You are here

Home » API reference » RESTful 7 » RestfulEntityAndPropertyAccessTestCase.test » RestfulEntityAndPropertyAccessTestCase

function RestfulEntityAndPropertyAccessTestCase::testUpdateAccess in RESTful 7

Same name and namespace in other branches
  1. 7.2 tests/RestfulEntityAndPropertyAccessTestCase.test \RestfulEntityAndPropertyAccessTestCase::testUpdateAccess()

Test access control for updating an entity.

File

tests/RestfulEntityAndPropertyAccessTestCase.test, line 71
Contains RestfulEntityAndPropertyAccessTestCase

Class

RestfulEntityAndPropertyAccessTestCase
@file Contains RestfulEntityAndPropertyAccessTestCase

Code

function testUpdateAccess() {
  $label = $this
    ->randomName();
  $new_label = $this
    ->randomName();
  $settings = array(
    'type' => 'article',
    'title' => $label,
  );
  $node = $this
    ->drupalCreateNode($settings);
  $id = $node->nid;
  $handler = restful_get_restful_handler('test_articles');
  $request = array(
    'label' => $new_label,
  );

  // Non-privileged user.
  $user1 = $this
    ->drupalCreateUser();
  try {
    $handler
      ->setAccount($user1);
    $handler
      ->put($id, $request);
    $this
      ->fail('Non-privileged user can update entity.');
  } catch (Exception $e) {
    $this
      ->pass('Non-privileged user cannot update entity.');
  }

  // Privileged user.
  $user2 = $this
    ->drupalCreateUser(array(
    'edit any article content',
  ));
  $handler
    ->setAccount($user2);
  $result = $handler
    ->put($id, $request);
  $this
    ->assertTrue($result[0], 'Privileged user can update entity.');
  $this
    ->assertEqual($result[0]['id'], $id, 'Updated entity has the same entity ID.');
  $this
    ->assertEqual($result[0]['label'], $new_label, 'Entity label was updated.');

  // Privileged user, with limited access to property.
  restful_test_deny_access_field();
  $handler
    ->setAccount($user2);
  $result = $handler
    ->put($id, $request);
  $this
    ->assertTrue($result[0], 'Privileged user can update entity, with limited access to property.');

  // Privileged user, with limited access to property, and that property
  // passed in the request.
  $text1 = $this
    ->randomName();
  $request['body'] = $text1;
  try {
    $handler
      ->setAccount($user1);
    $handler
      ->put($id, $request);
    $this
      ->fail('Non-privileged user can update entity with unaccessible property that was passed in the request.');
  } catch (Exception $e) {
    $this
      ->pass('Non-privileged user cannot update entity with unaccessible property that was passed in the request.');
  }
  restful_test_clear_access_field();
}