public function BulkFormAccessTest::testUserDeleteAccess in Drupal 8
Same name and namespace in other branches
- 9 core/modules/user/tests/src/Functional/Views/BulkFormAccessTest.php \Drupal\Tests\user\Functional\Views\BulkFormAccessTest::testUserDeleteAccess()
Tests if users that may not be deleted, can not be deleted in bulk.
File
- core/
modules/ user/ tests/ src/ Functional/ Views/ BulkFormAccessTest.php, line 102
Class
- BulkFormAccessTest
- Tests if entity access is respected on a user bulk form.
Namespace
Drupal\Tests\user\Functional\ViewsCode
public function testUserDeleteAccess() {
// Create two authenticated users.
$account = $this
->drupalCreateUser([], 'no_delete');
$account2 = $this
->drupalCreateUser([], 'may_delete');
// Log in as user admin.
$this
->drupalLogin($this
->drupalCreateUser([
'administer users',
]));
// Ensure that the account "no_delete" can not be deleted.
$this
->drupalGet('user/' . $account
->id() . '/cancel');
$this
->assertSession()
->statusCodeEquals(403);
// Ensure that the account "may_delete" *can* be deleted.
$this
->drupalGet('user/' . $account2
->id() . '/cancel');
$this
->assertSession()
->statusCodeEquals(200);
// Test deleting the accounts "no_delete" and "may_delete".
$edit = [
'user_bulk_form[' . ($account
->id() - 1) . ']' => TRUE,
'user_bulk_form[' . ($account2
->id() - 1) . ']' => TRUE,
'action' => 'user_cancel_user_action',
];
$this
->drupalPostForm('test-user-bulk-form', $edit, t('Apply to selected items'));
$edit = [
'user_cancel_method' => 'user_cancel_delete',
];
$this
->drupalPostForm(NULL, $edit, t('Cancel accounts'));
// Ensure the account "no_delete" still exists.
$account = User::load($account
->id());
$this
->assertNotNull($account, 'The user "no_delete" is not deleted.');
// Ensure the account "may_delete" no longer exists.
$account = User::load($account2
->id());
$this
->assertNull($account, 'The user "may_delete" is deleted.');
}