public function AccessDeniedTest::testAccessDenied in Drupal 9
Same name and namespace in other branches
- 8 core/modules/system/tests/src/Functional/System/AccessDeniedTest.php \Drupal\Tests\system\Functional\System\AccessDeniedTest::testAccessDenied()
- 10 core/modules/system/tests/src/Functional/System/AccessDeniedTest.php \Drupal\Tests\system\Functional\System\AccessDeniedTest::testAccessDenied()
File
- core/
modules/ system/ tests/ src/ Functional/ System/ AccessDeniedTest.php, line 51
Class
- AccessDeniedTest
- Tests page access denied functionality, including custom 403 pages.
Namespace
Drupal\Tests\system\Functional\SystemCode
public function testAccessDenied() {
$this
->drupalGet('admin');
$this
->assertSession()
->pageTextContains('Access denied');
$this
->assertSession()
->statusCodeEquals(403);
// Ensure that users without permission are denied access and have the
// correct path information in drupalSettings.
$this
->drupalLogin($this
->createUser([]));
$this
->drupalGet('admin', [
'query' => [
'foo' => 'bar',
],
]);
$settings = $this
->getDrupalSettings();
$this
->assertEquals('admin', $settings['path']['currentPath']);
$this
->assertTrue($settings['path']['currentPathIsAdmin']);
$this
->assertEquals([
'foo' => 'bar',
], $settings['path']['currentQuery']);
$this
->drupalLogin($this->adminUser);
// Set a custom 404 page without a starting slash.
$edit = [
'site_403' => 'user/' . $this->adminUser
->id(),
];
$this
->drupalGet('admin/config/system/site-information');
$this
->submitForm($edit, 'Save configuration');
$this
->assertSession()
->pageTextContains("The path '{$edit['site_403']}' has to start with a slash.");
// Use a custom 403 page.
$edit = [
'site_403' => '/user/' . $this->adminUser
->id(),
];
$this
->drupalGet('admin/config/system/site-information');
$this
->submitForm($edit, 'Save configuration');
// Enable the user login block.
$block = $this
->drupalPlaceBlock('user_login_block', [
'id' => 'login',
]);
// Log out and check that the user login block is shown on custom 403 pages.
$this
->drupalLogout();
$this
->drupalGet('admin');
$this
->assertSession()
->pageTextContains($this->adminUser
->getAccountName());
$this
->assertSession()
->pageTextContains('Username');
// Log back in and remove the custom 403 page.
$this
->drupalLogin($this->adminUser);
$edit = [
'site_403' => '',
];
$this
->drupalGet('admin/config/system/site-information');
$this
->submitForm($edit, 'Save configuration');
// Logout and check that the user login block is shown on default 403 pages.
$this
->drupalLogout();
$this
->drupalGet('admin');
$this
->assertSession()
->pageTextContains('Access denied');
$this
->assertSession()
->statusCodeEquals(403);
$this
->assertSession()
->pageTextContains('Username');
// Log back in, set the custom 403 page to /user/login and remove the block
$this
->drupalLogin($this->adminUser);
$this
->config('system.site')
->set('page.403', '/user/login')
->save();
$block
->disable()
->save();
// Check that we can log in from the 403 page.
$this
->drupalLogout();
$edit = [
'name' => $this->adminUser
->getAccountName(),
'pass' => $this->adminUser->pass_raw,
];
$this
->drupalGet('admin/config/system/site-information');
$this
->submitForm($edit, 'Log in');
// Check that we're still on the same page.
$this
->assertSession()
->pageTextContains('Basic site settings');
}