You are here

public function RestfulEntityAndPropertyAccessTestCase::testCreateAccess in RESTful 7.2

Same name and namespace in other branches
  1. 7 tests/RestfulEntityAndPropertyAccessTestCase.test \RestfulEntityAndPropertyAccessTestCase::testCreateAccess()

Test access control for creating an entity.

File

tests/RestfulEntityAndPropertyAccessTestCase.test, line 33
Contains RestfulEntityAndPropertyAccessTestCase

Class

RestfulEntityAndPropertyAccessTestCase

Code

public function testCreateAccess() {
  $handler = restful()
    ->getResourceManager()
    ->getPlugin('test_articles:1.0');
  $parsed_body = array(
    'label' => $this
      ->randomName(),
  );

  // Non-privileged user.
  $user1 = $this
    ->drupalCreateUser();
  try {
    $handler
      ->setAccount($user1);
    $this
      ->doRequest(\Drupal\restful\Http\RequestInterface::METHOD_POST, $handler, $parsed_body);
    $this
      ->fail('Non-privileged user can create entity.');
  } catch (Exception $e) {
    $this
      ->pass('Non-privileged user cannot create entity.');
  }

  // Privileged user.
  $user2 = $this
    ->drupalCreateUser(array(
    'create article content',
  ));
  $handler
    ->setAccount($user2);
  $result = $this
    ->doRequest(\Drupal\restful\Http\RequestInterface::METHOD_POST, $handler, $parsed_body);
  $this
    ->assertTrue($result['data'][0], 'Privileged user can create entity.');

  // Privileged user, with limited access to property.
  restful_test_deny_access_field();
  $handler
    ->setAccount($user2);
  $result = $this
    ->doRequest(\Drupal\restful\Http\RequestInterface::METHOD_POST, $handler, $parsed_body);
  $this
    ->assertTrue($result['data'][0], 'Privileged user can create entity, with limited access to property.');

  // Privileged user, with limited access to property, and that property
  // passed in the request.
  $text1 = $this
    ->randomName();
  $parsed_body['body'] = $text1;
  try {
    $handler
      ->setAccount($user1);
    $this
      ->doRequest(\Drupal\restful\Http\RequestInterface::METHOD_POST, $handler, $parsed_body);
    $this
      ->fail('Non-privileged user can create entity with inaccessible property that was passed in the request.');
  } catch (Exception $e) {
    $this
      ->pass('Non-privileged user cannot create entity with inaccessible property that was passed in the request.');
  }
  restful_test_clear_access_field();
}