You are here

Home » API reference » Webform 6.x » WebformSubmissionViewsAccessTest.php » WebformSubmissionViewsAccessTest

public function WebformSubmissionViewsAccessTest::testPermissionAccess in Webform 6.x

Same name and namespace in other branches
  1. 8.5 tests/src/Functional/WebformSubmissionViewsAccessTest.php \Drupal\Tests\webform\Functional\WebformSubmissionViewsAccessTest::testPermissionAccess()

Tests webform submission views enforce access per user's permissions.

File

tests/src/Functional/WebformSubmissionViewsAccessTest.php, line 74

Class

WebformSubmissionViewsAccessTest
Tests access rules in the context of webform submission views access.

Namespace

Drupal\Tests\webform\Functional

Code

public function testPermissionAccess() {

  /** @var \Drupal\webform\WebformInterface $webform */
  $webform = Webform::load('contact');

  // Create anonymous, any access user, own access user, and no (anonymous) access user.
  $anonymous_user = User::getAnonymousUser();
  user_role_grant_permissions('anonymous', [
    'access webform overview',
    'view own webform submission',
  ]);
  $own_webform_user = $this
    ->drupalCreateUser([
    'access webform overview',
    'edit own webform',
  ]);
  $webform
    ->setOwner($own_webform_user)
    ->save();
  $any_submission_user = $this
    ->drupalCreateUser([
    'access webform overview',
    'view any webform submission',
  ]);
  $own_submission_user = $this
    ->drupalCreateUser([
    'access webform overview',
    'view own webform submission',
  ]);
  $without_access_user = $this
    ->drupalCreateUser([
    'access webform overview',
  ]);

  // Create an array of the accounts.

  /** @var \Drupal\user\Entity\User[] $accounts */
  $accounts = [
    'anonymous_user' => $anonymous_user,
    'own_webform_user' => $own_webform_user,
    'any_submission_user' => $any_submission_user,
    'own_submission_user' => $own_submission_user,
    'without_access' => $without_access_user,
  ];

  // Create test submissions.
  $this
    ->createSubmissions($webform, $accounts);

  // Check user submission access.
  $this
    ->checkUserSubmissionAccess($webform, $accounts);

  // Clear any and own permissions for all accounts.
  foreach ($accounts as $account_type => &$account) {
    if ($account_type === 'anonymous_user') {
      $rid = 'anonymous';
    }
    else {
      $roles = $account
        ->getRoles(TRUE);
      $rid = reset($roles);
    }
    user_role_revoke_permissions($rid, [
      'view any webform submission',
      'view own webform submission',
      'edit own webform',
    ]);
  }

  // Check user submission access cache is cleared.
  $this
    ->checkUserSubmissionAccess($webform, $accounts);
}