You are here

public function UserTest::testIncompleteAccess in Profile 8

Tests access when a user can't view another user's canonical page.

File

tests/src/Functional/UserTest.php, line 219

Class

UserTest
Tests the user pages.

Namespace

Drupal\Tests\profile\Functional

Code

public function testIncompleteAccess() {
  $this->type
    ->setMultiple(TRUE);
  $this->type
    ->save();
  $first_user = $this
    ->createUser([
    'view own test profile',
  ]);
  $second_user = $this
    ->createUser([
    'administer profile',
  ]);
  $profile = Profile::create([
    'type' => $this->type
      ->id(),
    'uid' => $first_user
      ->id(),
    'profile_fullname' => 'John Smith',
    'status' => TRUE,
  ]);
  $profile
    ->save();

  // Confirm that the first user can see their profile.
  $this
    ->drupalLogin($first_user);
  $overview_url = Url::fromRoute('profile.user_page.multiple', [
    'user' => $first_user
      ->id(),
    'profile_type' => $this->type
      ->id(),
  ]);
  $this
    ->drupalGet($overview_url);
  $this
    ->assertSession()
    ->pageTextContains('John Smith');

  // Confirm that the second user cannot see the first user's profile,
  // nor add a new one, because they don't have access to that user's
  // canonical page.
  $this
    ->drupalLogin($second_user);
  $this
    ->drupalGet($first_user
    ->toUrl('canonical'));
  $this
    ->assertSession()
    ->pageTextContains('Access denied');
  $this
    ->drupalGet($overview_url);
  $this
    ->assertSession()
    ->pageTextContains('Access denied');
  $add_url = Url::fromRoute('profile.user_page.add_form', [
    'user' => $first_user
      ->id(),
    'profile_type' => $this->type
      ->id(),
  ]);
  $this
    ->drupalGet($add_url);
  $this
    ->assertSession()
    ->pageTextContains('Access denied');
}