You are here

public function QuickEditIntegrationLoadingTest::testUsersWithoutPermission in Zircon Profile 8

Same name and namespace in other branches
  1. 8.0 core/modules/editor/src/Tests/QuickEditIntegrationLoadingTest.php \Drupal\editor\Tests\QuickEditIntegrationLoadingTest::testUsersWithoutPermission()

Test loading of untransformed text when a user doesn't have access to it.

File

core/modules/editor/src/Tests/QuickEditIntegrationLoadingTest.php, line 72
Contains \Drupal\editor\Tests\QuickEditIntegrationLoadingTest.

Class

QuickEditIntegrationLoadingTest
Tests Quick Edit module integration endpoints.

Namespace

Drupal\editor\Tests

Code

public function testUsersWithoutPermission() {

  // Create 3 users, each with insufficient permissions, i.e. without either
  // or both of the following permissions:
  // - the 'access in-place editing' permission
  // - the 'edit any article content' permission (necessary to edit node 1)
  $users = array(
    $this
      ->drupalCreateUser(static::$basicPermissions),
    $this
      ->drupalCreateUser(array_merge(static::$basicPermissions, array(
      'edit any article content',
    ))),
    $this
      ->drupalCreateUser(array_merge(static::$basicPermissions, array(
      'access in-place editing',
    ))),
  );

  // Now test with each of the 3 users with insufficient permissions.
  foreach ($users as $user) {
    $this
      ->drupalLogin($user);
    $this
      ->drupalGet('node/1');

    // Ensure the text is transformed.
    $this
      ->assertRaw('<p>Do you also love Drupal?</p><figure role="group" class="caption caption-img"><img src="druplicon.png" /><figcaption>Druplicon</figcaption></figure>');

    // Retrieving the untransformed text should result in an empty 403 response.
    $response = $this
      ->drupalPost('editor/' . 'node/1/body/en/full', '', array(), array(
      'query' => array(
        MainContentViewSubscriber::WRAPPER_FORMAT => 'drupal_ajax',
      ),
    ));
    $this
      ->assertResponse(403);
    $this
      ->assertIdentical('{}', $response);
  }
}