You are here

public function BulkFormAccessTest::testUserEditAccess in Zircon Profile 8.0

Same name and namespace in other branches
  1. 8 core/modules/user/src/Tests/Views/BulkFormAccessTest.php \Drupal\user\Tests\Views\BulkFormAccessTest::testUserEditAccess()

Tests if users that may not be edited, can not be edited in bulk.

File

core/modules/user/src/Tests/Views/BulkFormAccessTest.php, line 38
Contains \Drupal\user\Tests\Views\BulkFormAccessTest.

Class

BulkFormAccessTest
Tests if entity access is respected on a user bulk form.

Namespace

Drupal\user\Tests\Views

Code

public function testUserEditAccess() {

  // Create an authenticated user.
  $no_edit_user = $this
    ->drupalCreateUser(array(), 'no_edit');

  // Ensure this account is not blocked.
  $this
    ->assertFalse($no_edit_user
    ->isBlocked(), 'The user is not blocked.');

  // Login as user admin.
  $admin_user = $this
    ->drupalCreateUser(array(
    'administer users',
  ));
  $this
    ->drupalLogin($admin_user);

  // Ensure that the account "no_edit" can not be edited.
  $this
    ->drupalGet('user/' . $no_edit_user
    ->id() . '/edit');
  $this
    ->assertFalse($no_edit_user
    ->access('update', $admin_user));
  $this
    ->assertResponse(403, 'The user may not be edited.');

  // Test blocking the account "no_edit".
  $edit = array(
    'user_bulk_form[' . ($no_edit_user
      ->id() - 1) . ']' => TRUE,
    'action' => 'user_block_user_action',
  );
  $this
    ->drupalPostForm('test-user-bulk-form', $edit, t('Apply'));
  $this
    ->assertResponse(200);
  $this
    ->assertRaw(SafeMarkup::format('No access to execute %action on the @entity_type_label %entity_label.', [
    '%action' => 'Block the selected user(s)',
    '@entity_type_label' => 'User',
    '%entity_label' => $no_edit_user
      ->label(),
  ]));

  // Re-load the account "no_edit" and ensure it is not blocked.
  $no_edit_user = User::load($no_edit_user
    ->id());
  $this
    ->assertFalse($no_edit_user
    ->isBlocked(), 'The user is not blocked.');

  // Create a normal user which can be edited by the admin user
  $normal_user = $this
    ->drupalCreateUser();
  $this
    ->assertTrue($normal_user
    ->access('update', $admin_user));
  $edit = array(
    'user_bulk_form[' . ($normal_user
      ->id() - 1) . ']' => TRUE,
    'action' => 'user_block_user_action',
  );
  $this
    ->drupalPostForm('test-user-bulk-form', $edit, t('Apply'));
  $normal_user = User::load($normal_user
    ->id());
  $this
    ->assertTrue($normal_user
    ->isBlocked(), 'The user is blocked.');

  // Login as user without the 'administer users' permission.
  $this
    ->drupalLogin($this
    ->drupalCreateUser());
  $edit = array(
    'user_bulk_form[' . ($normal_user
      ->id() - 1) . ']' => TRUE,
    'action' => 'user_unblock_user_action',
  );
  $this
    ->drupalPostForm('test-user-bulk-form', $edit, t('Apply'));

  // Re-load the normal user and ensure it is still blocked.
  $normal_user = User::load($normal_user
    ->id());
  $this
    ->assertTrue($normal_user
    ->isBlocked(), 'The user is still blocked.');
}