class OgGroupContentOperationAccessTest in Organic groups 8
Test access to group content operations for group members.
@group og
Hierarchy
- class \Drupal\KernelTests\KernelTestBase extends \PHPUnit\Framework\TestCase implements ServiceProviderInterface uses AssertContentTrait, AssertLegacyTrait, AssertHelperTrait, ConfigTestTrait, PhpunitCompatibilityTrait, RandomGeneratorTrait, TestRequirementsTrait
- class \Drupal\Tests\og\Kernel\Access\OgGroupContentOperationAccessTest uses OgMembershipCreationTrait
Expanded class hierarchy of OgGroupContentOperationAccessTest
File
- tests/
src/ Kernel/ Access/ OgGroupContentOperationAccessTest.php, line 24
Namespace
Drupal\Tests\og\Kernel\AccessView source
class OgGroupContentOperationAccessTest extends KernelTestBase {
use OgMembershipCreationTrait;
/**
* {@inheritdoc}
*/
public static $modules = [
'comment',
'entity_test',
'field',
'node',
'og',
'system',
'user',
];
/**
* An array of test users.
*
* @var \Drupal\user\Entity\User[]
*/
protected $users;
/**
* A test group.
*
* @var \Drupal\entity_test\Entity\EntityTest
*/
protected $group;
/**
* The bundle ID of the test group.
*
* @var string
*/
protected $groupBundle;
/**
* An array of test roles.
*
* @var \Drupal\og\OgRoleInterface[]
*/
protected $roles;
/**
* An array of test group content, keyed by bundle ID and user ID.
*
* @var \Drupal\Core\Entity\ContentEntityInterface[][]
*/
protected $groupContent;
/**
* The entity type manager.
*
* @var \Drupal\Core\Entity\EntityTypeManagerInterface
*/
protected $entityTypeManager;
/**
* {@inheritdoc}
*/
protected function setUp() : void {
parent::setUp();
$this
->installConfig([
'og',
]);
$this
->installEntitySchema('entity_test');
$this
->installEntitySchema('comment');
$this
->installEntitySchema('node');
$this
->installEntitySchema('og_membership');
$this
->installEntitySchema('user');
$this
->installSchema('system', 'sequences');
$this->entityTypeManager = $this->container
->get('entity_type.manager');
$this->groupBundle = mb_strtolower($this
->randomMachineName());
// Create a test user with UID 1. This user has universal access.
$this->users['uid1'] = User::create([
'name' => $this
->randomString(),
]);
$this->users['uid1']
->save();
// Create a user that will serve as the group owner. There are no special
// permissions granted to the group owner, so this user can be used for
// creating entities that are not owned by the user under test.
$this->users['group_owner'] = User::create([
'name' => $this
->randomString(),
]);
$this->users['group_owner']
->save();
// Declare that the test entity is a group type.
Og::groupTypeManager()
->addGroup('entity_test', $this->groupBundle);
// Create the test group.
$this->group = EntityTest::create([
'type' => $this->groupBundle,
'name' => $this
->randomString(),
'user_id' => $this->users['group_owner']
->id(),
]);
$this->group
->save();
// Create 3 test roles with associated permissions. We will simulate a
// project that has two group content types:
// - 'newsletter': Any registered user can create entities of this type,
// even if they are not a member of the group.
// - 'article': These can only be created by group members. Normal members
// can edit and delete their own articles, while admins can edit and
// delete any article.
$permission_matrix = [
OgRoleInterface::ANONYMOUS => [
'create newsletter comment',
'update own newsletter comment',
'delete own newsletter comment',
],
OgRoleInterface::AUTHENTICATED => [
'create newsletter comment',
'update own newsletter comment',
'delete own newsletter comment',
'create article content',
'edit own article content',
'delete own article content',
],
// The administrator is not explicitly granted permission to edit or
// delete their own group content. Having the 'any' permission should be
// sufficient to also be able to edit their own content.
OgRoleInterface::ADMINISTRATOR => [
'create newsletter comment',
'update any newsletter comment',
'delete any newsletter comment',
'create article content',
'edit any article content',
'delete any article content',
],
];
foreach ($permission_matrix as $role_name => $permissions) {
$this->roles[$role_name] = OgRole::loadByGroupAndName($this->group, $role_name);
foreach ($permissions as $permission) {
$this->roles[$role_name]
->grantPermission($permission);
}
$this->roles[$role_name]
->save();
// Create a test user with this role.
$this->users[$role_name] = User::create([
'name' => $this
->randomString(),
]);
$this->users[$role_name]
->save();
// Subscribe the user to the group.
// Skip creation of the membership for the non-member user. It is actually
// fine to save this membership, but in the most common use case this
// membership will not exist in the database.
if ($role_name !== OgRoleInterface::ANONYMOUS) {
$this
->createOgMembership($this->group, $this->users[$role_name], [
$role_name,
]);
}
}
// Create a 'blocked' user. This user is identical to the normal
// 'authenticated' member, except that they have the 'blocked' state.
$this->users['blocked'] = User::create([
'name' => $this
->randomString(),
]);
$this->users['blocked']
->save();
$this
->createOgMembership($this->group, $this->users['blocked'], NULL, OgMembershipInterface::STATE_BLOCKED);
// Create a 'newsletter' group content type. We are using the Comment entity
// for this to verify that this functionality works for all entity types. We
// cannot use the 'entity_test' entity for this since it has no support for
// bundles. Let's imagine that we have a use case where the user can leave a
// comment with the text 'subscribe' in order to subscribe to the
// newsletter.
CommentType::create([
'id' => 'newsletter',
'label' => 'Newsletter subscription',
'target_entity_type_id' => 'entity_test',
])
->save();
$settings = [
'field_storage_config' => [
'settings' => [
'target_type' => 'entity_test',
],
],
];
Og::createField(OgGroupAudienceHelperInterface::DEFAULT_FIELD, 'comment', 'newsletter', $settings);
// Create an 'article' group content type.
NodeType::create([
'type' => 'article',
'name' => 'Article',
])
->save();
Og::createField(OgGroupAudienceHelperInterface::DEFAULT_FIELD, 'node', 'article', $settings);
// Create a group content entity owned by each test user, for both the
// 'newsletter' and 'article' bundles.
$user_ids = [
'uid1',
'group_owner',
OgRoleInterface::ANONYMOUS,
OgRoleInterface::AUTHENTICATED,
OgRoleInterface::ADMINISTRATOR,
'blocked',
];
foreach ([
'newsletter',
'article',
] as $bundle_id) {
foreach ($user_ids as $user_id) {
$entity_type = $bundle_id === 'article' ? 'node' : 'comment';
switch ($entity_type) {
case 'node':
$values = [
'title' => $this
->randomString(),
'type' => $bundle_id,
OgGroupAudienceHelperInterface::DEFAULT_FIELD => [
[
'target_id' => $this->group
->id(),
],
],
];
break;
case 'comment':
$values = [
'subject' => 'subscribe',
'comment_type' => $bundle_id,
'entity_id' => $this->group
->id(),
'entity_type' => 'entity_test',
'field_name' => 'an_imaginary_field',
OgGroupAudienceHelperInterface::DEFAULT_FIELD => [
[
'target_id' => $this->group
->id(),
],
],
];
break;
}
$entity = $this->entityTypeManager
->getStorage($entity_type)
->create($values);
$entity
->setOwner($this->users[$user_id]);
$entity
->save();
$this->groupContent[$bundle_id][$user_id] = $entity;
}
}
}
/**
* Test access to group content entity operations.
*
* @dataProvider accessProvider
*/
public function testAccess($group_content_bundle_id, $expected_access_matrix) {
/** @var \Drupal\og\OgAccessInterface $og_access */
$og_access = $this->container
->get('og.access');
foreach ($expected_access_matrix as $user_id => $operations) {
foreach ($operations as $operation => $ownerships) {
foreach ($ownerships as $ownership => $expected_access) {
// Depending on whether we're testing access to a user's own entity,
// use either the entity owned by the user, or the one used by the
// group owner.
$entity = $ownership === 'own' ? $this->groupContent[$group_content_bundle_id][$user_id] : $this->groupContent[$group_content_bundle_id]['group_owner'];
$user = $this->users[$user_id];
$this
->assertEquals($expected_access, $og_access
->userAccessEntityOperation($operation, $entity, $user)
->isAllowed(), "Operation: {$operation}, ownership: {$ownership}, user: {$user_id}, bundle: {$group_content_bundle_id}");
}
}
}
}
/**
* Data provider for ::testAccess().
*
* @return array
* And array of test data sets. Each set consisting of:
* - A string representing the group content bundle ID upon which the
* operation is performed. Can be either 'newsletter' or 'article'.
* - An array mapping the different users and the possible operations, and
* whether or not the user is expected to be granted access to this
* operation, depending on whether they own the content or not.
*/
public function accessProvider() {
return [
[
'newsletter',
[
// The super user and the administrator have the right to create,
// update and delete any newsletter subscription.
'uid1' => [
'create' => [
'any' => TRUE,
],
'update' => [
'own' => TRUE,
'any' => TRUE,
],
'delete' => [
'own' => TRUE,
'any' => TRUE,
],
],
OgRoleInterface::ADMINISTRATOR => [
'create' => [
'any' => TRUE,
],
'update' => [
'own' => TRUE,
'any' => TRUE,
],
'delete' => [
'own' => TRUE,
'any' => TRUE,
],
],
// Non-members and members have the right to subscribe to the
// newsletter, and to manage or delete their own newsletter
// subscriptions.
OgRoleInterface::ANONYMOUS => [
'create' => [
'any' => TRUE,
],
'update' => [
'own' => TRUE,
'any' => FALSE,
],
'delete' => [
'own' => TRUE,
'any' => FALSE,
],
],
OgRoleInterface::AUTHENTICATED => [
'create' => [
'any' => TRUE,
],
'update' => [
'own' => TRUE,
'any' => FALSE,
],
'delete' => [
'own' => TRUE,
'any' => FALSE,
],
],
// Blocked users cannot do anything, not even update or delete their
// own content.
'blocked' => [
'create' => [
'any' => FALSE,
],
'update' => [
'own' => FALSE,
'any' => FALSE,
],
'delete' => [
'own' => FALSE,
'any' => FALSE,
],
],
],
],
[
'article',
[
// The super user and the administrator have the right to create,
// update and delete any article.
'uid1' => [
'create' => [
'any' => TRUE,
],
'update' => [
'own' => TRUE,
'any' => TRUE,
],
'delete' => [
'own' => TRUE,
'any' => TRUE,
],
],
OgRoleInterface::ADMINISTRATOR => [
'create' => [
'any' => TRUE,
],
'update' => [
'own' => TRUE,
'any' => TRUE,
],
'delete' => [
'own' => TRUE,
'any' => TRUE,
],
],
// Non-members do not have the right to create or manage any article.
OgRoleInterface::ANONYMOUS => [
'create' => [
'any' => FALSE,
],
'update' => [
'own' => FALSE,
'any' => FALSE,
],
'delete' => [
'own' => FALSE,
'any' => FALSE,
],
],
// Members have the right to create new articles, and to manage their
// own articles.
OgRoleInterface::AUTHENTICATED => [
'create' => [
'any' => TRUE,
],
'update' => [
'own' => TRUE,
'any' => FALSE,
],
'delete' => [
'own' => TRUE,
'any' => FALSE,
],
],
// Blocked users cannot do anything, not even update or delete their
// own content.
'blocked' => [
'create' => [
'any' => FALSE,
],
'update' => [
'own' => FALSE,
'any' => FALSE,
],
'delete' => [
'own' => FALSE,
'any' => FALSE,
],
],
],
],
];
}
}Members
Name |
Modifiers | Type | Description | Overrides |
|---|---|---|---|---|
|
AssertContentTrait:: |
protected | property | The current raw content. | |
|
AssertContentTrait:: |
protected | property | The drupalSettings value from the current raw $content. | |
|
AssertContentTrait:: |
protected | property | The XML structure parsed from the current raw $content. | 1 |
|
AssertContentTrait:: |
protected | property | The plain-text content of raw $content (text nodes). | |
|
AssertContentTrait:: |
protected | function | Passes if the raw text IS found escaped on the loaded page, fail otherwise. | |
|
AssertContentTrait:: |
protected | function | Asserts that a field exists with the given name or ID. | |
|
AssertContentTrait:: |
protected | function | Asserts that a field exists with the given ID and value. | |
|
AssertContentTrait:: |
protected | function | Asserts that a field exists with the given name and value. | |
|
AssertContentTrait:: |
protected | function | Asserts that a field exists in the current page by the given XPath. | |
|
AssertContentTrait:: |
protected | function | Asserts that a checkbox field in the current page is checked. | |
|
AssertContentTrait:: |
protected | function | Asserts that a field exists in the current page with a given Xpath result. | |
|
AssertContentTrait:: |
protected | function | Passes if a link with the specified label is found. | |
|
AssertContentTrait:: |
protected | function | Passes if a link containing a given href (part) is found. | |
|
AssertContentTrait:: |
protected | function | Asserts that each HTML ID is used for just a single element. | |
|
AssertContentTrait:: |
protected | function | Passes if the raw text IS NOT found escaped on the loaded page, fail otherwise. | |
|
AssertContentTrait:: |
protected | function | Asserts that a field does not exist with the given name or ID. | |
|
AssertContentTrait:: |
protected | function | Asserts that a field does not exist with the given ID and value. | |
|
AssertContentTrait:: |
protected | function | Asserts that a field does not exist with the given name and value. | |
|
AssertContentTrait:: |
protected | function | Asserts that a field does not exist or its value does not match, by XPath. | |
|
AssertContentTrait:: |
protected | function | Asserts that a checkbox field in the current page is not checked. | |
|
AssertContentTrait:: |
protected | function | Passes if a link with the specified label is not found. | |
|
AssertContentTrait:: |
protected | function | Passes if a link containing a given href (part) is not found. | |
|
AssertContentTrait:: |
protected | function | Passes if a link containing a given href is not found in the main region. | |
|
AssertContentTrait:: |
protected | function | Asserts that a select option in the current page does not exist. | |
|
AssertContentTrait:: |
protected | function | Asserts that a select option in the current page is not checked. | |
|
AssertContentTrait:: |
protected | function | Triggers a pass if the perl regex pattern is not found in raw content. | |
|
AssertContentTrait:: |
protected | function | Passes if the raw text is NOT found on the loaded page, fail otherwise. | |
|
AssertContentTrait:: |
protected | function | Passes if the page (with HTML stripped) does not contains the text. | |
|
AssertContentTrait:: |
protected | function | Pass if the page title is not the given string. | |
|
AssertContentTrait:: |
protected | function | Passes if the text is found MORE THAN ONCE on the text version of the page. | |
|
AssertContentTrait:: |
protected | function | Asserts that a select option in the current page exists. | |
|
AssertContentTrait:: |
protected | function | Asserts that a select option with the visible text exists. | |
|
AssertContentTrait:: |
protected | function | Asserts that a select option in the current page is checked. | |
|
AssertContentTrait:: |
protected | function | Asserts that a select option in the current page is checked. | |
|
AssertContentTrait:: |
protected | function | Asserts that a select option in the current page exists. | |
|
AssertContentTrait:: |
protected | function | Triggers a pass if the Perl regex pattern is found in the raw content. | |
|
AssertContentTrait:: |
protected | function | Passes if the raw text IS found on the loaded page, fail otherwise. | |
|
AssertContentTrait:: |
protected | function | Passes if the page (with HTML stripped) contains the text. | |
|
AssertContentTrait:: |
protected | function | Helper for assertText and assertNoText. | |
|
AssertContentTrait:: |
protected | function | Asserts that a Perl regex pattern is found in the plain-text content. | |
|
AssertContentTrait:: |
protected | function | Asserts themed output. | |
|
AssertContentTrait:: |
protected | function | Pass if the page title is the given string. | |
|
AssertContentTrait:: |
protected | function | Passes if the text is found ONLY ONCE on the text version of the page. | |
|
AssertContentTrait:: |
protected | function | Helper for assertUniqueText and assertNoUniqueText. | |
|
AssertContentTrait:: |
protected | function | Builds an XPath query. | |
|
AssertContentTrait:: |
protected | function | Helper: Constructs an XPath for the given set of attributes and value. | |
|
AssertContentTrait:: |
protected | function | Searches elements using a CSS selector in the raw content. | |
|
AssertContentTrait:: |
protected | function | Get all option elements, including nested options, in a select. | |
|
AssertContentTrait:: |
protected | function | Gets the value of drupalSettings for the currently-loaded page. | |
|
AssertContentTrait:: |
protected | function | Gets the current raw content. | |
|
AssertContentTrait:: |
protected | function | Get the selected value from a select field. | |
|
AssertContentTrait:: |
protected | function | Retrieves the plain-text content from the current raw content. | |
|
AssertContentTrait:: |
protected | function | Get the current URL from the cURL handler. | 1 |
|
AssertContentTrait:: |
protected | function | Parse content returned from curlExec using DOM and SimpleXML. | |
|
AssertContentTrait:: |
protected | function | Removes all white-space between HTML tags from the raw content. | |
|
AssertContentTrait:: |
protected | function | Sets the value of drupalSettings for the currently-loaded page. | |
|
AssertContentTrait:: |
protected | function | Sets the raw content (e.g. HTML). | |
|
AssertContentTrait:: |
protected | function | Performs an xpath search on the contents of the internal browser. | |
|
AssertHelperTrait:: |
protected static | function | Casts MarkupInterface objects into strings. | |
|
AssertLegacyTrait:: |
protected | function | Deprecated Scheduled for removal in Drupal 10.0.0. Use self::assertTrue() instead. | |
|
AssertLegacyTrait:: |
protected | function | Deprecated Scheduled for removal in Drupal 10.0.0. Use self::assertEquals() instead. | |
|
AssertLegacyTrait:: |
protected | function | Deprecated Scheduled for removal in Drupal 10.0.0. Use self::assertSame() instead. | |
|
AssertLegacyTrait:: |
protected | function | Deprecated Scheduled for removal in Drupal 10.0.0. Use self::assertEquals() instead. | |
|
AssertLegacyTrait:: |
protected | function | Deprecated Scheduled for removal in Drupal 10.0.0. Use self::assertNotEquals() instead. | |
|
AssertLegacyTrait:: |
protected | function | Deprecated Scheduled for removal in Drupal 10.0.0. Use self::assertNotSame() instead. | |
|
AssertLegacyTrait:: |
protected | function | Deprecated Scheduled for removal in Drupal 10.0.0. Use self::assertTrue() instead. | |
|
AssertLegacyTrait:: |
protected | function | ||
|
ConfigTestTrait:: |
protected | function | Returns a ConfigImporter object to import test configuration. | |
|
ConfigTestTrait:: |
protected | function | Copies configuration objects from source storage to target storage. | |
|
KernelTestBase:: |
protected | property | Back up and restore any global variables that may be changed by tests. | |
|
KernelTestBase:: |
protected | property | Back up and restore static class properties that may be changed by tests. | |
|
KernelTestBase:: |
protected | property | Contains a few static class properties for performance. | |
|
KernelTestBase:: |
protected | property | ||
|
KernelTestBase:: |
protected | property | @todo Move into Config test base class. | 7 |
|
KernelTestBase:: |
protected static | property | An array of config object names that are excluded from schema checking. | |
|
KernelTestBase:: |
protected | property | ||
|
KernelTestBase:: |
protected | property | ||
|
KernelTestBase:: |
protected | property | Do not forward any global state from the parent process to the processes that run the actual tests. | |
|
KernelTestBase:: |
protected | property | The app root. | |
|
KernelTestBase:: |
protected | property | Kernel tests are run in separate processes because they allow autoloading of code from extensions. Running the test in a separate process isolates this behavior from other tests. Subclasses should not override this property. | |
|
KernelTestBase:: |
protected | property | ||
|
KernelTestBase:: |
protected | property | Set to TRUE to strict check all configuration saved. | 6 |
|
KernelTestBase:: |
protected | property | The virtual filesystem root directory. | |
|
KernelTestBase:: |
protected | function | 1 | |
|
KernelTestBase:: |
protected | function | Bootstraps a basic test environment. | |
|
KernelTestBase:: |
private | function | Bootstraps a kernel for a test. | |
|
KernelTestBase:: |
protected | function | Configuration accessor for tests. Returns non-overridden configuration. | |
|
KernelTestBase:: |
protected | function | Disables modules for this test. | |
|
KernelTestBase:: |
protected | function | Enables modules for this test. | |
|
KernelTestBase:: |
protected | function | Gets the config schema exclusions for this test. | |
|
KernelTestBase:: |
protected | function | Returns the Database connection info to be used for this test. | 1 |
|
KernelTestBase:: |
public | function | ||
|
KernelTestBase:: |
private | function | Returns Extension objects for $modules to enable. | |
|
KernelTestBase:: |
private static | function | Returns the modules to enable for this test. | |
|
KernelTestBase:: |
protected | function | Initializes the FileCache component. | |
|
KernelTestBase:: |
protected | function | Installs default configuration for a given list of modules. | |
|
KernelTestBase:: |
protected | function | Installs the storage schema for a specific entity type. | |
|
KernelTestBase:: |
protected | function | Installs database tables from a module schema definition. | |
|
KernelTestBase:: |
protected | function | Returns whether the current test method is running in a separate process. | |
|
KernelTestBase:: |
protected | function | ||
|
KernelTestBase:: |
public | function |
Registers test-specific services. Overrides ServiceProviderInterface:: |
26 |
|
KernelTestBase:: |
protected | function | Renders a render array. | 1 |
|
KernelTestBase:: |
protected | function | Sets the install profile and rebuilds the container to update it. | |
|
KernelTestBase:: |
protected | function | Sets an in-memory Settings variable. | |
|
KernelTestBase:: |
public static | function | 1 | |
|
KernelTestBase:: |
protected | function | Sets up the filesystem, so things like the file directory. | 2 |
|
KernelTestBase:: |
protected | function | Stops test execution. | |
|
KernelTestBase:: |
protected | function | 6 | |
|
KernelTestBase:: |
public | function | @after | |
|
KernelTestBase:: |
protected | function | Dumps the current state of the virtual filesystem to STDOUT. | |
|
KernelTestBase:: |
public | function | BC: Automatically resolve former KernelTestBase class properties. | |
|
KernelTestBase:: |
public | function | Prevents serializing any properties. | |
|
OgGroupContentOperationAccessTest:: |
protected | property | The entity type manager. | |
|
OgGroupContentOperationAccessTest:: |
protected | property | A test group. | |
|
OgGroupContentOperationAccessTest:: |
protected | property | The bundle ID of the test group. | |
|
OgGroupContentOperationAccessTest:: |
protected | property | An array of test group content, keyed by bundle ID and user ID. | |
|
OgGroupContentOperationAccessTest:: |
public static | property |
Modules to enable. Overrides KernelTestBase:: |
|
|
OgGroupContentOperationAccessTest:: |
protected | property | An array of test roles. | |
|
OgGroupContentOperationAccessTest:: |
protected | property | An array of test users. | |
|
OgGroupContentOperationAccessTest:: |
public | function | Data provider for ::testAccess(). | |
|
OgGroupContentOperationAccessTest:: |
protected | function |
Overrides KernelTestBase:: |
|
|
OgGroupContentOperationAccessTest:: |
public | function | Test access to group content entity operations. | |
|
OgMembershipCreationTrait:: |
protected | function | Creates a test membership. | |
|
PhpunitCompatibilityTrait:: |
public | function | Returns a mock object for the specified class using the available method. | |
|
PhpunitCompatibilityTrait:: |
public | function | Compatibility layer for PHPUnit 6 to support PHPUnit 4 code. | |
|
RandomGeneratorTrait:: |
protected | property | The random generator. | |
|
RandomGeneratorTrait:: |
protected | function | Gets the random generator for the utility methods. | |
|
RandomGeneratorTrait:: |
protected | function | Generates a unique random string containing letters and numbers. | 1 |
|
RandomGeneratorTrait:: |
public | function | Generates a random PHP object. | |
|
RandomGeneratorTrait:: |
public | function | Generates a pseudo-random string of ASCII characters of codes 32 to 126. | |
|
RandomGeneratorTrait:: |
public | function | Callback for random string validation. | |
|
StorageCopyTrait:: |
protected static | function | Copy the configuration from one storage to another and remove stale items. | |
|
TestRequirementsTrait:: |
private | function | Checks missing module requirements. | |
|
TestRequirementsTrait:: |
protected | function | Check module requirements for the Drupal use case. | 1 |
|
TestRequirementsTrait:: |
protected static | function | Returns the Drupal root directory. |