View source
<?php
namespace Drupal\Tests\Core\Access;
use Drupal\Core\Access\AccessCheckInterface;
use Drupal\Core\Access\AccessResult;
use Drupal\Core\Access\CheckProvider;
use Drupal\Core\Cache\Context\CacheContextsManager;
use Drupal\Core\Routing\RouteMatch;
use Drupal\Core\Access\AccessManager;
use Drupal\Core\Access\DefaultAccessCheck;
use Drupal\Tests\UnitTestCase;
use Drupal\router_test\Access\DefinedTestAccessCheck;
use Symfony\Cmf\Component\Routing\RouteObjectInterface;
use Symfony\Component\DependencyInjection\ContainerBuilder;
use Symfony\Component\Routing\Exception\RouteNotFoundException;
use Symfony\Component\Routing\Route;
use Symfony\Component\Routing\RouteCollection;
class AccessManagerTest extends UnitTestCase {
protected $container;
protected $routeCollection;
protected $accessManager;
protected $routeProvider;
protected $paramConverter;
protected $account;
protected $argumentsResolverFactory;
protected $currentUser;
protected $checkProvider;
protected function setUp() {
parent::setUp();
$this->container = new ContainerBuilder();
$cache_contexts_manager = $this
->prophesize(CacheContextsManager::class)
->reveal();
$this->container
->set('cache_contexts_manager', $cache_contexts_manager);
\Drupal::setContainer($this->container);
$this->routeCollection = new RouteCollection();
$this->routeCollection
->add('test_route_1', new Route('/test-route-1'));
$this->routeCollection
->add('test_route_2', new Route('/test-route-2', array(), array(
'_access' => 'TRUE',
)));
$this->routeCollection
->add('test_route_3', new Route('/test-route-3', array(), array(
'_access' => 'FALSE',
)));
$this->routeCollection
->add('test_route_4', new Route('/test-route-4/{value}', array(), array(
'_access' => 'TRUE',
)));
$this->routeProvider = $this
->getMock('Drupal\\Core\\Routing\\RouteProviderInterface');
$map = array();
foreach ($this->routeCollection
->all() as $name => $route) {
$map[] = array(
$name,
array(),
$route,
);
}
$map[] = array(
'test_route_4',
array(
'value' => 'example',
),
$this->routeCollection
->get('test_route_4'),
);
$this->routeProvider
->expects($this
->any())
->method('getRouteByName')
->will($this
->returnValueMap($map));
$map = array();
$map[] = array(
'test_route_1',
array(),
'/test-route-1',
);
$map[] = array(
'test_route_2',
array(),
'/test-route-2',
);
$map[] = array(
'test_route_3',
array(),
'/test-route-3',
);
$map[] = array(
'test_route_4',
array(
'value' => 'example',
),
'/test-route-4/example',
);
$this->paramConverter = $this
->getMock('Drupal\\Core\\ParamConverter\\ParamConverterManagerInterface');
$this->account = $this
->getMock('Drupal\\Core\\Session\\AccountInterface');
$this->currentUser = $this
->getMock('Drupal\\Core\\Session\\AccountInterface');
$this->argumentsResolverFactory = $this
->getMock('Drupal\\Core\\Access\\AccessArgumentsResolverFactoryInterface');
$this->checkProvider = new CheckProvider();
$this->checkProvider
->setContainer($this->container);
$this->accessManager = new AccessManager($this->routeProvider, $this->paramConverter, $this->argumentsResolverFactory, $this->currentUser, $this->checkProvider);
}
public function testSetChecks() {
$this->checkProvider
->setChecks($this->routeCollection);
foreach ($this->routeCollection
->all() as $route) {
$this
->assertNull($route
->getOption('_access_checks'));
}
$this
->setupAccessChecker();
$this->checkProvider
->setChecks($this->routeCollection);
$this
->assertEquals($this->routeCollection
->get('test_route_1')
->getOption('_access_checks'), NULL);
$this
->assertEquals($this->routeCollection
->get('test_route_2')
->getOption('_access_checks'), array(
'test_access_default',
));
$this
->assertEquals($this->routeCollection
->get('test_route_3')
->getOption('_access_checks'), array(
'test_access_default',
));
}
public function testSetChecksWithDynamicAccessChecker() {
$this->accessManager = new AccessManager($this->routeProvider, $this->paramConverter, $this->argumentsResolverFactory, $this->currentUser, $this->checkProvider);
$access_check = $this
->getMock('Drupal\\Tests\\Core\\Access\\TestAccessCheckInterface');
$this->container
->set('test_access', $access_check);
$this->checkProvider
->addCheckService('test_access', 'access');
$route = new Route('/test-path', array(), array(
'_foo' => '1',
'_bar' => '1',
));
$route2 = new Route('/test-path', array(), array(
'_foo' => '1',
'_bar' => '2',
));
$collection = new RouteCollection();
$collection
->add('test_route', $route);
$collection
->add('test_route2', $route2);
$access_check
->expects($this
->exactly(2))
->method('applies')
->with($this
->isInstanceOf('Symfony\\Component\\Routing\\Route'))
->will($this
->returnCallback(function (Route $route) {
return $route
->getRequirement('_bar') == 2;
}));
$this->checkProvider
->setChecks($collection);
$this
->assertEmpty($route
->getOption('_access_checks'));
$this
->assertEquals(array(
'test_access',
), $route2
->getOption('_access_checks'));
}
public function testCheck() {
$route_matches = [];
foreach ($this->routeCollection
->all() as $route_name => $route) {
$route_matches[$route_name] = new RouteMatch($route_name, $route, [], []);
}
foreach ($route_matches as $route_match) {
$this
->assertEquals(FALSE, $this->accessManager
->check($route_match, $this->account));
$this
->assertEquals(AccessResult::neutral(), $this->accessManager
->check($route_match, $this->account, NULL, TRUE));
}
$this
->setupAccessChecker();
foreach ($route_matches as $route_match) {
$this
->assertEquals(FALSE, $this->accessManager
->check($route_match, $this->account));
$this
->assertEquals(AccessResult::neutral(), $this->accessManager
->check($route_match, $this->account, NULL, TRUE));
}
$this->checkProvider
->setChecks($this->routeCollection);
$this
->setupAccessArgumentsResolverFactory();
$this
->assertEquals(FALSE, $this->accessManager
->check($route_matches['test_route_1'], $this->account));
$this
->assertEquals(TRUE, $this->accessManager
->check($route_matches['test_route_2'], $this->account));
$this
->assertEquals(FALSE, $this->accessManager
->check($route_matches['test_route_3'], $this->account));
$this
->assertEquals(TRUE, $this->accessManager
->check($route_matches['test_route_4'], $this->account));
$this
->assertEquals(AccessResult::neutral(), $this->accessManager
->check($route_matches['test_route_1'], $this->account, NULL, TRUE));
$this
->assertEquals(AccessResult::allowed(), $this->accessManager
->check($route_matches['test_route_2'], $this->account, NULL, TRUE));
$this
->assertEquals(AccessResult::forbidden(), $this->accessManager
->check($route_matches['test_route_3'], $this->account, NULL, TRUE));
$this
->assertEquals(AccessResult::allowed(), $this->accessManager
->check($route_matches['test_route_4'], $this->account, NULL, TRUE));
}
public function testCheckWithNullAccount() {
$this
->setupAccessChecker();
$this->checkProvider
->setChecks($this->routeCollection);
$route = $this->routeCollection
->get('test_route_2');
$route_match = new RouteMatch('test_route_2', $route, [], []);
$this
->setupAccessArgumentsResolverFactory()
->with($route_match, $this->currentUser, NULL);
$this
->assertTrue($this->accessManager
->check($route_match));
}
public function providerTestCheckConjunctions() {
$access_allow = AccessResult::allowed();
$access_deny = AccessResult::neutral();
$access_kill = AccessResult::forbidden();
$access_configurations = array();
$access_configurations[] = array(
'name' => 'test_route_4',
'condition_one' => 'TRUE',
'condition_two' => 'FALSE',
'expected' => $access_kill,
);
$access_configurations[] = array(
'name' => 'test_route_5',
'condition_one' => 'TRUE',
'condition_two' => 'NULL',
'expected' => $access_deny,
);
$access_configurations[] = array(
'name' => 'test_route_6',
'condition_one' => 'FALSE',
'condition_two' => 'NULL',
'expected' => $access_kill,
);
$access_configurations[] = array(
'name' => 'test_route_7',
'condition_one' => 'TRUE',
'condition_two' => 'TRUE',
'expected' => $access_allow,
);
$access_configurations[] = array(
'name' => 'test_route_8',
'condition_one' => 'FALSE',
'condition_two' => 'FALSE',
'expected' => $access_kill,
);
$access_configurations[] = array(
'name' => 'test_route_9',
'condition_one' => 'NULL',
'condition_two' => 'NULL',
'expected' => $access_deny,
);
return $access_configurations;
}
public function testCheckConjunctions($name, $condition_one, $condition_two, $expected_access) {
$this
->setupAccessChecker();
$access_check = new DefinedTestAccessCheck();
$this->container
->register('test_access_defined', $access_check);
$this->checkProvider
->addCheckService('test_access_defined', 'access', array(
'_test_access',
));
$route_collection = new RouteCollection();
$requirements = array(
'_access' => $condition_one,
'_test_access' => $condition_two,
);
$route = new Route($name, array(), $requirements);
$route_collection
->add($name, $route);
$this->checkProvider
->setChecks($route_collection);
$this
->setupAccessArgumentsResolverFactory();
$route_match = new RouteMatch($name, $route, array(), array());
$this
->assertEquals($expected_access
->isAllowed(), $this->accessManager
->check($route_match, $this->account));
$this
->assertEquals($expected_access, $this->accessManager
->check($route_match, $this->account, NULL, TRUE));
}
public function testCheckNamedRoute() {
$this
->setupAccessChecker();
$this->checkProvider
->setChecks($this->routeCollection);
$this
->setupAccessArgumentsResolverFactory();
$this->paramConverter
->expects($this
->at(0))
->method('convert')
->with(array(
RouteObjectInterface::ROUTE_NAME => 'test_route_2',
RouteObjectInterface::ROUTE_OBJECT => $this->routeCollection
->get('test_route_2'),
))
->will($this
->returnValue(array()));
$this->paramConverter
->expects($this
->at(1))
->method('convert')
->with(array(
RouteObjectInterface::ROUTE_NAME => 'test_route_2',
RouteObjectInterface::ROUTE_OBJECT => $this->routeCollection
->get('test_route_2'),
))
->will($this
->returnValue(array()));
$this->paramConverter
->expects($this
->at(2))
->method('convert')
->with(array(
'value' => 'example',
RouteObjectInterface::ROUTE_NAME => 'test_route_4',
RouteObjectInterface::ROUTE_OBJECT => $this->routeCollection
->get('test_route_4'),
))
->will($this
->returnValue(array(
'value' => 'example',
)));
$this->paramConverter
->expects($this
->at(3))
->method('convert')
->with(array(
'value' => 'example',
RouteObjectInterface::ROUTE_NAME => 'test_route_4',
RouteObjectInterface::ROUTE_OBJECT => $this->routeCollection
->get('test_route_4'),
))
->will($this
->returnValue(array(
'value' => 'example',
)));
$this
->assertEquals(TRUE, $this->accessManager
->checkNamedRoute('test_route_2', array(), $this->account));
$this
->assertEquals(AccessResult::allowed(), $this->accessManager
->checkNamedRoute('test_route_2', array(), $this->account, TRUE));
$this
->assertEquals(TRUE, $this->accessManager
->checkNamedRoute('test_route_4', array(
'value' => 'example',
), $this->account));
$this
->assertEquals(AccessResult::allowed(), $this->accessManager
->checkNamedRoute('test_route_4', array(
'value' => 'example',
), $this->account, TRUE));
}
public function testCheckNamedRouteWithUpcastedValues() {
$this->routeCollection = new RouteCollection();
$route = new Route('/test-route-1/{value}', array(), array(
'_test_access' => 'TRUE',
));
$this->routeCollection
->add('test_route_1', $route);
$this->routeProvider = $this
->getMock('Drupal\\Core\\Routing\\RouteProviderInterface');
$this->routeProvider
->expects($this
->any())
->method('getRouteByName')
->with('test_route_1', array(
'value' => 'example',
))
->will($this
->returnValue($route));
$map = array();
$map[] = array(
'test_route_1',
array(
'value' => 'example',
),
'/test-route-1/example',
);
$this->paramConverter = $this
->getMock('Drupal\\Core\\ParamConverter\\ParamConverterManagerInterface');
$this->paramConverter
->expects($this
->atLeastOnce())
->method('convert')
->with(array(
'value' => 'example',
RouteObjectInterface::ROUTE_NAME => 'test_route_1',
RouteObjectInterface::ROUTE_OBJECT => $route,
))
->will($this
->returnValue(array(
'value' => 'upcasted_value',
)));
$this
->setupAccessArgumentsResolverFactory($this
->exactly(2))
->with($this
->callback(function ($route_match) {
return $route_match
->getParameters()
->get('value') == 'upcasted_value';
}));
$this->accessManager = new AccessManager($this->routeProvider, $this->paramConverter, $this->argumentsResolverFactory, $this->currentUser, $this->checkProvider);
$access_check = $this
->getMock('Drupal\\Tests\\Core\\Access\\TestAccessCheckInterface');
$access_check
->expects($this
->atLeastOnce())
->method('applies')
->will($this
->returnValue(TRUE));
$access_check
->expects($this
->atLeastOnce())
->method('access')
->will($this
->returnValue(AccessResult::forbidden()));
$this->container
->set('test_access', $access_check);
$this->checkProvider
->addCheckService('test_access', 'access');
$this->checkProvider
->setChecks($this->routeCollection);
$this
->assertEquals(FALSE, $this->accessManager
->checkNamedRoute('test_route_1', array(
'value' => 'example',
), $this->account));
$this
->assertEquals(AccessResult::forbidden(), $this->accessManager
->checkNamedRoute('test_route_1', array(
'value' => 'example',
), $this->account, TRUE));
}
public function testCheckNamedRouteWithDefaultValue() {
$this->routeCollection = new RouteCollection();
$route = new Route('/test-route-1/{value}', array(
'value' => 'example',
), array(
'_test_access' => 'TRUE',
));
$this->routeCollection
->add('test_route_1', $route);
$this->routeProvider = $this
->getMock('Drupal\\Core\\Routing\\RouteProviderInterface');
$this->routeProvider
->expects($this
->any())
->method('getRouteByName')
->with('test_route_1', array())
->will($this
->returnValue($route));
$map = array();
$map[] = array(
'test_route_1',
array(
'value' => 'example',
),
'/test-route-1/example',
);
$this->paramConverter = $this
->getMock('Drupal\\Core\\ParamConverter\\ParamConverterManagerInterface');
$this->paramConverter
->expects($this
->atLeastOnce())
->method('convert')
->with(array(
'value' => 'example',
RouteObjectInterface::ROUTE_NAME => 'test_route_1',
RouteObjectInterface::ROUTE_OBJECT => $route,
))
->will($this
->returnValue(array(
'value' => 'upcasted_value',
)));
$this
->setupAccessArgumentsResolverFactory($this
->exactly(2))
->with($this
->callback(function ($route_match) {
return $route_match
->getParameters()
->get('value') == 'upcasted_value';
}));
$this->accessManager = new AccessManager($this->routeProvider, $this->paramConverter, $this->argumentsResolverFactory, $this->currentUser, $this->checkProvider);
$access_check = $this
->getMock('Drupal\\Tests\\Core\\Access\\TestAccessCheckInterface');
$access_check
->expects($this
->atLeastOnce())
->method('applies')
->will($this
->returnValue(TRUE));
$access_check
->expects($this
->atLeastOnce())
->method('access')
->will($this
->returnValue(AccessResult::forbidden()));
$this->container
->set('test_access', $access_check);
$this->checkProvider
->addCheckService('test_access', 'access');
$this->checkProvider
->setChecks($this->routeCollection);
$this
->assertEquals(FALSE, $this->accessManager
->checkNamedRoute('test_route_1', array(), $this->account));
$this
->assertEquals(AccessResult::forbidden(), $this->accessManager
->checkNamedRoute('test_route_1', array(), $this->account, TRUE));
}
public function testCheckNamedRouteWithNonExistingRoute() {
$this->routeProvider
->expects($this
->any())
->method('getRouteByName')
->will($this
->throwException(new RouteNotFoundException()));
$this
->setupAccessChecker();
$this
->assertEquals(FALSE, $this->accessManager
->checkNamedRoute('test_route_1', array(), $this->account), 'A non existing route lead to access.');
$this
->assertEquals(AccessResult::forbidden()
->addCacheTags([
'config:core.extension',
]), $this->accessManager
->checkNamedRoute('test_route_1', array(), $this->account, TRUE), 'A non existing route lead to access.');
}
public function testCheckException($return_value) {
$route_provider = $this
->getMock('Drupal\\Core\\Routing\\RouteProviderInterface');
$requirements = array(
'_test_incorrect_value' => 'TRUE',
);
$options = array(
'_access_checks' => array(
'test_incorrect_value',
),
);
$route = new Route('', array(), $requirements, $options);
$route_provider
->expects($this
->any())
->method('getRouteByName')
->will($this
->returnValue($route));
$this->paramConverter = $this
->getMock('Drupal\\Core\\ParamConverter\\ParamConverterManagerInterface');
$this->paramConverter
->expects($this
->any())
->method('convert')
->will($this
->returnValue(array()));
$this
->setupAccessArgumentsResolverFactory();
$container = new ContainerBuilder();
$access_check = $this
->getMock('Drupal\\Tests\\Core\\Access\\TestAccessCheckInterface');
$access_check
->expects($this
->any())
->method('access')
->will($this
->returnValue($return_value));
$container
->set('test_incorrect_value', $access_check);
$access_manager = new AccessManager($route_provider, $this->paramConverter, $this->argumentsResolverFactory, $this->currentUser, $this->checkProvider);
$this->checkProvider
->setContainer($container);
$this->checkProvider
->addCheckService('test_incorrect_value', 'access');
$access_manager
->checkNamedRoute('test_incorrect_value', array(), $this->account);
}
public function providerCheckException() {
return array(
array(
array(
1,
),
),
array(
'string',
),
array(
0,
),
array(
1,
),
);
}
protected function setupAccessChecker() {
$access_check = new DefaultAccessCheck();
$this->container
->register('test_access_default', $access_check);
$this->checkProvider
->addCheckService('test_access_default', 'access', array(
'_access',
));
}
protected function setupAccessArgumentsResolverFactory($constraint = NULL) {
if (!isset($constraint)) {
$constraint = $this
->any();
}
return $this->argumentsResolverFactory
->expects($constraint)
->method('getArgumentsResolver')
->will($this
->returnCallback(function ($route_match, $account) {
$resolver = $this
->getMock('Drupal\\Component\\Utility\\ArgumentsResolverInterface');
$resolver
->expects($this
->any())
->method('getArguments')
->will($this
->returnCallback(function ($callable) use ($route_match) {
return array(
$route_match
->getRouteObject(),
);
}));
return $resolver;
}));
}
}
interface TestAccessCheckInterface extends AccessCheckInterface {
public function access();
}