You are here

public function BulkFormAccessTest::testUserDeleteAccess in Drupal 9

Same name and namespace in other branches
  1. 8 core/modules/user/tests/src/Functional/Views/BulkFormAccessTest.php \Drupal\Tests\user\Functional\Views\BulkFormAccessTest::testUserDeleteAccess()

Tests if users that may not be deleted, can not be deleted in bulk.

File

core/modules/user/tests/src/Functional/Views/BulkFormAccessTest.php, line 100

Class

BulkFormAccessTest
Tests if entity access is respected on a user bulk form.

Namespace

Drupal\Tests\user\Functional\Views

Code

public function testUserDeleteAccess() {

  // Create two authenticated users.
  $account = $this
    ->drupalCreateUser([], 'no_delete');
  $account2 = $this
    ->drupalCreateUser([], 'may_delete');

  // Log in as user admin.
  $this
    ->drupalLogin($this
    ->drupalCreateUser([
    'administer users',
  ]));

  // Ensure that the account "no_delete" can not be deleted.
  $this
    ->drupalGet('user/' . $account
    ->id() . '/cancel');
  $this
    ->assertSession()
    ->statusCodeEquals(403);

  // Ensure that the account "may_delete" *can* be deleted.
  $this
    ->drupalGet('user/' . $account2
    ->id() . '/cancel');
  $this
    ->assertSession()
    ->statusCodeEquals(200);

  // Test deleting the accounts "no_delete" and "may_delete".
  $edit = [
    'user_bulk_form[' . ($account
      ->id() - 1) . ']' => TRUE,
    'user_bulk_form[' . ($account2
      ->id() - 1) . ']' => TRUE,
    'action' => 'user_cancel_user_action',
  ];
  $this
    ->drupalGet('test-user-bulk-form');
  $this
    ->submitForm($edit, 'Apply to selected items');
  $edit = [
    'user_cancel_method' => 'user_cancel_delete',
  ];
  $this
    ->submitForm($edit, 'Cancel accounts');

  // Ensure the account "no_delete" still exists.
  $account = User::load($account
    ->id());
  $this
    ->assertNotNull($account, 'The user "no_delete" is not deleted.');

  // Ensure the account "may_delete" no longer exists.
  $account = User::load($account2
    ->id());
  $this
    ->assertNull($account, 'The user "may_delete" is deleted.');
}