CodeExplorer
You are a developer and looking for Shopware projects?
Apply Now!
getExpectedUnauthorizedAccessMessage example
case 'POST':
return "The following permissions are required: 'administer media' OR 'create media' OR 'create camelids media'.";
case 'PATCH':
return "The following permissions are required: 'update any media' OR 'update own media' OR 'camelids: edit any media' OR 'camelids: edit own media'.";
case 'DELETE':
return "The following permissions are required: 'delete any media' OR 'delete own media' OR 'camelids: delete any media' OR 'camelids: delete own media'.";
default:
return parent::getExpectedUnauthorizedAccessMessage($method);
}
}
/** * {@inheritdoc} */
public function testPost() {
$file_storage = $this->container->get('entity_type.manager')->getStorage('file');
// Step 1: upload file, results in File entity marked temporary. $this->uploadFile();
return "The following permissions are required: 'administer media' OR 'create media' OR 'create camelids media'.";
case 'PATCH':
return "The following permissions are required: 'update any media' OR 'update own media' OR 'camelids: edit any media' OR 'camelids: edit own media'.";
case 'DELETE':
return "The following permissions are required: 'delete any media' OR 'delete own media' OR 'camelids: delete any media' OR 'camelids: delete own media'.";
default:
return parent::getExpectedUnauthorizedAccessMessage($method);
}
}
/** * {@inheritdoc} */
public function testPost() {
$file_storage = $this->container->get('entity_type.manager')->getStorage('file');
// Step 1: upload file, results in File entity marked temporary. $this->uploadFile();
/** * {@inheritdoc} */
protected function getExpectedUnauthorizedAccessMessage($method) {
return match ($method) {
'GET' => "The 'access block library' permission is required.",
'PATCH' => "The following permissions are required: 'access block library' AND 'edit any basic block content'.",
'POST' => "The following permissions are required: 'create basic block content' AND 'access block library'.",
'DELETE' => "The following permissions are required: 'access block library' AND 'delete any basic block content'.",
default => parent::getExpectedUnauthorizedAccessMessage($method),
};
}
/** * {@inheritdoc} */
protected function getExpectedUnauthorizedAccessCacheability() {
// @see \Drupal\block_content\BlockContentAccessControlHandler() return parent::getExpectedUnauthorizedAccessCacheability()
->addCacheTags(['block_content:1']);
}
/** * {@inheritdoc} */
protected function getExpectedUnauthorizedAccessMessage($method) {
switch ($method) {
case 'GET':
return "The 'access shortcuts' permission is required.";
default:
return parent::getExpectedUnauthorizedAccessMessage($method);
}
}
/** * {@inheritdoc} */
protected function createEntity() {
$set = ShortcutSet::create([
'id' => 'llama_set',
'label' => 'Llama Set',
]);
/** * {@inheritdoc} */
protected function getExpectedUnauthorizedAccessMessage($method) {
switch ($method) {
case 'GET':
return "The 'access shortcuts' permission is required.";
default:
return parent::getExpectedUnauthorizedAccessMessage($method);
}
}
}
$url->setOption('query', ['_format' => static::$format]);
// DX: 404 when resource not provisioned, 403 if canonical route. Non-HTML // response because ?_format query string is present. $response = $this->request('GET', $url, $request_options);
if ($has_canonical_url) {
$expected_cacheability = $this->getExpectedUnauthorizedAccessCacheability()
// @see \Drupal\Core\EventSubscriber\AnonymousUserResponseSubscriber::onRespond() ->addCacheTags(['config:user.role.anonymous']);
$expected_cacheability->addCacheableDependency($this->getExpectedUnauthorizedEntityAccessCacheability(FALSE));
$this->assertResourceErrorResponse(403, $this->getExpectedUnauthorizedAccessMessage('GET'), $response, $expected_cacheability->getCacheTags(), $expected_cacheability->getCacheContexts(), 'MISS', FALSE);
}
else {
$this->assertResourceErrorResponse(404, 'No route found for "GET ' . $this->getEntityResourceUrl()->setAbsolute()->toString() . '"', $response);
}
$this->provisionEntityResource();
// DX: forgetting authentication: authentication provider-specific error // response. if (static::$auth) {
$response = $this->request('GET', $url, $request_options);
// DX: 404 when resource not provisioned, 403 if canonical route. Non-HTML // response because ?_format query string is present. $response = $this->request('GET', $url, $request_options);
if ($has_canonical_url) {
$expected_cacheability = $this->getExpectedUnauthorizedAccessCacheability()
// @see \Drupal\Core\EventSubscriber\AnonymousUserResponseSubscriber::onRespond() ->addCacheTags(['config:user.role.anonymous']);
$expected_cacheability->addCacheableDependency($this->getExpectedUnauthorizedEntityAccessCacheability(FALSE));
$this->assertResourceErrorResponse(403, $this->getExpectedUnauthorizedAccessMessage('GET'), $response, $expected_cacheability->getCacheTags(), $expected_cacheability->getCacheContexts(), 'MISS', FALSE);
}
else {
$this->assertResourceErrorResponse(404, 'No route found for "GET ' . $this->getEntityResourceUrl()->setAbsolute()->toString() . '"', $response);
}
$this->provisionEntityResource();
// DX: forgetting authentication: authentication provider-specific error // response. if (static::$auth) {
$response = $this->request('GET', $url, $request_options);
// @todo Update in https://www.drupal.org/node/2300677.
return [];
}
/** * {@inheritdoc} */
protected function getExpectedUnauthorizedAccessMessage($method) {
if ($method === 'GET') {
return "The following permissions are required: 'access taxonomy overview' OR 'administer taxonomy'.";
}
return parent::getExpectedUnauthorizedAccessMessage($method);
}
}
}
/** * {@inheritdoc} */
protected function getExpectedUnauthorizedAccessMessage($method) {
if ($method === 'GET') {
return "The following permissions are required: 'access taxonomy overview' OR 'administer taxonomy'.";
}
return parent::getExpectedUnauthorizedAccessMessage($method);
}
}
protected function getExpectedNormalizedEntity() {
throw new \Exception('Not yet supported.');
}
/** * {@inheritdoc} */
protected function getExpectedUnauthorizedAccessMessage($method) {
if ($method === 'POST') {
return "The 'access site-wide contact form' permission is required.";
}
return parent::getExpectedUnauthorizedAccessMessage($method);
}
/** * {@inheritdoc} */
public function testGet() {
// Contact Message entities are not stored, so they cannot be retrieved. $this->expectException(RouteNotFoundException::class);
$this->expectExceptionMessage('Route "rest.entity.contact_message.GET" does not exist.');
$this->provisionEntityResource();
throw new \Exception('Not yet supported.');
}
/** * {@inheritdoc} */
protected function getExpectedUnauthorizedAccessMessage($method) {
if ($method === 'POST') {
return "The 'access site-wide contact form' permission is required.";
}
return parent::getExpectedUnauthorizedAccessMessage($method);
}
/** * {@inheritdoc} */
public function testGet() {
// Contact Message entities are not stored, so they cannot be retrieved. $this->expectException(RouteNotFoundException::class);
$this->expectExceptionMessage('Route "rest.entity.contact_message.GET" does not exist.');
$this->provisionEntityResource();
];
}
/** * {@inheritdoc} */
protected function getExpectedUnauthorizedAccessMessage($method) {
if ($method === 'POST') {
return "The 'access site-wide contact form' permission is required.";
}
return parent::getExpectedUnauthorizedAccessMessage($method);
}
/** * {@inheritdoc} */
public function testGetIndividual() {
// Contact Message entities are not stored, so they cannot be retrieved. $this->expectException(RouteNotFoundException::class);
$this->expectExceptionMessage('Route "jsonapi.contact_message--camelids.individual" does not exist.');
Url::fromRoute('jsonapi.contact_message--camelids.individual')->toString(TRUE);
}
protected function assertNormalizationEdgeCases($method, Url $url, array $request_options): void {}
/** * {@inheritdoc} */
protected function getExpectedUnauthorizedAccessMessage($method) {
switch ($method) {
case 'GET':
return "The 'restful get dblog' permission is required.";
default:
return parent::getExpectedUnauthorizedAccessMessage($method);
}
}
/** * {@inheritdoc} */
protected function getExpectedUnauthorizedAccessCacheability() {
return (new CacheableMetadata())
->setCacheTags(['4xx-response', 'http_response'])
->setCacheContexts(['user.permissions']);
}
/** * {@inheritdoc} */
protected function getExpectedUnauthorizedAccessMessage($method) {
switch ($method) {
case 'GET':
return "The 'restful get dblog' permission is required.";
default:
return parent::getExpectedUnauthorizedAccessMessage($method);
}
}
/** * {@inheritdoc} */
protected function getExpectedUnauthorizedAccessCacheability() {
return (new CacheableMetadata())
->setCacheTags(['4xx-response', 'http_response'])
->setCacheContexts(['user.permissions']);
}
public function testPostFileUpload() {
$this->initAuthentication();
$this->provisionResource([static::$format], static::$auth ? [static::$auth] : [], ['POST']);
$uri = Url::fromUri('base:' . static::$postUri);
// DX: 403 when unauthorized. $response = $this->fileRequest($uri, $this->testFileData);
$this->assertResourceErrorResponse(403, $this->getExpectedUnauthorizedAccessMessage('POST'), $response);
$this->setUpAuthorization('POST');
// 404 when the field name is invalid. $invalid_uri = Url::fromUri('base:file/upload/entity_test/entity_test/field_rest_file_test_invalid');
$response = $this->fileRequest($invalid_uri, $this->testFileData);
$this->assertResourceErrorResponse(404, 'Field "field_rest_file_test_invalid" does not exist', $response);
// This request will have the default 'application/octet-stream' content // type header. $response = $this->fileRequest($uri, $this->testFileData);
switch ($method) {
case 'GET';
return "The 'access comments' permission is required and the comment must be published.";
case 'POST';
return "The 'post comments' permission is required.";
case 'PATCH':
return "The 'edit own comments' permission is required, the user must be the comment author, and the comment must be published.";
default:
return parent::getExpectedUnauthorizedAccessMessage($method);
}
}
/** * Tests POSTing a comment without critical base fields. * * Note that testPostIndividual() is testing with the most minimal * normalization possible: the one returned by ::getNormalizedPostEntity(). * * But Comment entities have some very special edge cases: * - base fields that are not marked as required in * \Drupal\comment\Entity\Comment::baseFieldDefinitions() yet in fact are * required. * - base fields that are marked as required, but yet can still result in * validation errors other than "missing required field". */
case 'GET';
return "The 'access comments' permission is required and the comment must be published.";
case 'POST';
return "The 'post comments' permission is required.";
case 'PATCH':
return "The 'edit own comments' permission is required, the user must be the comment author, and the comment must be published.";
default:
return parent::getExpectedUnauthorizedAccessMessage($method);
}
}
/** * Tests POSTing a comment without critical base fields. * * Note that testPostIndividual() is testing with the most minimal * normalization possible: the one returned by ::getNormalizedPostEntity(). * * But Comment entities have some very special edge cases: * - base fields that are not marked as required in * \Drupal\comment\Entity\Comment::baseFieldDefinitions() yet in fact are * required. * - base fields that are marked as required, but yet can still result in * validation errors other than "missing required field". */
/** * {@inheritdoc} */
protected function getExpectedUnauthorizedAccessMessage($method) {
switch ($method) {
case 'GET':
return "The 'view config_test' permission is required.";
default:
return parent::getExpectedUnauthorizedAccessMessage($method);
}
}
/** * {@inheritdoc} */
protected function createEntity() {
$config_test = ConfigTest::create([
'id' => 'llama',
'label' => 'Llama',
]);
protected function getExpectedUnauthorizedAccessMessage($method) {
switch ($method) {
case 'GET':
return "The 'view test entity' permission is required.";
case 'POST':
return "The following permissions are required: 'administer entity_test content' OR 'administer entity_test_with_bundle content' OR 'create entity_test entity_test_with_bundle entities'.";
default:
return parent::getExpectedUnauthorizedAccessMessage($method);
}
}
}
];
}
/** * {@inheritdoc} */
protected function getExpectedUnauthorizedAccessMessage($method) {
if ($method === 'GET' || $method == 'PATCH' || $method == 'DELETE' || $method == 'POST') {
return "The 'access content' permission is required.";
}
return parent::getExpectedUnauthorizedAccessMessage($method);
}
/** * Tests PATCHing a node's path with and without 'create url aliases'. * * For a positive test, see the similar test coverage for Term. * * @see \Drupal\Tests\rest\Functional\EntityResource\Term\TermResourceTestBase::testPatchPath() */
public function testPatchPath() {
$this->initAuthentication();
$url = Url::fromRoute(sprintf('jsonapi.%s.individual', static::$resourceTypeName), ['entity' => $this->entity->uuid()]);
// $url = $this->entity->toUrl('jsonapi'); $request_options = [];
$request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
$request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions());
// DX: 403 when unauthorized, or 200 if the 'view label' operation is // supported by the entity type. $response = $this->request('GET', $url, $request_options);
if (!static::$anonymousUsersCanViewLabels) {
$expected_403_cacheability = $this->getExpectedUnauthorizedAccessCacheability();
$reason = $this->getExpectedUnauthorizedAccessMessage('GET');
$message = trim("The current user is not allowed to GET the selected resource. $reason");
$this->assertResourceErrorResponse(403, $message, $url, $response, '/data', $expected_403_cacheability->getCacheTags(), $expected_403_cacheability->getCacheContexts(), FALSE, 'MISS');
$this->assertArrayNotHasKey('Link', $response->getHeaders());
}
else {
$expected_document = $this->getExpectedDocument();
$label_field_name = $this->entity->getEntityType()->hasKey('label') ? $this->entity->getEntityType()->getKey('label') : static::$labelFieldName;
$expected_document['data']['attributes'] = array_intersect_key($expected_document['data']['attributes'], [$label_field_name => TRUE]);
unset($expected_document['data']['relationships']);
// MISS or UNCACHEABLE depends on data. It must not be HIT. $dynamic_cache_label_only = !empty(array_intersect(['user', 'session'], $this->getExpectedCacheContexts([$label_field_name]))) ? 'UNCACHEABLE' : 'MISS';
// $url = $this->entity->toUrl('jsonapi'); $request_options = [];
$request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
$request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions());
// DX: 403 when unauthorized, or 200 if the 'view label' operation is // supported by the entity type. $response = $this->request('GET', $url, $request_options);
if (!static::$anonymousUsersCanViewLabels) {
$expected_403_cacheability = $this->getExpectedUnauthorizedAccessCacheability();
$reason = $this->getExpectedUnauthorizedAccessMessage('GET');
$message = trim("The current user is not allowed to GET the selected resource. $reason");
$this->assertResourceErrorResponse(403, $message, $url, $response, '/data', $expected_403_cacheability->getCacheTags(), $expected_403_cacheability->getCacheContexts(), FALSE, 'MISS');
$this->assertArrayNotHasKey('Link', $response->getHeaders());
}
else {
$expected_document = $this->getExpectedDocument();
$label_field_name = $this->entity->getEntityType()->hasKey('label') ? $this->entity->getEntityType()->getKey('label') : static::$labelFieldName;
$expected_document['data']['attributes'] = array_intersect_key($expected_document['data']['attributes'], [$label_field_name => TRUE]);
unset($expected_document['data']['relationships']);
// MISS or UNCACHEABLE depends on data. It must not be HIT. $dynamic_cache_label_only = !empty(array_intersect(['user', 'session'], $this->getExpectedCacheContexts([$label_field_name]))) ? 'UNCACHEABLE' : 'MISS';