class JsonApiFunctionalTest in Drupal 10
Same name and namespace in other branches
- 8 core/modules/jsonapi/tests/src/Functional/JsonApiFunctionalTest.php \Drupal\Tests\jsonapi\Functional\JsonApiFunctionalTest
- 9 core/modules/jsonapi/tests/src/Functional/JsonApiFunctionalTest.php \Drupal\Tests\jsonapi\Functional\JsonApiFunctionalTest
General functional test class.
@group jsonapi
@internal
Hierarchy
- class \Drupal\Tests\BrowserTestBase extends \PHPUnit\Framework\TestCase uses \Drupal\Tests\PhpUnitCompatibilityTrait, \Symfony\Bridge\PhpUnit\ExpectDeprecationTrait, FunctionalTestSetupTrait, TestSetupTrait, BlockCreationTrait, ConfigTestTrait, ExtensionListTestTrait, ContentTypeCreationTrait, NodeCreationTrait, RandomGeneratorTrait, TestRequirementsTrait, PhpUnitWarnings, UiHelperTrait, UserCreationTrait, XdebugRequestTrait
- class \Drupal\Tests\jsonapi\Functional\JsonApiFunctionalTestBase uses \Drupal\Tests\field\Traits\EntityReferenceTestTrait, ImageFieldCreationTrait
- class \Drupal\Tests\jsonapi\Functional\JsonApiFunctionalTest
- class \Drupal\Tests\jsonapi\Functional\JsonApiFunctionalTestBase uses \Drupal\Tests\field\Traits\EntityReferenceTestTrait, ImageFieldCreationTrait
Expanded class hierarchy of JsonApiFunctionalTest
File
- core/
modules/ jsonapi/ tests/ src/ Functional/ JsonApiFunctionalTest.php, line 17
Namespace
Drupal\Tests\jsonapi\FunctionalView source
class JsonApiFunctionalTest extends JsonApiFunctionalTestBase {
/**
* {@inheritdoc}
*/
protected static $modules = [
'basic_auth',
];
/**
* {@inheritdoc}
*/
protected $defaultTheme = 'stark';
/**
* Tests the GET method.
*/
public function testRead() {
$this
->createDefaultContent(61, 5, TRUE, TRUE, static::IS_NOT_MULTILINGUAL, FALSE);
// Unpublish the last entity, so we can check access.
$this->nodes[60]
->setUnpublished()
->save();
// Different databases have different sort orders, so a sort is required so
// test expectations do not need to vary per database.
$default_sort = [
'sort' => 'drupal_internal__nid',
];
// 0. HEAD request allows a client to verify that JSON:API is installed.
$this->httpClient
->request('HEAD', $this
->buildUrl('/jsonapi/node/article'));
$this
->assertSession()
->statusCodeEquals(200);
// 1. Load all articles (1st page).
$collection_output = Json::decode($this
->drupalGet('/jsonapi/node/article', [
'query' => $default_sort,
]));
$this
->assertSession()
->statusCodeEquals(200);
$this
->assertCount(OffsetPage::SIZE_MAX, $collection_output['data']);
$this
->assertSession()
->responseHeaderEquals('Content-Type', 'application/vnd.api+json');
// 2. Load all articles (Offset 3).
$collection_output = Json::decode($this
->drupalGet('/jsonapi/node/article', [
'query' => [
'page' => [
'offset' => 3,
],
] + $default_sort,
]));
$this
->assertSession()
->statusCodeEquals(200);
$this
->assertCount(OffsetPage::SIZE_MAX, $collection_output['data']);
$this
->assertStringContainsString('page%5Boffset%5D=53', $collection_output['links']['next']['href']);
// 3. Load all articles (1st page, 2 items)
$collection_output = Json::decode($this
->drupalGet('/jsonapi/node/article', [
'query' => [
'page' => [
'limit' => 2,
],
] + $default_sort,
]));
$this
->assertSession()
->statusCodeEquals(200);
$this
->assertCount(2, $collection_output['data']);
// 4. Load all articles (2nd page, 2 items).
$collection_output = Json::decode($this
->drupalGet('/jsonapi/node/article', [
'query' => [
'page' => [
'limit' => 2,
'offset' => 2,
],
] + $default_sort,
]));
$this
->assertSession()
->statusCodeEquals(200);
$this
->assertCount(2, $collection_output['data']);
$this
->assertStringContainsString('page%5Boffset%5D=4', $collection_output['links']['next']['href']);
// 5. Single article.
$uuid = $this->nodes[0]
->uuid();
$single_output = Json::decode($this
->drupalGet('/jsonapi/node/article/' . $uuid));
$this
->assertSession()
->statusCodeEquals(200);
$this
->assertArrayHasKey('type', $single_output['data']);
$this
->assertEquals($this->nodes[0]
->getTitle(), $single_output['data']['attributes']['title']);
// 5.1 Single article with access denied because unauthenticated.
Json::decode($this
->drupalGet('/jsonapi/node/article/' . $this->nodes[60]
->uuid()));
$this
->assertSession()
->statusCodeEquals(401);
// 5.1 Single article with access denied while authenticated.
$this
->drupalLogin($this->userCanViewProfiles);
$single_output = Json::decode($this
->drupalGet('/jsonapi/node/article/' . $this->nodes[60]
->uuid()));
$this
->assertSession()
->statusCodeEquals(403);
$this
->assertEquals('/data', $single_output['errors'][0]['source']['pointer']);
$this
->drupalLogout();
// 6. Single relationship item.
$single_output = Json::decode($this
->drupalGet('/jsonapi/node/article/' . $uuid . '/relationships/node_type'));
$this
->assertSession()
->statusCodeEquals(200);
$this
->assertArrayHasKey('type', $single_output['data']);
$this
->assertArrayNotHasKey('attributes', $single_output['data']);
$this
->assertArrayHasKey('related', $single_output['links']);
// 7. Single relationship image.
$single_output = Json::decode($this
->drupalGet('/jsonapi/node/article/' . $uuid . '/relationships/field_image'));
$this
->assertSession()
->statusCodeEquals(200);
$this
->assertArrayHasKey('type', $single_output['data']);
$this
->assertArrayNotHasKey('attributes', $single_output['data']);
$this
->assertArrayHasKey('related', $single_output['links']);
// 8. Multiple relationship item.
$single_output = Json::decode($this
->drupalGet('/jsonapi/node/article/' . $uuid . '/relationships/field_tags'));
$this
->assertSession()
->statusCodeEquals(200);
$this
->assertArrayHasKey('type', $single_output['data'][0]);
$this
->assertArrayNotHasKey('attributes', $single_output['data'][0]);
$this
->assertArrayHasKey('related', $single_output['links']);
// 8b. Single related item, empty.
$single_output = Json::decode($this
->drupalGet('/jsonapi/node/article/' . $uuid . '/field_heroless'));
$this
->assertSession()
->statusCodeEquals(200);
$this
->assertSame(NULL, $single_output['data']);
// 9. Related tags with includes.
$single_output = Json::decode($this
->drupalGet('/jsonapi/node/article/' . $uuid . '/field_tags', [
'query' => [
'include' => 'vid',
],
]));
$this
->assertSession()
->statusCodeEquals(200);
$this
->assertEquals('taxonomy_term--tags', $single_output['data'][0]['type']);
$this
->assertArrayNotHasKey('tid', $single_output['data'][0]['attributes']);
$this
->assertStringContainsString('/taxonomy_term/tags/', $single_output['data'][0]['links']['self']['href']);
$this
->assertEquals('taxonomy_vocabulary--taxonomy_vocabulary', $single_output['included'][0]['type']);
// 10. Single article with includes.
$single_output = Json::decode($this
->drupalGet('/jsonapi/node/article/' . $uuid, [
'query' => [
'include' => 'uid,field_tags',
],
]));
$this
->assertSession()
->statusCodeEquals(200);
$this
->assertEquals('node--article', $single_output['data']['type']);
$first_include = reset($single_output['included']);
$this
->assertEquals('user--user', $first_include['type']);
$last_include = end($single_output['included']);
$this
->assertEquals('taxonomy_term--tags', $last_include['type']);
// 10b. Single article with nested includes.
$single_output = Json::decode($this
->drupalGet('/jsonapi/node/article/' . $uuid, [
'query' => [
'include' => 'field_tags,field_tags.vid',
],
]));
$this
->assertSession()
->statusCodeEquals(200);
$this
->assertEquals('node--article', $single_output['data']['type']);
$first_include = reset($single_output['included']);
$this
->assertEquals('taxonomy_term--tags', $first_include['type']);
$last_include = end($single_output['included']);
$this
->assertEquals('taxonomy_vocabulary--taxonomy_vocabulary', $last_include['type']);
// 11. Includes with relationships.
$this
->drupalGet('/jsonapi/node/article/' . $uuid . '/relationships/uid');
$single_output = Json::decode($this
->drupalGet('/jsonapi/node/article/' . $uuid . '/relationships/uid', [
'query' => [
'include' => 'uid',
],
]));
$this
->assertSession()
->statusCodeEquals(200);
$this
->assertEquals('user--user', $single_output['data']['type']);
$this
->assertArrayHasKey('related', $single_output['links']);
$this
->assertArrayHasKey('included', $single_output);
$first_include = reset($single_output['included']);
$this
->assertEquals('user--user', $first_include['type']);
$this
->assertNotEmpty($first_include['attributes']);
$this
->assertArrayNotHasKey('mail', $first_include['attributes']);
$this
->assertArrayNotHasKey('pass', $first_include['attributes']);
// 12. Collection with one access denied.
$this->nodes[1]
->set('status', FALSE);
$this->nodes[1]
->save();
$single_output = Json::decode($this
->drupalGet('/jsonapi/node/article', [
'query' => [
'page' => [
'limit' => 2,
],
] + $default_sort,
]));
$this
->assertSession()
->statusCodeEquals(200);
$this
->assertCount(1, $single_output['data']);
$non_help_links = array_filter(array_keys($single_output['meta']['omitted']['links']), function ($key) {
return $key !== 'help';
});
$this
->assertCount(1, $non_help_links);
$link_keys = array_keys($single_output['meta']['omitted']['links']);
$this
->assertSame('help', reset($link_keys));
$this
->assertMatchesRegularExpression('/^item--[a-zA-Z0-9]{7}$/', next($link_keys));
$this->nodes[1]
->set('status', TRUE);
$this->nodes[1]
->save();
// 13. Test filtering when using short syntax.
$filter = [
'uid.id' => [
'value' => $this->user
->uuid(),
],
'field_tags.id' => [
'value' => $this->tags[0]
->uuid(),
],
];
$single_output = Json::decode($this
->drupalGet('/jsonapi/node/article', [
'query' => [
'filter' => $filter,
'include' => 'uid,field_tags',
],
]));
$this
->assertSession()
->statusCodeEquals(200);
$this
->assertGreaterThan(0, count($single_output['data']));
// 14. Test filtering when using long syntax.
$filter = [
'and_group' => [
'group' => [
'conjunction' => 'AND',
],
],
'filter_user' => [
'condition' => [
'path' => 'uid.id',
'value' => $this->user
->uuid(),
'memberOf' => 'and_group',
],
],
'filter_tags' => [
'condition' => [
'path' => 'field_tags.id',
'value' => $this->tags[0]
->uuid(),
'memberOf' => 'and_group',
],
],
];
$single_output = Json::decode($this
->drupalGet('/jsonapi/node/article', [
'query' => [
'filter' => $filter,
'include' => 'uid,field_tags',
],
]));
$this
->assertSession()
->statusCodeEquals(200);
$this
->assertGreaterThan(0, count($single_output['data']));
// 15. Test filtering when using invalid syntax.
$filter = [
'and_group' => [
'group' => [
'conjunction' => 'AND',
],
],
'filter_user' => [
'condition' => [
'name-with-a-typo' => 'uid.id',
'value' => $this->user
->uuid(),
'memberOf' => 'and_group',
],
],
];
$this
->drupalGet('/jsonapi/node/article', [
'query' => [
'filter' => $filter,
] + $default_sort,
]);
$this
->assertSession()
->statusCodeEquals(400);
// 16. Test filtering on the same field.
$filter = [
'or_group' => [
'group' => [
'conjunction' => 'OR',
],
],
'filter_tags_1' => [
'condition' => [
'path' => 'field_tags.id',
'value' => $this->tags[0]
->uuid(),
'memberOf' => 'or_group',
],
],
'filter_tags_2' => [
'condition' => [
'path' => 'field_tags.id',
'value' => $this->tags[1]
->uuid(),
'memberOf' => 'or_group',
],
],
];
$single_output = Json::decode($this
->drupalGet('/jsonapi/node/article', [
'query' => [
'filter' => $filter,
'include' => 'field_tags',
] + $default_sort,
]));
$this
->assertSession()
->statusCodeEquals(200);
$this
->assertGreaterThanOrEqual(2, count($single_output['included']));
// 17. Single user (check fields lacking 'view' access).
$user_url = Url::fromRoute('jsonapi.user--user.individual', [
'entity' => $this->user
->uuid(),
]);
$response = $this
->request('GET', $user_url, [
'auth' => [
$this->userCanViewProfiles
->getAccountName(),
$this->userCanViewProfiles->pass_raw,
],
]);
$single_output = Json::decode($response
->getBody()
->__toString());
$this
->assertEquals(200, $response
->getStatusCode());
$this
->assertEquals('user--user', $single_output['data']['type']);
$this
->assertEquals($this->user
->get('name')->value, $single_output['data']['attributes']['name']);
$this
->assertArrayNotHasKey('mail', $single_output['data']['attributes']);
$this
->assertArrayNotHasKey('pass', $single_output['data']['attributes']);
// 18. Test filtering on the column of a link.
$filter = [
'linkUri' => [
'condition' => [
'path' => 'field_link.uri',
'value' => 'https://',
'operator' => 'STARTS_WITH',
],
],
];
$single_output = Json::decode($this
->drupalGet('/jsonapi/node/article', [
'query' => [
'filter' => $filter,
] + $default_sort,
]));
$this
->assertSession()
->statusCodeEquals(200);
$this
->assertGreaterThanOrEqual(1, count($single_output['data']));
// 19. Test non-existing route without 'Accept' header.
$this
->drupalGet('/jsonapi/node/article/broccoli');
$this
->assertSession()
->statusCodeEquals(404);
// Even without the 'Accept' header the 404 error is formatted as JSON:API.
$this
->assertSession()
->responseHeaderEquals('Content-Type', 'application/vnd.api+json');
// 20. Test non-existing route with 'Accept' header.
$single_output = Json::decode($this
->drupalGet('/jsonapi/node/article/broccoli', [], [
'Accept' => 'application/vnd.api+json',
]));
$this
->assertEquals(404, $single_output['errors'][0]['status']);
$this
->assertSession()
->statusCodeEquals(404);
// With the 'Accept' header we can know we want the 404 error formatted as
// JSON:API.
$this
->assertSession()
->responseHeaderContains('Content-Type', 'application/vnd.api+json');
// 22. Test sort criteria on multiple fields: both ASC.
$output = Json::decode($this
->drupalGet('/jsonapi/node/article', [
'query' => [
'page[limit]' => 6,
'sort' => 'field_sort1,field_sort2',
],
]));
$output_uuids = array_map(function ($result) {
return $result['id'];
}, $output['data']);
$this
->assertCount(6, $output_uuids);
$this
->assertSame([
Node::load(5)
->uuid(),
Node::load(4)
->uuid(),
Node::load(3)
->uuid(),
Node::load(2)
->uuid(),
Node::load(1)
->uuid(),
Node::load(10)
->uuid(),
], $output_uuids);
// 23. Test sort criteria on multiple fields: first ASC, second DESC.
$output = Json::decode($this
->drupalGet('/jsonapi/node/article', [
'query' => [
'page[limit]' => 6,
'sort' => 'field_sort1,-field_sort2',
],
]));
$output_uuids = array_map(function ($result) {
return $result['id'];
}, $output['data']);
$this
->assertCount(6, $output_uuids);
$this
->assertSame([
Node::load(1)
->uuid(),
Node::load(2)
->uuid(),
Node::load(3)
->uuid(),
Node::load(4)
->uuid(),
Node::load(5)
->uuid(),
Node::load(6)
->uuid(),
], $output_uuids);
// 24. Test sort criteria on multiple fields: first DESC, second ASC.
$output = Json::decode($this
->drupalGet('/jsonapi/node/article', [
'query' => [
'page[limit]' => 6,
'sort' => '-field_sort1,field_sort2',
],
]));
$output_uuids = array_map(function ($result) {
return $result['id'];
}, $output['data']);
$this
->assertCount(5, $output_uuids);
$this
->assertCount(2, $output['meta']['omitted']['links']);
$this
->assertSame([
Node::load(60)
->uuid(),
Node::load(59)
->uuid(),
Node::load(58)
->uuid(),
Node::load(57)
->uuid(),
Node::load(56)
->uuid(),
], $output_uuids);
// 25. Test sort criteria on multiple fields: both DESC.
$output = Json::decode($this
->drupalGet('/jsonapi/node/article', [
'query' => [
'page[limit]' => 6,
'sort' => '-field_sort1,-field_sort2',
],
]));
$output_uuids = array_map(function ($result) {
return $result['id'];
}, $output['data']);
$this
->assertCount(5, $output_uuids);
$this
->assertCount(2, $output['meta']['omitted']['links']);
$this
->assertSame([
Node::load(56)
->uuid(),
Node::load(57)
->uuid(),
Node::load(58)
->uuid(),
Node::load(59)
->uuid(),
Node::load(60)
->uuid(),
], $output_uuids);
// 25. Test collection count.
$this->container
->get('module_installer')
->install([
'jsonapi_test_collection_count',
]);
$collection_output = Json::decode($this
->drupalGet('/jsonapi/node/article'));
$this
->assertSession()
->statusCodeEquals(200);
$this
->assertEquals(61, $collection_output['meta']['count']);
$this->container
->get('module_installer')
->uninstall([
'jsonapi_test_collection_count',
]);
// Test documentation filtering examples.
// 1. Only get published nodes.
$filter = [
'status-filter' => [
'condition' => [
'path' => 'status',
'value' => 1,
],
],
];
$collection_output = Json::decode($this
->drupalGet('/jsonapi/node/article', [
'query' => [
'filter' => $filter,
] + $default_sort,
]));
$this
->assertSession()
->statusCodeEquals(200);
$this
->assertGreaterThanOrEqual(OffsetPage::SIZE_MAX, count($collection_output['data']));
// 2. Nested Filters: Get nodes created by user admin.
$filter = [
'name-filter' => [
'condition' => [
'path' => 'uid.name',
'value' => $this->user
->getAccountName(),
],
],
];
$collection_output = Json::decode($this
->drupalGet('/jsonapi/node/article', [
'query' => [
'filter' => $filter,
] + $default_sort,
]));
$this
->assertSession()
->statusCodeEquals(200);
$this
->assertGreaterThanOrEqual(OffsetPage::SIZE_MAX, count($collection_output['data']));
// 3. Filtering with arrays: Get nodes created by users [admin, john].
$filter = [
'name-filter' => [
'condition' => [
'path' => 'uid.name',
'operator' => 'IN',
'value' => [
$this->user
->getAccountName(),
$this
->getRandomGenerator()
->name(),
],
],
],
];
$collection_output = Json::decode($this
->drupalGet('/jsonapi/node/article', [
'query' => [
'filter' => $filter,
] + $default_sort,
]));
$this
->assertSession()
->statusCodeEquals(200);
$this
->assertGreaterThanOrEqual(OffsetPage::SIZE_MAX, count($collection_output['data']));
// 4. Grouping filters: Get nodes that are published and create by admin.
$filter = [
'and-group' => [
'group' => [
'conjunction' => 'AND',
],
],
'name-filter' => [
'condition' => [
'path' => 'uid.name',
'value' => $this->user
->getAccountName(),
'memberOf' => 'and-group',
],
],
'status-filter' => [
'condition' => [
'path' => 'status',
'value' => 1,
'memberOf' => 'and-group',
],
],
];
$collection_output = Json::decode($this
->drupalGet('/jsonapi/node/article', [
'query' => [
'filter' => $filter,
] + $default_sort,
]));
$this
->assertSession()
->statusCodeEquals(200);
$this
->assertGreaterThanOrEqual(OffsetPage::SIZE_MAX, count($collection_output['data']));
// 5. Grouping grouped filters: Get nodes that are promoted or sticky and
// created by admin.
$filter = [
'and-group' => [
'group' => [
'conjunction' => 'AND',
],
],
'or-group' => [
'group' => [
'conjunction' => 'OR',
'memberOf' => 'and-group',
],
],
'admin-filter' => [
'condition' => [
'path' => 'uid.name',
'value' => $this->user
->getAccountName(),
'memberOf' => 'and-group',
],
],
'sticky-filter' => [
'condition' => [
'path' => 'sticky',
'value' => 1,
'memberOf' => 'or-group',
],
],
'promote-filter' => [
'condition' => [
'path' => 'promote',
'value' => 0,
'memberOf' => 'or-group',
],
],
];
$collection_output = Json::decode($this
->drupalGet('/jsonapi/node/article', [
'query' => [
'filter' => $filter,
] + $default_sort,
]));
$this
->assertSession()
->statusCodeEquals(200);
$this
->assertCount(0, $collection_output['data']);
// Request in maintenance mode returns valid JSON.
$this->container
->get('state')
->set('system.maintenance_mode', TRUE);
$response = $this
->drupalGet('/jsonapi/taxonomy_term/tags');
$this
->assertSession()
->statusCodeEquals(503);
$this
->assertSession()
->responseHeaderContains('Content-Type', 'application/vnd.api+json');
$retry_after_time = $this
->getSession()
->getResponseHeader('Retry-After');
$this
->assertTrue($retry_after_time >= 5 && $retry_after_time <= 10);
$expected_message = 'Drupal is currently under maintenance. We should be back shortly. Thank you for your patience.';
$this
->assertSame($expected_message, Json::decode($response)['errors'][0]['detail']);
// Test that logged in user does not get logged out in maintenance mode
// when hitting jsonapi route.
$this->container
->get('state')
->set('system.maintenance_mode', FALSE);
$this
->drupalLogin($this->userCanViewProfiles);
$this->container
->get('state')
->set('system.maintenance_mode', TRUE);
$this
->drupalGet('/jsonapi/taxonomy_term/tags');
$this
->assertSession()
->statusCodeEquals(503);
$this
->assertTrue($this
->drupalUserIsLoggedIn($this->userCanViewProfiles));
// Test that user gets logged out when hitting non-jsonapi route.
$this
->drupalGet('/some/normal/route');
$this
->assertFalse($this
->drupalUserIsLoggedIn($this->userCanViewProfiles));
$this->container
->get('state')
->set('system.maintenance_mode', FALSE);
// Test that admin user can bypass maintenance mode.
$admin_user = $this
->drupalCreateUser([], NULL, TRUE);
$this
->drupalLogin($admin_user);
$this->container
->get('state')
->set('system.maintenance_mode', TRUE);
$this
->drupalGet('/jsonapi/taxonomy_term/tags');
$this
->assertSession()
->statusCodeEquals(200);
$this
->assertTrue($this
->drupalUserIsLoggedIn($admin_user));
$this->container
->get('state')
->set('system.maintenance_mode', FALSE);
$this
->drupalLogout();
}
/**
* Tests the GET method on articles referencing the same tag twice.
*/
public function testReferencingTwiceRead() {
$this
->createDefaultContent(1, 1, FALSE, FALSE, static::IS_NOT_MULTILINGUAL, TRUE);
// 1. Load all articles (1st page).
$collection_output = Json::decode($this
->drupalGet('/jsonapi/node/article'));
$this
->assertSession()
->statusCodeEquals(200);
$this
->assertCount(1, $collection_output['data']);
$this
->assertSession()
->responseHeaderEquals('Content-Type', 'application/vnd.api+json');
}
/**
* Tests POST, PATCH and DELETE.
*/
public function testWrite() {
$this
->config('jsonapi.settings')
->set('read_only', FALSE)
->save(TRUE);
$this
->createDefaultContent(0, 3, FALSE, FALSE, static::IS_NOT_MULTILINGUAL, FALSE);
// 1. Successful post.
$collection_url = Url::fromRoute('jsonapi.node--article.collection.post');
$body = [
'data' => [
'type' => 'node--article',
'attributes' => [
'langcode' => 'en',
'title' => 'My custom title',
'default_langcode' => '1',
'body' => [
'value' => 'Custom value',
'format' => 'plain_text',
'summary' => 'Custom summary',
],
],
'relationships' => [
'field_tags' => [
'data' => [
[
'type' => 'taxonomy_term--tags',
'id' => $this->tags[0]
->uuid(),
],
[
'type' => 'taxonomy_term--tags',
'id' => $this->tags[1]
->uuid(),
],
],
],
],
],
];
$response = $this
->request('POST', $collection_url, [
'body' => Json::encode($body),
'auth' => [
$this->user
->getAccountName(),
$this->user->pass_raw,
],
'headers' => [
'Content-Type' => 'application/vnd.api+json',
],
]);
$created_response = Json::decode($response
->getBody()
->__toString());
$this
->assertEquals(201, $response
->getStatusCode());
$this
->assertArrayNotHasKey('uuid', $created_response['data']['attributes']);
$uuid = $created_response['data']['id'];
$this
->assertCount(2, $created_response['data']['relationships']['field_tags']['data']);
$this
->assertEquals($created_response['data']['links']['self']['href'], $response
->getHeader('Location')[0]);
// 2. Authorization error.
$response = $this
->request('POST', $collection_url, [
'body' => Json::encode($body),
'headers' => [
'Content-Type' => 'application/vnd.api+json',
],
]);
$created_response = Json::decode($response
->getBody()
->__toString());
$this
->assertEquals(401, $response
->getStatusCode());
$this
->assertNotEmpty($created_response['errors']);
$this
->assertEquals('Unauthorized', $created_response['errors'][0]['title']);
// 2.1 Authorization error with a user without create permissions.
$response = $this
->request('POST', $collection_url, [
'body' => Json::encode($body),
'auth' => [
$this->userCanViewProfiles
->getAccountName(),
$this->userCanViewProfiles->pass_raw,
],
'headers' => [
'Content-Type' => 'application/vnd.api+json',
],
]);
$created_response = Json::decode($response
->getBody()
->__toString());
$this
->assertEquals(403, $response
->getStatusCode());
$this
->assertNotEmpty($created_response['errors']);
$this
->assertEquals('Forbidden', $created_response['errors'][0]['title']);
// 3. Missing Content-Type error.
$response = $this
->request('POST', $collection_url, [
'body' => Json::encode($body),
'auth' => [
$this->user
->getAccountName(),
$this->user->pass_raw,
],
'headers' => [
'Accept' => 'application/vnd.api+json',
],
]);
$this
->assertEquals(415, $response
->getStatusCode());
// 4. Article with a duplicate ID.
$invalid_body = $body;
$invalid_body['data']['id'] = Node::load(1)
->uuid();
$response = $this
->request('POST', $collection_url, [
'body' => Json::encode($invalid_body),
'auth' => [
$this->user
->getAccountName(),
$this->user->pass_raw,
],
'headers' => [
'Accept' => 'application/vnd.api+json',
'Content-Type' => 'application/vnd.api+json',
],
]);
$created_response = Json::decode($response
->getBody()
->__toString());
$this
->assertEquals(409, $response
->getStatusCode());
$this
->assertNotEmpty($created_response['errors']);
$this
->assertEquals('Conflict', $created_response['errors'][0]['title']);
// 5. Article with wrong reference UUIDs for tags.
$body_invalid_tags = $body;
$body_invalid_tags['data']['relationships']['field_tags']['data'][0]['id'] = 'lorem';
$body_invalid_tags['data']['relationships']['field_tags']['data'][1]['id'] = 'ipsum';
$response = $this
->request('POST', $collection_url, [
'body' => Json::encode($body_invalid_tags),
'auth' => [
$this->user
->getAccountName(),
$this->user->pass_raw,
],
'headers' => [
'Content-Type' => 'application/vnd.api+json',
],
]);
$this
->assertEquals(404, $response
->getStatusCode());
// 6. Decoding error.
$response = $this
->request('POST', $collection_url, [
'body' => '{"bad json",,,}',
'auth' => [
$this->user
->getAccountName(),
$this->user->pass_raw,
],
'headers' => [
'Content-Type' => 'application/vnd.api+json',
'Accept' => 'application/vnd.api+json',
],
]);
$created_response = Json::decode($response
->getBody()
->__toString());
$this
->assertEquals(400, $response
->getStatusCode());
$this
->assertNotEmpty($created_response['errors']);
$this
->assertEquals('Bad Request', $created_response['errors'][0]['title']);
// 6.1 Denormalizing error.
$response = $this
->request('POST', $collection_url, [
'body' => '{"data":{"type":"something"},"valid yet nonsensical json":[]}',
'auth' => [
$this->user
->getAccountName(),
$this->user->pass_raw,
],
'headers' => [
'Content-Type' => 'application/vnd.api+json',
'Accept' => 'application/vnd.api+json',
],
]);
$created_response = Json::decode($response
->getBody()
->__toString());
$this
->assertEquals(422, $response
->getStatusCode());
$this
->assertNotEmpty($created_response['errors']);
$this
->assertStringStartsWith('Unprocessable', $created_response['errors'][0]['title']);
// 6.2 Relationships are not included in "data".
$malformed_body = $body;
unset($malformed_body['data']['relationships']);
$malformed_body['relationships'] = $body['data']['relationships'];
$response = $this
->request('POST', $collection_url, [
'body' => Json::encode($malformed_body),
'auth' => [
$this->user
->getAccountName(),
$this->user->pass_raw,
],
'headers' => [
'Accept' => 'application/vnd.api+json',
'Content-Type' => 'application/vnd.api+json',
],
]);
$created_response = Json::decode((string) $response
->getBody());
$this
->assertSame(400, $response
->getStatusCode());
$this
->assertNotEmpty($created_response['errors']);
$this
->assertSame("Bad Request", $created_response['errors'][0]['title']);
$this
->assertSame("Found \"relationships\" within the document's top level. The \"relationships\" key must be within resource object.", $created_response['errors'][0]['detail']);
// 6.2 "type" not included in "data".
$missing_type = $body;
unset($missing_type['data']['type']);
$response = $this
->request('POST', $collection_url, [
'body' => Json::encode($missing_type),
'auth' => [
$this->user
->getAccountName(),
$this->user->pass_raw,
],
'headers' => [
'Accept' => 'application/vnd.api+json',
'Content-Type' => 'application/vnd.api+json',
],
]);
$created_response = Json::decode((string) $response
->getBody());
$this
->assertSame(400, $response
->getStatusCode());
$this
->assertNotEmpty($created_response['errors']);
$this
->assertSame("Bad Request", $created_response['errors'][0]['title']);
$this
->assertSame("Resource object must include a \"type\".", $created_response['errors'][0]['detail']);
// 7. Successful PATCH.
$body = [
'data' => [
'id' => $uuid,
'type' => 'node--article',
'attributes' => [
'title' => 'My updated title',
],
],
];
$individual_url = Url::fromRoute('jsonapi.node--article.individual', [
'entity' => $uuid,
]);
$response = $this
->request('PATCH', $individual_url, [
'body' => Json::encode($body),
'auth' => [
$this->user
->getAccountName(),
$this->user->pass_raw,
],
'headers' => [
'Content-Type' => 'application/vnd.api+json',
],
]);
$updated_response = Json::decode($response
->getBody()
->__toString());
$this
->assertEquals(200, $response
->getStatusCode());
$this
->assertEquals('My updated title', $updated_response['data']['attributes']['title']);
// 7.1 Unsuccessful PATCH due to access restrictions.
$body = [
'data' => [
'id' => $uuid,
'type' => 'node--article',
'attributes' => [
'title' => 'My updated title',
],
],
];
$individual_url = Url::fromRoute('jsonapi.node--article.individual', [
'entity' => $uuid,
]);
$response = $this
->request('PATCH', $individual_url, [
'body' => Json::encode($body),
'auth' => [
$this->userCanViewProfiles
->getAccountName(),
$this->userCanViewProfiles->pass_raw,
],
'headers' => [
'Content-Type' => 'application/vnd.api+json',
],
]);
$this
->assertEquals(403, $response
->getStatusCode());
// 8. Field access forbidden check.
$body = [
'data' => [
'id' => $uuid,
'type' => 'node--article',
'attributes' => [
'title' => 'My updated title',
'status' => 0,
],
],
];
$response = $this
->request('PATCH', $individual_url, [
'body' => Json::encode($body),
'auth' => [
$this->user
->getAccountName(),
$this->user->pass_raw,
],
'headers' => [
'Content-Type' => 'application/vnd.api+json',
],
]);
$updated_response = Json::decode($response
->getBody()
->__toString());
$this
->assertEquals(403, $response
->getStatusCode());
$this
->assertEquals("The current user is not allowed to PATCH the selected field (status). The 'administer nodes' permission is required.", $updated_response['errors'][0]['detail']);
$node = \Drupal::service('entity.repository')
->loadEntityByUuid('node', $uuid);
$this
->assertEquals(1, $node
->get('status')->value, 'Node status was not changed.');
// 9. Successful POST to related endpoint.
$body = [
'data' => [
[
'id' => $this->tags[2]
->uuid(),
'type' => 'taxonomy_term--tags',
],
],
];
$relationship_url = Url::fromRoute('jsonapi.node--article.field_tags.relationship.post', [
'entity' => $uuid,
]);
$response = $this
->request('POST', $relationship_url, [
'body' => Json::encode($body),
'auth' => [
$this->user
->getAccountName(),
$this->user->pass_raw,
],
'headers' => [
'Content-Type' => 'application/vnd.api+json',
],
]);
$updated_response = Json::decode($response
->getBody()
->__toString());
$this
->assertEquals(200, $response
->getStatusCode());
$this
->assertCount(3, $updated_response['data']);
$this
->assertEquals('taxonomy_term--tags', $updated_response['data'][2]['type']);
$this
->assertEquals($this->tags[2]
->uuid(), $updated_response['data'][2]['id']);
// 10. Successful PATCH to related endpoint.
$body = [
'data' => [
[
'id' => $this->tags[1]
->uuid(),
'type' => 'taxonomy_term--tags',
],
],
];
$response = $this
->request('PATCH', $relationship_url, [
'body' => Json::encode($body),
'auth' => [
$this->user
->getAccountName(),
$this->user->pass_raw,
],
'headers' => [
'Content-Type' => 'application/vnd.api+json',
],
]);
$this
->assertEquals(204, $response
->getStatusCode());
$this
->assertEmpty($response
->getBody()
->__toString());
// 11. Successful DELETE to related endpoint.
$response = $this
->request('DELETE', $relationship_url, [
// Send a request with no body.
'auth' => [
$this->user
->getAccountName(),
$this->user->pass_raw,
],
'headers' => [
'Content-Type' => 'application/vnd.api+json',
'Accept' => 'application/vnd.api+json',
],
]);
$updated_response = Json::decode($response
->getBody()
->__toString());
$this
->assertEquals('You need to provide a body for DELETE operations on a relationship (field_tags).', $updated_response['errors'][0]['detail']);
$this
->assertEquals(400, $response
->getStatusCode());
$response = $this
->request('DELETE', $relationship_url, [
// Send a request with no authentication.
'body' => Json::encode($body),
'headers' => [
'Content-Type' => 'application/vnd.api+json',
],
]);
$this
->assertEquals(401, $response
->getStatusCode());
$response = $this
->request('DELETE', $relationship_url, [
// Remove the existing relationship item.
'body' => Json::encode($body),
'auth' => [
$this->user
->getAccountName(),
$this->user->pass_raw,
],
'headers' => [
'Content-Type' => 'application/vnd.api+json',
],
]);
$this
->assertEquals(204, $response
->getStatusCode());
$this
->assertEmpty($response
->getBody()
->__toString());
// 12. PATCH with invalid title and body format.
$body = [
'data' => [
'id' => $uuid,
'type' => 'node--article',
'attributes' => [
'title' => '',
'body' => [
'value' => 'Custom value',
'format' => 'invalid_format',
'summary' => 'Custom summary',
],
],
],
];
$response = $this
->request('PATCH', $individual_url, [
'body' => Json::encode($body),
'auth' => [
$this->user
->getAccountName(),
$this->user->pass_raw,
],
'headers' => [
'Content-Type' => 'application/vnd.api+json',
'Accept' => 'application/vnd.api+json',
],
]);
$updated_response = Json::decode($response
->getBody()
->__toString());
$this
->assertEquals(422, $response
->getStatusCode());
$this
->assertCount(2, $updated_response['errors']);
for ($i = 0; $i < 2; $i++) {
$this
->assertStringStartsWith('Unprocessable', $updated_response['errors'][$i]['title']);
$this
->assertEquals(422, $updated_response['errors'][$i]['status']);
}
$this
->assertEquals("title: This value should not be null.", $updated_response['errors'][0]['detail']);
$this
->assertEquals("body.0.format: The value you selected is not a valid choice.", $updated_response['errors'][1]['detail']);
$this
->assertEquals("/data/attributes/title", $updated_response['errors'][0]['source']['pointer']);
$this
->assertEquals("/data/attributes/body/format", $updated_response['errors'][1]['source']['pointer']);
// 13. PATCH with field that doesn't exist on Entity.
$body = [
'data' => [
'id' => $uuid,
'type' => 'node--article',
'attributes' => [
'field_that_does_not_exist' => 'foobar',
],
],
];
$response = $this
->request('PATCH', $individual_url, [
'body' => Json::encode($body),
'auth' => [
$this->user
->getAccountName(),
$this->user->pass_raw,
],
'headers' => [
'Content-Type' => 'application/vnd.api+json',
'Accept' => 'application/vnd.api+json',
],
]);
$updated_response = Json::decode($response
->getBody()
->__toString());
$this
->assertEquals(422, $response
->getStatusCode());
$this
->assertEquals("The attribute field_that_does_not_exist does not exist on the node--article resource type.", $updated_response['errors']['0']['detail']);
// 14. Successful DELETE.
$response = $this
->request('DELETE', $individual_url, [
'auth' => [
$this->user
->getAccountName(),
$this->user->pass_raw,
],
]);
$this
->assertEquals(204, $response
->getStatusCode());
$response = $this
->request('GET', $individual_url, []);
$this
->assertEquals(404, $response
->getStatusCode());
}
}