You are here

public function RoleDelegationIntegrationTest::testUserEditPage in User protect 8

Ensure the roles element is only accessible for the right users.

File

tests/src/Functional/RoleDelegation/RoleDelegationIntegrationTest.php, line 104

Class

RoleDelegationIntegrationTest
Functional tests for integration with role_delegation.

Namespace

Drupal\Tests\userprotect\Functional\RoleDelegation

Code

public function testUserEditPage() {

  // Login as the delegated admin user. This user has permission to assign
  // roles 1 and 2 to users.
  $this
    ->drupalLogin($this->roleDelegatedAdminUser);

  // Check if the delegated admin user can edit roles 1 and 2 on its own
  // account page. Also check if the roles are presented by Role Delegation,
  // not by Drupal core.
  $this
    ->drupalGet(sprintf('/user/%s/edit', $this->roleDelegatedAdminUser
    ->id()));
  $this
    ->assertSession()
    ->fieldNotExists(sprintf('roles[%s]', $this->rid1));
  $this
    ->assertSession()
    ->fieldExists(sprintf('role_change[%s]', $this->rid1));
  $this
    ->assertSession()
    ->fieldNotExists(sprintf('roles[%s]', $this->rid2));
  $this
    ->assertSession()
    ->fieldExists(sprintf('role_change[%s]', $this->rid2));

  // The admin user, having the admin role, has role protection. Ensure that
  // the delegated admin user cannot edit its roles.
  $this
    ->drupalGet(sprintf('/user/%s/edit', $this->adminUser
    ->id()));
  $this
    ->assertSession()
    ->fieldNotExists(sprintf('roles[%s]', $this->rid1));
  $this
    ->assertSession()
    ->fieldNotExists(sprintf('role_change[%s]', $this->rid1));
  $this
    ->assertSession()
    ->fieldNotExists(sprintf('roles[%s]', $this->rid2));
  $this
    ->assertSession()
    ->fieldNotExists(sprintf('role_change[%s]', $this->rid2));

  // Login as roles admin user. This user has permission to assign all roles.
  $this
    ->drupalLogin($this->regularRolesAdminUser);

  // The delegated admin user does not have a protected role. Check if the
  // roles admin user may edit its roles. Since the roles admin user has the
  // specific Drupal core permission for assigning roles - 'administer
  // permissions' - the roles should be presented by Drupal Core, not Role
  // Delegation.
  $this
    ->drupalGet(sprintf('/user/%s/edit', $this->roleDelegatedAdminUser
    ->id()));
  $this
    ->assertSession()
    ->fieldExists(sprintf('roles[%s]', $this->rid1));
  $this
    ->assertSession()
    ->fieldNotExists(sprintf('role_change[%s]', $this->rid1));
  $this
    ->assertSession()
    ->fieldExists(sprintf('roles[%s]', $this->rid2));
  $this
    ->assertSession()
    ->fieldNotExists(sprintf('role_change[%s]', $this->rid2));

  // Since the admin user has role protection, ensure that the roles admin
  // user cannot edit its roles.
  $this
    ->drupalGet(sprintf('/user/%s/edit', $this->adminUser
    ->id()));
  $this
    ->assertSession()
    ->fieldNotExists(sprintf('role_change[%s]', $this->rid1));
  $this
    ->assertSession()
    ->elementAttributeContains('css', sprintf('[name="roles[%s]"]', $this->rid1), 'disabled', 'disabled');
  $this
    ->assertSession()
    ->fieldNotExists(sprintf('role_change[%s]', $this->rid2));
  $this
    ->assertSession()
    ->elementAttributeContains('css', sprintf('[name="roles[%s]"]', $this->rid2), 'disabled', 'disabled');

  // Login as an user with the admin role. This user has all privileges.
  $this
    ->drupalLogin($this->adminUser);

  // Ensure the admin user can edit the roles of the delegated admin user.
  $this
    ->drupalGet(sprintf('/user/%s/edit', $this->roleDelegatedAdminUser
    ->id()));
  $this
    ->assertSession()
    ->fieldExists(sprintf('roles[%s]', $this->rid1));
  $this
    ->assertSession()
    ->fieldNotExists(sprintf('role_change[%s]', $this->rid1));
  $this
    ->assertSession()
    ->fieldExists(sprintf('roles[%s]', $this->rid2));
  $this
    ->assertSession()
    ->fieldNotExists(sprintf('role_change[%s]', $this->rid2));

  // Ensure the admin user can edit its own roles.
  $this
    ->drupalGet(sprintf('/user/%s/edit', $this->adminUser
    ->id()));
  $this
    ->assertSession()
    ->fieldExists(sprintf('roles[%s]', $this->rid1));
  $this
    ->assertSession()
    ->fieldNotExists(sprintf('role_change[%s]', $this->rid1));
  $this
    ->assertSession()
    ->fieldExists(sprintf('roles[%s]', $this->rid2));
  $this
    ->assertSession()
    ->fieldNotExists(sprintf('role_change[%s]', $this->rid2));
}