You are here

party_access.test in Party 8.2

Same filename and directory in other branches
  1. 7 tests/party_access.test

Access Tests for the Party module.

File

tests/party_access.test
View source
<?php

/**
 * @file
 * Access Tests for the Party module.
 */

/**
 * Test Core Party functionality
 */
class PartyAccessTestCase extends PartyBaseTestCase {
  protected $privileged_user;
  public static function getInfo() {
    return array(
      'name' => 'Party Access',
      'description' => 'Party access test.',
      'group' => 'Party',
      'dependencies' => array(
        'email_confirm',
      ),
    );
  }

  /**
   * Set up the testing environment.
   *
   * Install party and party_profile, create a profile2 data set to test with,
   * and create an empty party.
   */
  public function setUp() {
    parent::setUp('party', 'party_profile', 'party_user');

    // Enable any modules required for the test
    // Set up a data set to test permission on.
    $this->data_set_name = 'profile2_' . $this
      ->createTestProfile2();

    // Create a party to have some fun with.
    $this->party = party_create();
    $this->party
      ->save();
  }

  /**
   * Test CRUD Access on Party Entities.
   *
   * @todo: I guess we should check that the pages for each of this options are
   *  inaccessible as well.
   */
  public function testPartyCRUDAccess() {

    // Create a user with no permissions.
    $user_no_access = $this
      ->drupalCreateUser();

    // Make a user with permission to view parties
    $user = $this
      ->drupalCreateUser(array(
      'view parties',
    ));

    // Assert that the user has access to view the party.
    $this
      ->assertTrue(party_access('view', $this->party, NULL, $user), t('A user with permission view parties can view them.'));

    // Assert that a user with no permissions cannot view the party.
    $this
      ->assertFalse(party_access('view', $this->party, NULL, $user_no_access), t('A user without permission to view parties cannot view them.'));

    // Make a user with permission to edit parties
    $user = $this
      ->drupalCreateUser(array(
      'edit parties',
    ));

    // Assert that the user has access to edit the party.
    $this
      ->assertTrue(party_access('edit', $this->party, NULL, $user), t('A user with permission edit parties can edit them.'));

    // Assert that a user with no permissions cannot edit the party.
    $this
      ->assertFalse(party_access('edit', $this->party, NULL, $user_no_access), t('A user without permission to edit parties cannot edit them.'));

    // Make a user with permission to delete parties
    $user = $this
      ->drupalCreateUser(array(
      'delete parties',
    ));

    // Assert that the user has access to delete the party.
    $this
      ->assertTrue(party_access('delete', $this->party, NULL, $user), t('A user with permission delete parties can delete them.'));

    // Assert that a user with no permissions cannot delete the party.
    $this
      ->assertFalse(party_access('delete', $this->party, NULL, $user_no_access), t('A user without permission to delete parties cannot delete them.'));
  }

  /**
   * Test Data Set CRUD Access.
   */
  public function testPartyDataSetCRUDAccess() {

    // Create a user with no permissions.
    $user_no_access = $this
      ->drupalCreateUser();

    // Create a user with permission to view a given data set
    $user = $this
      ->drupalCreateUser(array(
      'view party attached ' . $this->data_set_name,
    ));

    // Assert that the user has access to view the data set.
    $this
      ->assertTrue(party_access('view', $this->party, $this->data_set_name, $user), t('A user with permission to view a given data set can view it.'));

    // Assert that a user with no permission cannot view the data set.
    $this
      ->assertFalse(party_access('view', $this->party, $this->data_set_name, $user_no_access), t('A user without permission to view a given data set cannot view it.'));

    // Create a user with permission to edit a given data set
    $user = $this
      ->drupalCreateUser(array(
      'edit party attached ' . $this->data_set_name,
    ));

    // Assert that the user has access to edit the data set.
    $this
      ->assertTrue(party_access('edit', $this->party, $this->data_set_name, $user), t('A user with permission to edit a given data set can edit it.'));

    // Assert that a user with no permission cannot edit the data set.
    $this
      ->assertFalse(party_access('edit', $this->party, $this->data_set_name, $user_no_access), t('A user without permission to edit a given data set cannot edit it.'));

    // Create a user with permission to detach a given data set
    $user = $this
      ->drupalCreateUser(array(
      'detach party attached ' . $this->data_set_name,
    ));

    // Assert that the user has access to detach the data set.
    $this
      ->assertTrue(party_access('detach', $this->party, $this->data_set_name, $user), t('A user with permission to detach a given data set can detach it.'));

    // Assert that a user with no permission cannot detach the data set.
    $this
      ->assertFalse(party_access('detach', $this->party, $this->data_set_name, $user_no_access), t('A user without permission to detach a given data set cannot detach it.'));

    /**
    * @todo: Add a permission to 'add' a data set.
    *
        // Create a user with permission to add a given data set
        $user = $this->drupalCreateUser( array(
     'add party ' . $this->data_set_name,
        ));
        // Assert that the user has access to add the data set.
        $this->assertTrue(party_access('add', $this->party, $this->data_set_name, $user), t('A user with permission to add a given data set can add it.'));
        // Assert that a user with no permission cannot add the data set.
        $this->assertFalse(party_access('add', $this->party, $this->data_set_name, $user_no_access), t('A user without permission to add a given data set cannot add it.'));
    */

    // Create a user with permission to attach a given data set
    $user = $this
      ->drupalCreateUser(array(
      'attach party user',
    ));

    // Assert that the user has access to attach the data set.
    $this
      ->assertTrue(party_access('attach', $this->party, 'user', $user), t('A user with permission to attach a given data set can attach it.'));

    // Assert that a user with no permission cannot attach the data set.
    $this
      ->assertFalse(party_access('attach', $this->party, 'user', $user_no_access), t('A user without permission to attach a given data set cannot attach it.'));
  }

  /**
   * Test special data set crud behaviour.
   *
   * For some data set actions we need special access checks. For example, when
   * adding or attaching an entity party_party_access makes sure the maximum
   * number of attached entities is not going to be exceeded.
   */
  function testPartyDataSetSpecialCRUDAccess() {

    // Create a user with permission to attach a given data set
    $user = $this
      ->drupalCreateUser(array(
      'attach party ' . $this->data_set_name,
    ));

    // @todo: Create a party, attach an entity to a data set that is singleton
    //        and attempt to add another. Leaving this for now as I think we
    //        don't provide any data sets that are singleton by default.
  }

}

Classes

Namesort descending Description
PartyAccessTestCase Test Core Party functionality