You are here

public function GroupQueryAccessHandlerTest::testUnpublishedViewAccess in Group 8

Same name and namespace in other branches
  1. 2.0.x tests/src/Kernel/GroupQueryAccessHandlerTest.php \Drupal\Tests\group\Kernel\GroupQueryAccessHandlerTest::testUnpublishedViewAccess()

Tests the conditions for view unpublished access.

@covers ::getConditions

File

tests/src/Kernel/GroupQueryAccessHandlerTest.php, line 398

Class

GroupQueryAccessHandlerTest
Tests the behavior of group query access handler.

Namespace

Drupal\Tests\group\Kernel

Code

public function testUnpublishedViewAccess() {

  // Repeat set-up from ::testCombinedViewAccess() as we can reuse it.
  $user = $this
    ->getCurrentUser();
  $group = $this
    ->createGroup();
  $group
    ->addMember($user);

  // Create a group type that allows viewing of any unpublished groups.
  $any_unpub = $this
    ->createGroupType([
    'id' => 'any_unpub',
  ]);
  $any_unpub
    ->getOutsiderRole()
    ->grantPermission('view any unpublished group')
    ->save();
  $any_unpub
    ->getMemberRole()
    ->grantPermission('view any unpublished group')
    ->save();
  $any_group = $this
    ->createGroup([
    'type' => 'any_unpub',
  ]);
  $any_group
    ->addMember($user);

  // Create a group type that allows viewing of own unpublished groups.
  $own_unpub = $this
    ->createGroupType([
    'id' => 'own_unpub',
  ]);
  $own_unpub
    ->getOutsiderRole()
    ->grantPermission('view own unpublished group')
    ->save();
  $own_unpub
    ->getMemberRole()
    ->grantPermission('view own unpublished group')
    ->save();
  $own_group = $this
    ->createGroup([
    'type' => 'own_unpub',
    'uid' => $user
      ->id(),
  ]);
  $own_group
    ->addMember($user);
  $memberships = [
    $group
      ->id(),
    $any_group
      ->id(),
    $own_group
      ->id(),
  ];
  $conditions = $this->handler
    ->getConditions('view', $user);
  $expected_conditions = [
    (new ConditionGroup('AND'))
      ->addCondition('status', 0)
      ->addCondition((new ConditionGroup('OR'))
      ->addCondition((new ConditionGroup())
      ->addCondition('type', [
      'any_unpub',
    ])
      ->addCondition('id', $memberships, 'NOT IN'))
      ->addCondition('id', [
      $any_group
        ->id(),
    ])
      ->addCondition((new ConditionGroup())
      ->addCondition('uid', $user
      ->id())
      ->addCondition((new ConditionGroup('OR'))
      ->addCondition((new ConditionGroup())
      ->addCondition('type', [
      'own_unpub',
    ])
      ->addCondition('id', $memberships, 'NOT IN'))
      ->addCondition('id', [
      $own_group
        ->id(),
    ])))),
    (new ConditionGroup('AND'))
      ->addCondition('status', 1)
      ->addCondition((new ConditionGroup('OR'))
      ->addCondition((new ConditionGroup())
      ->addCondition('type', [
      'default',
    ])
      ->addCondition('id', $memberships, 'NOT IN'))
      ->addCondition('id', [
      $group
        ->id(),
    ])),
  ];
  $this
    ->assertEquals(2, $conditions
    ->count());
  $this
    ->assertEquals('OR', $conditions
    ->getConjunction());
  $this
    ->assertEquals($expected_conditions, $conditions
    ->getConditions());
  $this
    ->assertEquals([
    'user',
    'user.group_permissions',
    'user.permissions',
  ], $conditions
    ->getCacheContexts());
  $this
    ->assertFalse($conditions
    ->isAlwaysFalse());

  // Verify that having the admin permission simplifies things.
  $any_unpub
    ->getOutsiderRole()
    ->grantPermission('administer group')
    ->save();
  $own_unpub
    ->getOutsiderRole()
    ->grantPermission('administer group')
    ->save();
  $any_unpub
    ->getMemberRole()
    ->grantPermission('administer group')
    ->save();
  $own_unpub
    ->getMemberRole()
    ->grantPermission('administer group')
    ->save();
  $conditions = $this->handler
    ->getConditions('view', $user);
  $expected_conditions = [
    // Notice how we no longer need to check for status or owner when it comes
    // to groups that had the "view any" or "view own" permission, but now
    // have the admin permission instead.
    (new ConditionGroup())
      ->addCondition('type', [
      'any_unpub',
      'own_unpub',
    ])
      ->addCondition('id', $memberships, 'NOT IN'),
    new Condition('id', [
      $any_group
        ->id(),
      $own_group
        ->id(),
    ]),
    // Notice how this is the exact same expectation we had in the above test.
    (new ConditionGroup('AND'))
      ->addCondition('status', 1)
      ->addCondition((new ConditionGroup('OR'))
      ->addCondition((new ConditionGroup())
      ->addCondition('type', [
      'default',
    ])
      ->addCondition('id', $memberships, 'NOT IN'))
      ->addCondition('id', [
      $group
        ->id(),
    ])),
  ];
  $this
    ->assertEquals(3, $conditions
    ->count());
  $this
    ->assertEquals('OR', $conditions
    ->getConjunction());
  $this
    ->assertEquals($expected_conditions, $conditions
    ->getConditions());

  // Notice how the user cache context is missing now.
  $this
    ->assertEquals([
    'user.group_permissions',
    'user.permissions',
  ], $conditions
    ->getCacheContexts());
  $this
    ->assertFalse($conditions
    ->isAlwaysFalse());
}