public function PreviewLinkSessionTokenTest::testCanonicalAccessNoClaimedToken in Preview Link 2.x
Same name and namespace in other branches
- 2.0.x tests/src/Functional/PreviewLinkSessionTokenTest.php \Drupal\Tests\preview_link\Functional\PreviewLinkSessionTokenTest::testCanonicalAccessNoClaimedToken()
Tests accessibility of entities where session doesnt have a relevant token.
Tests an accessible entity with a claimed key can still access entities not matching claimed token.
File
- tests/
src/ Functional/ PreviewLinkSessionTokenTest.php, line 211
Class
- PreviewLinkSessionTokenTest
- Tests tokens claimed against sessions.
Namespace
Drupal\Tests\preview_link\FunctionalCode
public function testCanonicalAccessNoClaimedToken() : void {
user_role_change_permissions(RoleInterface::ANONYMOUS_ID, [
'view test entity' => TRUE,
]);
// Must be accessible.
$claimedEntity = EntityTestRevPub::create();
$claimedEntity
->save();
$previewLink = PreviewLink::create()
->addEntity($claimedEntity);
$previewLink
->save();
// Claim the token to the session.
$previewLinkUrl = Url::fromRoute('entity.entity_test_revpub.preview_link', [
$claimedEntity
->getEntityTypeId() => $claimedEntity
->id(),
'preview_token' => $previewLink
->getToken(),
]);
$this
->drupalGet($previewLinkUrl);
$this
->assertSession()
->statusCodeEquals(200);
$otherEntity = EntityTestRevPub::create();
// Must be accessible.
$otherEntity
->setPublished();
$otherEntity
->save();
$this
->drupalGet($otherEntity
->toUrl());
$this
->assertSession()
->statusCodeEquals(200);
}