$this->
config('jsonapi.settings'
)->
set('read_only', FALSE
)->
save(TRUE
);
// Try changing user 1's email.
$user1 =
$original_normalization;
$user1['data'
]['attributes'
]['mail'
] = 'another_email_address@example.com';
$user1['data'
]['attributes'
]['uid'
] = 1;
$user1['data'
]['attributes'
]['name'
] = 'another_user_name';
$user1['data'
]['attributes'
]['pass'
]['existing'
] =
$this->account->passRaw;
$request_options[RequestOptions::BODY
] = Json::
encode($user1);
$response =
$this->
request('PATCH',
$url,
$request_options);
// Ensure the email address has not changed.
$this->
assertEquals('admin@example.com',
$this->entityStorage->
loadUnchanged(1
)->
getEmail());
$this->
assertResourceErrorResponse(403, 'The current user is not allowed to PATCH the selected field (uid). The entity ID cannot be changed.',
$url,
$response, '/data/attributes/uid'
);
} /**
* Tests GETting privacy-sensitive base fields.
*/
public function testGetMailFieldOnlyVisibleToOwner() { // Create user B, with the same roles (and hence permissions) as user A.
$user_a =
$this->account;
$pass = \Drupal::
service('password_generator'
)->
generate();
$user_b = User::
create([