function RestfulEntityUserAccessTestCase::testViewAccess in RESTful 7
Same name and namespace in other branches
- 7.2 tests/RestfulEntityUserAccessTestCase.test \RestfulEntityUserAccessTestCase::testViewAccess()
Test access control for viewing the "users" resource.
File
- tests/
RestfulEntityUserAccessTestCase.test, line 25 - Contains RestfulEntityUserAccessTestCase
Class
- RestfulEntityUserAccessTestCase
- @file Contains RestfulEntityUserAccessTestCase
Code
function testViewAccess() {
$user1 = $this
->drupalCreateUser();
$user2 = $this
->drupalCreateUser(array(
'access user profiles',
));
// Non-privileged user.
$handler = restful_get_restful_handler('users');
$handler
->setAccount($user1);
try {
$handler
->get($user2->uid);
$this
->fail('Non-privileged user can view another user.');
} catch (\RestfulForbiddenException $e) {
$this
->pass('Non-privileged user cannot view another user.');
} catch (\Exception $e) {
$this
->fail('Incorrect exception thrown for non-privileged user accessing another user.');
}
// Listing of users.
try {
$handler
->get();
$this
->fail('Non-privileged user can view listing of users.');
} catch (\RestfulForbiddenException $e) {
$this
->pass('Non-privileged user cannot view listing of users.');
} catch (\Exception $e) {
$this
->fail('Incorrect exception thrown for non-privileged user accessing listing of users.');
}
// View own user account.
$response = $handler
->get($user1->uid);
$result = $response[0];
$this
->assertEqual($result['mail'], $user1->mail, 'User can see own mail.');
// Privileged user, watching another user's profile.
$handler
->setAccount($user2);
$response = $handler
->get($user1->uid);
$result = $response[0];
$expected_result = array(
'id' => $user1->uid,
'label' => $user1->name,
'self' => $handler
->versionedUrl($user1->uid),
);
$this
->assertEqual($result, $expected_result, "Privileged user can access another user's resource.");
// Listing of users.
$result = $handler
->get();
// Check we have all the expected users count (user ID 1 and our declared
// users).
$this
->assertTrue(count($result[0]) == 3, 'Privileged user can access listing of users.');
}