You are here

Home » API reference » Drupal 8 » RoleAccessCheckTest.php

class RoleAccessCheckTest in Drupal 8

Same name and namespace in other branches
  1. 9 core/tests/Drupal/Tests/Core/Route/RoleAccessCheckTest.php \Drupal\Tests\Core\Route\RoleAccessCheckTest
  2. 10 core/tests/Drupal/Tests/Core/Route/RoleAccessCheckTest.php \Drupal\Tests\Core\Route\RoleAccessCheckTest

@coversDefaultClass \Drupal\user\Access\RoleAccessCheck @group Access @group Route

Hierarchy

Expanded class hierarchy of RoleAccessCheckTest

File

core/tests/Drupal/Tests/Core/Route/RoleAccessCheckTest.php, line 19

Namespace

Drupal\Tests\Core\Route
View source 
class RoleAccessCheckTest extends UnitTestCase {

  /**
   * Generates the test route collection.
   *
   * @return \Symfony\Component\Routing\RouteCollection
   *   Returns the test route collection.
   */
  protected function getTestRouteCollection() {
    $route_collection = new RouteCollection();
    $route_collection
      ->add('role_test_1', new Route('/role_test_1', [
      '_controller' => '\\Drupal\\router_test\\TestControllers::test1',
    ], [
      '_role' => 'role_test_1',
    ]));
    $route_collection
      ->add('role_test_2', new Route('/role_test_2', [
      '_controller' => '\\Drupal\\router_test\\TestControllers::test1',
    ], [
      '_role' => 'role_test_2',
    ]));
    $route_collection
      ->add('role_test_3', new Route('/role_test_3', [
      '_controller' => '\\Drupal\\router_test\\TestControllers::test1',
    ], [
      '_role' => 'role_test_1,role_test_2',
    ]));

    // Ensure that trimming the values works on "OR" conjunctions.
    $route_collection
      ->add('role_test_4', new Route('/role_test_4', [
      '_controller' => '\\Drupal\\router_test\\TestControllers::test1',
    ], [
      '_role' => 'role_test_1 , role_test_2',
    ]));
    $route_collection
      ->add('role_test_5', new Route('/role_test_5', [
      '_controller' => '\\Drupal\\router_test\\TestControllers::test1',
    ], [
      '_role' => 'role_test_1+role_test_2',
    ]));

    // Ensure that trimming the values works on "AND" conjunctions.
    $route_collection
      ->add('role_test_6', new Route('/role_test_6', [
      '_controller' => '\\Drupal\\router_test\\TestControllers::test1',
    ], [
      '_role' => 'role_test_1 + role_test_2',
    ]));
    return $route_collection;
  }

  /**
   * Provides data for the role access test.
   *
   * @see \Drupal\Tests\Core\Route\RouterRoleTest::testRoleAccess
   */
  public function roleAccessProvider() {

    // Setup two different roles used in the test.
    $rid_1 = 'role_test_1';
    $rid_2 = 'role_test_2';

    // Setup one user with the first role, one with the second, one with both
    // and one final without any of these two roles.
    $account_1 = new UserSession([
      'uid' => 1,
      'roles' => [
        $rid_1,
      ],
    ]);
    $account_2 = new UserSession([
      'uid' => 2,
      'roles' => [
        $rid_2,
      ],
    ]);
    $account_12 = new UserSession([
      'uid' => 3,
      'roles' => [
        $rid_1,
        $rid_2,
      ],
    ]);
    $account_none = new UserSession([
      'uid' => 1,
      'roles' => [],
    ]);

    // Setup expected values; specify which paths can be accessed by which user.
    return [
      [
        'role_test_1',
        [
          $account_1,
          $account_12,
        ],
        [
          $account_2,
          $account_none,
        ],
      ],
      [
        'role_test_2',
        [
          $account_2,
          $account_12,
        ],
        [
          $account_1,
          $account_none,
        ],
      ],
      [
        'role_test_3',
        [
          $account_12,
        ],
        [
          $account_1,
          $account_2,
          $account_none,
        ],
      ],
      [
        'role_test_4',
        [
          $account_12,
        ],
        [
          $account_1,
          $account_2,
          $account_none,
        ],
      ],
      [
        'role_test_5',
        [
          $account_1,
          $account_2,
          $account_12,
        ],
        [],
      ],
      [
        'role_test_6',
        [
          $account_1,
          $account_2,
          $account_12,
        ],
        [],
      ],
    ];
  }

  /**
   * Tests role requirements on routes.
   *
   * @param string $path
   *   The path to check access for.
   * @param array $grant_accounts
   *   A list of accounts which should have access to the given path.
   * @param array $deny_accounts
   *   A list of accounts which should not have access to the given path.
   *
   * @see \Drupal\Tests\Core\Route\RouterRoleTest::getTestRouteCollection
   * @see \Drupal\Tests\Core\Route\RouterRoleTest::roleAccessProvider
   *
   * @dataProvider roleAccessProvider
   */
  public function testRoleAccess($path, $grant_accounts, $deny_accounts) {
    $cache_contexts_manager = $this
      ->prophesize(CacheContextsManager::class);
    $cache_contexts_manager
      ->assertValidTokens()
      ->willReturn(TRUE);
    $cache_contexts_manager
      ->reveal();
    $container = new Container();
    $container
      ->set('cache_contexts_manager', $cache_contexts_manager);
    \Drupal::setContainer($container);
    $role_access_check = new RoleAccessCheck();
    $collection = $this
      ->getTestRouteCollection();
    foreach ($grant_accounts as $account) {
      $message = sprintf('Access granted for user with the roles %s on path: %s', implode(', ', $account
        ->getRoles()), $path);
      $this
        ->assertEquals(AccessResult::allowed()
        ->addCacheContexts([
        'user.roles',
      ]), $role_access_check
        ->access($collection
        ->get($path), $account), $message);
    }

    // Check all users which don't have access.
    foreach ($deny_accounts as $account) {
      $message = sprintf('Access denied for user %s with the roles %s on path: %s', $account
        ->id(), implode(', ', $account
        ->getRoles()), $path);
      $has_access = $role_access_check
        ->access($collection
        ->get($path), $account);
      $this
        ->assertEquals(AccessResult::neutral()
        ->addCacheContexts([
        'user.roles',
      ]), $has_access, $message);
    }
  }

}

Members

Namesort descending Modifiers Type Description Overrides
PhpunitCompatibilityTrait::getMock Deprecated public function Returns a mock object for the specified class using the available method.
PhpunitCompatibilityTrait::setExpectedException Deprecated public function Compatibility layer for PHPUnit 6 to support PHPUnit 4 code.
RoleAccessCheckTest::getTestRouteCollection protected function Generates the test route collection.
RoleAccessCheckTest::roleAccessProvider public function Provides data for the role access test.
RoleAccessCheckTest::testRoleAccess public function Tests role requirements on routes.
UnitTestCase::$randomGenerator protected property The random generator.
UnitTestCase::$root protected property The app root. 1
UnitTestCase::assertArrayEquals protected function Asserts if two arrays are equal by sorting them first.
UnitTestCase::getBlockMockWithMachineName Deprecated protected function Mocks a block with a block plugin. 1
UnitTestCase::getClassResolverStub protected function Returns a stub class resolver.
UnitTestCase::getConfigFactoryStub public function Returns a stub config factory that behaves according to the passed array.
UnitTestCase::getConfigStorageStub public function Returns a stub config storage that returns the supplied configuration.
UnitTestCase::getContainerWithCacheTagsInvalidator protected function Sets up a container with a cache tags invalidator.
UnitTestCase::getRandomGenerator protected function Gets the random generator for the utility methods.
UnitTestCase::getStringTranslationStub public function Returns a stub translation manager that just returns the passed string.
UnitTestCase::randomMachineName public function Generates a unique random string containing letters and numbers.
UnitTestCase::setUp protected function 340