public function BulkFormAccessTest::testUserEditAccess in Drupal 8
Same name and namespace in other branches
- 9 core/modules/user/tests/src/Functional/Views/BulkFormAccessTest.php \Drupal\Tests\user\Functional\Views\BulkFormAccessTest::testUserEditAccess()
- 10 core/modules/user/tests/src/Functional/Views/BulkFormAccessTest.php \Drupal\Tests\user\Functional\Views\BulkFormAccessTest::testUserEditAccess()
Tests if users that may not be edited, can not be edited in bulk.
File
- core/
modules/ user/ tests/ src/ Functional/ Views/ BulkFormAccessTest.php, line 39
Class
- BulkFormAccessTest
- Tests if entity access is respected on a user bulk form.
Namespace
Drupal\Tests\user\Functional\ViewsCode
public function testUserEditAccess() {
// Create an authenticated user.
$no_edit_user = $this
->drupalCreateUser([], 'no_edit');
// Ensure this account is not blocked.
$this
->assertFalse($no_edit_user
->isBlocked(), 'The user is not blocked.');
// Log in as user admin.
$admin_user = $this
->drupalCreateUser([
'administer users',
]);
$this
->drupalLogin($admin_user);
// Ensure that the account "no_edit" can not be edited.
$this
->drupalGet('user/' . $no_edit_user
->id() . '/edit');
$this
->assertFalse($no_edit_user
->access('update', $admin_user));
$this
->assertSession()
->statusCodeEquals(403);
// Test blocking the account "no_edit".
$edit = [
'user_bulk_form[' . ($no_edit_user
->id() - 1) . ']' => TRUE,
'action' => 'user_block_user_action',
];
$this
->drupalPostForm('test-user-bulk-form', $edit, t('Apply to selected items'));
$this
->assertSession()
->statusCodeEquals(200);
$this
->assertRaw(new FormattableMarkup('No access to execute %action on the @entity_type_label %entity_label.', [
'%action' => 'Block the selected user(s)',
'@entity_type_label' => 'User',
'%entity_label' => $no_edit_user
->label(),
]));
// Re-load the account "no_edit" and ensure it is not blocked.
$no_edit_user = User::load($no_edit_user
->id());
$this
->assertFalse($no_edit_user
->isBlocked(), 'The user is not blocked.');
// Create a normal user which can be edited by the admin user
$normal_user = $this
->drupalCreateUser();
$this
->assertTrue($normal_user
->access('update', $admin_user));
$edit = [
'user_bulk_form[' . ($normal_user
->id() - 1) . ']' => TRUE,
'action' => 'user_block_user_action',
];
$this
->drupalPostForm('test-user-bulk-form', $edit, t('Apply to selected items'));
$normal_user = User::load($normal_user
->id());
$this
->assertTrue($normal_user
->isBlocked(), 'The user is blocked.');
// Log in as user without the 'administer users' permission.
$this
->drupalLogin($this
->drupalCreateUser());
$edit = [
'user_bulk_form[' . ($normal_user
->id() - 1) . ']' => TRUE,
'action' => 'user_unblock_user_action',
];
$this
->drupalPostForm('test-user-bulk-form', $edit, t('Apply to selected items'));
// Re-load the normal user and ensure it is still blocked.
$normal_user = User::load($normal_user
->id());
$this
->assertTrue($normal_user
->isBlocked(), 'The user is still blocked.');
}