public function JsonApiFunctionalTest::testWrite in JSON:API 8

Same name and namespace in other branches
  1. 8.2 tests/src/Functional/JsonApiFunctionalTest.php \Drupal\Tests\jsonapi\Functional\JsonApiFunctionalTest::testWrite()



tests/src/Functional/JsonApiFunctionalTest.php, line 491


General functional test class.




public function testWrite() {
    ->createDefaultContent(0, 3, FALSE, FALSE, static::IS_NOT_MULTILINGUAL, FALSE);

  // 1. Successful post.
  $collection_url = Url::fromRoute('jsonapi.node--article.collection');
  $body = [
    'data' => [
      'type' => 'node--article',
      'attributes' => [
        'langcode' => 'en',
        'title' => 'My custom title',
        'default_langcode' => '1',
        'body' => [
          'value' => 'Custom value',
          'format' => 'plain_text',
          'summary' => 'Custom summary',
      'relationships' => [
        'type' => [
          'data' => [
            'type' => 'node_type--node_type',
            'id' => 'article',
        'field_tags' => [
          'data' => [
              'type' => 'taxonomy_term--tags',
              'id' => $this->tags[0]
              'type' => 'taxonomy_term--tags',
              'id' => $this->tags[1]
  $response = $this
    ->request('POST', $collection_url, [
    'body' => Json::encode($body),
    'auth' => [
    'headers' => [
      'Content-Type' => 'application/vnd.api+json',
  $created_response = Json::decode($response
    ->assertEquals(201, $response
    ->assertArrayHasKey('uuid', $created_response['data']['attributes']);
  $uuid = $created_response['data']['attributes']['uuid'];
    ->assertEquals(2, count($created_response['data']['relationships']['field_tags']['data']));
    ->assertEquals($created_response['data']['links']['self'], $response

  // 2. Authorization error.
  $response = $this
    ->request('POST', $collection_url, [
    'body' => Json::encode($body),
    'headers' => [
      'Content-Type' => 'application/vnd.api+json',
  $created_response = Json::decode($response
    ->assertEquals(403, $response
    ->assertEquals('Forbidden', $created_response['errors'][0]['title']);

  // 2.1 Authorization error with a user without create permissions.
  $response = $this
    ->request('POST', $collection_url, [
    'body' => Json::encode($body),
    'auth' => [
    'headers' => [
      'Content-Type' => 'application/vnd.api+json',
  $created_response = Json::decode($response
    ->assertEquals(403, $response
    ->assertEquals('Forbidden', $created_response['errors'][0]['title']);

  // @todo Uncomment when lands, and make more strict.

   * // 3. Missing Content-Type error.
   * $response = $this->request('POST', $collection_url, [
   *   'body' => Json::encode($body),
   *   'auth' => [$this->user->getUsername(), $this->user->pass_raw],
   *   'headers' => ['Accept' => 'application/vnd.api+json'],
   * ]);
   * $created_response = Json::decode($response->getBody()->__toString());
   * $this->assertEquals(422, $response->getStatusCode());
   * $this->assertNotEmpty($created_response['errors']);
   * $this->assertEquals(
   *   'Unprocessable Entity',
   *   $created_response['errors'][0]['title']
   * );

  // 4. Article with a duplicate ID.
  $invalid_body = $body;
  $invalid_body['data']['id'] = Node::load(1)
  $response = $this
    ->request('POST', $collection_url, [
    'body' => Json::encode($invalid_body),
    'auth' => [
    'headers' => [
      'Accept' => 'application/vnd.api+json',
      'Content-Type' => 'application/vnd.api+json',
  $created_response = Json::decode($response
    ->assertEquals(409, $response
    ->assertEquals('Conflict', $created_response['errors'][0]['title']);

  // 5. Article with wrong reference UUIDs for tags.
  $body_invalid_tags = $body;
  $body_invalid_tags['data']['relationships']['field_tags']['data'][0]['id'] = 'lorem';
  $body_invalid_tags['data']['relationships']['field_tags']['data'][1]['id'] = 'ipsum';
  $response = $this
    ->request('POST', $collection_url, [
    'body' => Json::encode($body_invalid_tags),
    'auth' => [
    'headers' => [
      'Content-Type' => 'application/vnd.api+json',
  $created_response = Json::decode($response
    ->assertEquals(201, $response
    ->assertEquals(0, count($created_response['data']['relationships']['field_tags']['data']));

  // 6. Decoding error.
  $response = $this
    ->request('POST', $collection_url, [
    'body' => '{"bad json",,,}',
    'auth' => [
    'headers' => [
      'Content-Type' => 'application/vnd.api+json',
      'Accept' => 'application/vnd.api+json',
  $created_response = Json::decode($response
    ->assertEquals(400, $response
    ->assertEquals('Bad Request', $created_response['errors'][0]['title']);

  // 6.1 Denormalizing error.
  $response = $this
    ->request('POST', $collection_url, [
    'body' => '{"data":{"type":"something"},"valid yet nonsensical json":[]}',
    'auth' => [
    'headers' => [
      'Content-Type' => 'application/vnd.api+json',
      'Accept' => 'application/vnd.api+json',
  $created_response = Json::decode($response
    ->assertEquals(422, $response
    ->assertEquals('Unprocessable Entity', $created_response['errors'][0]['title']);

  // 6.2 Relationships are not included in "data".
  $malformed_body = $body;
  $malformed_body['relationships'] = $body['data']['relationships'];
  $response = $this
    ->request('POST', $collection_url, [
    'body' => Json::encode($malformed_body),
    'auth' => [
    'headers' => [
      'Accept' => 'application/vnd.api+json',
      'Content-Type' => 'application/vnd.api+json',
  $created_response = Json::decode((string) $response
    ->assertSame(400, $response
    ->assertSame("Bad Request", $created_response['errors'][0]['title']);
    ->assertSame("Found \"relationships\" within the document's top level. The \"relationships\" key must be within resource object.", $created_response['errors'][0]['detail']);

  // 6.2 "type" not included in "data".
  $missing_type = $body;
  $response = $this
    ->request('POST', $collection_url, [
    'body' => Json::encode($missing_type),
    'auth' => [
    'headers' => [
      'Accept' => 'application/vnd.api+json',
      'Content-Type' => 'application/vnd.api+json',
  $created_response = Json::decode((string) $response
    ->assertSame(400, $response
    ->assertSame("Bad Request", $created_response['errors'][0]['title']);
    ->assertSame("Resource object must include a \"type\".", $created_response['errors'][0]['detail']);

  // 7. Successful PATCH.
  $body = [
    'data' => [
      'id' => $uuid,
      'type' => 'node--article',
      'attributes' => [
        'title' => 'My updated title',
  $individual_url = Url::fromRoute('jsonapi.node--article.individual', [
    'node' => $uuid,
  $response = $this
    ->request('PATCH', $individual_url, [
    'body' => Json::encode($body),
    'auth' => [
    'headers' => [
      'Content-Type' => 'application/vnd.api+json',
  $updated_response = Json::decode($response
    ->assertEquals(200, $response
    ->assertEquals('My updated title', $updated_response['data']['attributes']['title']);

  // 7.1 Unsuccessful PATCH due to access restrictions.
  $body = [
    'data' => [
      'id' => $uuid,
      'type' => 'node--article',
      'attributes' => [
        'title' => 'My updated title',
  $individual_url = Url::fromRoute('jsonapi.node--article.individual', [
    'node' => $uuid,
  $response = $this
    ->request('PATCH', $individual_url, [
    'body' => Json::encode($body),
    'auth' => [
    'headers' => [
      'Content-Type' => 'application/vnd.api+json',
    ->assertEquals(403, $response

  // 8. Field access forbidden check.
  $body = [
    'data' => [
      'id' => $uuid,
      'type' => 'node--article',
      'attributes' => [
        'title' => 'My updated title',
        'status' => 0,
  $response = $this
    ->request('PATCH', $individual_url, [
    'body' => Json::encode($body),
    'auth' => [
    'headers' => [
      'Content-Type' => 'application/vnd.api+json',
  $updated_response = Json::decode($response
    ->assertEquals(403, $response
    ->assertEquals("The current user is not allowed to PATCH the selected field (status). The 'administer nodes' permission is required.", $updated_response['errors'][0]['detail']);
  $node = \Drupal::entityManager()
    ->loadEntityByUuid('node', $uuid);
    ->assertEquals(1, $node
    ->get('status')->value, 'Node status was not changed.');

  // 9. Successful POST to related endpoint.
  $body = [
    'data' => [
        'id' => $this->tags[2]
        'type' => 'taxonomy_term--tags',
  $relationship_url = Url::fromRoute('jsonapi.node--article.relationship', [
    'node' => $uuid,
    'related' => 'field_tags',
  $response = $this
    ->request('POST', $relationship_url, [
    'body' => Json::encode($body),
    'auth' => [
    'headers' => [
      'Content-Type' => 'application/vnd.api+json',
  $updated_response = Json::decode($response
    ->assertEquals(200, $response
    ->assertEquals(3, count($updated_response['data']));
    ->assertEquals('taxonomy_term--tags', $updated_response['data'][2]['type']);
    ->uuid(), $updated_response['data'][2]['id']);

  // 10. Successful PATCH to related endpoint.
  $body = [
    'data' => [
        'id' => $this->tags[1]
        'type' => 'taxonomy_term--tags',
  $response = $this
    ->request('PATCH', $relationship_url, [
    'body' => Json::encode($body),
    'auth' => [
    'headers' => [
      'Content-Type' => 'application/vnd.api+json',
    ->assertEquals(204, $response

  // 11. Successful DELETE to related endpoint.
  $response = $this
    ->request('DELETE', $relationship_url, [
    // Send a request with no body.
    'auth' => [
    'headers' => [
      'Content-Type' => 'application/vnd.api+json',
      'Accept' => 'application/vnd.api+json',
  $updated_response = Json::decode($response
    ->assertEquals('You need to provide a body for DELETE operations on a relationship (field_tags).', $updated_response['errors'][0]['detail']);
    ->assertEquals(400, $response
  $response = $this
    ->request('DELETE', $relationship_url, [
    // Send a request with no authentication.
    'body' => Json::encode($body),
    'headers' => [
      'Content-Type' => 'application/vnd.api+json',
    ->assertEquals(403, $response
  $response = $this
    ->request('DELETE', $relationship_url, [
    // Remove the existing relationship item.
    'body' => Json::encode($body),
    'auth' => [
    'headers' => [
      'Content-Type' => 'application/vnd.api+json',
    ->assertEquals(204, $response

  // 12. PATCH with invalid title and body format.
  $body = [
    'data' => [
      'id' => $uuid,
      'type' => 'node--article',
      'attributes' => [
        'title' => '',
        'body' => [
          'value' => 'Custom value',
          'format' => 'invalid_format',
          'summary' => 'Custom summary',
  $response = $this
    ->request('PATCH', $individual_url, [
    'body' => Json::encode($body),
    'auth' => [
    'headers' => [
      'Content-Type' => 'application/vnd.api+json',
      'Accept' => 'application/vnd.api+json',
  $updated_response = Json::decode($response
    ->assertEquals(422, $response
    ->assertCount(2, $updated_response['errors']);
  for ($i = 0; $i < 2; $i++) {
      ->assertEquals("Unprocessable Entity", $updated_response['errors'][$i]['title']);
      ->assertEquals(422, $updated_response['errors'][$i]['status']);
    ->assertEquals("title: This value should not be null.", $updated_response['errors'][0]['detail']);
    ->assertEquals("body.0.format: The value you selected is not a valid choice.", $updated_response['errors'][1]['detail']);
    ->assertEquals("/data/attributes/title", $updated_response['errors'][0]['source']['pointer']);
    ->assertEquals("/data/attributes/body/format", $updated_response['errors'][1]['source']['pointer']);

  // 13. PATCH with field that doesn't exist on Entity.
  $body = [
    'data' => [
      'id' => $uuid,
      'type' => 'node--article',
      'attributes' => [
        'field_that_doesnt_exist' => 'foobar',
  $response = $this
    ->request('PATCH', $individual_url, [
    'body' => Json::encode($body),
    'auth' => [
    'headers' => [
      'Content-Type' => 'application/vnd.api+json',
      'Accept' => 'application/vnd.api+json',
  $updated_response = Json::decode($response
    ->assertEquals(422, $response
    ->assertEquals("The attribute field_that_doesnt_exist does not exist on the node--article resource type.", $updated_response['errors']['0']['detail']);

  // 14. Successful DELETE.
  $response = $this
    ->request('DELETE', $individual_url, [
    'auth' => [
    ->assertEquals(204, $response
  $response = $this
    ->request('GET', $individual_url, []);
    ->assertEquals(404, $response