View source
<?php
namespace Drupal\Tests\Core\Route;
use Drupal\Core\Access\AccessResult;
use Drupal\Core\Cache\Context\CacheContextsManager;
use Drupal\Core\DependencyInjection\Container;
use Drupal\Core\Session\UserSession;
use Drupal\Tests\UnitTestCase;
use Drupal\user\Access\RoleAccessCheck;
use Symfony\Component\Routing\Route;
use Symfony\Component\Routing\RouteCollection;
class RoleAccessCheckTest extends UnitTestCase {
protected function getTestRouteCollection() {
$route_collection = new RouteCollection();
$route_collection
->add('role_test_1', new Route('/role_test_1', array(
'_controller' => '\\Drupal\\router_test\\TestControllers::test1',
), array(
'_role' => 'role_test_1',
)));
$route_collection
->add('role_test_2', new Route('/role_test_2', array(
'_controller' => '\\Drupal\\router_test\\TestControllers::test1',
), array(
'_role' => 'role_test_2',
)));
$route_collection
->add('role_test_3', new Route('/role_test_3', array(
'_controller' => '\\Drupal\\router_test\\TestControllers::test1',
), array(
'_role' => 'role_test_1,role_test_2',
)));
$route_collection
->add('role_test_4', new Route('/role_test_4', array(
'_controller' => '\\Drupal\\router_test\\TestControllers::test1',
), array(
'_role' => 'role_test_1 , role_test_2',
)));
$route_collection
->add('role_test_5', new Route('/role_test_5', array(
'_controller' => '\\Drupal\\router_test\\TestControllers::test1',
), array(
'_role' => 'role_test_1+role_test_2',
)));
$route_collection
->add('role_test_6', new Route('/role_test_6', array(
'_controller' => '\\Drupal\\router_test\\TestControllers::test1',
), array(
'_role' => 'role_test_1 + role_test_2',
)));
return $route_collection;
}
public function roleAccessProvider() {
$rid_1 = 'role_test_1';
$rid_2 = 'role_test_2';
$account_1 = new UserSession(array(
'uid' => 1,
'roles' => array(
$rid_1,
),
));
$account_2 = new UserSession(array(
'uid' => 2,
'roles' => array(
$rid_2,
),
));
$account_12 = new UserSession(array(
'uid' => 3,
'roles' => array(
$rid_1,
$rid_2,
),
));
$account_none = new UserSession(array(
'uid' => 1,
'roles' => array(),
));
return array(
array(
'role_test_1',
array(
$account_1,
$account_12,
),
array(
$account_2,
$account_none,
),
),
array(
'role_test_2',
array(
$account_2,
$account_12,
),
array(
$account_1,
$account_none,
),
),
array(
'role_test_3',
array(
$account_12,
),
array(
$account_1,
$account_2,
$account_none,
),
),
array(
'role_test_4',
array(
$account_12,
),
array(
$account_1,
$account_2,
$account_none,
),
),
array(
'role_test_5',
array(
$account_1,
$account_2,
$account_12,
),
array(),
),
array(
'role_test_6',
array(
$account_1,
$account_2,
$account_12,
),
array(),
),
);
}
public function testRoleAccess($path, $grant_accounts, $deny_accounts) {
$cache_contexts_manager = $this
->prophesize(CacheContextsManager::class);
$cache_contexts_manager
->assertValidTokens()
->willReturn(TRUE);
$cache_contexts_manager
->reveal();
$container = new Container();
$container
->set('cache_contexts_manager', $cache_contexts_manager);
\Drupal::setContainer($container);
$role_access_check = new RoleAccessCheck();
$collection = $this
->getTestRouteCollection();
foreach ($grant_accounts as $account) {
$message = sprintf('Access granted for user with the roles %s on path: %s', implode(', ', $account
->getRoles()), $path);
$this
->assertEquals(AccessResult::allowed()
->addCacheContexts([
'user.roles',
]), $role_access_check
->access($collection
->get($path), $account), $message);
}
foreach ($deny_accounts as $account) {
$message = sprintf('Access denied for user %s with the roles %s on path: %s', $account
->id(), implode(', ', $account
->getRoles()), $path);
$has_access = $role_access_check
->access($collection
->get($path), $account);
$this
->assertEquals(AccessResult::neutral()
->addCacheContexts([
'user.roles',
]), $has_access, $message);
}
}
}