You are here

Home » API reference » Media entity 8 » MediaAccessTest.php » MediaAccessTest

public function MediaAccessTest::testMediaAccess in Media entity 8

Test some access control functionality.

File

tests/src/Functional/MediaAccessTest.php, line 33

Class

MediaAccessTest
Basic access tests for Media Entity.

Namespace

Drupal\Tests\media_entity\Functional

Code

public function testMediaAccess() {
  $assert_session = $this
    ->assertSession();

  // Create media.
  $media = Media::create([
    'bundle' => $this->testBundle
      ->id(),
    'name' => 'Unnamed',
  ]);
  $media
    ->save();
  $user_media = Media::create([
    'bundle' => $this->testBundle
      ->id(),
    'name' => 'Unnamed',
    'uid' => $this->nonAdminUser
      ->id(),
  ]);
  $user_media
    ->save();

  // We are logged-in as admin, so test 'administer media' permission.
  $this
    ->drupalGet('media/' . $user_media
    ->id());
  $assert_session
    ->statusCodeEquals(200);
  $this
    ->drupalGet('media/' . $user_media
    ->id() . '/edit');
  $assert_session
    ->statusCodeEquals(200);
  $this
    ->drupalGet('media/' . $user_media
    ->id() . '/delete');
  $assert_session
    ->statusCodeEquals(200);
  $this
    ->drupalLogin($this->nonAdminUser);

  /** @var \Drupal\user\RoleInterface $role */
  $role = Role::load('authenticated');

  // Test 'view media' permission.
  $this
    ->drupalGet('media/' . $media
    ->id());
  $assert_session
    ->statusCodeEquals(403);
  $this
    ->grantPermissions($role, [
    'view media',
  ]);
  $this
    ->drupalGet('media/' . $media
    ->id());
  $assert_session
    ->statusCodeEquals(200);

  // Test 'create media' permission.
  $this
    ->drupalGet('media/add/' . $this->testBundle
    ->id());
  $assert_session
    ->statusCodeEquals(403);
  $this
    ->grantPermissions($role, [
    'create media',
  ]);
  $this
    ->drupalGet('media/add/' . $this->testBundle
    ->id());
  $assert_session
    ->statusCodeEquals(200);

  // Test 'update media' and 'delete media' permissions.
  $this
    ->drupalGet('media/' . $user_media
    ->id() . '/edit');
  $assert_session
    ->statusCodeEquals(403);
  $this
    ->drupalGet('media/' . $user_media
    ->id() . '/delete');
  $assert_session
    ->statusCodeEquals(403);
  $this
    ->grantPermissions($role, [
    'update media',
  ]);
  $this
    ->grantPermissions($role, [
    'delete media',
  ]);
  $this
    ->drupalGet('media/' . $user_media
    ->id() . '/edit');
  $assert_session
    ->statusCodeEquals(200);
  $this
    ->drupalGet('media/' . $user_media
    ->id() . '/delete');
  $assert_session
    ->statusCodeEquals(200);

  // Test 'update any media' and 'delete any media' permissions.
  $this
    ->drupalGet('media/' . $media
    ->id() . '/edit');
  $assert_session
    ->statusCodeEquals(403);
  $this
    ->drupalGet('media/' . $media
    ->id() . '/delete');
  $assert_session
    ->statusCodeEquals(403);
  $this
    ->grantPermissions($role, [
    'update any media',
  ]);
  $this
    ->grantPermissions($role, [
    'delete any media',
  ]);
  $this
    ->drupalGet('media/' . $media
    ->id() . '/edit');
  $assert_session
    ->statusCodeEquals(200);
  $this
    ->drupalGet('media/' . $media
    ->id() . '/delete');
  $assert_session
    ->statusCodeEquals(200);
}