You are here

public function MediaLibraryAccessTest::testFieldWidgetEntityEditAccess in Drupal 8

Same name and namespace in other branches
  1. 9 core/modules/media_library/tests/src/Kernel/MediaLibraryAccessTest.php \Drupal\Tests\media_library\Kernel\MediaLibraryAccessTest::testFieldWidgetEntityEditAccess()

Tests that the field widget opener respects entity-specific access.

File

core/modules/media_library/tests/src/Kernel/MediaLibraryAccessTest.php, line 202

Class

MediaLibraryAccessTest
Tests the media library access.

Namespace

Drupal\Tests\media_library\Kernel

Code

public function testFieldWidgetEntityEditAccess() {

  /** @var \Drupal\media_library\MediaLibraryUiBuilder $ui_builder */
  $ui_builder = $this->container
    ->get('media_library.ui_builder');
  $forbidden_entity = EntityTest::create([
    'type' => 'test',
    // This label will automatically cause an access denial.
    // @see \Drupal\entity_test\EntityTestAccessControlHandler::checkAccess()
    'name' => 'forbid_access',
  ]);
  $forbidden_entity
    ->save();

  // Create a media library state to test access.
  $state = MediaLibraryState::create('media_library.opener.field_widget', [
    'file',
    'image',
  ], 'file', 2, [
    'entity_type_id' => $forbidden_entity
      ->getEntityTypeId(),
    'bundle' => $forbidden_entity
      ->bundle(),
    'field_name' => 'field_test_media',
    'entity_id' => $forbidden_entity
      ->id(),
  ]);
  $access_result = $ui_builder
    ->checkAccess($this
    ->createUser(), $state);
  $this
    ->assertAccess($access_result, FALSE, NULL, [], [
    'url.query_args',
  ]);
  $neutral_entity = EntityTest::create([
    'type' => 'test',
    // This label will result in neutral access.
    // @see \Drupal\entity_test\EntityTestAccessControlHandler::checkAccess()
    'name' => $this
      ->randomString(),
  ]);
  $neutral_entity
    ->save();
  $parameters = $state
    ->getOpenerParameters();
  $parameters['entity_id'] = $neutral_entity
    ->id();
  $state = MediaLibraryState::create($state
    ->getOpenerId(), $state
    ->getAllowedTypeIds(), $state
    ->getSelectedTypeId(), $state
    ->getAvailableSlots(), $parameters);
  $access_result = $ui_builder
    ->checkAccess($this
    ->createUser(), $state);
  $this
    ->assertTrue($access_result
    ->isNeutral());
  $this
    ->assertAccess($access_result, FALSE, NULL, [], [
    'url.query_args',
    'user.permissions',
  ]);

  // Give the user permission to edit the entity and assert that access is
  // granted.
  $account = $this
    ->createUser([
    'administer entity_test content',
    'view media',
  ]);
  $access_result = $ui_builder
    ->checkAccess($account, $state);
  $this
    ->assertAccess($access_result, TRUE, NULL, Views::getView('media_library')->storage
    ->getCacheTags(), [
    'url.query_args',
    'user.permissions',
  ]);
}