You are here

Home » API reference » Profile 2 8 » ProfileAccessTest.php » ProfileAccessTest

function ProfileAccessTest::testAdminOnlyProfiles in Profile 2 8

Tests administrative-only profiles.

File

src/Tests/ProfileAccessTest.php, line 92
Contains \Drupal\profile\Tests\ProfileAccessTest.

Class

ProfileAccessTest
Tests profile access handling.

Namespace

Drupal\profile\Tests

Code

function testAdminOnlyProfiles() {
  $id = $this->type
    ->id();
  $field_name = $this->field
    ->get('field_name');

  // Create a test user account.
  $web_user = $this
    ->drupalCreateUser(array(
    'access user profiles',
  ));
  $uid = $web_user
    ->id();
  $value = $this
    ->randomMachineName();

  // Administratively enter profile field values for the new account.
  $this
    ->drupalLogin($this->admin_user);
  $edit = array(
    "{$field_name}[0][value]" => $value,
  );
  $this
    ->drupalPostForm("user/{$uid}/edit/profile/{$id}", $edit, t('Save'));
  $profiles = entity_load_multiple_by_properties('profile', array(
    'uid' => $uid,
    'type' => $this->type
      ->id(),
  ));
  $profile = reset($profiles);
  $profile_id = $profile
    ->id();

  // Verify that the administrator can see the profile.
  $this
    ->drupalGet("user/{$uid}");
  $this
    ->assertText($this->type
    ->label());
  $this
    ->assertText($value);
  $this
    ->drupalLogout();

  // Verify that the user can not access, create or edit the profile.
  $this
    ->drupalLogin($web_user);
  $this
    ->drupalGet("user/{$uid}");
  $this
    ->assertNoText($this->type
    ->label());
  $this
    ->assertNoText($value);
  $this
    ->drupalGet("user/{$uid}/edit/profile/{$id}/{$profile_id}");
  $this
    ->assertResponse(403);

  // Check edit link isn't displayed.
  $this
    ->assertNoLinkByHref("user/{$uid}/edit/profile/{$id}/{$profile_id}");

  // Check delete link isn't displayed.
  $this
    ->assertNoLinkByHref("user/{$uid}/delete/profile/{$id}/{$profile_id}");

  // Allow users to edit own profiles.
  user_role_grant_permissions(DRUPAL_AUTHENTICATED_RID, array(
    "edit own {$id} profile",
  ));

  // Verify that the user is able to edit the own profile.
  $value = $this
    ->randomMachineName();
  $edit = array(
    "{$field_name}[0][value]" => $value,
  );
  $this
    ->drupalPostForm("user/{$uid}/edit/profile/{$id}/{$profile_id}", $edit, t('Save'));
  $this
    ->assertText(format_string('profile has been updated.'));

  // Verify that the own profile is still not visible on the account page.
  $this
    ->drupalGet("user/{$uid}");
  $this
    ->assertNoText($this->type
    ->label());
  $this
    ->assertNoText($value);

  // Allow users to view own profiles.
  user_role_grant_permissions(DRUPAL_AUTHENTICATED_RID, array(
    "view own {$id} profile",
  ));

  // Verify that the own profile is visible on the account page.
  $this
    ->drupalGet("user/{$uid}");
  $this
    ->assertText($this->type
    ->label());
  $this
    ->assertText($value);

  // Allow users to delete own profiles.
  user_role_grant_permissions(DRUPAL_AUTHENTICATED_RID, array(
    "delete own {$id} profile",
  ));

  // Verify that the user can delete the own profile.
  $this
    ->drupalGet("user/{$uid}/edit/profile/{$id}/{$profile_id}");
  $this
    ->clickLink(t('Delete'));
  $this
    ->drupalPostForm(NULL, array(), t('Delete'));
  $this
    ->assertRaw(format_string('@label profile deleted.', array(
    '@label' => $this->type
      ->label(),
  )));
  $this
    ->assertUrl("user/{$uid}");

  // Verify that the profile is gone.
  $this
    ->drupalGet("user/{$uid}");
  $this
    ->assertNoText($this->type
    ->label());
  $this
    ->assertNoText($value);
  $this
    ->drupalGet("user/{$uid}/edit/profile/{$id}");
  $this
    ->assertNoText($value);
}