You are here

Home » API reference » Message UI 8 » MessageUiPermissionsTest.php » MessageUiPermissionsTest

public function MessageUiPermissionsTest::testMessageUiPermissions in Message UI 8

Test message_access use case.

File

tests/src/Functional/MessageUiPermissionsTest.php, line 45

Class

MessageUiPermissionsTest
Testing the message access use case.

Namespace

Drupal\Tests\message_ui\Functional

Code

public function testMessageUiPermissions() {

  // User login.
  $this
    ->drupalLogin($this->account);

  // Set our create url.
  $create_url = '/message/add/foo';

  // Verify the user can't create the message.
  $this
    ->drupalGet($create_url);

  // The user can't create a message.
  $this
    ->assertSession()
    ->statusCodeEquals(403);

  // Grant and check create permissions for a message.
  $this
    ->grantMessageUiPermission('create');
  $this
    ->drupalGet($create_url);

  // Check for valid response.
  $this
    ->assertSession()
    ->statusCodeEquals(200);

  // Create a message.
  $this
    ->drupalPostForm(NULL, [], t('Create'));

  // Create the message url.
  $msg_url = '/message/1';

  // Verify the user now can see the text.
  $this
    ->grantMessageUiPermission('view');
  $this
    ->drupalGet($msg_url);

  // The user can view a message.
  $this
    ->assertSession()
    ->statusCodeEquals(200);

  // Verify can't edit the message.
  $this
    ->drupalGet($msg_url . '/edit');

  // The user can't edit a message.
  $this
    ->assertSession()
    ->statusCodeEquals(403);

  // Grant permission to the user.
  $this
    ->grantMessageUiPermission('edit');
  $this
    ->drupalGet($msg_url . '/edit');

  // The user can't edit a message.
  $this
    ->assertSession()
    ->statusCodeEquals(200);

  // Verify the user can't delete the message.
  $this
    ->drupalGet($msg_url . '/delete');

  // The user can't delete the message.
  $this
    ->assertSession()
    ->statusCodeEquals(403);

  // Grant the permission to the user.
  $this
    ->grantMessageUiPermission('delete');
  $this
    ->drupalPostForm($msg_url . '/delete', [], t('Delete'));

  // User did not have permission to the overview page - verify access
  // denied.
  $this
    ->assertSession()
    ->statusCodeEquals(403);
  user_role_grant_permissions($this->rid, [
    'overview messages',
  ]);
  $this
    ->drupalGet('/admin/content/messages');
  $this
    ->assertSession()
    ->statusCodeEquals(200);

  // Create a new user with the bypass access permission and verify the
  // bypass.
  $this
    ->drupalLogout();
  $user = $this
    ->drupalCreateUser([
    'bypass message access control',
  ]);

  // Verify the user can by pass the message access control.
  $this
    ->drupalLogin($user);
  $this
    ->drupalGet($create_url);

  // The user can bypass the message access control.
  $this
    ->assertSession()
    ->statusCodeEquals(200);
}