WebformAccessSubmissionPermissionsTest.php in Webform 6.x
File
tests/src/Functional/Access/WebformAccessSubmissionPermissionsTest.php
View source
<?php
namespace Drupal\Tests\webform\Functional\Access;
use Drupal\user\Entity\Role;
use Drupal\webform\Entity\Webform;
use Drupal\Tests\webform\Functional\WebformBrowserTestBase;
class WebformAccessSubmissionPermissionsTest extends WebformBrowserTestBase {
public function testPermissions() {
global $base_path;
$admin_webform_account = $this
->drupalCreateUser([
'administer webform',
'create webform',
]);
$admin_submission_account = $this
->drupalCreateUser([
'administer webform submission',
]);
$own_webform_account = $this
->drupalCreateUser([
'edit own webform',
]);
$any_submission_account = $this
->drupalCreateUser([
'view any webform submission',
'edit any webform submission',
'delete any webform submission',
]);
$own_submission_account = $this
->drupalCreateUser([
'view own webform submission',
'edit own webform submission',
'delete own webform submission',
'access webform submission user',
]);
$webform_id = 'contact';
$webform = Webform::load('contact');
$edit = [
'subject' => '{subject}',
'message' => '{message}',
];
$sid_1 = $this
->postSubmission($webform, $edit);
$uid = $own_submission_account
->id();
$this
->drupalGet("user/{$uid}/submissions");
$this
->assertResponse(403);
$this
->drupalGet('/webform/' . $webform
->id());
$this
->assertNoRaw('You have already submitted this webform.');
$this
->drupalGet("webform/{$webform_id}/submissions/{$sid_1}");
$this
->assertResponse(403);
$this
->drupalLogin($own_submission_account);
$edit = [
'subject' => '{subject}',
'message' => '{message}',
];
$sid_2 = $this
->postSubmission($webform, $edit);
$uid = $own_submission_account
->id();
$this
->drupalGet("user/{$uid}/submissions");
$this
->assertResponse(200);
$this
->drupalGet('/webform/' . $webform
->id());
$this
->assertRaw('You have already submitted this webform.');
$this
->assertRaw("<a href=\"{$base_path}webform/{$webform_id}/submissions/{$sid_2}\">View your previous submission</a>.");
$this
->drupalGet("webform/{$webform_id}/submissions/{$sid_2}");
$this
->assertResponse(200);
$this
->drupalGet("webform/{$webform_id}/submissions/{$sid_2}/edit");
$this
->assertResponse(200);
$this
->drupalGet("webform/{$webform_id}/submissions/{$sid_2}/delete");
$this
->assertResponse(200);
$sid_3 = $this
->postSubmission($webform, $edit);
$this
->drupalGet('/webform/' . $webform
->id());
$this
->assertRaw('You have already submitted this webform.');
$this
->assertRaw("<a href=\"{$base_path}webform/{$webform_id}/submissions\">View your previous submissions</a>");
$this
->drupalGet("webform/{$webform_id}/submissions");
$this
->assertResponse(200);
$this
->assertNoLinkByHref("{$base_path}admin/structure/webform/manage/{$webform_id}/submission/{$sid_1}");
$this
->assertLinkByHref("{$base_path}webform/{$webform_id}/submissions/{$sid_2}");
$this
->assertLinkByHref("{$base_path}webform/{$webform_id}/submissions/{$sid_3}");
$this
->drupalGet("/admin/structure/webform/manage/{$webform_id}/submission/{$sid_2}");
$this
->assertResponse(200);
$this
->drupalGet('/admin/structure/webform/submissions/manage');
$this
->assertResponse(403);
$this
->drupalGet("/admin/structure/webform/manage/{$webform_id}/results/submissions");
$this
->assertResponse(403);
$this
->drupalLogin($any_submission_account);
$uid = $any_submission_account
->id();
$this
->drupalGet("user/{$uid}/submissions");
$this
->assertResponse(200);
$uid = $own_submission_account
->id();
$this
->drupalGet("user/{$uid}/submissions");
$this
->assertResponse(200);
$this
->drupalGet("/admin/structure/webform/manage/{$webform_id}/results/submissions");
$this
->assertResponse(200);
$this
->assertLinkByHref("{$base_path}admin/structure/webform/manage/{$webform_id}/submission/{$sid_1}");
$this
->assertLinkByHref("{$base_path}admin/structure/webform/manage/{$webform_id}/submission/{$sid_2}");
$this
->assertLinkByHref("{$base_path}admin/structure/webform/manage/{$webform_id}/submission/{$sid_3}");
$this
->drupalGet("/admin/structure/webform/manage/{$webform_id}/submission/{$sid_2}");
$this
->assertResponse(200);
$this
->drupalGet('/admin/structure/webform/submissions/manage');
$this
->assertResponse(200);
$anonymous_role = Role::load('anonymous');
$anonymous_role
->grantPermission('view own webform submission')
->grantPermission('edit own webform submission')
->grantPermission('delete own webform submission')
->save();
$this
->drupalLogout();
$edit = [
'name' => '{name}',
'email' => 'example@example.com',
'subject' => '{subject}',
'message' => '{message}',
];
$sid_4 = $this
->postSubmission($webform, $edit);
$this
->drupalGet('/webform/' . $webform
->id());
$this
->assertRaw('You have already submitted this webform.');
$this
->assertRaw("<a href=\"{$base_path}webform/{$webform_id}/submissions/{$sid_4}\">View your previous submission</a>.");
$this
->drupalGet("webform/{$webform_id}/submissions/{$sid_4}");
$this
->assertResponse(200);
$this
->drupalGet("webform/{$webform_id}/submissions/{$sid_4}/edit");
$this
->assertResponse(200);
$this
->drupalGet("webform/{$webform_id}/submissions/{$sid_4}/delete");
$this
->assertResponse(200);
$sid_5 = $this
->postSubmission($webform, $edit);
$this
->drupalGet('/webform/' . $webform
->id());
$this
->assertRaw('You have already submitted this webform.');
$this
->assertRaw("<a href=\"{$base_path}webform/{$webform_id}/submissions\">View your previous submissions</a>");
$this
->drupalGet("webform/{$webform_id}/submissions");
$this
->assertResponse(200);
$this
->assertLinkByHref("{$base_path}webform/{$webform_id}/submissions/{$sid_4}");
$this
->assertLinkByHref("{$base_path}webform/{$webform_id}/submissions/{$sid_5}");
$this
->drupalLogin($admin_webform_account);
$uid = $own_submission_account
->id();
$this
->drupalGet("user/{$uid}/submissions");
$this
->assertResponse(200);
$this
->drupalLogin($admin_submission_account);
$uid = $own_submission_account
->id();
$this
->drupalGet("user/{$uid}/submissions");
$this
->assertResponse(200);
$this
->drupalLogin($own_webform_account);
$this
->drupalGet("/admin/structure/webform/manage/{$webform_id}/results/submissions");
$this
->assertResponse(403);
$webform
->setOwner($own_webform_account)
->save();
$this
->drupalGet("/admin/structure/webform/manage/{$webform_id}/results/submissions");
$this
->assertResponse(200);
$this
->assertLinkByHref("{$base_path}admin/structure/webform/manage/{$webform_id}/submission/{$sid_1}");
$this
->assertLinkByHref("{$base_path}admin/structure/webform/manage/{$webform_id}/submission/{$sid_2}");
$this
->assertLinkByHref("{$base_path}admin/structure/webform/manage/{$webform_id}/submission/{$sid_3}");
$this
->assertLinkByHref("{$base_path}admin/structure/webform/manage/{$webform_id}/submission/{$sid_4}");
$this
->drupalGet("admin/structure/webform/manage/{$webform_id}/submission/{$sid_4}");
$this
->assertResponse(200);
}
}