public function EntityQueryTest::testFilterSecurity in GraphQL 8.3
Make sure entity filters are properly secured.
File
- modules/
graphql_core/ tests/ src/ Kernel/ EntityQuery/ EntityQueryTest.php, line 114
Class
- EntityQueryTest
- Test entity query support in GraphQL.
Namespace
Drupal\Tests\graphql_core\Kernel\EntityQueryCode
public function testFilterSecurity() {
$metadata = new CacheableMetadata();
$metadata
->addCacheContexts([
'languages:language_content',
'languages:language_interface',
'languages:language_url',
'user.permissions',
]);
$metadata
->addCacheTags([
'graphql',
'user_list',
]);
$this
->assertResults('query { userQuery (filter: { conditions: [ { field: "pass", value: "foo" } ] }) { count } }', [], [
'userQuery' => [
// TODO: With proper access checking for filters this value should
// become "2" and the entity query field can be marked as secure
// again.
'count' => 0,
],
], $metadata);
}