public function WidgetAccessTest::testWidgetAccess in Drupal 9
Same name and namespace in other branches
- 8 core/modules/media_library/tests/src/FunctionalJavascript/WidgetAccessTest.php \Drupal\Tests\media_library\FunctionalJavascript\WidgetAccessTest::testWidgetAccess()
Tests that the widget access works as expected.
File
- core/
modules/ media_library/ tests/ src/ FunctionalJavascript/ WidgetAccessTest.php, line 20
Class
- WidgetAccessTest
- Tests the media library UI access.
Namespace
Drupal\Tests\media_library\FunctionalJavascriptCode
public function testWidgetAccess() {
$assert_session = $this
->assertSession();
$session = $this
->getSession();
$this
->createMediaItems([
'type_one' => [
'Horse',
'Bear',
],
]);
$account = $this
->drupalCreateUser([
'create basic_page content',
]);
$this
->drupalLogin($account);
// Assert users can not select media items they do not have access to.
$unpublished_media = Media::create([
'name' => 'Mosquito',
'bundle' => 'type_one',
'field_media_test' => 'Mosquito',
'status' => FALSE,
]);
$unpublished_media
->save();
// Visit a node create page.
$this
->drupalGet('node/add/basic_page');
// Set the hidden value and trigger the mousedown event on the button via
// JavaScript since the field and button are hidden.
$session
->executeScript("jQuery('[data-media-library-widget-value=\"field_unlimited_media\"]').val('1,2,{$unpublished_media->id()}')");
$session
->executeScript("jQuery('[data-media-library-widget-update=\"field_unlimited_media\"]').trigger('mousedown')");
$this
->assertElementExistsAfterWait('css', '.js-media-library-item');
// Assert the published items are selected and the unpublished item is not
// selected.
$assert_session
->pageTextContains('Horse');
$assert_session
->pageTextContains('Bear');
$assert_session
->pageTextNotContains('Mosquito');
$this
->drupalLogout();
$role = Role::load(RoleInterface::ANONYMOUS_ID);
$role
->revokePermission('view media');
$role
->save();
// Create a working state.
$allowed_types = [
'type_one',
'type_two',
'type_three',
'type_four',
];
// The opener parameters are not relevant to the test, but the opener
// expects them to be there or it will deny access.
$state = MediaLibraryState::create('media_library.opener.field_widget', $allowed_types, 'type_three', 2, [
'entity_type_id' => 'node',
'bundle' => 'basic_page',
'field_name' => 'field_unlimited_media',
]);
$url_options = [
'query' => $state
->all(),
];
// Verify that unprivileged users can't access the widget view.
$this
->drupalGet('admin/content/media-widget', $url_options);
$assert_session
->responseContains('Access denied');
$this
->drupalGet('admin/content/media-widget-table', $url_options);
$assert_session
->responseContains('Access denied');
$this
->drupalGet('media-library', $url_options);
$assert_session
->responseContains('Access denied');
// Allow users with 'view media' permission to access the media library view
// and controller. Since we are using the node entity type in the state
// object, ensure the user also has permission to work with those.
$this
->grantPermissions($role, [
'create basic_page content',
'view media',
]);
$this
->drupalGet('admin/content/media-widget', $url_options);
$assert_session
->elementExists('css', '.view-media-library');
$this
->drupalGet('admin/content/media-widget-table', $url_options);
$assert_session
->elementExists('css', '.view-media-library');
$this
->drupalGet('media-library', $url_options);
$assert_session
->elementExists('css', '.view-media-library');
// Assert the user does not have access to the media add form if the user
// does not have the 'create media' permission.
$assert_session
->fieldNotExists('files[upload][]');
// Assert users can not access the widget displays of the media library view
// without a valid media library state.
$this
->drupalGet('admin/content/media-widget');
$assert_session
->responseContains('Access denied');
$this
->drupalGet('admin/content/media-widget-table');
$assert_session
->responseContains('Access denied');
$this
->drupalGet('media-library');
$assert_session
->responseContains('Access denied');
// Assert users with the 'create media' permission can access the media add
// form.
$this
->grantPermissions($role, [
'create media',
]);
$this
->drupalGet('media-library', $url_options);
$assert_session
->elementExists('css', '.view-media-library');
$assert_session
->fieldExists('Add files');
// Assert the media library can not be accessed if the required state
// parameters are changed without changing the hash.
$this
->drupalGet('media-library', [
'query' => array_merge($url_options['query'], [
'media_library_opener_id' => 'fail',
]),
]);
$assert_session
->responseContains('Access denied');
$this
->drupalGet('media-library', [
'query' => array_merge($url_options['query'], [
'media_library_allowed_types' => [
'type_one',
'type_two',
],
]),
]);
$assert_session
->responseContains('Access denied');
$this
->drupalGet('media-library', [
'query' => array_merge($url_options['query'], [
'media_library_selected_type' => 'type_one',
]),
]);
$assert_session
->responseContains('Access denied');
$this
->drupalGet('media-library', [
'query' => array_merge($url_options['query'], [
'media_library_remaining' => 3,
]),
]);
$assert_session
->responseContains('Access denied');
$this
->drupalGet('media-library', [
'query' => array_merge($url_options['query'], [
'hash' => 'fail',
]),
]);
$assert_session
->responseContains('Access denied');
}