View source
<?php
namespace Drupal\Tests\user\Unit;
use Drupal\Core\Access\AccessResult;
use Drupal\Core\Cache\Context\CacheContextsManager;
use Drupal\Core\DependencyInjection\Container;
use Drupal\Tests\UnitTestCase;
use Drupal\user\UserAccessControlHandler;
class UserAccessControlHandlerTest extends UnitTestCase {
protected $accessControlHandler;
protected $viewer;
protected $owner;
protected $admin;
protected $items;
public function setUp() {
parent::setUp();
$cache_contexts_manager = $this
->prophesize(CacheContextsManager::class);
$cache_contexts_manager
->assertValidTokens()
->willReturn(TRUE);
$cache_contexts_manager
->reveal();
$container = new Container();
$container
->set('cache_contexts_manager', $cache_contexts_manager);
\Drupal::setContainer($container);
$this->viewer = $this
->getMock('\\Drupal\\Core\\Session\\AccountInterface');
$this->viewer
->expects($this
->any())
->method('hasPermission')
->will($this
->returnValue(FALSE));
$this->viewer
->expects($this
->any())
->method('id')
->will($this
->returnValue(1));
$this->owner = $this
->getMock('\\Drupal\\Core\\Session\\AccountInterface');
$this->owner
->expects($this
->any())
->method('hasPermission')
->will($this
->returnValueMap(array(
array(
'administer users',
FALSE,
),
array(
'change own username',
TRUE,
),
)));
$this->owner
->expects($this
->any())
->method('id')
->will($this
->returnValue(2));
$this->admin = $this
->getMock('\\Drupal\\Core\\Session\\AccountInterface');
$this->admin
->expects($this
->any())
->method('hasPermission')
->will($this
->returnValue(TRUE));
$entity_type = $this
->getMock('Drupal\\Core\\Entity\\EntityTypeInterface');
$this->accessControlHandler = new UserAccessControlHandler($entity_type);
$module_handler = $this
->getMock('Drupal\\Core\\Extension\\ModuleHandlerInterface');
$module_handler
->expects($this
->any())
->method('getImplementations')
->will($this
->returnValue(array()));
$this->accessControlHandler
->setModuleHandler($module_handler);
$this->items = $this
->getMockBuilder('Drupal\\Core\\Field\\FieldItemList')
->disableOriginalConstructor()
->getMock();
$this->items
->expects($this
->any())
->method('defaultAccess')
->will($this
->returnValue(AccessResult::allowed()));
}
public function assertFieldAccess($field, $viewer, $target, $view, $edit) {
$field_definition = $this
->getMock('Drupal\\Core\\Field\\FieldDefinitionInterface');
$field_definition
->expects($this
->any())
->method('getName')
->will($this
->returnValue($field));
$this->items
->expects($this
->any())
->method('getEntity')
->will($this
->returnValue($this->{$target}));
foreach (array(
'view' => $view,
'edit' => $edit,
) as $operation => $result) {
$result_text = !isset($result) ? 'null' : ($result ? 'true' : 'false');
$message = "User '{$field}' field access returns '{$result_text}' with operation '{$operation}' for '{$viewer}' accessing '{$target}'";
$this
->assertSame($result, $this->accessControlHandler
->fieldAccess($operation, $field_definition, $this->{$viewer}, $this->items), $message);
}
}
public function testUserNameAccess($viewer, $target, $view, $edit) {
$this
->assertFieldAccess('name', $viewer, $target, $view, $edit);
}
public function userNameProvider() {
$name_access = array(
array(
'viewer' => 'viewer',
'target' => 'viewer',
'view' => TRUE,
'edit' => FALSE,
),
array(
'viewer' => 'owner',
'target' => 'viewer',
'view' => TRUE,
'edit' => FALSE,
),
array(
'viewer' => 'viewer',
'target' => 'owner',
'view' => TRUE,
'edit' => FALSE,
),
array(
'viewer' => 'owner',
'target' => 'owner',
'view' => TRUE,
'edit' => TRUE,
),
array(
'viewer' => 'admin',
'target' => 'owner',
'view' => TRUE,
'edit' => TRUE,
),
);
return $name_access;
}
public function testHiddenUserSettings($field, $viewer, $target, $view, $edit) {
$this
->assertFieldAccess($field, $viewer, $target, $view, $edit);
}
public function hiddenUserSettingsProvider() {
$access_info = array();
$fields = array(
'preferred_langcode',
'preferred_admin_langcode',
'timezone',
'mail',
);
foreach ($fields as $field) {
$access_info[] = array(
'field' => $field,
'viewer' => 'viewer',
'target' => 'viewer',
'view' => TRUE,
'edit' => TRUE,
);
$access_info[] = array(
'field' => $field,
'viewer' => 'viewer',
'target' => 'owner',
'view' => FALSE,
'edit' => TRUE,
);
$access_info[] = array(
'field' => $field,
'viewer' => 'owner',
'target' => 'owner',
'view' => TRUE,
'edit' => TRUE,
);
$access_info[] = array(
'field' => $field,
'viewer' => 'admin',
'target' => 'owner',
'view' => TRUE,
'edit' => TRUE,
);
}
return $access_info;
}
public function testAdminFieldAccess($field, $viewer, $target, $view, $edit) {
$this
->assertFieldAccess($field, $viewer, $target, $view, $edit);
}
public function adminFieldAccessProvider() {
$access_info = array();
$fields = array(
'roles',
'status',
'access',
'login',
'init',
);
foreach ($fields as $field) {
$access_info[] = array(
'field' => $field,
'viewer' => 'viewer',
'target' => 'viewer',
'view' => FALSE,
'edit' => FALSE,
);
$access_info[] = array(
'field' => $field,
'viewer' => 'viewer',
'target' => 'owner',
'view' => FALSE,
'edit' => FALSE,
);
$access_info[] = array(
'field' => $field,
'viewer' => 'admin',
'target' => 'owner',
'view' => TRUE,
'edit' => TRUE,
);
}
return $access_info;
}
public function testPasswordAccess($viewer, $target, $view, $edit) {
$this
->assertFieldAccess('pass', $viewer, $target, $view, $edit);
}
public function passwordAccessProvider() {
$pass_access = array(
array(
'viewer' => 'viewer',
'target' => 'viewer',
'view' => FALSE,
'edit' => TRUE,
),
array(
'viewer' => 'viewer',
'target' => 'owner',
'view' => FALSE,
'edit' => TRUE,
),
array(
'viewer' => 'owner',
'target' => 'viewer',
'view' => FALSE,
'edit' => TRUE,
),
array(
'viewer' => 'admin',
'target' => 'owner',
'view' => FALSE,
'edit' => TRUE,
),
);
return $pass_access;
}
public function testCreatedAccess($viewer, $target, $view, $edit) {
$this
->assertFieldAccess('created', $viewer, $target, $view, $edit);
}
public function createdAccessProvider() {
$created_access = array(
array(
'viewer' => 'viewer',
'target' => 'viewer',
'view' => TRUE,
'edit' => FALSE,
),
array(
'viewer' => 'owner',
'target' => 'viewer',
'view' => TRUE,
'edit' => FALSE,
),
array(
'viewer' => 'admin',
'target' => 'owner',
'view' => TRUE,
'edit' => TRUE,
),
);
return $created_access;
}
public function testNonExistingFieldAccess($viewer, $target, $view, $edit) {
$this
->assertFieldAccess('some_non_existing_field', $viewer, $target, $view, $edit);
}
public function NonExistingFieldAccessProvider() {
$created_access = array(
array(
'viewer' => 'viewer',
'target' => 'viewer',
'view' => TRUE,
'edit' => TRUE,
),
array(
'viewer' => 'owner',
'target' => 'viewer',
'view' => TRUE,
'edit' => TRUE,
),
array(
'viewer' => 'admin',
'target' => 'owner',
'view' => TRUE,
'edit' => TRUE,
),
);
return $created_access;
}
}