View source
<?php
namespace Drupal\Tests\media\Functional;
use Drupal\field\Entity\FieldConfig;
use Drupal\field\Entity\FieldStorageConfig;
use Drupal\media\Entity\Media;
use Drupal\Tests\system\Functional\Cache\AssertPageCacheContextsAndTagsTrait;
use Drupal\user\Entity\Role;
use Drupal\user\RoleInterface;
class MediaAccessTest extends MediaFunctionalTestBase {
use AssertPageCacheContextsAndTagsTrait;
protected static $modules = [
'block',
'media_test_source',
];
protected $defaultTheme = 'stark';
protected function setUp() : void {
parent::setUp();
$this
->drupalPlaceBlock('local_tasks_block');
}
public function testMediaAccess() {
$assert_session = $this
->assertSession();
$media_type = $this
->createMediaType('test');
\Drupal::configFactory()
->getEditable('media.settings')
->set('standalone_url', TRUE)
->save(TRUE);
$this->container
->get('router.builder')
->rebuild();
$media = Media::create([
'bundle' => $media_type
->id(),
'name' => 'Unnamed',
]);
$media
->save();
$user_media = Media::create([
'bundle' => $media_type
->id(),
'name' => 'Unnamed',
'uid' => $this->nonAdminUser
->id(),
]);
$user_media
->save();
$this
->drupalGet('media/add/' . $media_type
->id());
$this
->assertCacheContext('user.permissions');
$assert_session
->statusCodeEquals(200);
$this
->drupalGet('media/' . $user_media
->id());
$this
->assertCacheContext('user.permissions');
$assert_session
->statusCodeEquals(200);
$this
->drupalGet('media/' . $user_media
->id() . '/edit');
$this
->assertCacheContext('user.permissions');
$assert_session
->statusCodeEquals(200);
$this
->drupalGet('media/' . $user_media
->id() . '/delete');
$this
->assertCacheContext('user.permissions');
$assert_session
->statusCodeEquals(200);
$this
->drupalLogin($this->nonAdminUser);
$role = Role::load(RoleInterface::AUTHENTICATED_ID);
user_role_revoke_permissions($role
->id(), [
'view media',
]);
$this
->drupalGet('media/add/' . $media_type
->id());
$this
->assertCacheContext('user.permissions');
$assert_session
->statusCodeEquals(403);
$permissions = [
'create ' . $media_type
->id() . ' media',
];
$this
->grantPermissions($role, $permissions);
$this
->drupalGet('media/add/' . $media_type
->id());
$this
->assertCacheContext('user.permissions');
$assert_session
->statusCodeEquals(200);
user_role_revoke_permissions($role
->id(), $permissions);
$role = Role::load(RoleInterface::AUTHENTICATED_ID);
$this
->grantPermissions($role, [
'view media',
]);
$this
->drupalGet('media/' . $user_media
->id());
$this
->assertNoCacheContext('user');
$this
->assertCacheContext('user.permissions');
$assert_session
->statusCodeEquals(200);
$user_media
->setUnpublished()
->save();
$this
->drupalGet('media/' . $user_media
->id());
$this
->assertCacheContext('user.permissions');
$assert_session
->statusCodeEquals(403);
$access_result = $user_media
->access('view', NULL, TRUE);
$this
->assertSame("The user must be the owner and the 'view own unpublished media' permission is required when the media item is unpublished.", $access_result
->getReason());
$this
->grantPermissions($role, [
'view own unpublished media',
]);
$this
->drupalGet('media/' . $user_media
->id());
$this
->assertCacheContext('user');
$assert_session
->statusCodeEquals(200);
$this
->drupalGet('media/add/' . $media_type
->id());
$this
->assertCacheContext('user.permissions');
$assert_session
->statusCodeEquals(403);
$permissions = [
'create media',
];
$this
->grantPermissions($role, $permissions);
$this
->drupalGet('media/add/' . $media_type
->id());
$this
->assertCacheContext('user.permissions');
$assert_session
->statusCodeEquals(200);
user_role_revoke_permissions($role
->id(), $permissions);
$role = Role::load(RoleInterface::AUTHENTICATED_ID);
$this
->drupalGet('media/' . $user_media
->id() . '/edit');
$this
->assertCacheContext('user.permissions');
$assert_session
->statusCodeEquals(403);
$this
->drupalGet('media/' . $user_media
->id() . '/delete');
$this
->assertCacheContext('user.permissions');
$assert_session
->statusCodeEquals(403);
$permissions = [
'edit own ' . $user_media
->bundle() . ' media',
'delete own ' . $user_media
->bundle() . ' media',
];
$this
->grantPermissions($role, $permissions);
$this
->drupalGet('media/' . $user_media
->id() . '/edit');
$this
->assertCacheContext('user');
$assert_session
->statusCodeEquals(200);
$this
->drupalGet('media/' . $user_media
->id() . '/delete');
$this
->assertCacheContext('user');
$assert_session
->statusCodeEquals(200);
user_role_revoke_permissions($role
->id(), $permissions);
$role = Role::load(RoleInterface::AUTHENTICATED_ID);
$this
->drupalGet('media/' . $media
->id() . '/edit');
$this
->assertCacheContext('user.permissions');
$assert_session
->statusCodeEquals(403);
$this
->drupalGet('media/' . $media
->id() . '/delete');
$this
->assertCacheContext('user.permissions');
$assert_session
->statusCodeEquals(403);
$permissions = [
'edit any ' . $media
->bundle() . ' media',
'delete any ' . $media
->bundle() . ' media',
];
$this
->grantPermissions($role, $permissions);
$this
->drupalGet('media/' . $media
->id() . '/edit');
$this
->assertCacheContext('user.permissions');
$assert_session
->statusCodeEquals(200);
$this
->drupalGet('media/' . $media
->id() . '/delete');
$this
->assertCacheContext('user.permissions');
$assert_session
->statusCodeEquals(200);
$this
->grantPermissions($role, [
'access content overview',
]);
$this
->drupalGet('admin/content');
$assert_session
->linkByHrefNotExists('/admin/content/media');
$this
->assertCacheContext('user');
$mediaOverviewRole = $this
->createRole([
'access content overview',
'access media overview',
]);
$this->nonAdminUser
->addRole($mediaOverviewRole);
$this->nonAdminUser
->save();
$this
->drupalGet('admin/content');
$assert_session
->linkByHrefExists('/admin/content/media');
$this
->clickLink('Media');
$this
->assertCacheContext('user');
$assert_session
->statusCodeEquals(200);
$assert_session
->elementExists('css', '.views-element-container');
$assert_session
->elementTextEquals('xpath', '//div[@class="views-element-container"]//tbody/tr[1]/td[contains(@class, "views-field-uid")]/a', $this->adminUser
->getDisplayName());
$assert_session
->elementTextEquals('xpath', "//div[@class='views-element-container']//tbody/tr[1]/td[contains(@class, 'views-field-name')]/a[contains(@href, '/media/{$media->id()}')]", 'Unnamed');
$assert_session
->elementTextEquals('xpath', '//div[@class="views-element-container"]//tbody/tr[2]/td[contains(@class, "views-field-uid")]/a', $this->nonAdminUser
->getDisplayName());
$assert_session
->elementTextEquals('xpath', "//div[@class='views-element-container']//tbody/tr[2]/td[contains(@class, 'views-field-name')]/a[contains(@href, '/media/{$user_media->id()}')]", 'Unnamed');
}
public function testCanonicalMediaAccess() {
$media_type = $this
->createMediaType('test');
$assert_session = $this
->assertSession();
\Drupal::configFactory()
->getEditable('media.settings')
->set('standalone_url', TRUE)
->save(TRUE);
$this->container
->get('router.builder')
->rebuild();
$media = Media::create([
'bundle' => $media_type
->id(),
'name' => 'Unnamed',
]);
$media
->save();
$user_media = Media::create([
'bundle' => $media_type
->id(),
'name' => 'Unnamed',
'uid' => $this->nonAdminUser
->id(),
]);
$user_media
->save();
$this
->drupalLogin($this->nonAdminUser);
$role = Role::load(RoleInterface::AUTHENTICATED_ID);
user_role_revoke_permissions($role
->id(), [
'view media',
]);
$this
->drupalGet('media/' . $media
->id());
$this
->assertCacheContext('user.permissions');
$assert_session
->statusCodeEquals(403);
$access_result = $media
->access('view', NULL, TRUE);
$this
->assertSame("The 'view media' permission is required when the media item is published.", $access_result
->getReason());
$this
->grantPermissions($role, [
'view media',
]);
$this
->drupalGet('media/' . $media
->id());
$this
->assertCacheContext('user.permissions');
$assert_session
->statusCodeEquals(200);
}
public function testUnpublishedMediaUserAccess() {
\Drupal::configFactory()
->getEditable('media.settings')
->set('standalone_url', TRUE)
->save(TRUE);
$this->container
->get('router.builder')
->rebuild();
$assert_session = $this
->assertSession();
$media_type = $this
->createMediaType('test');
$permissions = [
'view media',
'view own unpublished media',
];
$user_one = $this
->drupalCreateUser($permissions);
$user_two = $this
->drupalCreateUser($permissions);
$user_media = Media::create([
'bundle' => $media_type
->id(),
'name' => 'Unnamed',
'uid' => $user_one
->id(),
]);
$user_media
->setUnpublished()
->save();
$this
->drupalLogin($user_two);
$this
->drupalGet('media/' . $user_media
->id());
$assert_session
->statusCodeEquals(403);
$this
->assertCacheContext('user');
$this
->drupalLogout();
$this
->drupalLogin($user_one);
$this
->drupalGet('media/' . $user_media
->id());
$assert_session
->statusCodeEquals(200);
$this
->assertCacheContext('user');
}
public function testMediaAnonymousUserAccess() {
\Drupal::configFactory()
->getEditable('media.settings')
->set('standalone_url', TRUE)
->save(TRUE);
$this->container
->get('router.builder')
->rebuild();
$assert_session = $this
->assertSession();
$media_type = $this
->createMediaType('test');
$user_media = Media::create([
'bundle' => $media_type
->id(),
'name' => 'Unnamed',
'uid' => 0,
]);
$user_media
->save();
$role = Role::load(RoleInterface::ANONYMOUS_ID);
$this
->grantPermissions($role, [
'view media',
'view own unpublished media',
]);
$this
->drupalLogout();
$user_media
->setPublished()
->save();
$this
->drupalGet('media/' . $user_media
->id());
$assert_session
->statusCodeEquals(200);
$user_media
->setUnpublished()
->save();
$this
->drupalGet('media/' . $user_media
->id());
$assert_session
->statusCodeEquals(403);
$this
->assertCacheContext('user');
}
public function testReferencedRendering() {
\Drupal::configFactory()
->getEditable('media.settings')
->set('standalone_url', TRUE)
->save(TRUE);
$this->container
->get('router.builder')
->rebuild();
$media_type = $this
->createMediaType('test');
FieldStorageConfig::create([
'field_name' => 'field_reference',
'entity_type' => 'media',
'type' => 'entity_reference',
'settings' => [
'target_type' => 'media',
],
])
->save();
FieldConfig::create([
'field_name' => 'field_reference',
'entity_type' => 'media',
'bundle' => $media_type
->id(),
])
->save();
$author = $this
->drupalCreateUser([
'view media',
'view own unpublished media',
]);
$other_user = $this
->drupalCreateUser([
'view media',
'view own unpublished media',
]);
$view_user = $this
->drupalCreateUser([
'view media',
]);
$child_title = 'Child media';
$media_child = Media::create([
'name' => $child_title,
'bundle' => $media_type
->id(),
'uid' => $author
->id(),
]);
$media_child
->setUnpublished()
->save();
$media_parent = Media::create([
'name' => 'Parent media',
'bundle' => $media_type
->id(),
'field_reference' => $media_child
->id(),
]);
$media_parent
->save();
\Drupal::service('entity_display.repository')
->getViewDisplay('media', $media_type
->id(), 'full')
->set('content', [])
->setComponent('title', [
'type' => 'string',
])
->setComponent('field_reference', [
'type' => 'entity_reference_label',
])
->save();
$assert_session = $this
->assertSession();
$this
->drupalLogin($author);
$this
->drupalGet($media_parent
->toUrl());
$this
->assertCacheContext('user');
$assert_session
->pageTextContains($child_title);
$this
->drupalLogin($other_user);
$this
->drupalGet($media_parent
->toUrl());
$this
->assertCacheContext('user');
$assert_session
->pageTextNotContains($child_title);
$this
->drupalLogin($view_user);
$this
->drupalGet($media_parent
->toUrl());
$this
->assertNoCacheContext('user');
$assert_session
->pageTextNotContains($child_title);
}
}