WebformAccessEntityJsonApiTest.php in Webform 6.x
File
tests/src/Functional/Access/WebformAccessEntityJsonApiTest.php
View source
<?php
namespace Drupal\Tests\webform\Functional\Access;
use Drupal\webform\Entity\Webform;
use Drupal\Tests\webform\Functional\WebformBrowserTestBase;
class WebformAccessEntityJsonApiTest extends WebformBrowserTestBase {
public static $modules = [
'webform',
'jsonapi',
];
public function testRestAccess() {
$webform = Webform::load('contact');
$uuid = $webform
->uuid();
$account = $this
->drupalCreateUser();
$configuration_account = $this
->drupalCreateUser([
'access any webform configuration',
]);
$this
->drupalGet("jsonapi/webform/webform/{$uuid}");
$this
->assertRaw('"title":"Forbidden","status":"403","detail":"The current user is not allowed to GET the selected resource. Access to webform configuration is required."');
$this
->drupalLogin($account);
$this
->drupalGet('/webform/contact');
$this
->assertFieldByName('subject');
$this
->drupalGet("jsonapi/webform/webform/{$uuid}");
$this
->assertRaw('"title":"Forbidden","status":"403","detail":"The current user is not allowed to GET the selected resource. Access to webform configuration is required."');
$this
->drupalLogin($configuration_account);
$this
->drupalGet("jsonapi/webform/webform/{$uuid}");
$this
->assertNoRaw('"title":"Forbidden","status":"403","detail":"The current user is not allowed to GET the selected resource. Access to webform configuration is required."');
$this
->assertRaw('"title":"Contact",');
$access_rules = $webform
->getAccessRules();
$access_rules['configuration']['roles'] = [
'anonymous',
'authenticated',
];
$webform
->setAccessRules($access_rules);
$webform
->save();
$this
->drupalLogout();
$this
->drupalGet("jsonapi/webform/webform/{$uuid}");
$this
->assertNoRaw('"title":"Forbidden","status":"403","detail":"The current user is not allowed to GET the selected resource. Access to webform configuration is required."');
$this
->drupalLogin($account);
$this
->drupalGet("jsonapi/webform/webform/{$uuid}");
$this
->assertNoRaw('"title":"Forbidden","status":"403","detail":"The current user is not allowed to GET the selected resource. Access to webform configuration is required."');
}
}