CodeExplorer
You are a developer and looking for Shopware projects?
Apply Now!
grantPermissions example
$this->drupalGet('admin/people/permissions/module/node,automated_cron');
$this->assertSession()->statusCodeEquals(403);
}
/** * Verify that bundle-specific pages work properly. */
public function testAccessBundlePermission() {
$this->drupalLogin($this->adminUser);
\Drupal::service('module_installer')->install(['contact', 'taxonomy']);
$this->grantPermissions(Role::load($this->rid), ['administer contact forms', 'administer taxonomy']);
// Bundles that do not have permissions have no permissions pages. $edit = [];
$edit['label'] = 'Test contact type';
$edit['id'] = 'test_contact_type';
$edit['recipients'] = 'webmaster@example.com';
$this->drupalGet('admin/structure/contact/add');
$this->submitForm($edit, 'Save');
$this->assertSession()->pageTextContains('Contact form ' . $edit['label'] . ' has been added.');
$this->drupalGet('admin/structure/contact/manage/test_contact_type/permissions');
$this->assertSession()->statusCodeEquals(403);
$this->assertSession()->statusCodeEquals(403);
}
/** * Verify that bundle-specific pages work properly. */
public function testAccessBundlePermission() {
$this->drupalLogin($this->adminUser);
\Drupal::service('module_installer')->install(['contact', 'taxonomy']);
$this->grantPermissions(Role::load($this->rid), ['administer contact forms', 'administer taxonomy']);
// Bundles that do not have permissions have no permissions pages. $edit = [];
$edit['label'] = 'Test contact type';
$edit['id'] = 'test_contact_type';
$edit['recipients'] = 'webmaster@example.com';
$this->drupalGet('admin/structure/contact/add');
$this->submitForm($edit, 'Save');
$this->assertSession()->pageTextContains('Contact form ' . $edit['label'] . ' has been added.');
$this->drupalGet('admin/structure/contact/manage/test_contact_type/permissions');
$this->assertSession()->statusCodeEquals(403);
$refreshableApps = $refreshableApps->filter($requestedApps);
}
if ($refreshableApps->isEmpty()) {
$io->note('Nothing to install, update or delete.');
return self::SUCCESS;
}
if (!$input->getOption('force')) {
try {
$this->grantPermissions($refreshableApps, $io);
} catch (UserAbortedCommandException) {
$io->error('Aborting due to user input.');
return self::FAILURE;
}
}
if (!$input->getOption('no-validate')) {
$hasViolations = $this->validateRefreshableApps($refreshableApps, $io, $context);
if ($hasViolations === 1) {
}
if ($refreshableApps->isEmpty()) {
$io->note('Nothing to install, update or delete.');
return self::SUCCESS;
}
if (!$input->getOption('force')) {
try {
$this->grantPermissions($refreshableApps, $io);
} catch (UserAbortedCommandException) {
$io->error('Aborting due to user input.');
return self::FAILURE;
}
}
if (!$input->getOption('no-validate')) {
$hasViolations = $this->validateRefreshableApps($refreshableApps, $io, $context);
if ($hasViolations === 1) {
if (isset($weight)) {
$role->set('weight', $weight);
}
$result = $role->save();
$this->assertSame(SAVED_NEW, $result, new FormattableMarkup('Created role ID @rid with name @name.', ['@name' => var_export($role->label(), TRUE), '@rid' => var_export($role->id(), TRUE)]));
if ($result === SAVED_NEW) {
// Grant the specified permissions to the role, if any. if (!empty($permissions)) {
$this->grantPermissions($role, $permissions);
$assigned_permissions = Role::load($role->id())->getPermissions();
$missing_permissions = array_diff($permissions, $assigned_permissions);
$this->assertEmpty($missing_permissions);
}
return $role->id();
}
else {
return FALSE;
}
}
// Test permissions.
$this->drupalLogin($this->nonAdminUser);
/** @var \Drupal\user\RoleInterface $role */
$role = Role::load(RoleInterface::AUTHENTICATED_ID);
// Test 'view all media revisions' permission ('view media' permission is // needed as well). user_role_revoke_permissions($role->id(), ['view media', 'view all media revisions']);
$this->drupalGet('media/' . $media->id() . '/revisions/' . $media->getRevisionId() . '/view');
$assert->statusCodeEquals(403);
$this->grantPermissions($role, ['view media', 'view all media revisions']);
$this->drupalGet('media/' . $media->id() . '/revisions/' . $media->getRevisionId() . '/view');
$assert->statusCodeEquals(200);
// Confirm the revision page shows the correct title. $assert->pageTextContains($media->getName());
// Confirm that the last revision is the default revision. $this->assertTrue($media->isDefaultRevision(), 'Last revision is the default.');
}
/** * Tests creating revisions of a File media item. */
/** @var \Drupal\user\RoleInterface $role */
$role = Role::load(RoleInterface::AUTHENTICATED_ID);
// Test 'view all media revisions' permission ('view media' permission is // needed as well). user_role_revoke_permissions($role->id(), ['view media', 'view all media revisions']);
$this->drupalGet('media/' . $media->id() . '/revisions/' . $media->getRevisionId() . '/view');
$assert->statusCodeEquals(403);
$this->grantPermissions($role, ['view media', 'view all media revisions']);
$this->drupalGet('media/' . $media->id() . '/revisions/' . $media->getRevisionId() . '/view');
$assert->statusCodeEquals(200);
// Confirm the revision page shows the correct title. $assert->pageTextContains($media->getName());
// Confirm that the last revision is the default revision. $this->assertTrue($media->isDefaultRevision(), 'Last revision is the default.');
}
/** * Tests creating revisions of a File media item. */
// Verify that unprivileged users can't access the widget view.
$this->drupalGet('admin/content/media-widget', $url_options);
$assert_session->responseContains('Access denied');
$this->drupalGet('admin/content/media-widget-table', $url_options);
$assert_session->responseContains('Access denied');
$this->drupalGet('media-library', $url_options);
$assert_session->responseContains('Access denied');
// Allow users with 'view media' permission to access the media library view // and controller. Since we are using the node entity type in the state // object, ensure the user also has permission to work with those. $this->grantPermissions($role, [
'create basic_page content',
'view media',
]);
$this->drupalGet('admin/content/media-widget', $url_options);
$assert_session->elementExists('css', '.js-media-library-view');
$this->drupalGet('admin/content/media-widget-table', $url_options);
$assert_session->elementExists('css', '.js-media-library-view');
$this->drupalGet('media-library', $url_options);
$assert_session->elementExists('css', '.js-media-library-view');
// Assert the user does not have access to the media add form if the user // does not have the 'create media' permission.
$assert_session->responseContains('Access denied');
$this->drupalGet('admin/content/media-widget-table', $url_options);
$assert_session->responseContains('Access denied');
$this->drupalGet('media-library', $url_options);
$assert_session->responseContains('Access denied');
// Allow users with 'view media' permission to access the media library view // and controller. Since we are using the node entity type in the state // object, ensure the user also has permission to work with those. $this->grantPermissions($role, [
'create basic_page content',
'view media',
]);
$this->drupalGet('admin/content/media-widget', $url_options);
$assert_session->elementExists('css', '.js-media-library-view');
$this->drupalGet('admin/content/media-widget-table', $url_options);
$assert_session->elementExists('css', '.js-media-library-view');
$this->drupalGet('media-library', $url_options);
$assert_session->elementExists('css', '.js-media-library-view');
// Assert the user does not have access to the media add form if the user // does not have the 'create media' permission.
protected function getAuthenticationRequestOptions($method) {
return [];
}
/** * Grants permissions to the anonymous role. * * @param string[] $permissions * Permissions to grant. */
protected function grantPermissionsToAnonymousRole(array $permissions) {
$this->grantPermissions(Role::load(RoleInterface::ANONYMOUS_ID), $permissions);
}
/** * Grants permissions to the authenticated role. * * @param string[] $permissions * Permissions to grant. */
protected function grantPermissionsToAuthenticatedRole(array $permissions) {
$this->grantPermissions(Role::load(RoleInterface::AUTHENTICATED_ID), $permissions);
}
return [];
}
/** * Grants permissions to the anonymous role. * * @param string[] $permissions * Permissions to grant. */
protected function grantPermissionsToAnonymousRole(array $permissions) {
$this->grantPermissions(Role::load(RoleInterface::ANONYMOUS_ID), $permissions);
}
/** * Grants permissions to the authenticated role. * * @param string[] $permissions * Permissions to grant. */
protected function grantPermissionsToAuthenticatedRole(array $permissions) {
$this->grantPermissions(Role::load(RoleInterface::AUTHENTICATED_ID), $permissions);
}
$uuid = $node->uuid();
// Assert the precondition: the 'ca' translation has a different title. $document = Json::decode($this->drupalGet('/jsonapi/node/article/' . $uuid));
$document_ca = Json::decode($this->drupalGet('/ca/jsonapi/node/article/' . $uuid));
$this->assertSame('en', $document['data']['attributes']['langcode']);
$this->assertSame('ca', $document_ca['data']['attributes']['langcode']);
$this->assertSame($node->getTitle(), $document['data']['attributes']['title']);
$this->assertSame($node->getTitle() . ' (ca)', $document_ca['data']['attributes']['title']);
// PATCH the 'ca' translation. $this->grantPermissions(Role::load(RoleInterface::ANONYMOUS_ID), [
'bypass node access',
]);
$request_options = [];
$request_options[RequestOptions::HEADERS]['Content-Type'] = 'application/vnd.api+json';
$request_options[RequestOptions::BODY] = Json::encode([
'data' => [
'type' => 'node--article',
'id' => $uuid,
'attributes' => [
'title' => $document_ca['data']['attributes']['title'] . ' UPDATED',
],
],
// Assert the precondition: the 'ca' translation has a different title. $document = Json::decode($this->drupalGet('/jsonapi/node/article/' . $uuid));
$document_ca = Json::decode($this->drupalGet('/ca/jsonapi/node/article/' . $uuid));
$this->assertSame('en', $document['data']['attributes']['langcode']);
$this->assertSame('ca', $document_ca['data']['attributes']['langcode']);
$this->assertSame($node->getTitle(), $document['data']['attributes']['title']);
$this->assertSame($node->getTitle() . ' (ca)', $document_ca['data']['attributes']['title']);
// PATCH the 'ca' translation. $this->grantPermissions(Role::load(RoleInterface::ANONYMOUS_ID), [
'bypass node access',
]);
$request_options = [];
$request_options[RequestOptions::HEADERS]['Content-Type'] = 'application/vnd.api+json';
$request_options[RequestOptions::BODY] = Json::encode([
'data' => [
'type' => 'node--article',
'id' => $uuid,
'attributes' => [
'title' => $document_ca['data']['attributes']['title'] . ' UPDATED',
],
],
// Create a few example media items for use in selection.
$this->createMediaItems([
'type_one' => [
'Cat',
'Dog',
],
]);
// Allow the anonymous user to create pages and view media. $role = Role::load(RoleInterface::ANONYMOUS_ID);
$this->grantPermissions($role, [
'access content',
'create basic_page content',
'view media',
]);
}
/** * Tests that the widget works as expected for anonymous users. */
public function testWidgetAnonymous() {
$assert_session = $this->assertSession();
'type_one' => [
'Cat',
'Dog',
],
]);
// Allow the anonymous user to create pages and view media. $role = Role::load(RoleInterface::ANONYMOUS_ID);
$this->grantPermissions($role, [
'access content',
'create basic_page content',
'view media',
]);
}
/** * Tests that the widget works as expected for anonymous users. */
public function testWidgetAnonymous() {
$assert_session = $this->assertSession();
public function testBlocks() {
foreach ($this->getBlockTests() as $test) {
call_user_func_array([$this, 'doTestBlocks'], array_values($test));
}
}
/** * Tests opening off-canvas dialog by click blocks and elements in the blocks. */
protected function doTestBlocks($theme, $block_plugin, $new_page_text, $element_selector, $label_selector, $button_text, $toolbar_item, $permissions) {
if ($permissions) {
$this->grantPermissions(Role::load(Role::AUTHENTICATED_ID), $permissions);
}
if ($new_page_text) {
// Some asserts can be based on this value, so it should not be the same // for different blocks, because it can be saved in the site config. $new_page_text = $new_page_text . ' ' . $theme . ' ' . $block_plugin;
}
$web_assert = $this->assertSession();
$page = $this->getSession()->getPage();
$this->enableTheme($theme);
$block = $this->placeBlock($block_plugin);
$block_selector = $this->getBlockSelector($block);
foreach ($this->getBlockTests() as $test) {
call_user_func_array([$this, 'doTestBlocks'], array_values($test));
}
}
/** * Tests opening off-canvas dialog by click blocks and elements in the blocks. */
protected function doTestBlocks($theme, $block_plugin, $new_page_text, $element_selector, $label_selector, $button_text, $toolbar_item, $permissions) {
if ($permissions) {
$this->grantPermissions(Role::load(Role::AUTHENTICATED_ID), $permissions);
}
if ($new_page_text) {
// Some asserts can be based on this value, so it should not be the same // for different blocks, because it can be saved in the site config. $new_page_text = $new_page_text . ' ' . $theme . ' ' . $block_plugin;
}
$web_assert = $this->assertSession();
$page = $this->getSession()->getPage();
$this->enableTheme($theme);
$block = $this->placeBlock($block_plugin);
$block_selector = $this->getBlockSelector($block);
$this->drupalLogin($this->nonAdminUser);
/** @var \Drupal\user\RoleInterface $role */
$role = Role::load(RoleInterface::AUTHENTICATED_ID);
user_role_revoke_permissions($role->id(), ['view media']);
// Test 'create BUNDLE media' permission. $this->drupalGet('media/add/' . $media_type->id());
$this->assertCacheContext('user.permissions');
$assert_session->statusCodeEquals(403);
$permissions = ['create ' . $media_type->id() . ' media'];
$this->grantPermissions($role, $permissions);
$this->drupalGet('media/add/' . $media_type->id());
$this->assertCacheContext('user.permissions');
$assert_session->statusCodeEquals(200);
user_role_revoke_permissions($role->id(), $permissions);
$role = Role::load(RoleInterface::AUTHENTICATED_ID);
// Verify the author can not view the unpublished media item without // 'view own unpublished media' permission. $this->grantPermissions($role, ['view media']);
$this->drupalGet('media/' . $user_media->id());
$this->assertNoCacheContext('user');
/** @var \Drupal\user\RoleInterface $role */
$role = Role::load(RoleInterface::AUTHENTICATED_ID);
user_role_revoke_permissions($role->id(), ['view media']);
// Test 'create BUNDLE media' permission. $this->drupalGet('media/add/' . $media_type->id());
$this->assertCacheContext('user.permissions');
$assert_session->statusCodeEquals(403);
$permissions = ['create ' . $media_type->id() . ' media'];
$this->grantPermissions($role, $permissions);
$this->drupalGet('media/add/' . $media_type->id());
$this->assertCacheContext('user.permissions');
$assert_session->statusCodeEquals(200);
user_role_revoke_permissions($role->id(), $permissions);
$role = Role::load(RoleInterface::AUTHENTICATED_ID);
// Verify the author can not view the unpublished media item without // 'view own unpublished media' permission. $this->grantPermissions($role, ['view media']);
$this->drupalGet('media/' . $user_media->id());
$this->assertNoCacheContext('user');
public function testContextualLinksVisibility() {
$this->drupalGet('user');
$contextualLinks = $this->assertSession()->waitForElement('css', '.contextual button');
$this->assertEmpty($contextualLinks);
// Ensure visibility remains correct after cached paged load. $this->drupalGet('user');
$contextualLinks = $this->assertSession()->waitForElement('css', '.contextual button');
$this->assertEmpty($contextualLinks);
// Grant permissions to use contextual links on blocks. $this->grantPermissions(Role::load(Role::AUTHENTICATED_ID), [
'access contextual links',
'administer blocks',
]);
$this->drupalGet('user');
$contextualLinks = $this->assertSession()->waitForElement('css', '.contextual button');
$this->assertNotEmpty($contextualLinks);
// Confirm touchevents detection is loaded with Contextual Links $this->assertSession()->elementExists('css', 'html.no-touchevents');
$this->drupalGet('user');
$contextualLinks = $this->assertSession()->waitForElement('css', '.contextual button');
$this->assertEmpty($contextualLinks);
// Ensure visibility remains correct after cached paged load. $this->drupalGet('user');
$contextualLinks = $this->assertSession()->waitForElement('css', '.contextual button');
$this->assertEmpty($contextualLinks);
// Grant permissions to use contextual links on blocks. $this->grantPermissions(Role::load(Role::AUTHENTICATED_ID), [
'access contextual links',
'administer blocks',
]);
$this->drupalGet('user');
$contextualLinks = $this->assertSession()->waitForElement('css', '.contextual button');
$this->assertNotEmpty($contextualLinks);
// Confirm touchevents detection is loaded with Contextual Links $this->assertSession()->elementExists('css', 'html.no-touchevents');
return NULL;
}
/** * Grants permissions to the authenticated role. * * @param string[] $permissions * Permissions to grant. */
protected function grantPermissionsToTestedRole(array $permissions) {
$this->grantPermissions(Role::load(RoleInterface::AUTHENTICATED_ID), $permissions);
}
/** * Revokes permissions from the authenticated role. * * @param string[] $permissions * Permissions to revoke. */
protected function revokePermissionsFromTestedRole(array $permissions) {
$role = Role::load(RoleInterface::AUTHENTICATED_ID);
foreach ($permissions as $permission) {
}
/** * Grants permissions to the authenticated role. * * @param string[] $permissions * Permissions to grant. */
protected function grantPermissionsToTestedRole(array $permissions) {
$this->grantPermissions(Role::load(RoleInterface::AUTHENTICATED_ID), $permissions);
}
/** * Revokes permissions from the authenticated role. * * @param string[] $permissions * Permissions to revoke. */
protected function revokePermissionsFromTestedRole(array $permissions) {
$role = Role::load(RoleInterface::AUTHENTICATED_ID);
foreach ($permissions as $permission) {
$this->user = $this->drupalCreateUser([
'create article content',
'edit any article content',
'delete any article content',
]);
// Create a user that can. $this->userCanViewProfiles = $this->drupalCreateUser([
'access user profiles',
]);
$this->grantPermissions(Role::load(RoleInterface::ANONYMOUS_ID), [
'access user profiles',
'administer taxonomy',
]);
\Drupal::service('router.builder')->rebuild();
}
/** * Performs a HTTP request. Wraps the Guzzle HTTP client. * * Why wrap the Guzzle HTTP client? Because any error response is returned via * an exception, which would make the tests unnecessarily complex to read. * * @param string $method * HTTP method. * @param \Drupal\Core\Url $url * URL to request. * @param array $request_options * Request options to apply. * * @return \Psr\Http\Message\ResponseInterface * The request response. * * @throws \GuzzleHttp\Exception\GuzzleException * * @see \GuzzleHttp\ClientInterface::request */
'create article content',
'edit any article content',
'delete any article content',
]);
// Create a user that can. $this->userCanViewProfiles = $this->drupalCreateUser([
'access user profiles',
]);
$this->grantPermissions(Role::load(RoleInterface::ANONYMOUS_ID), [
'access user profiles',
'administer taxonomy',
]);
\Drupal::service('router.builder')->rebuild();
}
/** * Performs a HTTP request. Wraps the Guzzle HTTP client. * * Why wrap the Guzzle HTTP client? Because any error response is returned via * an exception, which would make the tests unnecessarily complex to read. * * @param string $method * HTTP method. * @param \Drupal\Core\Url $url * URL to request. * @param array $request_options * Request options to apply. * * @return \Psr\Http\Message\ResponseInterface * The request response. * * @throws \GuzzleHttp\Exception\GuzzleException * * @see \GuzzleHttp\ClientInterface::request */
/**
* Tests that the Media overview page (/admin/content/media).
*/
public function testMediaOverviewPage() {
$assert_session = $this->assertSession();
// Check the view exists, is access-restricted, and some defaults are there. $this->drupalGet('/admin/content/media');
$assert_session->statusCodeEquals(403);
$role = Role::load(RoleInterface::AUTHENTICATED_ID);
$this->grantPermissions($role, ['access media overview']);
$this->getSession()->reload();
$assert_session->statusCodeEquals(200);
$assert_session->titleEquals('Media | Drupal');
$assert_session->fieldExists('Media name');
$assert_session->selectExists('type');
$assert_session->selectExists('status');
$assert_session->selectExists('langcode');
$assert_session->buttonExists('Filter');
$header = $assert_session->elementExists('css', 'th#view-thumbnail-target-id-table-column');
$this->assertSame('Thumbnail', $header->getText());
$header = $assert_session->elementExists('css', 'th#view-name-table-column');
public function testMediaOverviewPage() {
$assert_session = $this->assertSession();
// Check the view exists, is access-restricted, and some defaults are there. $this->drupalGet('/admin/content/media');
$assert_session->statusCodeEquals(403);
$role = Role::load(RoleInterface::AUTHENTICATED_ID);
$this->grantPermissions($role, ['access media overview']);
$this->getSession()->reload();
$assert_session->statusCodeEquals(200);
$assert_session->titleEquals('Media | Drupal');
$assert_session->fieldExists('Media name');
$assert_session->selectExists('type');
$assert_session->selectExists('status');
$assert_session->selectExists('langcode');
$assert_session->buttonExists('Filter');
$header = $assert_session->elementExists('css', 'th#view-thumbnail-target-id-table-column');
$this->assertSame('Thumbnail', $header->getText());
$header = $assert_session->elementExists('css', 'th#view-name-table-column');
'access toolbar',
]);
$this->drupalLogin($user);
}
/** * Tests blocks with overridden related configuration removed when overridden. */
public function testOverriddenConfigurationRemoved() {
$web_assert = $this->assertSession();
$page = $this->getSession()->getPage();
$this->grantPermissions(Role::load(Role::AUTHENTICATED_ID), ['administer site configuration', 'administer menu']);
// Confirm the branding block does include 'site_information' section when // the site name is not overridden. $branding_block = $this->placeBlock('system_branding_block');
$this->drupalGet('user');
$this->enableEditMode();
$this->openBlockForm($this->getBlockSelector($branding_block));
$web_assert->fieldExists('settings[site_information][site_name]');
// Confirm the branding block does not include 'site_information' section // when the site name is overridden. $this->container->get('state')->set('settings_tray_override_test.site_name', TRUE);
]);
$this->drupalLogin($user);
}
/** * Tests blocks with overridden related configuration removed when overridden. */
public function testOverriddenConfigurationRemoved() {
$web_assert = $this->assertSession();
$page = $this->getSession()->getPage();
$this->grantPermissions(Role::load(Role::AUTHENTICATED_ID), ['administer site configuration', 'administer menu']);
// Confirm the branding block does include 'site_information' section when // the site name is not overridden. $branding_block = $this->placeBlock('system_branding_block');
$this->drupalGet('user');
$this->enableEditMode();
$this->openBlockForm($this->getBlockSelector($branding_block));
$web_assert->fieldExists('settings[site_information][site_name]');
// Confirm the branding block does not include 'site_information' section // when the site name is overridden. $this->container->get('state')->set('settings_tray_override_test.site_name', TRUE);