View source
<?php
namespace Drupal\Tests\jsonapi\Traits;
use Drupal\Component\Serialization\Json;
use Drupal\Component\Utility\NestedArray;
use Drupal\Core\Entity\EntityPublishedInterface;
use Drupal\Core\Url;
use Drupal\entity_test\Entity\EntityTest;
use Drupal\jsonapi\BackwardCompatibility\tests\Traits\EntityReferenceTestTrait;
use Drupal\Tests\jsonapi\Functional\ResourceTestBase;
use GuzzleHttp\RequestOptions;
trait CommonCollectionFilterAccessTestPatternsTrait {
use EntityReferenceTestTrait;
public function doTestCollectionFilterAccessBasedOnPermissions($label_field_name, $view_permission) {
assert($this instanceof ResourceTestBase);
$this
->assertTrue($this->container
->get('module_installer')
->install([
'entity_test',
], TRUE), 'Installed modules.');
entity_test_create_bundle('bar', NULL, 'entity_test');
$this
->createEntityReferenceField('entity_test', 'bar', 'spotlight', NULL, static::$entityTypeId, 'default', [
'target_bundles' => [
$this->entity
->bundle() => $this->entity
->bundle(),
],
]);
$this
->rebuildAll();
$this
->grantPermissionsToTestedRole([
'view test entity',
]);
$referencing_entity = EntityTest::create([
'name' => 'Camelids',
'type' => 'bar',
'spotlight' => [
'target_id' => $this->entity
->id(),
],
]);
$referencing_entity
->save();
$collection_url = Url::fromRoute('jsonapi.entity_test--bar.collection');
$filter_path = "spotlight.0.{$label_field_name}";
$collection_filter_url = $collection_url
->setOption('query', [
"filter[{$filter_path}]" => $this->entity
->label(),
]);
$request_options = [];
$request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
$request_options = NestedArray::mergeDeep($request_options, $this
->getAuthenticationRequestOptions());
if ($view_permission !== NULL) {
$response = $this
->request('GET', $collection_filter_url, $request_options);
$doc = Json::decode((string) $response
->getBody());
$this
->assertCount(0, $doc['data']);
$this
->grantPermissionsToTestedRole([
$view_permission,
]);
}
$response = $this
->request('GET', $collection_filter_url, $request_options);
$doc = Json::decode((string) $response
->getBody());
$this
->assertCount(1, $doc['data']);
$this
->assertSame($referencing_entity
->uuid(), $doc['data'][0]['id']);
$response = $this
->request('GET', $collection_filter_url, $request_options);
$doc = Json::decode((string) $response
->getBody());
$this
->assertCount(1, $doc['data']);
$this
->assertSame($referencing_entity
->uuid(), $doc['data'][0]['id']);
$this
->assertTrue($this->container
->get('module_installer')
->install([
'jsonapi_test_field_filter_access',
], TRUE), 'Installed modules.');
$this
->rebuildAll();
$response = $this
->request('GET', $collection_filter_url, $request_options);
$message = "The current user is not authorized to filter by the `spotlight` field, given in the path `spotlight`.";
$expected_cache_tags = [
'4xx-response',
'http_response',
];
$expected_cache_contexts = [
'url.query_args:filter',
'url.query_args:sort',
'url.site',
'user.permissions',
];
$this
->assertResourceErrorResponse(403, $message, $collection_filter_url, $response, FALSE, $expected_cache_tags, $expected_cache_contexts, FALSE, 'MISS');
$this
->grantPermissionsToTestedRole([
'filter by spotlight field',
]);
$response = $this
->request('GET', $collection_filter_url, $request_options);
$doc = Json::decode((string) $response
->getBody());
$this
->assertCount(1, $doc['data']);
$this
->assertSame($referencing_entity
->uuid(), $doc['data'][0]['id']);
$this
->revokePermissionsFromTestedRole([
'filter by spotlight field',
]);
$this
->assertTrue($this->container
->get('module_installer')
->uninstall([
'jsonapi_test_field_filter_access',
], TRUE), 'Uninstalled modules.');
return $referencing_entity;
}
public function doTestCollectionFilterAccessForPublishableEntities($label_field_name, $view_permission, $admin_permission) {
assert($this->entity instanceof EntityPublishedInterface);
$this
->assertTrue($this->entity
->isPublished());
$referencing_entity = $this
->doTestCollectionFilterAccessBasedOnPermissions($label_field_name, $view_permission);
$collection_url = Url::fromRoute('jsonapi.entity_test--bar.collection');
$collection_filter_url = $collection_url
->setOption('query', [
"filter[spotlight.{$label_field_name}]" => $this->entity
->label(),
]);
$request_options = [];
$request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
$request_options = NestedArray::mergeDeep($request_options, $this
->getAuthenticationRequestOptions());
$this->entity
->setUnpublished()
->save();
$response = $this
->request('GET', $collection_filter_url, $request_options);
$doc = Json::decode((string) $response
->getBody());
$this
->assertCount(0, $doc['data']);
$this
->grantPermissionsToTestedRole([
$admin_permission,
]);
$response = $this
->request('GET', $collection_filter_url, $request_options);
$doc = Json::decode((string) $response
->getBody());
$this
->assertCount(1, $doc['data']);
$this
->assertSame($referencing_entity
->uuid(), $doc['data'][0]['id']);
return $referencing_entity;
}
}