public function PermissionsTest::testPersistedQueryAccess in GraphQL 8.3
Test access to persisted queries.
The user is only allowed to access persisted queries, not arbitrary ones.
File
- tests/
src/ Kernel/ Framework/ PermissionsTest.php, line 68
Class
- PermissionsTest
- Test if query handling respects permissions properly.
Namespace
Drupal\Tests\graphql\Kernel\FrameworkCode
public function testPersistedQueryAccess() {
$this->accountProphecy
->hasPermission(Argument::is('execute persisted graphql requests'))
->willReturn(TRUE);
$this->accountProphecy
->hasPermission(Argument::not('execute persisted graphql requests'))
->willReturn(FALSE);
// Only persisted queries should work.
$this
->assertEquals(403, $this
->query('{ root }')
->getStatusCode());
$this
->assertEquals(200, $this
->persistedQuery('persisted:a')
->getStatusCode());
$batched = $this
->batchedQueries([
[
'query' => '{ root }',
],
[
'queryId' => 'persisted:a',
],
]);
// If some queries fail, 403 is returned.
$this
->assertEquals(403, $batched
->getStatusCode());
}