revokePermission example

    $session->executeScript("jQuery('[data-media-library-widget-value=\"field_unlimited_media\"]').val('1,2,{$unpublished_media->id()}')");
    $session->executeScript("jQuery('[data-media-library-widget-update=\"field_unlimited_media\"]').trigger('mousedown')");
    $this->assertElementExistsAfterWait('css', '.js-media-library-item');
    // Assert the published items are selected and the unpublished item is not     // selected.     $assert_session->pageTextContains('Horse');
    $assert_session->pageTextContains('Bear');
    $assert_session->pageTextNotContains('Mosquito');
    $this->drupalLogout();

    $role = Role::load(RoleInterface::ANONYMOUS_ID);
    $role->revokePermission('view media');
    $role->save();

    // Create a working state.     $allowed_types = ['type_one', 'type_two', 'type_three', 'type_four'];
    // The opener parameters are not relevant to the test, but the opener     // expects them to be there or it will deny access.     $state = MediaLibraryState::create('media_library.opener.field_widget', $allowed_types, 'type_three', 2, [
      'entity_type_id' => 'node',
      'bundle' => 'basic_page',
      'field_name' => 'field_unlimited_media',
    ]);
    
    $published_node->setUnpublished()->save();

    $this->drupalGet($published_node->toUrl());
    $this->assertSession()->statusCodeEquals(403);
    $this->drupalGet($src);
    $this->assertSession()->statusCodeEquals(403);

    // Disallow anonymous users to view the entity, which then should also     // disallow them to view the image.     $published_node->setPublished()->save();
    Role::load(RoleInterface::ANONYMOUS_ID)
      ->revokePermission('access content')
      ->save();
    $this->drupalGet($published_node->toUrl());
    $this->assertSession()->statusCodeEquals(403);
    $this->drupalGet($src);
    $this->assertSession()->statusCodeEquals(403);
  }

}
protected static $modules = ['system', 'user', 'user_permissions_test'];

  public function testOrderOfPermissions() {
    $role = Role::create(['id' => 'test_role', 'label' => 'Test role']);
    $role->grantPermission('b')
      ->grantPermission('a')
      ->grantPermission('c')
      ->save();
    $this->assertEquals(['a', 'b', 'c']$role->getPermissions());

    $role->revokePermission('b')->save();
    $this->assertEquals(['a', 'c']$role->getPermissions());

    $role->grantPermission('b')->save();
    $this->assertEquals(['a', 'b', 'c']$role->getPermissions());
  }

  public function testGrantingNonExistentPermission() {
    $role = Role::create(['id' => 'test_role', 'label' => 'Test role']);

    // A single permission that does not exist.     $this->expectException(\RuntimeException::class);
    

  protected function setUp(): void {
    parent::setUp();

    $this->serializer = $this->container->get('jsonapi.serializer');

    $this->config('system.logging')->set('error_level', ERROR_REPORTING_HIDE)->save();

    // Ensure the anonymous user role has no permissions at all.     $user_role = Role::load(RoleInterface::ANONYMOUS_ID);
    foreach ($user_role->getPermissions() as $permission) {
      $user_role->revokePermission($permission);
    }
    $user_role->save();
    assert([] === $user_role->getPermissions(), 'The anonymous user role has no permissions at all.');

    // Ensure the authenticated user role has no permissions at all.     $user_role = Role::load(RoleInterface::AUTHENTICATED_ID);
    foreach ($user_role->getPermissions() as $permission) {
      $user_role->revokePermission($permission);
    }
    $user_role->save();
    assert([] === $user_role->getPermissions(), 'The authenticated user role has no permissions at all.');

    
$this->drupalGet('media/oembed', ['query' => $no_hash_query]);
    $assert_session->pageTextNotContains('By the power of Grayskull, Vimeo works!');
    $assert_session->pageTextContains('Client error');

    // A correct query should be allowed because the anonymous role has the     // 'view media' permission.     $this->drupalGet('media/oembed', ['query' => $query]);
    $assert_session->pageTextContains('By the power of Grayskull, Vimeo works!');

    // Remove the 'view media' permission to test that this restricts access.     $role = Role::load(AccountInterface::ANONYMOUS_ROLE);
    $role->revokePermission('view media');
    $role->save();
    $this->drupalGet('media/oembed', ['query' => $query]);
    $assert_session->pageTextNotContains('By the power of Grayskull, Vimeo works!');
    $assert_session->pageTextContains('Access denied');
  }

  /** * Tests that a security warning appears if iFrame domain is not set. */
  public function testOEmbedSecurityWarning() {
    $media_type_id = 'test_media_oembed_type';
    
$response = $this->request('POST', $url$request_options);
    $this->assertSame(201, $response->getStatusCode());
    $expected = $this->getExpectedNormalizedFileEntity();
    static::recursiveKSort($expected);
    $actual = $this->serializer->decode((string) $response->getBody()static::$format);
    static::recursiveKSort($actual);
    $this->assertSame($expected$actual);

    // To still run the complete test coverage for POSTing a Media entity, we     // must revoke the additional permissions that we granted.     $role = Role::load(static::$auth ? RoleInterface::AUTHENTICATED_ID : RoleInterface::ANONYMOUS_ID);
    $role->revokePermission('create camelids media');
    $role->trustData()->save();
  }

  /** * Gets the expected file entity. * * @return array * The expected normalized data array. */
  protected function getExpectedNormalizedFileEntity() {
    $file = File::load(3);
    
/** * {@inheritdoc} */
  protected function setUp(): void {
    parent::setUp();

    $this->serializer = $this->container->get('serializer');

    // Ensure the anonymous user role has no permissions at all.     $user_role = Role::load(RoleInterface::ANONYMOUS_ID);
    foreach ($user_role->getPermissions() as $permission) {
      $user_role->revokePermission($permission);
    }
    $user_role->save();
    assert([] === $user_role->getPermissions(), 'The anonymous user role has no permissions at all.');

    if (static::$auth !== FALSE) {
      // Ensure the authenticated user role has no permissions at all.       $user_role = Role::load(RoleInterface::AUTHENTICATED_ID);
      foreach ($user_role->getPermissions() as $permission) {
        $user_role->revokePermission($permission);
      }
      $user_role->save();
      
$assert_session->pageTextNotContains('You do not have permission to view media item');
    $remove_button->press();
    $this->waitForText("Removing Horse.");
    $this->waitForText("Horse has been removed.");
    // Logout without saving.     $this->drupalLogout();

    // Create a user who can edit content but not view media.     // Must remove permission from authenticated role first, otherwise the new     // user will inherit that permission.     $role = Role::load(RoleInterface::AUTHENTICATED_ID);
    $role->revokePermission('view media');
    $role->save();
    $non_media_editor = $this->drupalCreateUser([
      'access content',
      'create basic_page content',
      'edit any basic_page content',
    ]);
    $this->drupalLogin($non_media_editor);

    // Assert that preview does not reveal media name.     $this->drupalGet($node->toUrl('edit-form'));
    // There should be no preview name.
'value' => '<p>Hello, unsaved world!</p>',
      'format' => 'full_html',
    ];
  }

  /** * Assert inaccessible items don't change the data of the fields. */
  public function testAccess() {
    // Revoke the 'view test entity' permission for this test.     Role::load(RoleInterface::ANONYMOUS_ID)
      ->revokePermission('view test entity')
      ->save();

    $field_name = $this->fieldName;

    $referencing_entity = $this->container->get('entity_type.manager')
      ->getStorage($this->entityType)
      ->create(['name' => $this->randomMachineName()]);
    $referencing_entity->save();
    $referencing_entity->{$field_name}->entity = $this->referencedEntity;

    // Assert user doesn't have access to the entity.
$this->clickViewsOperationLink('Disable', '/glossary/');
    // $this->assertSession()->addressEquals('admin/structure/views');     // $this->assertSession()->linkByHrefNotExists($edit_href);     // The easiest way to verify it appears on the disabled views listing page     // is to try to click the "enable" link from there again.     $this->drupalGet('admin/structure/views');
    $this->clickViewsOperationLink('Enable', '/glossary/');
    $this->assertSession()->addressEquals('admin/structure/views');
    $this->assertSession()->linkByHrefExists($edit_href);

    // Clear permissions for anonymous users to check access for default views.     Role::load(RoleInterface::ANONYMOUS_ID)->revokePermission('access content')->save();

    // Test the default views disclose no data by default.     $this->drupalLogout();
    $this->drupalGet('glossary');
    $this->assertSession()->statusCodeEquals(403);
    $this->drupalGet('archive');
    $this->assertSession()->statusCodeEquals(403);

    // Test deleting a view.     $this->drupalLogin($this->fullAdminUser);
    $this->drupalGet('admin/structure/views');
    
    $element = $test_element;
    $element['#markup'] = 'this should not be visible';
    $output = \Drupal::service('renderer')->renderRoot($element);
    $this->assertEquals('content for authenticated users', $output);

    // Even though the cache contexts have been optimized to only include 'user'     // cache context, the element should have been changed because     // 'user.permissions' cache context defined a cache tags for permission     // changes, which should have bubbled up for the element when it was     // optimized away.     Role::load($role)
      ->revokePermission('administer permissions')
      ->save();
    $element = $test_element;
    $element['#markup'] = 'this should be visible';
    $output = \Drupal::service('renderer')->renderRoot($element);
    $this->assertEquals('this should be visible', $output);
  }

  /** * Ensures that 'user.roles' still works when it is optimized away. */
  public function testUserRolesCacheContextOptimization() {
    
$tables = $query->getTables();

    // Ensure that the join to node_field_data is not added by default.     $this->assertEquals(['node_field_data', 'taxonomy_index']array_keys($tables));
    // Ensure that the filter to the language column is not there by default.     $condition = $query->conditions();
    // We only want to check the no. of conditions in the query.     unset($condition['#conjunction']);
    $this->assertCount(1, $condition);

    // Clear permissions for anonymous users to check access for default views.     Role::load(RoleInterface::ANONYMOUS_ID)->revokePermission('access content')->save();

    // Test the default views disclose no data by default.     $this->drupalLogout();
    $this->drupalGet('taxonomy/term/' . $term->id());
    $this->assertSession()->statusCodeEquals(403);
    $this->drupalGet('taxonomy/term/' . $term->id() . '/feed');
    $this->assertSession()->statusCodeEquals(403);
  }

}
Home | Imprint | This part of the site doesn't use cookies.