You are here

class WidgetAccessTest in Drupal 10

Same name and namespace in other branches
  1. 8 core/modules/media_library/tests/src/FunctionalJavascript/WidgetAccessTest.php \Drupal\Tests\media_library\FunctionalJavascript\WidgetAccessTest
  2. 9 core/modules/media_library/tests/src/FunctionalJavascript/WidgetAccessTest.php \Drupal\Tests\media_library\FunctionalJavascript\WidgetAccessTest

Tests the media library UI access.

@group media_library

Hierarchy

Expanded class hierarchy of WidgetAccessTest

File

core/modules/media_library/tests/src/FunctionalJavascript/WidgetAccessTest.php, line 15

Namespace

Drupal\Tests\media_library\FunctionalJavascript
View source
class WidgetAccessTest extends MediaLibraryTestBase {

  /**
   * {@inheritdoc}
   */
  protected $defaultTheme = 'stark';

  /**
   * Tests that the widget access works as expected.
   */
  public function testWidgetAccess() {
    $assert_session = $this
      ->assertSession();
    $session = $this
      ->getSession();
    $this
      ->createMediaItems([
      'type_one' => [
        'Horse',
        'Bear',
      ],
    ]);
    $account = $this
      ->drupalCreateUser([
      'create basic_page content',
    ]);
    $this
      ->drupalLogin($account);

    // Assert users can not select media items they do not have access to.
    $unpublished_media = Media::create([
      'name' => 'Mosquito',
      'bundle' => 'type_one',
      'field_media_test' => 'Mosquito',
      'status' => FALSE,
    ]);
    $unpublished_media
      ->save();

    // Visit a node create page.
    $this
      ->drupalGet('node/add/basic_page');

    // Set the hidden value and trigger the mousedown event on the button via
    // JavaScript since the field and button are hidden.
    $session
      ->executeScript("jQuery('[data-media-library-widget-value=\"field_unlimited_media\"]').val('1,2,{$unpublished_media->id()}')");
    $session
      ->executeScript("jQuery('[data-media-library-widget-update=\"field_unlimited_media\"]').trigger('mousedown')");
    $this
      ->assertElementExistsAfterWait('css', '.js-media-library-item');

    // Assert the published items are selected and the unpublished item is not
    // selected.
    $assert_session
      ->pageTextContains('Horse');
    $assert_session
      ->pageTextContains('Bear');
    $assert_session
      ->pageTextNotContains('Mosquito');
    $this
      ->drupalLogout();
    $role = Role::load(RoleInterface::ANONYMOUS_ID);
    $role
      ->revokePermission('view media');
    $role
      ->save();

    // Create a working state.
    $allowed_types = [
      'type_one',
      'type_two',
      'type_three',
      'type_four',
    ];

    // The opener parameters are not relevant to the test, but the opener
    // expects them to be there or it will deny access.
    $state = MediaLibraryState::create('media_library.opener.field_widget', $allowed_types, 'type_three', 2, [
      'entity_type_id' => 'node',
      'bundle' => 'basic_page',
      'field_name' => 'field_unlimited_media',
    ]);
    $url_options = [
      'query' => $state
        ->all(),
    ];

    // Verify that unprivileged users can't access the widget view.
    $this
      ->drupalGet('admin/content/media-widget', $url_options);
    $assert_session
      ->responseContains('Access denied');
    $this
      ->drupalGet('admin/content/media-widget-table', $url_options);
    $assert_session
      ->responseContains('Access denied');
    $this
      ->drupalGet('media-library', $url_options);
    $assert_session
      ->responseContains('Access denied');

    // Allow users with 'view media' permission to access the media library view
    // and controller. Since we are using the node entity type in the state
    // object, ensure the user also has permission to work with those.
    $this
      ->grantPermissions($role, [
      'create basic_page content',
      'view media',
    ]);
    $this
      ->drupalGet('admin/content/media-widget', $url_options);
    $assert_session
      ->elementExists('css', '.js-media-library-view');
    $this
      ->drupalGet('admin/content/media-widget-table', $url_options);
    $assert_session
      ->elementExists('css', '.js-media-library-view');
    $this
      ->drupalGet('media-library', $url_options);
    $assert_session
      ->elementExists('css', '.js-media-library-view');

    // Assert the user does not have access to the media add form if the user
    // does not have the 'create media' permission.
    $assert_session
      ->fieldNotExists('files[upload][]');

    // Assert users can not access the widget displays of the media library view
    // without a valid media library state.
    $this
      ->drupalGet('admin/content/media-widget');
    $assert_session
      ->responseContains('Access denied');
    $this
      ->drupalGet('admin/content/media-widget-table');
    $assert_session
      ->responseContains('Access denied');
    $this
      ->drupalGet('media-library');
    $assert_session
      ->responseContains('Access denied');

    // Assert users with the 'create media' permission can access the media add
    // form.
    $this
      ->grantPermissions($role, [
      'create media',
    ]);
    $this
      ->drupalGet('media-library', $url_options);
    $assert_session
      ->elementExists('css', '.js-media-library-view');
    $assert_session
      ->fieldExists('Add files');

    // Assert the media library can not be accessed if the required state
    // parameters are changed without changing the hash.
    $this
      ->drupalGet('media-library', [
      'query' => array_merge($url_options['query'], [
        'media_library_opener_id' => 'fail',
      ]),
    ]);
    $assert_session
      ->responseContains('Access denied');
    $this
      ->drupalGet('media-library', [
      'query' => array_merge($url_options['query'], [
        'media_library_allowed_types' => [
          'type_one',
          'type_two',
        ],
      ]),
    ]);
    $assert_session
      ->responseContains('Access denied');
    $this
      ->drupalGet('media-library', [
      'query' => array_merge($url_options['query'], [
        'media_library_selected_type' => 'type_one',
      ]),
    ]);
    $assert_session
      ->responseContains('Access denied');
    $this
      ->drupalGet('media-library', [
      'query' => array_merge($url_options['query'], [
        'media_library_remaining' => 3,
      ]),
    ]);
    $assert_session
      ->responseContains('Access denied');
    $this
      ->drupalGet('media-library', [
      'query' => array_merge($url_options['query'], [
        'hash' => 'fail',
      ]),
    ]);
    $assert_session
      ->responseContains('Access denied');
  }

}

Members