You are here

public function TermAccessTest::testTermAccess in Drupal 8

Same name and namespace in other branches
  1. 9 core/modules/taxonomy/tests/src/Functional/TermAccessTest.php \Drupal\Tests\taxonomy\Functional\TermAccessTest::testTermAccess()

Test access control functionality for taxonomy terms.

File

core/modules/taxonomy/tests/src/Functional/TermAccessTest.php, line 26

Class

TermAccessTest
Tests the taxonomy term access permissions.

Namespace

Drupal\Tests\taxonomy\Functional

Code

public function testTermAccess() {
  $assert_session = $this
    ->assertSession();
  $vocabulary = $this
    ->createVocabulary();

  // Create two terms.
  $published_term = Term::create([
    'vid' => $vocabulary
      ->id(),
    'name' => 'Published term',
    'status' => 1,
  ]);
  $published_term
    ->save();
  $unpublished_term = Term::create([
    'vid' => $vocabulary
      ->id(),
    'name' => 'Unpublished term',
    'status' => 0,
  ]);
  $unpublished_term
    ->save();

  // Start off logged in as admin.
  $this
    ->drupalLogin($this
    ->drupalCreateUser([
    'administer taxonomy',
  ]));

  // Test the 'administer taxonomy' permission.
  $this
    ->drupalGet('taxonomy/term/' . $published_term
    ->id());
  $assert_session
    ->statusCodeEquals(200);
  $this
    ->assertTermAccess($published_term, 'view', TRUE);
  $this
    ->drupalGet('taxonomy/term/' . $unpublished_term
    ->id());
  $assert_session
    ->statusCodeEquals(200);
  $this
    ->assertTermAccess($unpublished_term, 'view', TRUE);
  $this
    ->drupalGet('taxonomy/term/' . $published_term
    ->id() . '/edit');
  $assert_session
    ->statusCodeEquals(200);
  $this
    ->assertTermAccess($published_term, 'update', TRUE);
  $this
    ->drupalGet('taxonomy/term/' . $unpublished_term
    ->id() . '/edit');
  $assert_session
    ->statusCodeEquals(200);
  $this
    ->assertTermAccess($unpublished_term, 'update', TRUE);
  $this
    ->drupalGet('taxonomy/term/' . $published_term
    ->id() . '/delete');
  $assert_session
    ->statusCodeEquals(200);
  $this
    ->assertTermAccess($published_term, 'delete', TRUE);
  $this
    ->drupalGet('taxonomy/term/' . $unpublished_term
    ->id() . '/delete');
  $assert_session
    ->statusCodeEquals(200);
  $this
    ->assertTermAccess($unpublished_term, 'delete', TRUE);

  // Test the 'access content' permission.
  $this
    ->drupalLogin($this
    ->drupalCreateUser([
    'access content',
  ]));
  $this
    ->drupalGet('taxonomy/term/' . $published_term
    ->id());
  $assert_session
    ->statusCodeEquals(200);
  $this
    ->assertTermAccess($published_term, 'view', TRUE);
  $this
    ->drupalGet('taxonomy/term/' . $unpublished_term
    ->id());
  $assert_session
    ->statusCodeEquals(403);
  $this
    ->assertTermAccess($unpublished_term, 'view', FALSE, "The 'access content' permission is required and the taxonomy term must be published.");
  $this
    ->drupalGet('taxonomy/term/' . $published_term
    ->id() . '/edit');
  $assert_session
    ->statusCodeEquals(403);
  $this
    ->assertTermAccess($published_term, 'update', FALSE, "The following permissions are required: 'edit terms in {$vocabulary->id()}' OR 'administer taxonomy'.");
  $this
    ->drupalGet('taxonomy/term/' . $unpublished_term
    ->id() . '/edit');
  $assert_session
    ->statusCodeEquals(403);
  $this
    ->assertTermAccess($unpublished_term, 'update', FALSE, "The following permissions are required: 'edit terms in {$vocabulary->id()}' OR 'administer taxonomy'.");
  $this
    ->drupalGet('taxonomy/term/' . $published_term
    ->id() . '/delete');
  $assert_session
    ->statusCodeEquals(403);
  $this
    ->assertTermAccess($published_term, 'delete', FALSE, "The following permissions are required: 'delete terms in {$vocabulary->id()}' OR 'administer taxonomy'.");
  $this
    ->drupalGet('taxonomy/term/' . $unpublished_term
    ->id() . '/delete');
  $assert_session
    ->statusCodeEquals(403);
  $this
    ->assertTermAccess($unpublished_term, 'delete', FALSE, "The following permissions are required: 'delete terms in {$vocabulary->id()}' OR 'administer taxonomy'.");

  // Install the Views module and repeat the checks for the 'view' permission.
  \Drupal::service('module_installer')
    ->install([
    'views',
  ], TRUE);
  $this
    ->rebuildContainer();
  $this
    ->drupalGet('taxonomy/term/' . $published_term
    ->id());
  $assert_session
    ->statusCodeEquals(200);

  // @todo Change this assertion to expect a 403 status code when
  //   https://www.drupal.org/project/drupal/issues/2983070 is fixed.
  $this
    ->drupalGet('taxonomy/term/' . $unpublished_term
    ->id());
  $assert_session
    ->statusCodeEquals(404);
}