public function RestfulEntityAndPropertyAccessTestCase::testCreateAccess in RESTful 7.2
Same name and namespace in other branches
- 7 tests/RestfulEntityAndPropertyAccessTestCase.test \RestfulEntityAndPropertyAccessTestCase::testCreateAccess()
Test access control for creating an entity.
File
- tests/
RestfulEntityAndPropertyAccessTestCase.test, line 33 - Contains RestfulEntityAndPropertyAccessTestCase
Class
Code
public function testCreateAccess() {
$handler = restful()
->getResourceManager()
->getPlugin('test_articles:1.0');
$parsed_body = array(
'label' => $this
->randomName(),
);
// Non-privileged user.
$user1 = $this
->drupalCreateUser();
try {
$handler
->setAccount($user1);
$this
->doRequest(\Drupal\restful\Http\RequestInterface::METHOD_POST, $handler, $parsed_body);
$this
->fail('Non-privileged user can create entity.');
} catch (Exception $e) {
$this
->pass('Non-privileged user cannot create entity.');
}
// Privileged user.
$user2 = $this
->drupalCreateUser(array(
'create article content',
));
$handler
->setAccount($user2);
$result = $this
->doRequest(\Drupal\restful\Http\RequestInterface::METHOD_POST, $handler, $parsed_body);
$this
->assertTrue($result['data'][0], 'Privileged user can create entity.');
// Privileged user, with limited access to property.
restful_test_deny_access_field();
$handler
->setAccount($user2);
$result = $this
->doRequest(\Drupal\restful\Http\RequestInterface::METHOD_POST, $handler, $parsed_body);
$this
->assertTrue($result['data'][0], 'Privileged user can create entity, with limited access to property.');
// Privileged user, with limited access to property, and that property
// passed in the request.
$text1 = $this
->randomName();
$parsed_body['body'] = $text1;
try {
$handler
->setAccount($user1);
$this
->doRequest(\Drupal\restful\Http\RequestInterface::METHOD_POST, $handler, $parsed_body);
$this
->fail('Non-privileged user can create entity with inaccessible property that was passed in the request.');
} catch (Exception $e) {
$this
->pass('Non-privileged user cannot create entity with inaccessible property that was passed in the request.');
}
restful_test_clear_access_field();
}