doTestCollectionFilterAccessBasedOnPermissions example

'DELETE' => "The 'delete any file' permission is required.",
      default =>  parent::getExpectedUnauthorizedAccessMessage($method),
    };
  }

  /** * {@inheritdoc} */
  public function testCollectionFilterAccess() {
    $label_field_name = 'filename';
    // Verify the expected behavior in the common case: when the file is public.     $this->doTestCollectionFilterAccessBasedOnPermissions($label_field_name, 'access content');

    $collection_url = Url::fromRoute('jsonapi.entity_test--bar.collection');
    $collection_filter_url = $collection_url->setOption('query', ["filter[spotlight.$label_field_name]" => $this->entity->label()]);
    $request_options = [];
    $request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
    $request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions());

    // 1 result because the current user is the file owner, even though the file     // is private.     $this->entity->setFileUri('private://drupal.txt');
    $this->entity->setOwner($this->account);
    

protected function getExpectedUnauthorizedAccessMessage($method) {
    return "The shortcut set must be the currently displayed set for the user and the user must have 'access shortcuts' AND 'customize shortcut links' permissions.";
  }

  /** * {@inheritdoc} */
  public function testCollectionFilterAccess() {
    $label_field_name = 'title';
    // Verify the expected behavior in the common case: default shortcut set.     $this->grantPermissionsToTestedRole(['customize shortcut links']);
    $this->doTestCollectionFilterAccessBasedOnPermissions($label_field_name, 'access shortcuts');

    $alternate_shortcut_set = ShortcutSet::create([
      'id' => 'alternate',
      'label' => 'Alternate',
    ]);
    $alternate_shortcut_set->save();
    $this->entity->shortcut_set = $alternate_shortcut_set->id();
    $this->entity->save();

    $collection_url = Url::fromRoute('jsonapi.entity_test--bar.collection');
    $collection_filter_url = $collection_url->setOption('query', ["filter[spotlight.$label_field_name]" => $this->entity->label()]);
    

  public function doTestCollectionFilterAccessForPublishableEntities($label_field_name, $view_permission, $admin_permission) {
    assert($this->entity instanceof EntityPublishedInterface);
    $this->assertTrue($this->entity->isPublished());

    $referencing_entity = $this->doTestCollectionFilterAccessBasedOnPermissions($label_field_name, $view_permission);

    $collection_url = Url::fromRoute('jsonapi.entity_test--bar.collection');
    $collection_filter_url = $collection_url->setOption('query', ["filter[spotlight.$label_field_name]" => $this->entity->label()]);
    $request_options = [];
    $request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
    $request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions());

    // Unpublish.     $this->entity->setUnpublished()->save();
    // ?filter[spotlight.LABEL]: no result because the test entity is     // unpublished. This proves that appropriate cache tags are bubbled.

return "The 'administer menu' permission is required.";

      default:
        return parent::getExpectedUnauthorizedAccessMessage($method);
    }
  }

  /** * {@inheritdoc} */
  public function testCollectionFilterAccess() {
    $this->doTestCollectionFilterAccessBasedOnPermissions('title', 'administer menu');
  }

  /** * Tests requests using a serialized field item property. * * @see https://security.drupal.org/node/161923 */
  public function testLinkOptionsSerialization() {
    $this->config('jsonapi.settings')->set('read_only', FALSE)->save(TRUE);

    $document = $this->getPostDocument();
    

      'multiple parents: [3,2] (both non-root parents)' => [
        [3, 2],
      ],
    ];
  }

  /** * {@inheritdoc} */
  public function testCollectionFilterAccess() {
    $this->doTestCollectionFilterAccessBasedOnPermissions('name', 'access content');
  }

}