You are here

public function WorkflowCustomStateTransitionAccessTest::testCustomWorkflowAccessOperations in Drupal 9

Same name and namespace in other branches
  1. 8 core/modules/workflows/tests/src/Functional/WorkflowCustomStateTransitionAccessTest.php \Drupal\Tests\workflows\Functional\WorkflowCustomStateTransitionAccessTest::testCustomWorkflowAccessOperations()

Tests the custom state/transition operation access rules.

File

core/modules/workflows/tests/src/Functional/WorkflowCustomStateTransitionAccessTest.php, line 59

Class

WorkflowCustomStateTransitionAccessTest
Test custom provided workflow access for state/transition operations.

Namespace

Drupal\Tests\workflows\Functional

Code

public function testCustomWorkflowAccessOperations() {
  $this
    ->drupalLogin($this->adminUser);
  $forbidden_paths = [
    'admin/config/workflow/workflows/manage/test_type/state/cannot_delete/delete',
    'admin/config/workflow/workflows/manage/test_type/state/cannot_update',
    'admin/config/workflow/workflows/manage/test_type/transition/cannot_update',
    'admin/config/workflow/workflows/manage/test_type/transition/cannot_delete/delete',
    'admin/config/workflow/workflows/manage/test_type/add_state',
    'admin/config/workflow/workflows/manage/test_type/add_transition',
  ];

  // Until the list of forbidden operations have been set, the admin user
  // should be able to access all the forbidden paths.
  foreach ($forbidden_paths as $forbidden_path) {
    $this
      ->drupalGet($forbidden_path);
    $this
      ->assertSession()
      ->statusCodeEquals(200);
  }

  // Update the forbidden operations which deny access to the actions
  // represented by the above paths.
  $this->container
    ->get('state')
    ->set('workflow_type_test_forbidden_operations', [
    'update-state:cannot_update',
    'delete-state:cannot_delete',
    'update-transition:cannot_update',
    'delete-transition:cannot_delete',
    'add-state',
    'add-transition',
  ]);
  foreach ($forbidden_paths as $forbidden_path) {
    $this
      ->drupalGet($forbidden_path);
    $this
      ->assertSession()
      ->statusCodeEquals(403);
  }
}