CodeExplorer
You are a developer and looking for Shopware projects?
Apply Now!
getExpectedUnauthorizedAccessCacheability example
default:
return parent::getExpectedUnauthorizedAccessMessage($method);
}
}
/** * {@inheritdoc} */
protected function getExpectedUnauthorizedAccessCacheability() {
// @see \Drupal\block\BlockAccessControlHandler::checkAccess() return parent::getExpectedUnauthorizedAccessCacheability()
->setCacheTags([
'4xx-response',
'config:block.block.llama',
'http_response',
'user:2',
])
->setCacheContexts(['url.site', 'user.roles']);
}
/** * {@inheritdoc} */
return parent::getExpectedUnauthorizedAccessMessage($method);
}
}
/** * {@inheritdoc} */
protected function getExpectedUnauthorizedAccessCacheability() {
// @see \Drupal\block\BlockAccessControlHandler::checkAccess() return parent::getExpectedUnauthorizedAccessCacheability()
->setCacheTags([
'4xx-response',
'config:block.block.llama',
'http_response',
'user:2',
])
->setCacheContexts(['url.site', 'user.roles']);
}
/** * {@inheritdoc} */
'POST' => "The following permissions are required: 'create basic block content' AND 'access block library'.",
'DELETE' => "The following permissions are required: 'access block library' AND 'delete any basic block content'.",
default => parent::getExpectedUnauthorizedAccessMessage($method),
};
}
/** * {@inheritdoc} */
protected function getExpectedUnauthorizedAccessCacheability() {
// @see \Drupal\block_content\BlockContentAccessControlHandler() return parent::getExpectedUnauthorizedAccessCacheability()
->addCacheTags(['block_content:1']);
}
/** * {@inheritdoc} */
protected function getExpectedCacheTags(array $sparse_fieldset = NULL) {
$tags = parent::getExpectedCacheTags($sparse_fieldset);
if ($sparse_fieldset === NULL || in_array('body', $sparse_fieldset)) {
$tags = Cache::mergeTags($tags, ['config:filter.format.plain_text']);
}
'DELETE' => "The following permissions are required: 'access block library' AND 'delete any basic block content'.",
default => parent::getExpectedUnauthorizedAccessMessage($method),
};
}
/** * {@inheritdoc} */
protected function getExpectedUnauthorizedAccessCacheability() {
// @see \Drupal\block_content\BlockContentAccessControlHandler() return parent::getExpectedUnauthorizedAccessCacheability()
->addCacheTags(['block_content:1']);
}
/** * {@inheritdoc} */
protected function getExpectedCacheTags(array $sparse_fieldset = NULL) {
$tags = parent::getExpectedCacheTags($sparse_fieldset);
if ($sparse_fieldset === NULL || in_array('body', $sparse_fieldset)) {
$tags = Cache::mergeTags($tags, ['config:filter.format.plain_text']);
}
protected function getEditorialPermissions() {
return array_merge(parent::getEditorialPermissions(), ['view any unpublished content']);
}
/** * {@inheritdoc} */
protected function getExpectedUnauthorizedAccessCacheability() {
// @see \Drupal\media\MediaAccessControlHandler::checkAccess() return parent::getExpectedUnauthorizedAccessCacheability()
->addCacheTags(['media:1']);
}
/** * {@inheritdoc} */
public function testPostIndividual() {
// @todo Mimic \Drupal\Tests\rest\Functional\EntityResource\Media\MediaResourceTestBase::testPost() // @todo Later, use https://www.drupal.org/project/drupal/issues/2958554 to upload files rather than the REST module. parent::testPostIndividual();
}
/** * {@inheritdoc} */
protected function assertResponseWhenMissingAuthentication($method, ResponseInterface $response) {
if ($method !== 'GET') {
return $this->assertResourceErrorResponse(401, 'No authentication credentials provided.', $response);
}
$expected_page_cache_header_value = $method === 'GET' ? 'MISS' : FALSE;
$expected_cacheability = $this->getExpectedUnauthorizedAccessCacheability()
->addCacheableDependency($this->getExpectedUnauthorizedEntityAccessCacheability(FALSE))
// @see \Drupal\basic_auth\Authentication\Provider\BasicAuth::challengeException() ->addCacheableDependency($this->config('system.site'))
// @see \Drupal\Core\EventSubscriber\AnonymousUserResponseSubscriber::onRespond() ->addCacheTags(['config:user.role.anonymous']);
// Only add the 'user.roles:anonymous' cache context if its parent cache // context is not already present. if (!in_array('user.roles', $expected_cacheability->getCacheContexts(), TRUE)) {
$expected_cacheability->addCacheContexts(['user.roles:anonymous']);
}
$this->assertResourceErrorResponse(401, 'No authentication credentials provided.', $response, $expected_cacheability->getCacheTags(), $expected_cacheability->getCacheContexts(), $expected_page_cache_header_value, FALSE);
}
// response because missing ?_format query string.
$response = $this->request('GET', $url, $request_options);
$this->assertSame($has_canonical_url ? 403 : 404, $response->getStatusCode());
$this->assertSame(['text/html; charset=UTF-8'], $response->getHeader('Content-Type'));
$url->setOption('query', ['_format' => static::$format]);
// DX: 404 when resource not provisioned, 403 if canonical route. Non-HTML // response because ?_format query string is present. $response = $this->request('GET', $url, $request_options);
if ($has_canonical_url) {
$expected_cacheability = $this->getExpectedUnauthorizedAccessCacheability()
// @see \Drupal\Core\EventSubscriber\AnonymousUserResponseSubscriber::onRespond() ->addCacheTags(['config:user.role.anonymous']);
$expected_cacheability->addCacheableDependency($this->getExpectedUnauthorizedEntityAccessCacheability(FALSE));
$this->assertResourceErrorResponse(403, $this->getExpectedUnauthorizedAccessMessage('GET'), $response, $expected_cacheability->getCacheTags(), $expected_cacheability->getCacheContexts(), 'MISS', FALSE);
}
else {
$this->assertResourceErrorResponse(404, 'No route found for "GET ' . $this->getEntityResourceUrl()->setAbsolute()->toString() . '"', $response);
}
$this->provisionEntityResource();
$this->assertSame($has_canonical_url ? 403 : 404, $response->getStatusCode());
$this->assertSame(['text/html; charset=UTF-8'], $response->getHeader('Content-Type'));
$url->setOption('query', ['_format' => static::$format]);
// DX: 404 when resource not provisioned, 403 if canonical route. Non-HTML // response because ?_format query string is present. $response = $this->request('GET', $url, $request_options);
if ($has_canonical_url) {
$expected_cacheability = $this->getExpectedUnauthorizedAccessCacheability()
// @see \Drupal\Core\EventSubscriber\AnonymousUserResponseSubscriber::onRespond() ->addCacheTags(['config:user.role.anonymous']);
$expected_cacheability->addCacheableDependency($this->getExpectedUnauthorizedEntityAccessCacheability(FALSE));
$this->assertResourceErrorResponse(403, $this->getExpectedUnauthorizedAccessMessage('GET'), $response, $expected_cacheability->getCacheTags(), $expected_cacheability->getCacheContexts(), 'MISS', FALSE);
}
else {
$this->assertResourceErrorResponse(404, 'No route found for "GET ' . $this->getEntityResourceUrl()->setAbsolute()->toString() . '"', $response);
}
$this->provisionEntityResource();
/**
* {@inheritdoc}
*/
protected function assertResponseWhenMissingAuthentication($method, ResponseInterface $response) {
// Requests needing cookie authentication but missing it results in a 403 // response. The cookie authentication mechanism sets no response message. // Hence, effectively, this is just the 403 response that one gets as the // anonymous user trying to access a certain REST resource. // @see \Drupal\user\Authentication\Provider\Cookie // @todo https://www.drupal.org/node/2847623 if ($method === 'GET') {
$expected_cookie_403_cacheability = $this->getExpectedUnauthorizedAccessCacheability()
// @see \Drupal\Core\EventSubscriber\AnonymousUserResponseSubscriber::onRespond() ->addCacheableDependency($this->getExpectedUnauthorizedEntityAccessCacheability(FALSE));
// - \Drupal\Core\EventSubscriber\AnonymousUserResponseSubscriber applies // to cacheable anonymous responses: it updates their cacheability. // - A 403 response to a GET request is cacheable. // Therefore we must update our cacheability expectations accordingly. if (in_array('user.permissions', $expected_cookie_403_cacheability->getCacheContexts(), TRUE)) {
$expected_cookie_403_cacheability->addCacheTags(['config:user.role.anonymous']);
}
// @todo Fix \Drupal\block\BlockAccessControlHandler::mergeCacheabilityFromConditions() in https://www.drupal.org/node/2867881 if (static::$entityTypeId === 'block') {
protected function assertResponseWhenMissingAuthentication($method, ResponseInterface $response) {
// Requests needing cookie authentication but missing it results in a 403 // response. The cookie authentication mechanism sets no response message. // Hence, effectively, this is just the 403 response that one gets as the // anonymous user trying to access a certain REST resource. // @see \Drupal\user\Authentication\Provider\Cookie // @todo https://www.drupal.org/node/2847623 if ($method === 'GET') {
$expected_cookie_403_cacheability = $this->getExpectedUnauthorizedAccessCacheability()
// @see \Drupal\Core\EventSubscriber\AnonymousUserResponseSubscriber::onRespond() ->addCacheableDependency($this->getExpectedUnauthorizedEntityAccessCacheability(FALSE));
// - \Drupal\Core\EventSubscriber\AnonymousUserResponseSubscriber applies // to cacheable anonymous responses: it updates their cacheability. // - A 403 response to a GET request is cacheable. // Therefore we must update our cacheability expectations accordingly. if (in_array('user.permissions', $expected_cookie_403_cacheability->getCacheContexts(), TRUE)) {
$expected_cookie_403_cacheability->addCacheTags(['config:user.role.anonymous']);
}
// @todo Fix \Drupal\block\BlockAccessControlHandler::mergeCacheabilityFromConditions() in https://www.drupal.org/node/2867881 if (static::$entityTypeId === 'block') {
$response = $this->request('POST', $url, $request_options);
$this->assertResourceResponse(201, FALSE, $response);
$this->assertTrue(Json::decode((string) $response->getBody())['data']['attributes']['status']);
$this->assertTrue($this->entityStorage->loadUnchanged(3)->isPublished());
}
/** * {@inheritdoc} */
protected function getExpectedUnauthorizedAccessCacheability() {
// @see \Drupal\comment\CommentAccessControlHandler::checkAccess() return parent::getExpectedUnauthorizedAccessCacheability()
->addCacheTags(['comment:1']);
}
/** * {@inheritdoc} */
protected static function entityAccess(EntityInterface $entity, $operation, AccountInterface $account) {
// Also reset the 'entity_test' entity access control handler because // comment access also depends on access to the commented entity type. \Drupal::entityTypeManager()->getAccessControlHandler('entity_test')->resetCache();
return parent::entityAccess($entity, $operation, $account);
}
$this->assertResourceResponse(201, FALSE, $response);
$this->assertTrue(Json::decode((string) $response->getBody())['data']['attributes']['status']);
$this->assertTrue($this->entityStorage->loadUnchanged(3)->isPublished());
}
/** * {@inheritdoc} */
protected function getExpectedUnauthorizedAccessCacheability() {
// @see \Drupal\comment\CommentAccessControlHandler::checkAccess() return parent::getExpectedUnauthorizedAccessCacheability()
->addCacheTags(['comment:1']);
}
/** * {@inheritdoc} */
protected static function entityAccess(EntityInterface $entity, $operation, AccountInterface $account) {
// Also reset the 'entity_test' entity access control handler because // comment access also depends on access to the commented entity type. \Drupal::entityTypeManager()->getAccessControlHandler('entity_test')->resetCache();
return parent::entityAccess($entity, $operation, $account);
}
// @todo Remove line below in favor of commented line in https://www.drupal.org/project/drupal/issues/2878463.
$url = Url::fromRoute(sprintf('jsonapi.%s.individual', static::$resourceTypeName), ['entity' => $this->entity->uuid()]);
// $url = $this->entity->toUrl('jsonapi'); $request_options = [];
$request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
$request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions());
// DX: 403 when unauthorized, or 200 if the 'view label' operation is // supported by the entity type. $response = $this->request('GET', $url, $request_options);
if (!static::$anonymousUsersCanViewLabels) {
$expected_403_cacheability = $this->getExpectedUnauthorizedAccessCacheability();
$reason = $this->getExpectedUnauthorizedAccessMessage('GET');
$message = trim("The current user is not allowed to GET the selected resource. $reason");
$this->assertResourceErrorResponse(403, $message, $url, $response, '/data', $expected_403_cacheability->getCacheTags(), $expected_403_cacheability->getCacheContexts(), FALSE, 'MISS');
$this->assertArrayNotHasKey('Link', $response->getHeaders());
}
else {
$expected_document = $this->getExpectedDocument();
$label_field_name = $this->entity->getEntityType()->hasKey('label') ? $this->entity->getEntityType()->getKey('label') : static::$labelFieldName;
$expected_document['data']['attributes'] = array_intersect_key($expected_document['data']['attributes'], [$label_field_name => TRUE]);
unset($expected_document['data']['relationships']);
// MISS or UNCACHEABLE depends on data. It must not be HIT.
// $url = $this->entity->toUrl('jsonapi'); $request_options = [];
$request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
$request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions());
// DX: 403 when unauthorized, or 200 if the 'view label' operation is // supported by the entity type. $response = $this->request('GET', $url, $request_options);
if (!static::$anonymousUsersCanViewLabels) {
$expected_403_cacheability = $this->getExpectedUnauthorizedAccessCacheability();
$reason = $this->getExpectedUnauthorizedAccessMessage('GET');
$message = trim("The current user is not allowed to GET the selected resource. $reason");
$this->assertResourceErrorResponse(403, $message, $url, $response, '/data', $expected_403_cacheability->getCacheTags(), $expected_403_cacheability->getCacheContexts(), FALSE, 'MISS');
$this->assertArrayNotHasKey('Link', $response->getHeaders());
}
else {
$expected_document = $this->getExpectedDocument();
$label_field_name = $this->entity->getEntityType()->hasKey('label') ? $this->entity->getEntityType()->getKey('label') : static::$labelFieldName;
$expected_document['data']['attributes'] = array_intersect_key($expected_document['data']['attributes'], [$label_field_name => TRUE]);
unset($expected_document['data']['relationships']);
// MISS or UNCACHEABLE depends on data. It must not be HIT.
return "The following permissions are required: 'delete terms in camelids' OR 'administer taxonomy'.";
default:
return parent::getExpectedUnauthorizedAccessMessage($method);
}
}
/** * {@inheritdoc} */
protected function getExpectedUnauthorizedAccessCacheability() {
$cacheability = parent::getExpectedUnauthorizedAccessCacheability();
$cacheability->addCacheableDependency($this->entity);
return $cacheability;
}
/** * Tests PATCHing a term's path. * * For a negative test, see the similar test coverage for Node. * * @see \Drupal\Tests\jsonapi\Functional\NodeTest::testPatchPath() * @see \Drupal\Tests\rest\Functional\EntityResource\Node\NodeResourceTestBase::testPatchPath() */
default:
return parent::getExpectedUnauthorizedAccessMessage($method);
}
}
/** * {@inheritdoc} */
protected function getExpectedUnauthorizedAccessCacheability() {
$cacheability = parent::getExpectedUnauthorizedAccessCacheability();
$cacheability->addCacheableDependency($this->entity);
return $cacheability;
}
/** * Tests PATCHing a term's path. * * For a negative test, see the similar test coverage for Node. * * @see \Drupal\Tests\jsonapi\Functional\NodeTest::testPatchPath() * @see \Drupal\Tests\rest\Functional\EntityResource\Node\NodeResourceTestBase::testPatchPath() */
default:
return parent::getExpectedUnauthorizedAccessMessage($method);
}
}
/** * {@inheritdoc} */
protected function getExpectedUnauthorizedAccessCacheability() {
// @see \Drupal\search\SearchPageAccessControlHandler::checkAccess() return parent::getExpectedUnauthorizedAccessCacheability()
->addCacheTags(['config:search.page.hinode_search']);
}
}
return parent::getExpectedUnauthorizedAccessMessage($method);
}
}
/** * {@inheritdoc} */
protected function getExpectedUnauthorizedAccessCacheability() {
// @see \Drupal\search\SearchPageAccessControlHandler::checkAccess() return parent::getExpectedUnauthorizedAccessCacheability()
->addCacheTags(['config:search.page.hinode_search']);
}
}