You are here

Home » API reference » RESTful 7 » RestfulEntityUserAccessTestCase.test » RestfulEntityUserAccessTestCase

function RestfulEntityUserAccessTestCase::testViewAccess in RESTful 7

Same name and namespace in other branches
  1. 7.2 tests/RestfulEntityUserAccessTestCase.test \RestfulEntityUserAccessTestCase::testViewAccess()

Test access control for viewing the "users" resource.

File

tests/RestfulEntityUserAccessTestCase.test, line 25
Contains RestfulEntityUserAccessTestCase

Class

RestfulEntityUserAccessTestCase
@file Contains RestfulEntityUserAccessTestCase

Code

function testViewAccess() {
  $user1 = $this
    ->drupalCreateUser();
  $user2 = $this
    ->drupalCreateUser(array(
    'access user profiles',
  ));

  // Non-privileged user.
  $handler = restful_get_restful_handler('users');
  $handler
    ->setAccount($user1);
  try {
    $handler
      ->get($user2->uid);
    $this
      ->fail('Non-privileged user can view another user.');
  } catch (\RestfulForbiddenException $e) {
    $this
      ->pass('Non-privileged user cannot view another user.');
  } catch (\Exception $e) {
    $this
      ->fail('Incorrect exception thrown for non-privileged user accessing another user.');
  }

  // Listing of users.
  try {
    $handler
      ->get();
    $this
      ->fail('Non-privileged user can view listing of users.');
  } catch (\RestfulForbiddenException $e) {
    $this
      ->pass('Non-privileged user cannot view listing of users.');
  } catch (\Exception $e) {
    $this
      ->fail('Incorrect exception thrown for non-privileged user accessing listing of users.');
  }

  // View own user account.
  $response = $handler
    ->get($user1->uid);
  $result = $response[0];
  $this
    ->assertEqual($result['mail'], $user1->mail, 'User can see own mail.');

  // Privileged user, watching another user's profile.
  $handler
    ->setAccount($user2);
  $response = $handler
    ->get($user1->uid);
  $result = $response[0];
  $expected_result = array(
    'id' => $user1->uid,
    'label' => $user1->name,
    'self' => $handler
      ->versionedUrl($user1->uid),
  );
  $this
    ->assertEqual($result, $expected_result, "Privileged user can access another user's resource.");

  // Listing of users.
  $result = $handler
    ->get();

  // Check we have all the expected users count (user ID 1 and our declared
  // users).
  $this
    ->assertTrue(count($result[0]) == 3, 'Privileged user can access listing of users.');
}