You are here

Home » API reference » User Points 7.2 » userpoints.test » UserpointsAPITestCase

function UserpointsAPITestCase::testUserTransactionPermissions in User Points 7.2

Test user userpoints transactions permissions

Creates users with different permissions on userpoints transactions, and check both, own and other users accounts access to the userpoints transaction history.

File

./userpoints.test, line 374
Contains test classes for userpoints module.

Class

UserpointsAPITestCase
API Tests.

Code

function testUserTransactionPermissions() {

  // Sets default points and creates default test users.
  $points = 10;
  $view_own_transactions_user = $this
    ->DrupalCreateUser(array(
    'view own userpoints transactions',
  ));
  $view_all_transactions_user = $this
    ->DrupalCreateUser(array(
    'view userpoints transactions',
  ));

  // Login with the admin user.
  $this
    ->drupalLogin($this->admin_user);

  // Add points to every user created.
  $this
    ->addPoints($points, $this->non_admin_user);
  $this
    ->addPoints($points, $view_own_transactions_user);
  $this
    ->addPoints($points, $view_all_transactions_user);

  // Login with no permissions.
  $this
    ->drupalLogin($this->non_admin_user);

  // Checking own account.
  $this
    ->drupalGet('myuserpoints');
  $this
    ->assertResponse(403, t("Successful verified that a user without view own userpoints transactions permission can not access to myuserpoints."));

  // Checking against other's user account.
  $this
    ->drupalGet('user/' . $view_all_transactions_user->uid . '/points');
  $this
    ->assertResponse(403, t("Successful verified that a user without view own userpoints transactions permission can not access to others user points transactions."));

  // Login as view own userpoints transactions.
  $this
    ->drupalLogin($view_own_transactions_user);

  // Checking own account.
  $this
    ->drupalGet('myuserpoints');
  $this
    ->assertResponse(200, t("Successful verified that a user with view own userpoints transactions permission can access to myuserpoints."));
  $this
    ->drupalGet('user');

  // Checking against other's user account.
  $this
    ->drupalGet('user/' . $view_all_transactions_user->uid . '/points');
  $this
    ->assertResponse(403, t("Successful verified that a user with view own userpoints transactions permission can not access to others user points transactions."));

  // Login as view userpoints transactions.
  $this
    ->drupalLogin($view_all_transactions_user);

  // Checking own account.
  $this
    ->drupalGet('myuserpoints');
  $this
    ->assertResponse(200, t("Successful verified that a user with view userpoints transactions can access to myuserpoints."));
  $this
    ->drupalGet('user');

  // Checking against other's user account.
  $this
    ->drupalGet('user/' . $this->non_admin_user->uid . '/points');
  $this
    ->assertResponse(200, t("Successful verified that a user with view userpoints transactions permission can access to others user points transactions."));
}