View source
<?php
namespace Drupal\Tests\user\Functional;
use Drupal\Tests\BrowserTestBase;
use Drupal\user\RoleInterface;
use Drupal\user\Entity\Role;
class UserPermissionsTest extends BrowserTestBase {
protected $adminUser;
protected $rid;
protected $defaultTheme = 'stark';
protected function setUp() {
parent::setUp();
$this->adminUser = $this
->drupalCreateUser([
'administer permissions',
'access user profiles',
'administer site configuration',
'administer modules',
'administer account settings',
]);
$all_rids = $this->adminUser
->getRoles();
unset($all_rids[array_search(RoleInterface::AUTHENTICATED_ID, $all_rids)]);
$this->rid = reset($all_rids);
}
public function testUserPermissionChanges() {
$permissions_hash_generator = $this->container
->get('user_permissions_hash_generator');
$storage = $this->container
->get('entity_type.manager')
->getStorage('user_role');
Role::create([
'is_admin' => TRUE,
'id' => 'administrator',
'label' => 'Administrator',
])
->save();
$storage
->resetCache();
$this
->drupalLogin($this->adminUser);
$rid = $this->rid;
$account = $this->adminUser;
$previous_permissions_hash = $permissions_hash_generator
->generate($account);
$this
->assertIdentical($previous_permissions_hash, $permissions_hash_generator
->generate($this->loggedInUser));
$this
->assertFalse($account
->hasPermission('administer users'), 'User does not have "administer users" permission.');
$edit = [];
$edit[$rid . '[administer users]'] = TRUE;
$this
->drupalPostForm('admin/people/permissions', $edit, t('Save permissions'));
$this
->assertText(t('The changes have been saved.'), 'Successful save message displayed.');
$storage
->resetCache();
$this
->assertTrue($account
->hasPermission('administer users'), 'User now has "administer users" permission.');
$current_permissions_hash = $permissions_hash_generator
->generate($account);
$this
->assertIdentical($current_permissions_hash, $permissions_hash_generator
->generate($this->loggedInUser));
$this
->assertNotEqual($previous_permissions_hash, $current_permissions_hash, 'Permissions hash has changed.');
$previous_permissions_hash = $current_permissions_hash;
$this
->assertTrue($account
->hasPermission('access user profiles'), 'User has "access user profiles" permission.');
$edit = [];
$edit[$rid . '[access user profiles]'] = FALSE;
$this
->drupalPostForm('admin/people/permissions', $edit, t('Save permissions'));
$this
->assertText(t('The changes have been saved.'), 'Successful save message displayed.');
$storage
->resetCache();
$this
->assertFalse($account
->hasPermission('access user profiles'), 'User no longer has "access user profiles" permission.');
$current_permissions_hash = $permissions_hash_generator
->generate($account);
$this
->assertIdentical($current_permissions_hash, $permissions_hash_generator
->generate($this->loggedInUser));
$this
->assertNotEqual($previous_permissions_hash, $current_permissions_hash, 'Permissions hash has changed.');
$this
->drupalGet('admin/people/permissions');
foreach (array_keys($this->container
->get('user.permissions')
->getPermissions()) as $permission) {
$this
->assertSession()
->checkboxChecked('administrator[' . $permission . ']');
$this
->assertSession()
->fieldDisabled('administrator[' . $permission . ']');
}
}
public function testAdministratorRole() {
$this
->drupalLogin($this->adminUser);
$this
->drupalGet('admin/config/people/accounts');
$this
->assertOptionSelected('edit-user-admin-role', '', 'Administration role defaults to none.');
$this
->assertFalse(Role::load($this->rid)
->isAdmin());
$edit = [];
$edit['user_admin_role'] = $this->rid;
$this
->drupalPostForm('admin/config/people/accounts', $edit, t('Save configuration'));
\Drupal::entityTypeManager()
->getStorage('user_role')
->resetCache();
$this
->assertTrue(Role::load($this->rid)
->isAdmin());
\Drupal::service('module_installer')
->install([
'aggregator',
]);
$this
->assertTrue($this->adminUser
->hasPermission('administer news feeds'), 'The permission was automatically assigned to the administrator role');
$edit = [];
$edit['user_admin_role'] = '';
$this
->drupalPostForm('admin/config/people/accounts', $edit, t('Save configuration'));
\Drupal::entityTypeManager()
->getStorage('user_role')
->resetCache();
\Drupal::configFactory()
->reset();
$this
->assertFalse(Role::load($this->rid)
->isAdmin());
Role::create([
'id' => 'admin_role_0',
'is_admin' => TRUE,
'label' => 'Admin role 0',
])
->save();
Role::create([
'id' => 'admin_role_1',
'is_admin' => TRUE,
'label' => 'Admin role 1',
])
->save();
$this
->drupalGet('admin/config/people/accounts');
$this
->assertNoFieldByName('user_admin_role');
}
public function testUserRoleChangePermissions() {
$permissions_hash_generator = $this->container
->get('user_permissions_hash_generator');
$rid = $this->rid;
$account = $this->adminUser;
$previous_permissions_hash = $permissions_hash_generator
->generate($account);
$this
->assertFalse($account
->hasPermission('administer users'), 'User does not have "administer users" permission.');
$this
->assertTrue($account
->hasPermission('access user profiles'), 'User has "access user profiles" permission.');
$this
->assertTrue($account
->hasPermission('administer site configuration'), 'User has "administer site configuration" permission.');
$permissions = [
'administer users' => 1,
'access user profiles' => 0,
];
user_role_change_permissions($rid, $permissions);
$this
->assertTrue($account
->hasPermission('administer users'), 'User now has "administer users" permission.');
$this
->assertFalse($account
->hasPermission('access user profiles'), 'User no longer has "access user profiles" permission.');
$this
->assertTrue($account
->hasPermission('administer site configuration'), 'User still has "administer site configuration" permission.');
$current_permissions_hash = $permissions_hash_generator
->generate($account);
$this
->assertNotEqual($previous_permissions_hash, $current_permissions_hash, 'Permissions hash has changed.');
}
public function testAccessContentPermission() {
$this
->drupalLogin($this->adminUser);
$this
->drupalGet('admin/people/permissions');
$next_row = $this
->xpath('//tr[@data-drupal-selector=\'edit-permissions-access-content\']/following-sibling::tr[1]');
$this
->assertEqual('edit-permissions-access-site-reports', $next_row[0]
->getAttribute('data-drupal-selector'));
\Drupal::service('module_installer')
->install([
'node',
]);
$this
->drupalGet('admin/people/permissions');
$next_row = $this
->xpath('//tr[@data-drupal-selector=\'edit-permissions-access-content\']/following-sibling::tr[1]');
$this
->assertEqual('edit-permissions-view-own-unpublished-content', $next_row[0]
->getAttribute('data-drupal-selector'));
}
}