You are here

Home » API reference » Drupal 9 » FilterFormatAccessTest.php » FilterFormatAccessTest

public function FilterFormatAccessTest::testFormatWidgetPermissions in Drupal 9

Same name and namespace in other branches
  1. 8 core/modules/filter/tests/src/Functional/FilterFormatAccessTest.php \Drupal\Tests\filter\Functional\FilterFormatAccessTest::testFormatWidgetPermissions()

Tests editing a page using a disallowed text format.

Verifies that regular users and administrators are able to edit a page, but not allowed to change the fields which use an inaccessible text format. Also verifies that fields which use a text format that does not exist can be edited by administrators only, but that the administrator is forced to choose a new format before saving the page.

File

core/modules/filter/tests/src/Functional/FilterFormatAccessTest.php, line 212

Class

FilterFormatAccessTest
Tests access to text formats.

Namespace

Drupal\Tests\filter\Functional

Code

public function testFormatWidgetPermissions() {
  $body_value_key = 'body[0][value]';
  $body_format_key = 'body[0][format]';

  // Create node to edit.
  $this
    ->drupalLogin($this->adminUser);
  $edit = [];
  $edit['title[0][value]'] = $this
    ->randomMachineName(8);
  $edit[$body_value_key] = $this
    ->randomMachineName(16);
  $edit[$body_format_key] = $this->disallowedFormat
    ->id();
  $this
    ->drupalGet('node/add/page');
  $this
    ->submitForm($edit, 'Save');
  $node = $this
    ->drupalGetNodeByTitle($edit['title[0][value]']);

  // Try to edit with a less privileged user.
  $this
    ->drupalLogin($this->webUser);
  $this
    ->drupalGet('node/' . $node
    ->id());
  $this
    ->clickLink('Edit');

  // Verify that body field is read-only and contains replacement value.
  $this
    ->assertSession()
    ->fieldDisabled($body_value_key);
  $this
    ->assertSession()
    ->fieldValueEquals($body_value_key, 'This field has been disabled because you do not have sufficient permissions to edit it.');

  // Verify that title can be changed, but preview displays original body.
  $new_edit = [];
  $new_edit['title[0][value]'] = $this
    ->randomMachineName(8);
  $this
    ->submitForm($new_edit, 'Preview');
  $this
    ->assertSession()
    ->pageTextContains($edit[$body_value_key]);

  // Save and verify that only the title was changed.
  $this
    ->drupalGet('node/' . $node
    ->id() . '/edit');
  $this
    ->submitForm($new_edit, 'Save');
  $this
    ->assertSession()
    ->pageTextNotContains($edit['title[0][value]']);
  $this
    ->assertSession()
    ->pageTextContains($new_edit['title[0][value]']);
  $this
    ->assertSession()
    ->pageTextContains($edit[$body_value_key]);

  // Check that even an administrator with "administer filters" permission
  // cannot edit the body field if they do not have specific permission to
  // use its stored format. (This must be disallowed so that the
  // administrator is never forced to switch the text format to something
  // else.)
  $this
    ->drupalLogin($this->filterAdminUser);
  $this
    ->drupalGet('node/' . $node
    ->id() . '/edit');
  $this
    ->assertSession()
    ->fieldDisabled($body_value_key);
  $this
    ->assertSession()
    ->fieldValueEquals($body_value_key, 'This field has been disabled because you do not have sufficient permissions to edit it.');

  // Disable the text format used above.
  $this->disallowedFormat
    ->disable()
    ->save();
  $this
    ->resetFilterCaches();

  // Log back in as the less privileged user and verify that the body field
  // is still disabled, since the less privileged user should not be able to
  // edit content that does not have an assigned format.
  $this
    ->drupalLogin($this->webUser);
  $this
    ->drupalGet('node/' . $node
    ->id() . '/edit');
  $this
    ->assertSession()
    ->fieldDisabled($body_value_key);
  $this
    ->assertSession()
    ->fieldValueEquals($body_value_key, 'This field has been disabled because you do not have sufficient permissions to edit it.');

  // Log back in as the filter administrator and verify that the body field
  // can be edited.
  $this
    ->drupalLogin($this->filterAdminUser);
  $this
    ->drupalGet('node/' . $node
    ->id() . '/edit');
  $this
    ->assertSession()
    ->fieldEnabled($body_value_key);
  $this
    ->assertSession()
    ->fieldExists($body_format_key);

  // Verify that trying to save the node without selecting a new text format
  // produces an error message, and does not result in the node being saved.
  $old_title = $new_edit['title[0][value]'];
  $new_title = $this
    ->randomMachineName(8);
  $edit = [];
  $edit['title[0][value]'] = $new_title;
  $this
    ->drupalGet('node/' . $node
    ->id() . '/edit');
  $this
    ->submitForm($edit, 'Save');
  $this
    ->assertSession()
    ->pageTextContains('Text format field is required.');
  $this
    ->drupalGet('node/' . $node
    ->id());
  $this
    ->assertSession()
    ->pageTextContains($old_title);
  $this
    ->assertSession()
    ->pageTextNotContains($new_title);

  // Now select a new text format and make sure the node can be saved.
  $edit[$body_format_key] = filter_fallback_format();
  $this
    ->drupalGet('node/' . $node
    ->id() . '/edit');
  $this
    ->submitForm($edit, 'Save');
  $this
    ->assertSession()
    ->addressEquals('node/' . $node
    ->id());
  $this
    ->assertSession()
    ->pageTextContains($new_title);
  $this
    ->assertSession()
    ->pageTextNotContains($old_title);

  // Switch the text format to a new one, then disable that format and all
  // other formats on the site (leaving only the fallback format).
  $this
    ->drupalLogin($this->adminUser);
  $edit = [
    $body_format_key => $this->allowedFormat
      ->id(),
  ];
  $this
    ->drupalGet('node/' . $node
    ->id() . '/edit');
  $this
    ->submitForm($edit, 'Save');
  $this
    ->assertSession()
    ->addressEquals('node/' . $node
    ->id());
  foreach (filter_formats() as $format) {
    if (!$format
      ->isFallbackFormat()) {
      $format
        ->disable()
        ->save();
    }
  }

  // Since there is now only one available text format, the widget for
  // selecting a text format would normally not display when the content is
  // edited. However, we need to verify that the filter administrator still
  // is forced to make a conscious choice to reassign the text to a different
  // format.
  $this
    ->drupalLogin($this->filterAdminUser);
  $old_title = $new_title;
  $new_title = $this
    ->randomMachineName(8);
  $edit = [];
  $edit['title[0][value]'] = $new_title;
  $this
    ->drupalGet('node/' . $node
    ->id() . '/edit');
  $this
    ->submitForm($edit, 'Save');
  $this
    ->assertSession()
    ->pageTextContains('Text format field is required.');
  $this
    ->drupalGet('node/' . $node
    ->id());
  $this
    ->assertSession()
    ->pageTextContains($old_title);
  $this
    ->assertSession()
    ->pageTextNotContains($new_title);
  $edit[$body_format_key] = filter_fallback_format();
  $this
    ->drupalGet('node/' . $node
    ->id() . '/edit');
  $this
    ->submitForm($edit, 'Save');
  $this
    ->assertSession()
    ->addressEquals('node/' . $node
    ->id());
  $this
    ->assertSession()
    ->pageTextContains($new_title);
  $this
    ->assertSession()
    ->pageTextNotContains($old_title);
}