You are here

Home » API reference » RESTful 7

RestfulEntityUserAccessTestCase.test in RESTful 7

Same filename and directory in other branches
  1. 7.2 tests/RestfulEntityUserAccessTestCase.test

Contains RestfulEntityUserAccessTestCase

File

tests/RestfulEntityUserAccessTestCase.test
View source 
<?php

/**
 * @file
 * Contains RestfulEntityUserAccessTestCase
 */
class RestfulEntityUserAccessTestCase extends DrupalWebTestCase {
  public static function getInfo() {
    return array(
      'name' => 'User resource access',
      'description' => 'Test access to the base "users" resource.',
      'group' => 'RESTful',
    );
  }
  function setUp() {
    parent::setUp('restful');
  }

  /**
   * Test access control for viewing the "users" resource.
   */
  function testViewAccess() {
    $user1 = $this
      ->drupalCreateUser();
    $user2 = $this
      ->drupalCreateUser(array(
      'access user profiles',
    ));

    // Non-privileged user.
    $handler = restful_get_restful_handler('users');
    $handler
      ->setAccount($user1);
    try {
      $handler
        ->get($user2->uid);
      $this
        ->fail('Non-privileged user can view another user.');
    } catch (\RestfulForbiddenException $e) {
      $this
        ->pass('Non-privileged user cannot view another user.');
    } catch (\Exception $e) {
      $this
        ->fail('Incorrect exception thrown for non-privileged user accessing another user.');
    }

    // Listing of users.
    try {
      $handler
        ->get();
      $this
        ->fail('Non-privileged user can view listing of users.');
    } catch (\RestfulForbiddenException $e) {
      $this
        ->pass('Non-privileged user cannot view listing of users.');
    } catch (\Exception $e) {
      $this
        ->fail('Incorrect exception thrown for non-privileged user accessing listing of users.');
    }

    // View own user account.
    $response = $handler
      ->get($user1->uid);
    $result = $response[0];
    $this
      ->assertEqual($result['mail'], $user1->mail, 'User can see own mail.');

    // Privileged user, watching another user's profile.
    $handler
      ->setAccount($user2);
    $response = $handler
      ->get($user1->uid);
    $result = $response[0];
    $expected_result = array(
      'id' => $user1->uid,
      'label' => $user1->name,
      'self' => $handler
        ->versionedUrl($user1->uid),
    );
    $this
      ->assertEqual($result, $expected_result, "Privileged user can access another user's resource.");

    // Listing of users.
    $result = $handler
      ->get();

    // Check we have all the expected users count (user ID 1 and our declared
    // users).
    $this
      ->assertTrue(count($result[0]) == 3, 'Privileged user can access listing of users.');
  }

}

Classes

Namesort descending Description
RestfulEntityUserAccessTestCase @file Contains RestfulEntityUserAccessTestCase