You are here

public function ShortcutTest::testCollectionFilterAccess in JSON:API 8

Same name and namespace in other branches
  1. 8.2 tests/src/Functional/ShortcutTest.php \Drupal\Tests\jsonapi\Functional\ShortcutTest::testCollectionFilterAccess()

File

tests/src/Functional/ShortcutTest.php, line 174

Class

ShortcutTest
JSON API integration test for the "Shortcut" content entity type.

Namespace

Drupal\Tests\jsonapi\Functional

Code

public function testCollectionFilterAccess() {
  $label_field_name = 'title';

  // Verify the expected behavior in the common case: default shortcut set.
  $this
    ->grantPermissionsToTestedRole([
    'customize shortcut links',
  ]);
  $this
    ->doTestCollectionFilterAccessBasedOnPermissions($label_field_name, 'access shortcuts');
  $alternate_shortcut_set = ShortcutSet::create([
    'id' => 'alternate',
    'label' => 'Alternate',
  ]);
  $alternate_shortcut_set
    ->save();
  $this->entity->shortcut_set = $alternate_shortcut_set
    ->id();
  $this->entity
    ->save();
  $collection_url = Url::fromRoute('jsonapi.entity_test--bar.collection');
  $collection_filter_url = $collection_url
    ->setOption('query', [
    "filter[spotlight.{$label_field_name}]" => $this->entity
      ->label(),
  ]);
  $request_options = [];
  $request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
  $request_options = NestedArray::mergeDeep($request_options, $this
    ->getAuthenticationRequestOptions());

  // No results because the current user does not have access to shortcuts
  // not in the user's assigned set or the default set.
  $response = $this
    ->request('GET', $collection_filter_url, $request_options);
  $doc = Json::decode((string) $response
    ->getBody());
  $this
    ->assertCount(0, $doc['data']);

  // Assign the alternate shortcut set to the current user.
  $this->container
    ->get('entity_type.manager')
    ->getStorage('shortcut_set')
    ->assignUser($alternate_shortcut_set, $this->account);

  // 1 result because the alternate shortcut set is now assigned to the
  // current user.
  $response = $this
    ->request('GET', $collection_filter_url, $request_options);
  $doc = Json::decode((string) $response
    ->getBody());
  $this
    ->assertCount(1, $doc['data']);
}