public function UserTest::testCollectionFilterAccess in JSON:API 8
Same name and namespace in other branches
- 8.2 tests/src/Functional/UserTest.php \Drupal\Tests\jsonapi\Functional\UserTest::testCollectionFilterAccess()
File
- tests/src/Functional/UserTest.php, line 476
Class
- UserTest
- JSON API integration test for the "User" content entity type.
Namespace
Drupal\Tests\jsonapi\Functional
Code
public function testCollectionFilterAccess() {
$this
->assertTrue($this->container
->get('module_installer')
->install([
'node',
], TRUE), 'Installed modules.');
FieldStorageConfig::create([
'entity_type' => static::$entityTypeId,
'field_name' => 'field_favorite_animal',
'type' => 'string',
])
->setCardinality(1)
->save();
FieldConfig::create([
'entity_type' => static::$entityTypeId,
'field_name' => 'field_favorite_animal',
'bundle' => 'user',
])
->setLabel('Test field')
->setTranslatable(FALSE)
->save();
$this
->drupalCreateContentType([
'type' => 'x',
]);
$this
->rebuildAll();
$this
->grantPermissionsToTestedRole([
'access content',
]);
$user_a = User::create([])
->setUsername('A')
->activate();
$user_a
->save();
$user_b = User::create([])
->setUsername('B')
->set('field_favorite_animal', 'stegosaurus')
->block();
$user_b
->save();
$node_a = Node::create([
'type' => 'x',
])
->setTitle('Owned by A')
->setOwner($user_a);
$node_a
->save();
$node_b = Node::create([
'type' => 'x',
])
->setTitle('Owned by B')
->setOwner($user_b);
$node_b
->save();
$node_anon_1 = Node::create([
'type' => 'x',
])
->setTitle('Owned by anon #1')
->setOwnerId(0);
$node_anon_1
->save();
$node_anon_2 = Node::create([
'type' => 'x',
])
->setTitle('Owned by anon #2')
->setOwnerId(0);
$node_anon_2
->save();
$node_auth_1 = Node::create([
'type' => 'x',
])
->setTitle('Owned by auth #1')
->setOwner($this->account);
$node_auth_1
->save();
$favorite_animal_test_url = Url::fromRoute('jsonapi.user--user.collection')
->setOption('query', [
'filter[field_favorite_animal]' => 'stegosaurus',
]);
$collection_url = Url::fromRoute('jsonapi.node--x.collection');
$request_options = [];
$request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
$request_options = NestedArray::mergeDeep($request_options, $this
->getAuthenticationRequestOptions());
$response = $this
->request('GET', $collection_url
->setOption('query', [
'filter[uid.uuid]' => $this->account
->uuid(),
]), $request_options);
$this
->assertSession()
->responseHeaderContains('X-Drupal-Cache-Contexts', 'user.permissions');
$doc = Json::decode((string) $response
->getBody());
$this
->assertCount(1, $doc['data']);
$this
->assertSame($node_auth_1
->uuid(), $doc['data'][0]['id']);
$response = $this
->request('GET', $collection_url
->setOption('query', [
'filter[uid.uuid]' => User::load(0)
->uuid(),
]), $request_options);
$this
->assertSession()
->responseHeaderContains('X-Drupal-Cache-Contexts', 'user.permissions');
$doc = Json::decode((string) $response
->getBody());
$this
->assertCount(0, $doc['data']);
$response = $this
->request('GET', $collection_url
->setOption('query', [
'filter[uid.name]' => 'A',
]), $request_options);
$doc = Json::decode((string) $response
->getBody());
$this
->assertCount(0, $doc['data']);
$response = $this
->request('GET', $favorite_animal_test_url, $request_options);
$this
->assertSame(200, $response
->getStatusCode());
$doc = Json::decode((string) $response
->getBody());
$this
->assertCount(0, $doc['data']);
$this
->assertArrayNotHasKey('meta', $doc);
$this
->grantPermissionsToTestedRole([
'access user profiles',
]);
$response = $this
->request('GET', $collection_url
->setOption('query', [
'filter[uid.uuid]' => User::load(0)
->uuid(),
]), $request_options);
$this
->assertSession()
->responseHeaderContains('X-Drupal-Cache-Contexts', 'user.permissions');
$doc = Json::decode((string) $response
->getBody());
$this
->assertCount(0, $doc['data']);
$response = $this
->request('GET', $collection_url
->setOption('query', [
'filter[uid.name]' => 'A',
]), $request_options);
$this
->assertSession()
->responseHeaderContains('X-Drupal-Cache-Contexts', 'user.permissions');
$doc = Json::decode((string) $response
->getBody());
$this
->assertCount(1, $doc['data']);
$this
->assertSame($node_a
->uuid(), $doc['data'][0]['id']);
$response = $this
->request('GET', $collection_url
->setOption('query', [
'filter[uid.name]' => 'B',
]), $request_options);
$this
->assertSession()
->responseHeaderContains('X-Drupal-Cache-Contexts', 'user.permissions');
$doc = Json::decode((string) $response
->getBody());
$this
->assertCount(0, $doc['data']);
$response = $this
->request('GET', $favorite_animal_test_url, $request_options);
$this
->assertSame(200, $response
->getStatusCode());
$doc = Json::decode((string) $response
->getBody());
$this
->assertCount(0, $doc['data']);
$this
->assertArrayNotHasKey('meta', $doc);
$this
->grantPermissionsToTestedRole([
'administer users',
]);
$response = $this
->request('GET', $collection_url
->setOption('query', [
'filter[uid.name]' => 'B',
]), $request_options);
$this
->assertSession()
->responseHeaderContains('X-Drupal-Cache-Contexts', 'user.permissions');
$doc = Json::decode((string) $response
->getBody());
$this
->assertCount(1, $doc['data']);
$this
->assertSame($node_b
->uuid(), $doc['data'][0]['id']);
$response = $this
->request('GET', $favorite_animal_test_url, $request_options);
$this
->assertSame(200, $response
->getStatusCode());
$doc = Json::decode((string) $response
->getBody());
$this
->assertCount(1, $doc['data']);
$this
->assertSame($user_b
->uuid(), $doc['data'][0]['id']);
}
