You are here

public function LatestRevisionAccessTest::testAccess in Group 8

Same name and namespace in other branches
  1. 2.0.x tests/src/Kernel/LatestRevisionAccessTest.php \Drupal\Tests\group\Kernel\LatestRevisionAccessTest::testAccess()

Tests access to the revision tab.

@todo Rewrite like RevisionUiAccessTest. Data providers means less noise from resetting code.

File

tests/src/Kernel/LatestRevisionAccessTest.php, line 73

Class

LatestRevisionAccessTest
Tests the latest revision access for groups.

Namespace

Drupal\Tests\group\Kernel

Code

public function testAccess() {
  $moderation_info = $this->container
    ->get('content_moderation.moderation_information');

  // Create two accounts to test with.
  $user_with_access = $this
    ->createUser();
  $user_without_access = $this
    ->createUser();

  // Set up the initial permissions for the accounts.
  $this->groupType
    ->getOutsiderRole()
    ->grantPermission('view group')
    ->save();
  $this->groupType
    ->getMemberRole()
    ->grantPermissions([
    'view group',
    'view any unpublished group',
    'view latest group version',
  ])
    ->save();

  // Create a group with no pending revisions.
  $group = $this
    ->createGroup([
    'type' => $this->groupType
      ->id(),
    'moderation_state' => 'published',
  ]);
  $this
    ->assertFalse($moderation_info
    ->hasPendingRevision($group));

  // Make sure the permissive account is a member.
  $group
    ->addMember($user_with_access);

  // Check access when there is no pending revision.
  $request = $this
    ->createRequest($group);
  $this
    ->assertFalse($this->accessManager
    ->checkRequest($request, $user_with_access), 'An account with sufficient permissions has no access if there is no pending revision.');
  $this
    ->assertFalse($this->accessManager
    ->checkRequest($request, $user_without_access), 'An account with insufficient permissions has no access if there is no pending revision.');

  // Verify that even admins can't see the revision page if there are none.
  $admin = $this
    ->createUser();
  $this->entityTypeManager
    ->getStorage('group_role')
    ->create([
    'id' => 'revision_test-admin',
    'label' => 'Revision admin',
    'weight' => 0,
    'group_type' => $this->groupType
      ->id(),
  ])
    ->grantPermission('administer group')
    ->save();
  $group
    ->addMember($admin, [
    'group_roles' => [
      'revision_test-admin',
    ],
  ]);
  $this
    ->assertFalse($this->accessManager
    ->checkRequest($request, $admin), 'An admin has no access if there is no pending revision.');

  // Create a pending revision of the original group.
  $group->moderation_state = 'draft';
  $group
    ->setNewRevision(TRUE);
  $group
    ->isDefaultRevision(FALSE);
  $group
    ->save();

  // Use a fresh copy of the group for new requests because Drupal otherwise
  // won't find the pending revision properly.
  $group = $this
    ->reloadEntity($group);
  $this
    ->assertTrue($moderation_info
    ->hasPendingRevision($group));

  // Check access when there is a pending revision.
  $request = $this
    ->createRequest($group);
  $this
    ->assertTrue($this->accessManager
    ->checkRequest($request, $user_with_access), 'An account with sufficient permissions has access if there is a pending revision.');
  $this
    ->assertFalse($this->accessManager
    ->checkRequest($request, $user_without_access), 'An account with insufficient permissions has no access if there is a pending revision.');

  // Now remove the ability to view unpublished groups and try again.
  $this->groupType
    ->getMemberRole()
    ->revokePermission('view any unpublished group')
    ->save();
  $request = $this
    ->createRequest($group);
  $this->entityTypeManager
    ->getAccessControlHandler('group')
    ->resetCache();
  $this
    ->assertFalse($this->accessManager
    ->checkRequest($request, $user_with_access), 'Removing the ability to view unpublished groups denies access to pending revisions.');

  // Grant back the view unpublished access but revoke revision access.
  $this->groupType
    ->getMemberRole()
    ->grantPermission('view any unpublished group')
    ->revokePermission('view latest group version')
    ->save();
  $request = $this
    ->createRequest($group);
  $this->entityTypeManager
    ->getAccessControlHandler('group')
    ->resetCache();
  $this
    ->assertFalse($this->accessManager
    ->checkRequest($request, $user_with_access), 'Removing the ability to view revisions denies access to pending revisions.');

  // Test that the admin permission also works.
  $this->groupType
    ->getMemberRole()
    ->revokePermission('view any unpublished group')
    ->grantPermission('administer group')
    ->save();
  $request = $this
    ->createRequest($group);
  $this->entityTypeManager
    ->getAccessControlHandler('group')
    ->resetCache();
  $this
    ->assertTrue($this->accessManager
    ->checkRequest($request, $user_with_access), 'A group admin can see pending revisions.');
}