getExpectedUnauthorizedAccessCacheability example

default:
        return parent::getExpectedUnauthorizedAccessMessage($method);
    }
  }

  /** * {@inheritdoc} */
  protected function getExpectedUnauthorizedAccessCacheability() {
    // @see \Drupal\block\BlockAccessControlHandler::checkAccess()     return parent::getExpectedUnauthorizedAccessCacheability()
      ->setCacheTags([
        '4xx-response',
        'config:block.block.llama',
        'http_response',
        'user:2',
      ])
      ->setCacheContexts(['url.site', 'user.roles']);
  }

  /** * {@inheritdoc} */
'POST' => "The following permissions are required: 'create basic block content' AND 'access block library'.",
      'DELETE' => "The following permissions are required: 'access block library' AND 'delete any basic block content'.",
      default => parent::getExpectedUnauthorizedAccessMessage($method),
    };
  }

  /** * {@inheritdoc} */
  protected function getExpectedUnauthorizedAccessCacheability() {
    // @see \Drupal\block_content\BlockContentAccessControlHandler()     return parent::getExpectedUnauthorizedAccessCacheability()
      ->addCacheTags(['block_content:1']);
  }

  /** * {@inheritdoc} */
  protected function getExpectedCacheTags(array $sparse_fieldset = NULL) {
    $tags = parent::getExpectedCacheTags($sparse_fieldset);
    if ($sparse_fieldset === NULL || in_array('body', $sparse_fieldset)) {
      $tags = Cache::mergeTags($tags['config:filter.format.plain_text']);
    }
    

  protected function getEditorialPermissions() {
    return array_merge(parent::getEditorialPermissions()['view any unpublished content']);
  }

  /** * {@inheritdoc} */
  protected function getExpectedUnauthorizedAccessCacheability() {
    // @see \Drupal\media\MediaAccessControlHandler::checkAccess()     return parent::getExpectedUnauthorizedAccessCacheability()
      ->addCacheTags(['media:1']);
  }

  /** * {@inheritdoc} */
  public function testPostIndividual() {
    // @todo Mimic \Drupal\Tests\rest\Functional\EntityResource\Media\MediaResourceTestBase::testPost()     // @todo Later, use https://www.drupal.org/project/drupal/issues/2958554 to upload files rather than the REST module.     parent::testPostIndividual();
  }

  


  /** * {@inheritdoc} */
  protected function assertResponseWhenMissingAuthentication($method, ResponseInterface $response) {
    if ($method !== 'GET') {
      return $this->assertResourceErrorResponse(401, 'No authentication credentials provided.', $response);
    }

    $expected_page_cache_header_value = $method === 'GET' ? 'MISS' : FALSE;
    $expected_cacheability = $this->getExpectedUnauthorizedAccessCacheability()
      ->addCacheableDependency($this->getExpectedUnauthorizedEntityAccessCacheability(FALSE))
      // @see \Drupal\basic_auth\Authentication\Provider\BasicAuth::challengeException()       ->addCacheableDependency($this->config('system.site'))
      // @see \Drupal\Core\EventSubscriber\AnonymousUserResponseSubscriber::onRespond()       ->addCacheTags(['config:user.role.anonymous']);
    // Only add the 'user.roles:anonymous' cache context if its parent cache     // context is not already present.     if (!in_array('user.roles', $expected_cacheability->getCacheContexts(), TRUE)) {
      $expected_cacheability->addCacheContexts(['user.roles:anonymous']);
    }
    $this->assertResourceErrorResponse(401, 'No authentication credentials provided.', $response$expected_cacheability->getCacheTags()$expected_cacheability->getCacheContexts()$expected_page_cache_header_value, FALSE);
  }
    // response because missing ?_format query string.     $response = $this->request('GET', $url$request_options);
    $this->assertSame($has_canonical_url ? 403 : 404, $response->getStatusCode());
    $this->assertSame(['text/html; charset=UTF-8']$response->getHeader('Content-Type'));

    $url->setOption('query', ['_format' => static::$format]);

    // DX: 404 when resource not provisioned, 403 if canonical route. Non-HTML     // response because ?_format query string is present.     $response = $this->request('GET', $url$request_options);
    if ($has_canonical_url) {
      $expected_cacheability = $this->getExpectedUnauthorizedAccessCacheability()
        // @see \Drupal\Core\EventSubscriber\AnonymousUserResponseSubscriber::onRespond()         ->addCacheTags(['config:user.role.anonymous']);
      $expected_cacheability->addCacheableDependency($this->getExpectedUnauthorizedEntityAccessCacheability(FALSE));
      $this->assertResourceErrorResponse(403, $this->getExpectedUnauthorizedAccessMessage('GET')$response$expected_cacheability->getCacheTags()$expected_cacheability->getCacheContexts(), 'MISS', FALSE);
    }
    else {
      $this->assertResourceErrorResponse(404, 'No route found for "GET ' . $this->getEntityResourceUrl()->setAbsolute()->toString() . '"', $response);
    }

    $this->provisionEntityResource();

    
/** * {@inheritdoc} */
  protected function assertResponseWhenMissingAuthentication($method, ResponseInterface $response) {
    // Requests needing cookie authentication but missing it results in a 403     // response. The cookie authentication mechanism sets no response message.     // Hence, effectively, this is just the 403 response that one gets as the     // anonymous user trying to access a certain REST resource.     // @see \Drupal\user\Authentication\Provider\Cookie     // @todo https://www.drupal.org/node/2847623     if ($method === 'GET') {
      $expected_cookie_403_cacheability = $this->getExpectedUnauthorizedAccessCacheability()
        // @see \Drupal\Core\EventSubscriber\AnonymousUserResponseSubscriber::onRespond()         ->addCacheableDependency($this->getExpectedUnauthorizedEntityAccessCacheability(FALSE));
      // - \Drupal\Core\EventSubscriber\AnonymousUserResponseSubscriber applies       // to cacheable anonymous responses: it updates their cacheability.       // - A 403 response to a GET request is cacheable.       // Therefore we must update our cacheability expectations accordingly.       if (in_array('user.permissions', $expected_cookie_403_cacheability->getCacheContexts(), TRUE)) {
        $expected_cookie_403_cacheability->addCacheTags(['config:user.role.anonymous']);
      }
      // @todo Fix \Drupal\block\BlockAccessControlHandler::mergeCacheabilityFromConditions() in https://www.drupal.org/node/2867881       if (static::$entityTypeId === 'block') {
        
    $response = $this->request('POST', $url$request_options);
    $this->assertResourceResponse(201, FALSE, $response);
    $this->assertTrue(Json::decode((string) $response->getBody())['data']['attributes']['status']);
    $this->assertTrue($this->entityStorage->loadUnchanged(3)->isPublished());
  }

  /** * {@inheritdoc} */
  protected function getExpectedUnauthorizedAccessCacheability() {
    // @see \Drupal\comment\CommentAccessControlHandler::checkAccess()     return parent::getExpectedUnauthorizedAccessCacheability()
      ->addCacheTags(['comment:1']);
  }

  /** * {@inheritdoc} */
  protected static function entityAccess(EntityInterface $entity$operation, AccountInterface $account) {
    // Also reset the 'entity_test' entity access control handler because     // comment access also depends on access to the commented entity type.     \Drupal::entityTypeManager()->getAccessControlHandler('entity_test')->resetCache();
    return parent::entityAccess($entity$operation$account);
  }
    // @todo Remove line below in favor of commented line in https://www.drupal.org/project/drupal/issues/2878463.     $url = Url::fromRoute(sprintf('jsonapi.%s.individual', static::$resourceTypeName)['entity' => $this->entity->uuid()]);
    // $url = $this->entity->toUrl('jsonapi');     $request_options = [];
    $request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
    $request_options = NestedArray::mergeDeep($request_options$this->getAuthenticationRequestOptions());

    // DX: 403 when unauthorized, or 200 if the 'view label' operation is     // supported by the entity type.     $response = $this->request('GET', $url$request_options);
    if (!static::$anonymousUsersCanViewLabels) {
      $expected_403_cacheability = $this->getExpectedUnauthorizedAccessCacheability();
      $reason = $this->getExpectedUnauthorizedAccessMessage('GET');
      $message = trim("The current user is not allowed to GET the selected resource. $reason");
      $this->assertResourceErrorResponse(403, $message$url$response, '/data', $expected_403_cacheability->getCacheTags()$expected_403_cacheability->getCacheContexts(), FALSE, 'MISS');
      $this->assertArrayNotHasKey('Link', $response->getHeaders());
    }
    else {
      $expected_document = $this->getExpectedDocument();
      $label_field_name = $this->entity->getEntityType()->hasKey('label') ? $this->entity->getEntityType()->getKey('label') : static::$labelFieldName;
      $expected_document['data']['attributes'] = array_intersect_key($expected_document['data']['attributes'][$label_field_name => TRUE]);
      unset($expected_document['data']['relationships']);
      // MISS or UNCACHEABLE depends on data. It must not be HIT.
return "The following permissions are required: 'delete terms in camelids' OR 'administer taxonomy'.";

      default:
        return parent::getExpectedUnauthorizedAccessMessage($method);
    }
  }

  /** * {@inheritdoc} */
  protected function getExpectedUnauthorizedAccessCacheability() {
    $cacheability = parent::getExpectedUnauthorizedAccessCacheability();
    $cacheability->addCacheableDependency($this->entity);
    return $cacheability;
  }

  /** * Tests PATCHing a term's path. * * For a negative test, see the similar test coverage for Node. * * @see \Drupal\Tests\jsonapi\Functional\NodeTest::testPatchPath() * @see \Drupal\Tests\rest\Functional\EntityResource\Node\NodeResourceTestBase::testPatchPath() */
default:
        return parent::getExpectedUnauthorizedAccessMessage($method);
    }
  }

  /** * {@inheritdoc} */
  protected function getExpectedUnauthorizedAccessCacheability() {
    // @see \Drupal\search\SearchPageAccessControlHandler::checkAccess()     return parent::getExpectedUnauthorizedAccessCacheability()
      ->addCacheTags(['config:search.page.hinode_search']);
  }

}
Home | Imprint | This part of the site doesn't use cookies.