You are here

public function TaxonomyAccessTest::testEditAccess in Workbench Access 8

Test edit access integration.

File

tests/src/Kernel/TaxonomyAccessTest.php, line 152

Class

TaxonomyAccessTest
Tests workbench_access integration with taxonomy.

Namespace

Drupal\Tests\workbench_access\Kernel

Code

public function testEditAccess() {

  // The first user in a kernel test gets UID 1, so we need to make sure we're
  // not testing with that user.
  $this
    ->createUser();

  // Create a section.
  $term = Term::create([
    'vid' => $this->vocabulary
      ->id(),
    'name' => 'Some section',
  ]);
  $term
    ->save();

  // Create two users with equal permissions but assign one of them to the
  // section.
  $permissions = $this
    ->getPermissions();
  $allowed_editor = $this
    ->createUser($permissions);
  $allowed_editor
    ->save();
  $this->userStorage
    ->addUser($this->scheme, $allowed_editor, [
    $term
      ->id(),
  ]);
  $editor_with_no_access = $this
    ->createUser($permissions);

  // Test an entity that is not subject to access control.
  $entity = Term::create([
    'vid' => 'categories',
    'name' => 'come on in',
  ]);
  $this
    ->assertTrue($this->accessHandler
    ->access($entity, 'update', $allowed_editor));
  $this
    ->assertTrue($this->accessHandler
    ->access($entity, 'update', $editor_with_no_access));

  // Test an entity that is not assigned to a section. Both should be allowed
  // because we do not assert access control by default.
  $entity1 = Term::create([
    'vid' => 'tags',
    'name' => 'come on in',
  ]);
  $this
    ->assertTrue($this->accessHandler
    ->access($entity1, 'update', $allowed_editor));
  $this
    ->assertTrue($this->accessHandler
    ->access($entity1, 'update', $editor_with_no_access));

  // Create an entity that is assigned to a section.
  $entity2 = Term::create([
    'vid' => 'tags',
    'name' => 'restricted',
    WorkbenchAccessManagerInterface::FIELD_NAME => $term
      ->id(),
  ]);
  $this
    ->assertTrue($this->accessHandler
    ->access($entity2, 'update', $allowed_editor));
  $this
    ->assertFalse($this->accessHandler
    ->access($entity2, 'update', $editor_with_no_access));

  // With strict checking, entities that are not assigned to a section return
  // false.
  $this
    ->config('workbench_access.settings')
    ->set('deny_on_empty', 1)
    ->save();

  // Test a new entity because the results for $entity1 are cached.
  $entity3 = Term::create([
    'vid' => 'tags',
    'name' => 'restricted',
  ]);
  $this
    ->assertFalse($this->accessHandler
    ->access($entity3, 'update', $allowed_editor));
  $this
    ->assertFalse($this->accessHandler
    ->access($entity3, 'update', $editor_with_no_access));

  // Delete the scheme.
  $this->scheme
    ->delete();

  // Should now allow access.
  $this->accessHandler
    ->resetCache();
  $this
    ->assertTrue($this->accessHandler
    ->access($entity2, 'update', $editor_with_no_access));
}