You are here

public function CommentTest::testCollectionFilterAccess in JSON:API 8

Same name and namespace in other branches
  1. 8.2 tests/src/Functional/CommentTest.php \Drupal\Tests\jsonapi\Functional\CommentTest::testCollectionFilterAccess()

File

tests/src/Functional/CommentTest.php, line 436

Class

CommentTest
JSON API integration test for the "Comment" content entity type.

Namespace

Drupal\Tests\jsonapi\Functional

Code

public function testCollectionFilterAccess() {

  // Verify the expected behavior in the common case.
  $this
    ->doTestCollectionFilterAccessForPublishableEntities('subject', 'access comments', 'administer comments');
  $collection_url = Url::fromRoute('jsonapi.entity_test--bar.collection');
  $request_options = [];
  $request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
  $request_options = NestedArray::mergeDeep($request_options, $this
    ->getAuthenticationRequestOptions());

  // Go back to a simpler scenario: revoke the admin permission, publish the
  // comment and uninstall the query access test module.
  $this
    ->revokePermissionsFromTestedRole([
    'administer comments',
  ]);
  $this->entity
    ->setPublished()
    ->save();
  $this
    ->assertTrue($this->container
    ->get('module_installer')
    ->uninstall([
    'jsonapi_test_field_filter_access',
  ], TRUE), 'Uninstalled modules.');

  // ?filter[spotlight.LABEL]: 1 result. Just as already tested above in
  // ::doTestCollectionFilterAccessForPublishableEntities().
  $collection_filter_url = $collection_url
    ->setOption('query', [
    "filter[spotlight.subject]" => $this->entity
      ->label(),
  ]);
  $response = $this
    ->request('GET', $collection_filter_url, $request_options);
  $doc = Json::decode((string) $response
    ->getBody());
  $this
    ->assertCount(1, $doc['data']);

  // Mark the commented entity as inaccessible.
  \Drupal::state()
    ->set('jsonapi__entity_test_filter_access_blacklist', [
    $this->entity
      ->getCommentedEntityId(),
  ]);
  Cache::invalidateTags([
    'state:jsonapi__entity_test_filter_access_blacklist',
  ]);

  // ?filter[spotlight.LABEL]: 0 results.
  $response = $this
    ->request('GET', $collection_filter_url, $request_options);
  $doc = Json::decode((string) $response
    ->getBody());
  $this
    ->assertCount(0, $doc['data']);
}