public function SchedulerViewsAccessTest::testViewScheduledContentUser in Scheduler 2.x
Tests the scheduled content tab on the user page.
@dataProvider dataViewScheduledContentUser()
File
- tests/
src/ Functional/ SchedulerViewsAccessTest.php, line 80
Class
- SchedulerViewsAccessTest
- Tests access to the scheduled content overview page and user tab.
Namespace
Drupal\Tests\scheduler\FunctionalCode
public function testViewScheduledContentUser($entityTypeId, $bundle) {
$this
->createScheduledItems($entityTypeId, $bundle);
$url_end = $entityTypeId == 'node' ? 'scheduled' : "scheduled_{$entityTypeId}";
$assert = $this
->assertSession();
// Try to access a scheduled content user tab as an anonymous visitor. This
// should not be allowed, and will give "403 Access Denied".
$this
->drupalGet("user/{$this->schedulerEditor->id()}/{$url_end}");
$assert
->statusCodeEquals(403);
// Try to access a user's own scheduled content tab when they do not have
// any scheduler permissions. This should give "403 Access Denied".
$this
->drupalLogin($this->webUser);
$this
->drupalGet("user/{$this->webUser->id()}/{$url_end}");
$assert
->statusCodeEquals(403);
// Access a user's own scheduled content tab when they have only
// 'schedule publishing of {type}' permission. This should give "200 OK".
$this
->drupalLogin($this->schedulerEditor);
$this
->drupalGet("user/{$this->schedulerEditor->id()}/{$url_end}");
$assert
->statusCodeEquals(200);
$assert
->pageTextContains("{$entityTypeId} created by Scheduler Editor for publishing");
$assert
->pageTextContains("{$entityTypeId} created by Scheduler Editor for unpublishing");
$assert
->pageTextNotContains("{$entityTypeId} created by Scheduler Viewer for publishing");
$assert
->pageTextNotContains("{$entityTypeId} created by Scheduler Viewer for unpublishing");
// Access another user's scheduled content tab. This should not be possible
// and will give "403 Access Denied".
$this
->drupalGet("user/{$this->schedulerViewer->id()}/{$url_end}");
$assert
->statusCodeEquals(403);
// Try to access a user's own scheduled content tab when that user only has
// 'view scheduled {type}' and not 'schedule publishing of {type}'. This is
// not allowed and the tab will not be availbale as that view will always be
// empty because the user will never have any scheduled content.
$this
->drupalLogin($this->schedulerViewer);
$this
->drupalGet("user/{$this->schedulerViewer->id()}/{$url_end}");
$assert
->statusCodeEquals(403);
// Access another user's scheduled content tab. This should not be possible
// and will give "403 Access Denied".
$this
->drupalGet("user/{$this->schedulerEditor->id()}/{$url_end}");
$assert
->statusCodeEquals(403);
// Log in as Admin who has 'access user profiles' permission and access the
// user who can schedule content. This is allowed and the content just for
// that user should be listed.
$this
->drupalLogin($this->adminUser);
$this
->drupalGet("user/{$this->schedulerEditor->id()}/{$url_end}");
$assert
->statusCodeEquals(200);
$assert
->pageTextContains("{$entityTypeId} created by Scheduler Editor for publishing");
$assert
->pageTextContains("{$entityTypeId} created by Scheduler Editor for unpublishing");
$assert
->pageTextNotContains("{$entityTypeId} created by Scheduler Viewer for publishing");
$assert
->pageTextNotContains("{$entityTypeId} created by Scheduler Viewer for unpublishing");
// Try to access the scheduled tab for a user who cannot schedule content.
// No tab will be shown and access is denied as it will always be empty.
$this
->drupalGet("user/{$this->schedulerViewer->id()}/{$url_end}");
$assert
->statusCodeEquals(403);
}