You are here

Home » API reference » Drupal 9 » EntityAccessControlHandlerTest.php » EntityAccessControlHandlerTest

public function EntityAccessControlHandlerTest::testFieldAccess in Drupal 9

Same name and namespace in other branches
  1. 8 core/tests/Drupal/KernelTests/Core/Entity/EntityAccessControlHandlerTest.php \Drupal\KernelTests\Core\Entity\EntityAccessControlHandlerTest::testFieldAccess()
  2. 10 core/tests/Drupal/KernelTests/Core/Entity/EntityAccessControlHandlerTest.php \Drupal\KernelTests\Core\Entity\EntityAccessControlHandlerTest::testFieldAccess()

Tests the default access handling for the ID and UUID fields.

@covers ::fieldAccess @dataProvider providerTestFieldAccess

File

core/tests/Drupal/KernelTests/Core/Entity/EntityAccessControlHandlerTest.php, line 303

Class

EntityAccessControlHandlerTest
Tests the entity access control handler.

Namespace

Drupal\KernelTests\Core\Entity

Code

public function testFieldAccess($entity_class, array $entity_create_values, $expected_id_create_access) {

  // Set up a non-admin user that is allowed to create and update test
  // entities.
  \Drupal::currentUser()
    ->setAccount($this
    ->createUser([
    'uid' => 2,
  ], [
    'administer entity_test content',
  ]));

  // Create the entity to test field access with.
  $entity = $entity_class::create($entity_create_values);

  // On newly-created entities, field access must allow setting the UUID
  // field.
  $this
    ->assertTrue($entity
    ->get('uuid')
    ->access('edit'));
  $this
    ->assertTrue($entity
    ->get('uuid')
    ->access('edit', NULL, TRUE)
    ->isAllowed());

  // On newly-created entities, field access will not allow setting the ID
  // field if the ID is of type serial. It will allow access if it is of type
  // string.
  $this
    ->assertEquals($expected_id_create_access, $entity
    ->get('id')
    ->access('edit'));
  $this
    ->assertEquals($expected_id_create_access, $entity
    ->get('id')
    ->access('edit', NULL, TRUE)
    ->isAllowed());

  // Save the entity and check that we can not update the ID or UUID fields
  // anymore.
  $entity
    ->save();

  // If the ID has been set as part of the create ensure it has been set
  // correctly.
  if (isset($entity_create_values['id'])) {
    $this
      ->assertSame($entity_create_values['id'], $entity
      ->id());
  }

  // The UUID is hard-coded by the data provider.
  $this
    ->assertSame('60e3a179-79ed-4653-ad52-5e614c8e8fbe', $entity
    ->uuid());
  $this
    ->assertFalse($entity
    ->get('uuid')
    ->access('edit'));
  $access_result = $entity
    ->get('uuid')
    ->access('edit', NULL, TRUE);
  $this
    ->assertTrue($access_result
    ->isForbidden());
  $this
    ->assertEquals('The entity UUID cannot be changed.', $access_result
    ->getReason());

  // Ensure the ID is still not allowed to be edited.
  $this
    ->assertFalse($entity
    ->get('id')
    ->access('edit'));
  $access_result = $entity
    ->get('id')
    ->access('edit', NULL, TRUE);
  $this
    ->assertTrue($access_result
    ->isForbidden());
  $this
    ->assertEquals('The entity ID cannot be changed.', $access_result
    ->getReason());
}