public function WebformAccessEntityJsonApiTest::testRestAccess in Webform 8.5
Same name and namespace in other branches
- 6.x tests/src/Functional/Access/WebformAccessEntityJsonApiTest.php \Drupal\Tests\webform\Functional\Access\WebformAccessEntityJsonApiTest::testRestAccess()
Tests webform entity REST acces.
File
- tests/
src/ Functional/ Access/ WebformAccessEntityJsonApiTest.php, line 25
Class
- WebformAccessEntityJsonApiTest
- Tests for webform entity JSON API access.
Namespace
Drupal\Tests\webform\Functional\AccessCode
public function testRestAccess() {
$webform = Webform::load('contact');
$uuid = $webform
->uuid();
$account = $this
->drupalCreateUser();
$configuration_account = $this
->drupalCreateUser([
'access any webform configuration',
]);
/**************************************************************************/
// Check anonymous access denied to webform.
$this
->drupalGet("jsonapi/webform/webform/{$uuid}");
$this
->assertRaw('"title":"Forbidden","status":"403","detail":"The current user is not allowed to GET the selected resource. Access to webform configuration is required."');
// Login authenticated user.
$this
->drupalLogin($account);
// Check authenticated access allowed to webform.
$this
->drupalGet('/webform/contact');
$this
->assertFieldByName('subject');
// Check authenticated access denied to webform via _format=hal_json.
$this
->drupalGet("jsonapi/webform/webform/{$uuid}");
$this
->assertRaw('"title":"Forbidden","status":"403","detail":"The current user is not allowed to GET the selected resource. Access to webform configuration is required."');
// Login rest (permission) user.
$this
->drupalLogin($configuration_account);
// Check rest access allowed to webform.
$this
->drupalGet("jsonapi/webform/webform/{$uuid}");
$this
->assertNoRaw('"title":"Forbidden","status":"403","detail":"The current user is not allowed to GET the selected resource. Access to webform configuration is required."');
$this
->assertRaw('"title":"Contact",');
// Allow anonymous role to access webform configuration.
$access_rules = $webform
->getAccessRules();
$access_rules['configuration']['roles'] = [
'anonymous',
'authenticated',
];
$webform
->setAccessRules($access_rules);
$webform
->save();
// Login out and switch to anonymous user.
$this
->drupalLogout();
// Check anonymous access allowed to webform.
$this
->drupalGet("jsonapi/webform/webform/{$uuid}");
$this
->assertNoRaw('"title":"Forbidden","status":"403","detail":"The current user is not allowed to GET the selected resource. Access to webform configuration is required."');
// Login authenticated user.
$this
->drupalLogin($account);
// Check authenticated access allowed to webform.
$this
->drupalGet("jsonapi/webform/webform/{$uuid}");
$this
->assertNoRaw('"title":"Forbidden","status":"403","detail":"The current user is not allowed to GET the selected resource. Access to webform configuration is required."');
}