You are here

public function MediaAccessTest::testMediaAccess in Drupal 10

Same name and namespace in other branches
  1. 8 core/modules/media/tests/src/Functional/MediaAccessTest.php \Drupal\Tests\media\Functional\MediaAccessTest::testMediaAccess()
  2. 9 core/modules/media/tests/src/Functional/MediaAccessTest.php \Drupal\Tests\media\Functional\MediaAccessTest::testMediaAccess()

Tests some access control functionality.

File

core/modules/media/tests/src/Functional/MediaAccessTest.php, line 46

Class

MediaAccessTest
Basic access tests for Media.

Namespace

Drupal\Tests\media\Functional

Code

public function testMediaAccess() {
  $assert_session = $this
    ->assertSession();
  $media_type = $this
    ->createMediaType('test');
  \Drupal::configFactory()
    ->getEditable('media.settings')
    ->set('standalone_url', TRUE)
    ->save(TRUE);
  $this->container
    ->get('router.builder')
    ->rebuild();

  // Create media.
  $media = Media::create([
    'bundle' => $media_type
      ->id(),
    'name' => 'Unnamed',
  ]);
  $media
    ->save();
  $user_media = Media::create([
    'bundle' => $media_type
      ->id(),
    'name' => 'Unnamed',
    'uid' => $this->nonAdminUser
      ->id(),
  ]);
  $user_media
    ->save();

  // We are logged in as admin, so test 'administer media' permission.
  $this
    ->drupalGet('media/add/' . $media_type
    ->id());
  $this
    ->assertCacheContext('user.permissions');
  $assert_session
    ->statusCodeEquals(200);
  $this
    ->drupalGet('media/' . $user_media
    ->id());
  $this
    ->assertCacheContext('user.permissions');
  $assert_session
    ->statusCodeEquals(200);
  $this
    ->drupalGet('media/' . $user_media
    ->id() . '/edit');
  $this
    ->assertCacheContext('user.permissions');
  $assert_session
    ->statusCodeEquals(200);
  $this
    ->drupalGet('media/' . $user_media
    ->id() . '/delete');
  $this
    ->assertCacheContext('user.permissions');
  $assert_session
    ->statusCodeEquals(200);
  $this
    ->drupalLogin($this->nonAdminUser);

  /** @var \Drupal\user\RoleInterface $role */
  $role = Role::load(RoleInterface::AUTHENTICATED_ID);
  user_role_revoke_permissions($role
    ->id(), [
    'view media',
  ]);

  // Test 'create BUNDLE media' permission.
  $this
    ->drupalGet('media/add/' . $media_type
    ->id());
  $this
    ->assertCacheContext('user.permissions');
  $assert_session
    ->statusCodeEquals(403);
  $permissions = [
    'create ' . $media_type
      ->id() . ' media',
  ];
  $this
    ->grantPermissions($role, $permissions);
  $this
    ->drupalGet('media/add/' . $media_type
    ->id());
  $this
    ->assertCacheContext('user.permissions');
  $assert_session
    ->statusCodeEquals(200);
  user_role_revoke_permissions($role
    ->id(), $permissions);
  $role = Role::load(RoleInterface::AUTHENTICATED_ID);

  // Verify the author can not view the unpublished media item without
  // 'view own unpublished media' permission.
  $this
    ->grantPermissions($role, [
    'view media',
  ]);
  $this
    ->drupalGet('media/' . $user_media
    ->id());
  $this
    ->assertNoCacheContext('user');
  $this
    ->assertCacheContext('user.permissions');
  $assert_session
    ->statusCodeEquals(200);
  $user_media
    ->setUnpublished()
    ->save();
  $this
    ->drupalGet('media/' . $user_media
    ->id());
  $this
    ->assertCacheContext('user.permissions');
  $assert_session
    ->statusCodeEquals(403);
  $access_result = $user_media
    ->access('view', NULL, TRUE);
  $this
    ->assertSame("The user must be the owner and the 'view own unpublished media' permission is required when the media item is unpublished.", $access_result
    ->getReason());
  $this
    ->grantPermissions($role, [
    'view own unpublished media',
  ]);
  $this
    ->drupalGet('media/' . $user_media
    ->id());
  $this
    ->assertCacheContext('user');
  $assert_session
    ->statusCodeEquals(200);

  // Test 'create media' permission.
  $this
    ->drupalGet('media/add/' . $media_type
    ->id());
  $this
    ->assertCacheContext('user.permissions');
  $assert_session
    ->statusCodeEquals(403);
  $permissions = [
    'create media',
  ];
  $this
    ->grantPermissions($role, $permissions);
  $this
    ->drupalGet('media/add/' . $media_type
    ->id());
  $this
    ->assertCacheContext('user.permissions');
  $assert_session
    ->statusCodeEquals(200);
  user_role_revoke_permissions($role
    ->id(), $permissions);
  $role = Role::load(RoleInterface::AUTHENTICATED_ID);

  // Test 'edit own BUNDLE media' and 'delete own BUNDLE media' permissions.
  $this
    ->drupalGet('media/' . $user_media
    ->id() . '/edit');
  $this
    ->assertCacheContext('user.permissions');
  $assert_session
    ->statusCodeEquals(403);
  $this
    ->drupalGet('media/' . $user_media
    ->id() . '/delete');
  $this
    ->assertCacheContext('user.permissions');
  $assert_session
    ->statusCodeEquals(403);
  $permissions = [
    'edit own ' . $user_media
      ->bundle() . ' media',
    'delete own ' . $user_media
      ->bundle() . ' media',
  ];
  $this
    ->grantPermissions($role, $permissions);
  $this
    ->drupalGet('media/' . $user_media
    ->id() . '/edit');
  $this
    ->assertCacheContext('user');
  $assert_session
    ->statusCodeEquals(200);
  $this
    ->drupalGet('media/' . $user_media
    ->id() . '/delete');
  $this
    ->assertCacheContext('user');
  $assert_session
    ->statusCodeEquals(200);
  user_role_revoke_permissions($role
    ->id(), $permissions);
  $role = Role::load(RoleInterface::AUTHENTICATED_ID);

  // Test 'edit any BUNDLE media' and 'delete any BUNDLE media' permissions.
  $this
    ->drupalGet('media/' . $media
    ->id() . '/edit');
  $this
    ->assertCacheContext('user.permissions');
  $assert_session
    ->statusCodeEquals(403);
  $this
    ->drupalGet('media/' . $media
    ->id() . '/delete');
  $this
    ->assertCacheContext('user.permissions');
  $assert_session
    ->statusCodeEquals(403);
  $permissions = [
    'edit any ' . $media
      ->bundle() . ' media',
    'delete any ' . $media
      ->bundle() . ' media',
  ];
  $this
    ->grantPermissions($role, $permissions);
  $this
    ->drupalGet('media/' . $media
    ->id() . '/edit');
  $this
    ->assertCacheContext('user.permissions');
  $assert_session
    ->statusCodeEquals(200);
  $this
    ->drupalGet('media/' . $media
    ->id() . '/delete');
  $this
    ->assertCacheContext('user.permissions');
  $assert_session
    ->statusCodeEquals(200);

  // Test the 'access media overview' permission.
  $this
    ->grantPermissions($role, [
    'access content overview',
  ]);
  $this
    ->drupalGet('admin/content');
  $assert_session
    ->linkByHrefNotExists('/admin/content/media');
  $this
    ->assertCacheContext('user');

  // Create a new role, which implicitly checks if the permission exists.
  $mediaOverviewRole = $this
    ->createRole([
    'access content overview',
    'access media overview',
  ]);
  $this->nonAdminUser
    ->addRole($mediaOverviewRole);
  $this->nonAdminUser
    ->save();
  $this
    ->drupalGet('admin/content');
  $assert_session
    ->linkByHrefExists('/admin/content/media');
  $this
    ->clickLink('Media');
  $this
    ->assertCacheContext('user');
  $assert_session
    ->statusCodeEquals(200);
  $assert_session
    ->elementExists('css', '.views-element-container');

  // First row of the View contains media created by admin user.
  $assert_session
    ->elementTextEquals('xpath', '//div[@class="views-element-container"]//tbody/tr[1]/td[contains(@class, "views-field-uid")]/a', $this->adminUser
    ->getDisplayName());
  $assert_session
    ->elementTextEquals('xpath', "//div[@class='views-element-container']//tbody/tr[1]/td[contains(@class, 'views-field-name')]/a[contains(@href, '/media/{$media->id()}')]", 'Unnamed');

  // Second row of the View contains media created by non-admin user.
  $assert_session
    ->elementTextEquals('xpath', '//div[@class="views-element-container"]//tbody/tr[2]/td[contains(@class, "views-field-uid")]/a', $this->nonAdminUser
    ->getDisplayName());
  $assert_session
    ->elementTextEquals('xpath', "//div[@class='views-element-container']//tbody/tr[2]/td[contains(@class, 'views-field-name')]/a[contains(@href, '/media/{$user_media->id()}')]", 'Unnamed');
}