public function GroupLevelAccessTest::testUserAccessArbitraryPermissions in Organic groups 8
Test access to an arbitrary permission.
@covers ::userAccess
File
- tests/
src/ Kernel/ Access/ GroupLevelAccessTest.php, line 141
Class
- GroupLevelAccessTest
- Tests user access to group level entity operations and permissions.
Namespace
Drupal\Tests\og\Kernel\AccessCode
public function testUserAccessArbitraryPermissions() {
[
$roles,
$users,
] = $this
->setupUserAccessArbitraryPermissions();
// Check the user that has an arbitrary permission in both groups. It should
// have permission to the permission in group 1.
$this
->assertTrue($this->ogAccess
->userAccess($this->group, 'some_perm', $users['has_permission_in_both_groups'])
->isAllowed());
// This user should not have access to 'some_perm_2' as that was only
// assigned to group 2.
$this
->assertTrue($this->ogAccess
->userAccess($this->group, 'some_perm_2', $users['has_permission_in_both_groups'])
->isNeutral());
// Check the permission of group 1 again.
$this
->assertTrue($this->ogAccess
->userAccess($this->group, 'some_perm', $users['has_permission_in_both_groups'])
->isAllowed());
// A member user without the correct role.
$this
->assertTrue($this->ogAccess
->userAccess($this->group, 'some_perm', $users['has_no_permission'])
->isNeutral());
// A non-member user.
$this
->assertTrue($this->ogAccess
->userAccess($this->group, 'some_perm', $this->nonMemberUser)
->isNeutral());
// Grant the arbitrary permission to non-members and check that our
// non-member now has the permission.
/** @var \Drupal\og\Entity\OgRole $role */
$role = OgRole::loadByGroupAndName($this->group, OgRoleInterface::ANONYMOUS);
$role
->grantPermission('some_perm')
->save();
$this
->assertTrue($this->ogAccess
->userAccess($this->group, 'some_perm', $this->nonMemberUser)
->isAllowed());
// Revoke the arbitrary permission again for non-members and check that our
// poor non-member loses the permission.
$role
->revokePermission('some_perm')
->save();
$this
->assertFalse($this->ogAccess
->userAccess($this->group, 'some_perm', $this->nonMemberUser)
->isAllowed());
// Make the non-member a member with the role. They should regain the
// permission.
$membership = Og::createMembership($this->group, $this->nonMemberUser);
$membership
->addRole($roles['arbitrary_permission'])
->save();
$this
->assertTrue($this->ogAccess
->userAccess($this->group, 'some_perm', $this->nonMemberUser)
->isAllowed());
// Group admin user should have access regardless.
$this
->assertTrue($this->ogAccess
->userAccess($this->group, 'some_perm', $this->adminUser)
->isAllowed());
$this
->assertTrue($this->ogAccess
->userAccess($this->group, $this
->randomMachineName(), $this->adminUser)
->isAllowed());
// Also group admins that have a custom admin role should have access.
$this
->assertTrue($this->ogAccess
->userAccess($this->group, 'some_perm', $this->alternativeAdminUser)
->isAllowed());
$this
->assertTrue($this->ogAccess
->userAccess($this->group, $this
->randomMachineName(), $this->alternativeAdminUser)
->isAllowed());
// The admin user should no longer have access if the role is demoted from
// being an admin role.
$admin_role = OgRole::loadByGroupAndName($this->group, OgRoleInterface::ADMINISTRATOR);
$admin_role
->setIsAdmin(FALSE)
->save();
$this
->assertFalse($this->ogAccess
->userAccess($this->group, 'some_perm', $this->adminUser)
->isAllowed());
$this
->assertFalse($this->ogAccess
->userAccess($this->group, $this
->randomMachineName(), $this->adminUser)
->isAllowed());
// The group owner should have access using the default configuration.
$this
->assertTrue($this->ogAccess
->userAccess($this->group, 'some_perm', $this->ownerUser)
->isAllowed());
// Change the configuration to no longer grant full access to the group
// owner. This should revoke access.
$this
->config('og.settings')
->set('group_manager_full_access', FALSE)
->save();
$this
->assertFalse($this->ogAccess
->userAccess($this->group, 'some_perm', $this->ownerUser)
->isAllowed());
}