public function LatestRevisionAccessTest::testAccess in Group 8
Same name and namespace in other branches
- 2.0.x tests/src/Kernel/LatestRevisionAccessTest.php \Drupal\Tests\group\Kernel\LatestRevisionAccessTest::testAccess()
Tests access to the revision tab.
@todo Rewrite like RevisionUiAccessTest. Data providers means less noise from resetting code.
File
- tests/
src/ Kernel/ LatestRevisionAccessTest.php, line 73
Class
- LatestRevisionAccessTest
- Tests the latest revision access for groups.
Namespace
Drupal\Tests\group\KernelCode
public function testAccess() {
$moderation_info = $this->container
->get('content_moderation.moderation_information');
// Create two accounts to test with.
$user_with_access = $this
->createUser();
$user_without_access = $this
->createUser();
// Set up the initial permissions for the accounts.
$this->groupType
->getOutsiderRole()
->grantPermission('view group')
->save();
$this->groupType
->getMemberRole()
->grantPermissions([
'view group',
'view any unpublished group',
'view latest group version',
])
->save();
// Create a group with no pending revisions.
$group = $this
->createGroup([
'type' => $this->groupType
->id(),
'moderation_state' => 'published',
]);
$this
->assertFalse($moderation_info
->hasPendingRevision($group));
// Make sure the permissive account is a member.
$group
->addMember($user_with_access);
// Check access when there is no pending revision.
$request = $this
->createRequest($group);
$this
->assertFalse($this->accessManager
->checkRequest($request, $user_with_access), 'An account with sufficient permissions has no access if there is no pending revision.');
$this
->assertFalse($this->accessManager
->checkRequest($request, $user_without_access), 'An account with insufficient permissions has no access if there is no pending revision.');
// Verify that even admins can't see the revision page if there are none.
$admin = $this
->createUser();
$this->entityTypeManager
->getStorage('group_role')
->create([
'id' => 'revision_test-admin',
'label' => 'Revision admin',
'weight' => 0,
'group_type' => $this->groupType
->id(),
])
->grantPermission('administer group')
->save();
$group
->addMember($admin, [
'group_roles' => [
'revision_test-admin',
],
]);
$this
->assertFalse($this->accessManager
->checkRequest($request, $admin), 'An admin has no access if there is no pending revision.');
// Create a pending revision of the original group.
$group->moderation_state = 'draft';
$group
->setNewRevision(TRUE);
$group
->isDefaultRevision(FALSE);
$group
->save();
// Use a fresh copy of the group for new requests because Drupal otherwise
// won't find the pending revision properly.
$group = $this
->reloadEntity($group);
$this
->assertTrue($moderation_info
->hasPendingRevision($group));
// Check access when there is a pending revision.
$request = $this
->createRequest($group);
$this
->assertTrue($this->accessManager
->checkRequest($request, $user_with_access), 'An account with sufficient permissions has access if there is a pending revision.');
$this
->assertFalse($this->accessManager
->checkRequest($request, $user_without_access), 'An account with insufficient permissions has no access if there is a pending revision.');
// Now remove the ability to view unpublished groups and try again.
$this->groupType
->getMemberRole()
->revokePermission('view any unpublished group')
->save();
$request = $this
->createRequest($group);
$this->entityTypeManager
->getAccessControlHandler('group')
->resetCache();
$this
->assertFalse($this->accessManager
->checkRequest($request, $user_with_access), 'Removing the ability to view unpublished groups denies access to pending revisions.');
// Grant back the view unpublished access but revoke revision access.
$this->groupType
->getMemberRole()
->grantPermission('view any unpublished group')
->revokePermission('view latest group version')
->save();
$request = $this
->createRequest($group);
$this->entityTypeManager
->getAccessControlHandler('group')
->resetCache();
$this
->assertFalse($this->accessManager
->checkRequest($request, $user_with_access), 'Removing the ability to view revisions denies access to pending revisions.');
// Test that the admin permission also works.
$this->groupType
->getMemberRole()
->revokePermission('view any unpublished group')
->grantPermission('administer group')
->save();
$request = $this
->createRequest($group);
$this->entityTypeManager
->getAccessControlHandler('group')
->resetCache();
$this
->assertTrue($this->accessManager
->checkRequest($request, $user_with_access), 'A group admin can see pending revisions.');
}