public function YamlFormAccessTest::testAccessRules in YAML Form 8
Tests form access rules.
File
- src/
Tests/ YamlFormAccessTest.php, line 75
Class
- YamlFormAccessTest
- Tests for form access rules.
Namespace
Drupal\yamlform\TestsCode
public function testAccessRules() {
global $base_path;
/** @var \Drupal\yamlform\YamlFormInterface $yamlform */
/** @var \Drupal\yamlform\YamlFormSubmissionInterface[] $submissions */
list($yamlform, $submissions) = $this
->createYamlFormWithSubmissions();
$account = $this
->drupalCreateUser([
'access content',
]);
$yamlform_id = $yamlform
->id();
$sid = $submissions[0]
->id();
$uid = $account
->id();
$rid = $account
->getRoles()[1];
// Check create authenticated/anonymous access.
$yamlform
->setAccessRules(YamlForm::getDefaultAccessRules())
->save();
$this
->drupalGet('yamlform/' . $yamlform
->id());
$this
->assertResponse(200, 'Form create submission access for anonymous/authenticated user.');
$access_rules = [
'create' => [
'roles' => [],
'users' => [],
],
] + YamlForm::getDefaultAccessRules();
$yamlform
->setAccessRules($access_rules)
->save();
// Check no access.
$this
->drupalGet('yamlform/' . $yamlform
->id());
$this
->assertResponse(403, 'Form returns access denied');
$any_tests = [
'yamlform/{yamlform}' => 'create',
'admin/structure/yamlform/manage/{yamlform}/results/submissions' => 'view_any',
'admin/structure/yamlform/manage/{yamlform}/results/table' => 'view_any',
'admin/structure/yamlform/manage/{yamlform}/results/download' => 'view_any',
'admin/structure/yamlform/manage/{yamlform}/results/clear' => 'purge_any',
'admin/structure/yamlform/manage/{yamlform}/submission/{yamlform_submission}' => 'view_any',
'admin/structure/yamlform/manage/{yamlform}/submission/{yamlform_submission}/text' => 'view_any',
'admin/structure/yamlform/manage/{yamlform}/submission/{yamlform_submission}/yaml' => 'view_any',
'admin/structure/yamlform/manage/{yamlform}/submission/{yamlform_submission}/edit' => 'update_any',
'admin/structure/yamlform/manage/{yamlform}/submission/{yamlform_submission}/delete' => 'delete_any',
];
// Check that all the test paths are access denied for anonymous users.
foreach ($any_tests as $path => $permission) {
$path = str_replace('{yamlform}', $yamlform_id, $path);
$path = str_replace('{yamlform_submission}', $sid, $path);
$this
->drupalGet($path);
$this
->assertResponse(403, 'Form returns access denied');
}
$this
->drupalLogin($account);
// Check that all the test paths are access denied for authenticated.
foreach ($any_tests as $path => $permission) {
$path = str_replace('{yamlform}', $yamlform_id, $path);
$path = str_replace('{yamlform_submission}', $sid, $path);
$this
->drupalGet($path);
$this
->assertResponse(403, 'Form returns access denied');
}
// Check access rules by role and user id.
foreach ($any_tests as $path => $permission) {
$path = str_replace('{yamlform}', $yamlform_id, $path);
$path = str_replace('{yamlform_submission}', $sid, $path);
// Check access rule via role.
$access_rules = [
$permission => [
'roles' => [
$rid,
],
'users' => [],
],
] + YamlForm::getDefaultAccessRules();
$yamlform
->setAccessRules($access_rules)
->save();
$this
->drupalGet($path);
$this
->assertResponse(200, 'Form allows access via role access rules');
// Check access rule via user id.
$access_rules = [
$permission => [
'roles' => [],
'users' => [
$uid,
],
],
] + YamlForm::getDefaultAccessRules();
$yamlform
->setAccessRules($access_rules)
->save();
$this
->drupalGet($path);
$this
->assertResponse(200, 'Form allows access via user access rules');
}
// Check own / user specific access rules.
$access_rules = [
'view_own' => [
'roles' => [
$rid,
],
'users' => [],
],
'update_own' => [
'roles' => [
$rid,
],
'users' => [],
],
'delete_own' => [
'roles' => [
$rid,
],
'users' => [],
],
] + YamlForm::getDefaultAccessRules();
$yamlform
->setAccessRules($access_rules)
->save();
// Login and post a submission as a user.
$this
->drupalLogin($account);
// Check no view previous submission message.
$this
->drupalGet('yamlform/' . $yamlform
->id());
$this
->assertNoRaw('You have already submitted this form.');
$this
->assertNoRaw('View your previous submission');
$sid = $this
->postSubmission($yamlform);
// Check view previous submission message.
$this
->drupalGet('yamlform/' . $yamlform
->id());
$this
->assertRaw('You have already submitted this form.');
$this
->assertRaw("<a href=\"{$base_path}yamlform/{$yamlform_id}/submissions/{$sid}\">View your previous submission</a>.");
$sid = $this
->postSubmission($yamlform);
// Check view previous submissions message.
$this
->drupalGet('yamlform/' . $yamlform
->id());
$this
->assertRaw('You have already submitted this form.');
$this
->assertRaw("<a href=\"{$base_path}yamlform/{$yamlform_id}/submissions\">View your previous submissions</a>");
// Check the new submission's view, update, and delete access for the user.
$test_own = [
'admin/structure/yamlform/manage/{yamlform}/results/submissions' => 403,
'admin/structure/yamlform/manage/{yamlform}/results/table' => 403,
'admin/structure/yamlform/manage/{yamlform}/results/download' => 403,
'admin/structure/yamlform/manage/{yamlform}/results/clear' => 403,
'admin/structure/yamlform/manage/{yamlform}/submission/{yamlform_submission}' => 200,
'admin/structure/yamlform/manage/{yamlform}/submission/{yamlform_submission}/text' => 403,
'admin/structure/yamlform/manage/{yamlform}/submission/{yamlform_submission}/yaml' => 403,
'admin/structure/yamlform/manage/{yamlform}/submission/{yamlform_submission}/edit' => 200,
'admin/structure/yamlform/manage/{yamlform}/submission/{yamlform_submission}/delete' => 200,
];
foreach ($test_own as $path => $status_code) {
$path = str_replace('{yamlform}', $yamlform_id, $path);
$path = str_replace('{yamlform_submission}', $sid, $path);
$this
->drupalGet($path);
$this
->assertResponse($status_code, new FormattableMarkup('Form @status_code access via own access rules.', [
'@status_code' => $status_code == 403 ? 'denies' : 'allows',
]));
}
}