You are here

public function ParagraphsLibraryItemTest::testLibraryItemsAccessControl in Paragraphs 8

Tests the library items permissions in different scenarios.

File

modules/paragraphs_library/tests/src/Functional/ParagraphsLibraryItemTest.php, line 68

Class

ParagraphsLibraryItemTest
Tests the functionality of the Paragraphs Library.

Namespace

Drupal\Tests\paragraphs_library\Functional

Code

public function testLibraryItemsAccessControl() {

  // Login as a user with create paragraph library item permission.
  $role = $this
    ->createRole([
    'create paragraph library item',
  ]);
  $user = $this
    ->createUser([]);
  $user
    ->addRole($role);
  $user
    ->save();
  $this
    ->drupalLogin($user);

  // Add a new library item.
  $this
    ->drupalGet('admin/content/paragraphs/add/default');
  $this
    ->getSession()
    ->getPage()
    ->pressButton('Add text');
  $edit = [
    'label[0][value]' => 'Library item',
    'paragraphs[0][subform][field_text][0][value]' => 'Item content',
  ];
  $this
    ->submitForm($edit, 'Save');
  $this
    ->assertSession()
    ->pageTextContains('Paragraph Library item has been created');

  // Assert a user has no access to the global library overview page.
  $this
    ->assertSession()
    ->statusCodeEquals(403);
  $matched_library_items = $this->container
    ->get('entity_type.manager')
    ->getStorage('paragraphs_library_item')
    ->loadByProperties([
    'label' => 'Library item',
  ]);
  $library_item = reset($matched_library_items);
  $library_item_id = $library_item
    ->id();

  // Assert a regular user has no edit and delete access.
  $this
    ->assertLibraryItemAccess($library_item_id, 403, 'edit');
  $this
    ->assertLibraryItemAccess($library_item_id, 403, 'delete');

  // Add edit paragraph library item permission.
  user_role_grant_permissions($role, [
    'edit paragraph library item',
  ]);
  $this
    ->assertLibraryItemAccess($library_item_id, 200, 'edit');
  $this
    ->assertLibraryItemAccess($library_item_id, 403, 'delete');

  // Enable granular permissions and make sure a user can not edit the library
  // item anymore due to missing edit permission for target paragraph type.
  $this->container
    ->get('module_installer')
    ->install([
    'paragraphs_type_permissions',
  ]);
  $this
    ->assertLibraryItemAccess($library_item_id, 403, 'edit');
  user_role_grant_permissions($role, [
    'update paragraph content text',
  ]);
  $this
    ->assertLibraryItemAccess($library_item_id, 200, 'edit');
  $this
    ->assertLibraryItemAccess($library_item_id, 403, 'delete');
  user_role_revoke_permissions($role, [
    'create paragraph library item',
    'edit paragraph library item',
  ]);
  user_role_grant_permissions($role, [
    'administer paragraphs library',
  ]);
  $this
    ->assertLibraryItemAccess($library_item_id, 200, 'edit');

  // User has no delete access due to missing delete permission for the target
  // paragraph type.
  $this
    ->assertLibraryItemAccess($library_item_id, 403, 'delete');
  user_role_grant_permissions($role, [
    'delete paragraph content text',
  ]);
  $this
    ->assertLibraryItemAccess($library_item_id, 200, 'delete');
}