View source
<?php
namespace Drupal\optimizely\Tests;
use Drupal\simpletest\WebTestBase;
class OptimizelyAccessTest extends WebTestBase {
protected $listingPage = 'admin/config/system/optimizely';
protected $addUpdatePage = 'admin/config/system/optimizely/add_update';
protected $deletePage = 'admin/config/system/optimizely/delete/2';
protected $settingsPage = 'admin/config/system/optimizely/settings';
protected $ajaxCallbackPage = 'ajax/optimizely';
protected $noPermissionsUser;
protected $somePermissionsUser;
protected $privilegedUser;
protected $optimizelyPermission = 'administer optimizely';
public static $modules = [
'optimizely',
'node',
];
public static function getInfo() {
return [
'name' => 'Optimizely Access',
'description' => 'Test that no part of the Optimizely module administration' . ' interface can be accessed without the necessary permissions.',
'group' => 'Optimizely',
];
}
public function setUp() {
parent::setUp();
$this
->drupalCreateContentType([
'type' => 'page',
'name' => 'Basic page',
]);
$this->noPermissionsUser = $this
->drupalCreateUser([]);
$this->somePermissionsUser = $this
->drupalCreateUser([
'access content',
'create page content',
'edit own page content',
]);
$this->privilegedUser = $this
->drupalCreateUser([
'access content',
'create page content',
'edit own page content',
$this->optimizelyPermission,
]);
}
public function testOptimizelyPermission() {
$valid = $this
->checkPermissions([
'name' => $this->optimizelyPermission,
]);
$this
->assertTrue($valid, t("<strong> '@perm' is a valid permission.</strong>", [
'@perm' => $this->optimizelyPermission,
]), 'Optimizely');
}
public function testUserNoPermission() {
$this
->checkNoAccess($this->noPermissionsUser);
$this
->checkNoAccess($this->somePermissionsUser);
}
private function checkNoAccess($user) {
$access_forbidden = '403';
$this
->drupalLogin($user);
$this
->drupalGet($this->listingPage);
$this
->assertResponse($access_forbidden, "<strong>User without {$this->optimizelyPermission} permission may not" . " access project listing page -> {$this->listingPage} </strong>", 'Optimizely');
$this
->drupalGet($this->addUpdatePage);
$this
->assertResponse($access_forbidden, "<strong>User without {$this->optimizelyPermission} permission may not" . " access project add/update page -> {$this->addUpdatePage} </strong>", 'Optimizely');
$this
->drupalGet($this->deletePage);
$this
->assertResponse($access_forbidden, "<strong>User without {$this->optimizelyPermission} permission may not" . " access project delete page -> {$this->deletePage} </strong>", 'Optimizely');
$this
->drupalGet($this->settingsPage);
$this
->assertResponse($access_forbidden, "<strong>User without {$this->optimizelyPermission} permission may not" . " access project settings page -> {$this->settingsPage} </strong>", 'Optimizely');
$this
->drupalGet($this->ajaxCallbackPage);
$this
->assertResponse($access_forbidden, "<strong>User without {$this->optimizelyPermission} permission may not" . " access AJAX callback URL -> {$this->ajaxCallbackPage} </strong>", 'Optimizely');
$this
->drupalLogout();
}
public function testUserWithPermission() {
$access_ok = '200';
$this
->drupalLogin($this->privilegedUser);
$this
->drupalGet($this->listingPage);
$this
->assertResponse($access_ok, "<strong>User with {$this->optimizelyPermission} permission may" . " access project listing page -> {$this->listingPage} </strong>", 'Optimizely');
$this
->drupalGet($this->addUpdatePage);
$this
->assertResponse($access_ok, "<strong>User with {$this->optimizelyPermission} permission may" . " access project add/update page -> {$this->addUpdatePage} </strong>", 'Optimizely');
$this
->drupalGet($this->deletePage);
$this
->assertResponse($access_ok, "<strong>User with {$this->optimizelyPermission} permission may" . " access project delete page -> {$this->deletePage} </strong>", 'Optimizely');
$this
->drupalGet($this->settingsPage);
$this
->assertResponse($access_ok, "<strong>User with {$this->optimizelyPermission} permission may" . " access project settings page -> {$this->settingsPage} </strong>", 'Optimizely');
$this
->drupalLogout();
}
}