View source
<?php
namespace Drupal\Tests\securitytxt\Functional;
class SecuritytxtPermissionsTest extends SecuritytxtBaseTest {
protected $defaultTheme = 'stark';
public function testDisabledAccess() {
$this
->drupalGet('admin/config/system/securitytxt');
$this
->assertSession()
->statusCodeEquals(403, 'Access denied for Anonymous user to securitytxt configure page.');
$this
->drupalGet('admin/config/system/securitytxt/sign');
$this
->assertSession()
->statusCodeEquals(403, 'Access denied for Anonymous user to securitytxt sign page.');
$this
->drupalGet('.well-known/security.txt');
$this
->assertSession()
->statusCodeEquals(403, 'Access denied for Anonymous user to security.txt page.');
$this
->drupalGet('.well-known/security.txt.sig');
$this
->assertSession()
->statusCodeEquals(403, 'Access denied for Anonymous user to security.txt.sig page.');
$this
->drupalLogin($this->authenticatedUser);
$this
->drupalGet('admin/config/system/securitytxt');
$this
->assertSession()
->statusCodeEquals(403, 'Access denied for Authenticated user with no permissions to securitytxt configure page.');
$this
->drupalGet('admin/config/system/securitytxt/sign');
$this
->assertSession()
->statusCodeEquals(403, 'Access denied for Authenticated user with no permissions to securitytxt sign page.');
$this
->drupalGet('.well-known/security.txt');
$this
->assertSession()
->statusCodeEquals(403, 'Access denied for Authenticated user with no permissions to security.txt page.');
$this
->drupalGet('.well-known/security.txt.sig');
$this
->assertSession()
->statusCodeEquals(403, 'Access denied for Authenticated user with no permissions to security.txt.sig page.');
$this
->drupalLogout();
$this
->drupalLogin($this->viewPermissionUser);
$this
->drupalGet('admin/config/system/securitytxt');
$this
->assertSession()
->statusCodeEquals(403, 'Access denied for Authenticated user with "view securitytxt" to securitytxt configure page.');
$this
->drupalGet('admin/config/system/securitytxt/sign');
$this
->assertSession()
->statusCodeEquals(403, 'Access denied for Authenticated user with "view securitytxt" to securitytxt sign page.');
$this
->drupalGet('.well-known/security.txt');
$this
->assertSession()
->statusCodeEquals(404, 'File Not Found for Authenticated user with "view securitytxt" to security.txt page.');
$this
->drupalGet('.well-known/security.txt.sig');
$this
->assertSession()
->statusCodeEquals(404, 'File Not Found for Authenticated user with "view securitytxt" to security.txt.sig page.');
$this
->drupalLogout();
$this
->drupalLogin($this->administerPermissionUser);
$this
->drupalGet('admin/config/system/securitytxt');
$this
->assertSession()
->statusCodeEquals(200, 'Access granted to Authenticated user with "administer securitytxt" to securitytxt configure page.');
$this
->drupalGet('admin/config/system/securitytxt/sign');
$this
->assertSession()
->statusCodeEquals(200, 'Access granted to Authenticated user with "administer securitytxt" to securitytxt sign page.');
$this
->drupalGet('.well-known/security.txt');
$this
->assertSession()
->statusCodeEquals(403, 'Access denied for Authenticated user with "administer securitytxt" to security.txt page.');
$this
->drupalGet('.well-known/security.txt.sig');
$this
->assertSession()
->statusCodeEquals(403, 'Access denied for Authenticated user with "administer securitytxt" to security.txt.sig page.');
$this
->drupalLogout();
$this
->drupalLogin($this->viewAndAdministerPermissionUser);
$this
->drupalGet('admin/config/system/securitytxt');
$this
->assertSession()
->statusCodeEquals(200, 'Access granted to Authenticated user with both securitytxt perms to securitytxt configure page.');
$this
->drupalGet('admin/config/system/securitytxt/sign');
$this
->assertSession()
->statusCodeEquals(200, 'Access granted to Authenticated user with both securitytxt perms to securitytxt sign page.');
$this
->drupalGet('.well-known/security.txt');
$this
->assertSession()
->statusCodeEquals(404, 'Access denied for Authenticated user with both securitytxt perms to security.txt page.');
$this
->drupalGet('.well-known/security.txt.sig');
$this
->assertSession()
->statusCodeEquals(404, 'Access denied for Authenticated user with both securitytxt perms to security.txt.sig page.');
$this
->drupalLogout();
}
public function testEnabledAccess() {
$this
->submitValidConfiguration();
$this
->drupalGet('admin/config/system/securitytxt');
$this
->assertSession()
->statusCodeEquals(403, 'Access denied for Anonymous user to securitytxt configure page.');
$this
->drupalGet('admin/config/system/securitytxt/sign');
$this
->assertSession()
->statusCodeEquals(403, 'Access denied for Anonymous user to securitytxt sign page.');
$this
->drupalGet('.well-known/security.txt');
$this
->assertSession()
->statusCodeEquals(403, 'Access denied for Anonymous user to security.txt page.');
$this
->drupalGet('.well-known/security.txt.sig');
$this
->assertSession()
->statusCodeEquals(403, 'Access denied for Anonymous user to security.txt.sig page.');
$this
->drupalLogin($this->authenticatedUser);
$this
->drupalGet('admin/config/system/securitytxt');
$this
->assertSession()
->statusCodeEquals(403, 'Access denied for Authenticated user with no permissions to securitytxt configure page.');
$this
->drupalGet('admin/config/system/securitytxt/sign');
$this
->assertSession()
->statusCodeEquals(403, 'Access denied for Authenticated user with no permissions to securitytxt sign page.');
$this
->drupalGet('.well-known/security.txt');
$this
->assertSession()
->statusCodeEquals(403, 'Access denied for Authenticated user with no permissions to security.txt page.');
$this
->drupalGet('.well-known/security.txt.sig');
$this
->assertSession()
->statusCodeEquals(403, 'Access denied for Authenticated user with no permissions to security.txt.sig page.');
$this
->drupalLogout();
$this
->drupalLogin($this->viewPermissionUser);
$this
->drupalGet('admin/config/system/securitytxt');
$this
->assertSession()
->statusCodeEquals(403, 'Access denied for Authenticated user with "view securitytxt" to securitytxt configure page.');
$this
->drupalGet('admin/config/system/securitytxt/sign');
$this
->assertSession()
->statusCodeEquals(403, 'Access denied for Authenticated user with "view securitytxt" to securitytxt sign page.');
$this
->drupalGet('.well-known/security.txt');
$this
->assertSession()
->statusCodeEquals(200, 'Accesss granted for Authenticated user with "view securitytxt" to security.txt page.');
$this
->drupalGet('.well-known/security.txt.sig');
$this
->assertSession()
->statusCodeEquals(200, 'Access granted for Authenticated user with "view securitytxt" to security.txt.sig page.');
$this
->drupalLogout();
$this
->drupalLogin($this->administerPermissionUser);
$this
->drupalGet('admin/config/system/securitytxt');
$this
->assertSession()
->statusCodeEquals(200, 'Access granted to Authenticated user with "administer securitytxt" to securitytxt configure page.');
$this
->drupalGet('admin/config/system/securitytxt/sign');
$this
->assertSession()
->statusCodeEquals(200, 'Access granted to Authenticated user with "administer securitytxt" to securitytxt sign page.');
$this
->drupalGet('.well-known/security.txt');
$this
->assertSession()
->statusCodeEquals(403, 'Access denied for Authenticated user with "administer securitytxt" to security.txt page.');
$this
->drupalGet('.well-known/security.txt.sig');
$this
->assertSession()
->statusCodeEquals(403, 'Access denied for Authenticated user with "administer securitytxt" to security.txt.sig page.');
$this
->drupalLogout();
$this
->drupalLogin($this->viewAndAdministerPermissionUser);
$this
->drupalGet('admin/config/system/securitytxt');
$this
->assertSession()
->statusCodeEquals(200, 'Access granted to Authenticated user with both securitytxt perms to securitytxt configure page.');
$this
->drupalGet('admin/config/system/securitytxt/sign');
$this
->assertSession()
->statusCodeEquals(200, 'Access granted to Authenticated user with both securitytxt perms to securitytxt sign page.');
$this
->drupalGet('.well-known/security.txt');
$this
->assertSession()
->statusCodeEquals(200, 'Access granted for Authenticated user with both securitytxt perms to security.txt page.');
$this
->drupalGet('.well-known/security.txt.sig');
$this
->assertSession()
->statusCodeEquals(200, 'Access granted for Authenticated user with both securitytxt perms to security.txt.sig page.');
$this
->drupalLogout();
}
}