You are here

Home » API reference » Preview Link 2.0.x » PreviewLinkSessionTokenTest.php » PreviewLinkSessionTokenTest

public function PreviewLinkSessionTokenTest::testCanonicalAccessNoClaimedToken in Preview Link 2.0.x

Same name and namespace in other branches
  1. 2.x tests/src/Functional/PreviewLinkSessionTokenTest.php \Drupal\Tests\preview_link\Functional\PreviewLinkSessionTokenTest::testCanonicalAccessNoClaimedToken()

Tests accessibility of entities where session doesnt have a relevant token.

Tests an accessible entity with a claimed key can still access entities not matching claimed token.

File

tests/src/Functional/PreviewLinkSessionTokenTest.php, line 211

Class

PreviewLinkSessionTokenTest
Tests tokens claimed against sessions.

Namespace

Drupal\Tests\preview_link\Functional

Code

public function testCanonicalAccessNoClaimedToken() : void {
  user_role_change_permissions(RoleInterface::ANONYMOUS_ID, [
    'view test entity' => TRUE,
  ]);

  // Must be accessible.
  $claimedEntity = EntityTestRevPub::create();
  $claimedEntity
    ->save();
  $previewLink = PreviewLink::create()
    ->addEntity($claimedEntity);
  $previewLink
    ->save();

  // Claim the token to the session.
  $previewLinkUrl = Url::fromRoute('entity.entity_test_revpub.preview_link', [
    $claimedEntity
      ->getEntityTypeId() => $claimedEntity
      ->id(),
    'preview_token' => $previewLink
      ->getToken(),
  ]);
  $this
    ->drupalGet($previewLinkUrl);
  $this
    ->assertSession()
    ->statusCodeEquals(200);
  $otherEntity = EntityTestRevPub::create();

  // Must be accessible.
  $otherEntity
    ->setPublished();
  $otherEntity
    ->save();
  $this
    ->drupalGet($otherEntity
    ->toUrl());
  $this
    ->assertSession()
    ->statusCodeEquals(200);
}