->drupalGet('filter/tips/' . $this->allowedFormat
->id());
$this
->assertSession()
->statusCodeEquals(200);
$this
->drupalGet('filter/tips/' . $this->disallowedFormat
->id());
$this
->assertSession()
->statusCodeEquals(403);
$this
->drupalGet('filter/tips/' . filter_fallback_format());
$this
->assertSession()
->statusCodeEquals(200);
$this
->drupalGet('filter/tips/invalid-format');
$this
->assertSession()
->statusCodeEquals(404);
$this
->drupalLogin($this->adminUser);
$this
->drupalGet('filter/tips/' . $this->allowedFormat
->id());
$this
->assertSession()
->statusCodeEquals(200);
$this
->drupalGet('filter/tips/' . $this->disallowedFormat
->id());
$this
->assertSession()
->statusCodeEquals(200);
$this
->drupalGet('filter/tips/' . filter_fallback_format());
$this
->assertSession()
->statusCodeEquals(200);
$this
->drupalGet('filter/tips/invalid-format');
$this
->assertSession()
->statusCodeEquals(404);
}
public function testFormatRoles() {
$roles = $this->webUser
->getRoles(TRUE);
$rid = $roles[0];
$this
->assertContains($rid, array_keys(filter_get_roles_by_format($this->allowedFormat)), 'A role which has access to a text format appears in the list of roles that have access to that format.');
$this
->assertNotContains($rid, array_keys(filter_get_roles_by_format($this->disallowedFormat)), 'A role which does not have access to a text format does not appear in the list of roles that have access to that format.');
$this
->assertContains($this->allowedFormat
->id(), array_keys(filter_get_formats_by_role($rid)), 'A text format which a role has access to appears in the list of formats available to that role.');
$this
->assertNotContains($this->disallowedFormat
->id(), array_keys(filter_get_formats_by_role($rid)), 'A text format which a role does not have access to does not appear in the list of formats available to that role.');
$this
->assertEquals(filter_get_roles_by_format(FilterFormat::load(filter_fallback_format())), user_role_names(), 'All roles have access to the fallback format.');
$this
->assertContains(filter_fallback_format(), array_keys(filter_get_formats_by_role($rid)), 'The fallback format appears in the list of allowed formats for any role.');
}
public function testFormatWidgetPermissions() {
$body_value_key = 'body[0][value]';
$body_format_key = 'body[0][format]';
$this
->drupalLogin($this->adminUser);
$edit = [];
$edit['title[0][value]'] = $this
->randomMachineName(8);
$edit[$body_value_key] = $this
->randomMachineName(16);
$edit[$body_format_key] = $this->disallowedFormat
->id();
$this
->drupalGet('node/add/page');
$this
->submitForm($edit, 'Save');
$node = $this
->drupalGetNodeByTitle($edit['title[0][value]']);
$this
->drupalLogin($this->webUser);
$this
->drupalGet('node/' . $node
->id());
$this
->clickLink('Edit');
$this
->assertSession()
->fieldDisabled($body_value_key);
$this
->assertSession()
->fieldValueEquals($body_value_key, 'This field has been disabled because you do not have sufficient permissions to edit it.');
$new_edit = [];
$new_edit['title[0][value]'] = $this
->randomMachineName(8);
$this
->submitForm($new_edit, 'Preview');
$this
->assertSession()
->pageTextContains($edit[$body_value_key]);
$this
->drupalGet('node/' . $node
->id() . '/edit');
$this
->submitForm($new_edit, 'Save');
$this
->assertSession()
->pageTextNotContains($edit['title[0][value]']);
$this
->assertSession()
->pageTextContains($new_edit['title[0][value]']);
$this
->assertSession()
->pageTextContains($edit[$body_value_key]);
$this
->drupalLogin($this->filterAdminUser);
$this
->drupalGet('node/' . $node
->id() . '/edit');
$this
->assertSession()
->fieldDisabled($body_value_key);
$this
->assertSession()
->fieldValueEquals($body_value_key, 'This field has been disabled because you do not have sufficient permissions to edit it.');
$this->disallowedFormat
->disable()
->save();
$this
->resetFilterCaches();
$this
->drupalLogin($this->webUser);
$this
->drupalGet('node/' . $node
->id() . '/edit');
$this
->assertSession()
->fieldDisabled($body_value_key);
$this
->assertSession()
->fieldValueEquals($body_value_key, 'This field has been disabled because you do not have sufficient permissions to edit it.');
$this
->drupalLogin($this->filterAdminUser);
$this
->drupalGet('node/' . $node
->id() . '/edit');
$this
->assertSession()
->fieldEnabled($body_value_key);
$this
->assertSession()
->fieldExists($body_format_key);
$old_title = $new_edit['title[0][value]'];
$new_title = $this
->randomMachineName(8);
$edit = [];
$edit['title[0][value]'] = $new_title;
$this
->drupalGet('node/' . $node
->id() . '/edit');
$this
->submitForm($edit, 'Save');
$this
->assertSession()
->pageTextContains('Text format field is required.');
$this
->drupalGet('node/' . $node
->id());
$this
->assertSession()
->pageTextContains($old_title);
$this
->assertSession()
->pageTextNotContains($new_title);
$edit[$body_format_key] = filter_fallback_format();
$this
->drupalGet('node/' . $node
->id() . '/edit');
$this
->submitForm($edit, 'Save');
$this
->assertSession()
->addressEquals('node/' . $node
->id());
$this
->assertSession()
->pageTextContains($new_title);
$this
->assertSession()
->pageTextNotContains($old_title);
$this
->drupalLogin($this->adminUser);
$edit = [
$body_format_key => $this->allowedFormat
->id(),
];
$this
->drupalGet('node/' . $node
->id() . '/edit');
$this
->submitForm($edit, 'Save');
$this
->assertSession()
->addressEquals('node/' . $node
->id());
foreach (filter_formats() as $format) {
if (!$format
->isFallbackFormat()) {
$format
->disable()
->save();
}
}
$this
->drupalLogin($this->filterAdminUser);
$old_title = $new_title;
$new_title = $this
->randomMachineName(8);
$edit = [];
$edit['title[0][value]'] = $new_title;
$this
->drupalGet('node/' . $node
->id() . '/edit');
$this
->submitForm($edit, 'Save');
$this
->assertSession()
->pageTextContains('Text format field is required.');
$this
->drupalGet('node/' . $node
->id());
$this
->assertSession()
->pageTextContains($old_title);
$this
->assertSession()
->pageTextNotContains($new_title);
$edit[$body_format_key] = filter_fallback_format();
$this
->drupalGet('node/' . $node
->id() . '/edit');
$this
->submitForm($edit, 'Save');
$this
->assertSession()
->addressEquals('node/' . $node
->id());
$this
->assertSession()
->pageTextContains($new_title);
$this
->assertSession()
->pageTextNotContains($old_title);
}
protected function resetFilterCaches() {
filter_formats_reset();
}
}