public function WebformElementAccessTest::testAccess in Webform 8.5
Same name and namespace in other branches
- 6.x tests/src/Functional/Element/WebformElementAccessTest.php \Drupal\Tests\webform\Functional\Element\WebformElementAccessTest::testAccess()
Test element access.
File
- tests/
src/ Functional/ Element/ WebformElementAccessTest.php, line 32
Class
- WebformElementAccessTest
- Tests for webform element access.
Namespace
Drupal\Tests\webform\Functional\ElementCode
public function testAccess() {
$normal_user = $this
->drupalCreateUser([
'access user profiles',
]);
$admin_submission_user = $this
->drupalCreateUser([
'access user profiles',
'administer webform submission',
]);
$own_submission_user = $this
->drupalCreateUser([
'access user profiles',
'access webform overview',
'create webform',
'edit own webform',
'delete own webform',
'view own webform submission',
'edit own webform submission',
'delete own webform submission',
]);
$webform = Webform::load('test_element_access');
/**************************************************************************/
// Check user from USER:1 to admin submission user.
$elements = $webform
->get('elements');
$elements = str_replace(' - 1', ' - ' . $admin_submission_user
->id(), $elements);
$elements = str_replace('USER:1', 'USER:' . $admin_submission_user
->id(), $elements);
$webform
->set('elements', $elements);
$webform
->save();
// Create a webform submission.
$this
->drupalLogin($normal_user);
$sid = $this
->postSubmission($webform);
$webform_submission = WebformSubmission::load($sid);
// Check admins have 'administer webform element access' permission.
$this
->drupalLogin($this->rootUser);
$this
->drupalGet('/admin/structure/webform/manage/test_element_access/element/access_create_roles_anonymous/edit');
$this
->assertFieldById('edit-properties-access-create-roles-anonymous', NULL);
// Check webform builder don't have 'administer webform element access'
// permission.
$this
->drupalLogin($own_submission_user);
$this
->drupalGet('/admin/structure/webform/manage/test_element_access/element/access_create_roles_anonymous/edit');
$this
->assertNoFieldById('edit-properties-access-create-roles-anonymous', NULL);
/* Create access */
// Check anonymous role access.
$this
->drupalLogout();
$this
->drupalGet('/webform/test_element_access');
$this
->assertFieldByName('access_create_roles_anonymous');
$this
->assertNoFieldByName('access_create_roles_authenticated');
$this
->assertNoFieldByName('access_create_users');
$this
->assertNoFieldByName('access_create_permissions');
// Check authenticated access.
$this
->drupalLogin($normal_user);
$this
->drupalGet('/webform/test_element_access');
$this
->assertNoFieldByName('access_create_roles_anonymous');
$this
->assertFieldByName('access_create_roles_authenticated');
$this
->assertNoFieldByName('access_create_users');
$this
->assertFieldByName('access_create_permissions');
// Check admin user access.
$this
->drupalLogin($admin_submission_user);
$this
->drupalGet('/webform/test_element_access');
$this
->assertNoFieldByName('access_create_roles_anonymous');
$this
->assertFieldByName('access_create_roles_authenticated');
$this
->assertFieldByName('access_create_users');
$this
->assertFieldByName('access_create_permissions');
/* Update access */
// Check anonymous role access.
$this
->drupalLogout();
$this
->drupalGet($webform_submission
->getTokenUrl());
$this
->assertFieldByName('access_update_roles_anonymous');
$this
->assertNoFieldByName('access_update_roles_authenticated');
$this
->assertNoFieldByName('access_update_users');
$this
->assertNoFieldByName('access_update_permissions');
// Check authenticated role access.
$this
->drupalLogin($normal_user);
$this
->drupalGet("/webform/test_element_access/submissions/{$sid}/edit");
$this
->assertNoFieldByName('access_update_roles_anonymous');
$this
->assertFieldByName('access_update_roles_authenticated');
$this
->assertNoFieldByName('access_update_users');
$this
->assertFieldByName('access_update_permissions');
// Check admin user access.
$this
->drupalLogin($admin_submission_user);
$this
->drupalGet("/admin/structure/webform/manage/test_element_access/submission/{$sid}/edit");
$this
->assertNoFieldByName('access_update_roles_anonymous');
$this
->assertFieldByName('access_update_roles_authenticated');
$this
->assertFieldByName('access_update_users');
$this
->assertFieldByName('access_update_permissions');
/* View, Table, and Download access */
$urls = [
[
'path' => "/admin/structure/webform/manage/test_element_access/submission/{$sid}",
],
[
'path' => '/admin/structure/webform/manage/test_element_access/results/submissions',
],
[
'path' => '/admin/structure/webform/manage/test_element_access/results/download',
],
[
'path' => '/admin/structure/webform/manage/test_element_access/results/download',
'options' => [
'query' => [
'download' => 1,
],
],
],
];
foreach ($urls as $url) {
$url += [
'options' => [],
];
// Check anonymous role access.
$this
->drupalLogout();
$this
->drupalGet($url['path'], $url['options']);
$this
->assertRaw('access_view_roles (anonymous)');
$this
->assertNoRaw('access_view_roles (authenticated)');
$this
->assertNoRaw('access_view_users (USER:' . $admin_submission_user
->id() . ')');
$this
->assertNoRaw('access_view_permissions (access user profiles)');
// Check authenticated role access.
$this
->drupalLogin($this->rootUser);
$this
->drupalGet($url['path'], $url['options']);
$this
->assertNoRaw('access_view_roles (anonymous)');
$this
->assertRaw('access_view_roles (authenticated)');
$this
->assertNoRaw('access_view_users (USER:' . $admin_submission_user
->id() . ')');
$this
->assertRaw('access_view_permissions (access user profiles)');
// Check admin user access.
$this
->drupalLogin($admin_submission_user);
$this
->drupalGet($url['path'], $url['options']);
$this
->assertNoRaw('access_view_roles (anonymous)');
$this
->assertRaw('access_view_roles (authenticated)');
$this
->assertRaw('access_view_users (USER:' . $admin_submission_user
->id() . ')');
$this
->assertRaw('access_view_permissions (access user profiles)');
}
/* Download token access */
$urls = [
'<td>token</td>' => [
'path' => '/admin/structure/webform/manage/test_element_access/results/download',
],
',Token,' => [
'path' => '/admin/structure/webform/manage/test_element_access/results/download',
'options' => [
'query' => [
'download' => 1,
'excluded_columns' => '',
],
],
],
];
foreach ($urls as $raw => $url) {
$url += [
'options' => [],
];
// Check anonymous role access.
$this
->drupalLogout();
$this
->drupalGet($url['path'], $url['options']);
$this
->assertNoRaw($raw, 'Anonymous user can not access token');
// Check authenticated role access.
$this
->drupalLogin($normal_user);
$this
->drupalGet($url['path'], $url['options']);
$this
->assertNoRaw($raw, 'Authenticated user can not access token');
// Check admin webform access.
$this
->drupalLogin($this->rootUser);
$this
->drupalGet($url['path'], $url['options']);
$this
->assertRaw($raw, 'Admin webform user can access token');
// Check admin submission access.
$this
->drupalLogin($admin_submission_user);
$this
->drupalGet($url['path'], $url['options']);
$this
->assertRaw($raw, 'Admin submission user can access token');
}
/* #access */
$this
->drupalLogin($this->rootUser);
// Check that textfield and fieldset are disabled in the UI.
$this
->drupalGet('/admin/structure/webform/manage/test_element_access');
$this
->assertCssSelect('[data-webform-key="textfield_access_property"].webform-ui-element-disabled');
$this
->assertCssSelect('[data-webform-key="fieldset_access_property"].webform-ui-element-disabled');
$this
->assertCssSelect('[data-webform-key="fieldset_textfield_access"]');
$this
->assertNoCssSelect('[data-webform-key="fieldset_textfield_access"].webform-ui-element-disabled');
// Check that textfield and fieldset are removed from results.
$this
->drupalGet('/admin/structure/webform/manage/test_element_access/results/submissions');
$this
->assertNoRaw('textfield_access_property');
$this
->assertNoRaw('fieldset_access_property');
$this
->assertRaw('fieldset_textfield_access');
// Check that textfield and fieldset are removed from download.
$this
->drupalGet('/admin/structure/webform/manage/test_element_access/results/download');
$this
->assertNoRaw('textfield_access_property');
$this
->assertNoRaw('fieldset_access_property');
$this
->assertRaw('fieldset_textfield_access');
}