You are here

Home » API reference » Role Delegation 7 » role_delegation.test » RoleDelegationOperationsTestCase

public function RoleDelegationOperationsTestCase::testOperationsForgery in Role Delegation 7

Check that operations can't be forged.

File

./role_delegation.test, line 288
Tests for the Role Delegation module.

Class

RoleDelegationOperationsTestCase
Functional tests for operations.

Code

public function testOperationsForgery() {
  $this
    ->drupalLogin($this->user_high);
  $this
    ->drupalGet('admin/people');

  // Forge an operation to add the high role...
  $option = $this
    ->xpath("//select[@name='operation']//option[@value='role_delegation_add_role-{$this->rid_low}']");
  if (count($option) == 0) {
    return;
  }
  $dome = dom_import_simplexml($option[0]);
  $dome
    ->setAttribute('value', "role_delegation_add_role-{$this->rid_high}");

  // ... then submit the form, and check that it wasn't granted.
  $edit = array(
    "accounts[{$this->user_low->uid}]" => TRUE,
    "operation" => "role_delegation_add_role-{$this->rid_high}",
  );
  $this
    ->drupalPost(NULL, $edit, t('Update'));
  $this
    ->assertRaw(t('An illegal choice has been detected. Please contact the site administrator.'), t('Role assignment forgery is blocked.') . ' (#1)', t('Role Delegation'));
  $this
    ->assertNoFieldByXPath("//tbody/tr[{$this->user_high->uid}]/td[4]//li", 'high', t('Role assignment forgery is blocked.') . ' (#2)', t('Role Delegation'));
}