View source
<?php
namespace Drupal\user\Tests\Views;
use Drupal\Component\Utility\SafeMarkup;
use Drupal\user\Entity\User;
class BulkFormAccessTest extends UserTestBase {
public static $modules = array(
'user_access_test',
);
public static $testViews = array(
'test_user_bulk_form',
);
public function testUserEditAccess() {
$no_edit_user = $this
->drupalCreateUser(array(), 'no_edit');
$this
->assertFalse($no_edit_user
->isBlocked(), 'The user is not blocked.');
$admin_user = $this
->drupalCreateUser(array(
'administer users',
));
$this
->drupalLogin($admin_user);
$this
->drupalGet('user/' . $no_edit_user
->id() . '/edit');
$this
->assertFalse($no_edit_user
->access('update', $admin_user));
$this
->assertResponse(403, 'The user may not be edited.');
$edit = array(
'user_bulk_form[' . ($no_edit_user
->id() - 1) . ']' => TRUE,
'action' => 'user_block_user_action',
);
$this
->drupalPostForm('test-user-bulk-form', $edit, t('Apply'));
$this
->assertResponse(200);
$this
->assertRaw(SafeMarkup::format('No access to execute %action on the @entity_type_label %entity_label.', [
'%action' => 'Block the selected user(s)',
'@entity_type_label' => 'User',
'%entity_label' => $no_edit_user
->label(),
]));
$no_edit_user = User::load($no_edit_user
->id());
$this
->assertFalse($no_edit_user
->isBlocked(), 'The user is not blocked.');
$normal_user = $this
->drupalCreateUser();
$this
->assertTrue($normal_user
->access('update', $admin_user));
$edit = array(
'user_bulk_form[' . ($normal_user
->id() - 1) . ']' => TRUE,
'action' => 'user_block_user_action',
);
$this
->drupalPostForm('test-user-bulk-form', $edit, t('Apply'));
$normal_user = User::load($normal_user
->id());
$this
->assertTrue($normal_user
->isBlocked(), 'The user is blocked.');
$this
->drupalLogin($this
->drupalCreateUser());
$edit = array(
'user_bulk_form[' . ($normal_user
->id() - 1) . ']' => TRUE,
'action' => 'user_unblock_user_action',
);
$this
->drupalPostForm('test-user-bulk-form', $edit, t('Apply'));
$normal_user = User::load($normal_user
->id());
$this
->assertTrue($normal_user
->isBlocked(), 'The user is still blocked.');
}
public function testUserDeleteAccess() {
$account = $this
->drupalCreateUser(array(), 'no_delete');
$account2 = $this
->drupalCreateUser(array(), 'may_delete');
$this
->drupalLogin($this
->drupalCreateUser(array(
'administer users',
)));
$this
->drupalGet('user/' . $account
->id() . '/cancel');
$this
->assertResponse(403, 'The user "no_delete" may not be deleted.');
$this
->drupalGet('user/' . $account2
->id() . '/cancel');
$this
->assertResponse(200, 'The user "may_delete" may be deleted.');
$edit = array(
'user_bulk_form[' . ($account
->id() - 1) . ']' => TRUE,
'user_bulk_form[' . ($account2
->id() - 1) . ']' => TRUE,
'action' => 'user_cancel_user_action',
);
$this
->drupalPostForm('test-user-bulk-form', $edit, t('Apply'));
$edit = array(
'user_cancel_method' => 'user_cancel_delete',
);
$this
->drupalPostForm(NULL, $edit, t('Cancel accounts'));
$account = User::load($account
->id());
$this
->assertNotNull($account, 'The user "no_delete" is not deleted.');
$account = User::load($account2
->id());
$this
->assertNull($account, 'The user "may_delete" is deleted.');
}
}