public function RoleDelegationPermissionsTestCase::testRoleForgery in Role Delegation 7

Check that roles can't be assigned by forgery.

File

./role_delegation.test, line 143: Tests for the Role Delegation module.

Class

RoleDelegationPermissionsTestCase: Functional tests for permissions.

Code

public function testRoleForgery() {
  $this
    ->drupalLogin($this->user_high);

  // Have the nefarious high user forge an option to assign the high role...
  $this
    ->drupalGet("user/{$this->user_low->uid}/edit");
  $name = "roles_change[{$this->rid_low}]";
  $input = $this
    ->xpath("//input[@name='{$name}']");
  $dome = dom_import_simplexml($input[0]);
  $dome
    ->setAttribute('value', $this->rid_high);

  // ... then submit the form, and check that he didn't get the role.
  $this
    ->drupalPost(NULL, array(
    $name => TRUE,
  ), t('Save'));
  $this
    ->assertRaw(t('An illegal choice has been detected. Please contact the site administrator.'), t('Role assignment forgery is blocked.') . ' (#1)', t('Role Delegation'));
  $this
    ->assertFieldByName($name, $this->rid_low, t('Role assignment forgery is blocked.') . ' (#2)', t('Role Delegation'));
}

You are here

public function RoleDelegationPermissionsTestCase::testRoleForgery in Role Delegation 7

File

Class

Code

API Navigation