public function UserTest::testIncompleteAccess in Profile 8
Tests access when a user can't view another user's canonical page.
File
- tests/
src/ Functional/ UserTest.php, line 219
Class
- UserTest
- Tests the user pages.
Namespace
Drupal\Tests\profile\FunctionalCode
public function testIncompleteAccess() {
$this->type
->setMultiple(TRUE);
$this->type
->save();
$first_user = $this
->createUser([
'view own test profile',
]);
$second_user = $this
->createUser([
'administer profile',
]);
$profile = Profile::create([
'type' => $this->type
->id(),
'uid' => $first_user
->id(),
'profile_fullname' => 'John Smith',
'status' => TRUE,
]);
$profile
->save();
// Confirm that the first user can see their profile.
$this
->drupalLogin($first_user);
$overview_url = Url::fromRoute('profile.user_page.multiple', [
'user' => $first_user
->id(),
'profile_type' => $this->type
->id(),
]);
$this
->drupalGet($overview_url);
$this
->assertSession()
->pageTextContains('John Smith');
// Confirm that the second user cannot see the first user's profile,
// nor add a new one, because they don't have access to that user's
// canonical page.
$this
->drupalLogin($second_user);
$this
->drupalGet($first_user
->toUrl('canonical'));
$this
->assertSession()
->pageTextContains('Access denied');
$this
->drupalGet($overview_url);
$this
->assertSession()
->pageTextContains('Access denied');
$add_url = Url::fromRoute('profile.user_page.add_form', [
'user' => $first_user
->id(),
'profile_type' => $this->type
->id(),
]);
$this
->drupalGet($add_url);
$this
->assertSession()
->pageTextContains('Access denied');
}