CodeExplorer
You are a developer and looking for Shopware projects?
Apply Now!
revokePermissionsFromTestedRole example
public function testCollectionFilterAccess() {
// Verify the expected behavior in the common case. $this->doTestCollectionFilterAccessForPublishableEntities('subject', 'access comments', 'administer comments');
$collection_url = Url::fromRoute('jsonapi.entity_test--bar.collection');
$request_options = [];
$request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
$request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions());
// Go back to a simpler scenario: revoke the admin permission, publish the // comment and uninstall the query access test module. $this->revokePermissionsFromTestedRole(['administer comments']);
$this->entity->setPublished()->save();
$this->assertTrue($this->container->get('module_installer')->uninstall(['jsonapi_test_field_filter_access'], TRUE), 'Uninstalled modules.');
// ?filter[spotlight.LABEL]: 1 result. Just as already tested above in // ::doTestCollectionFilterAccessForPublishableEntities(). $collection_filter_url = $collection_url->setOption('query', ["filter[spotlight.subject]" => $this->entity->label()]);
$response = $this->request('GET', $collection_filter_url, $request_options);
$doc = Json::decode((string) $response->getBody());
$this->assertCount(1, $doc['data']);
// Mark the commented entity as inaccessible. \Drupal::state()->set('jsonapi__entity_test_filter_access_blacklist', [$this->entity->getCommentedEntityId()]);
Cache::invalidateTags(['state:jsonapi__entity_test_filter_access_blacklist']);
// Verify the expected behavior in the common case. $this->doTestCollectionFilterAccessForPublishableEntities('subject', 'access comments', 'administer comments');
$collection_url = Url::fromRoute('jsonapi.entity_test--bar.collection');
$request_options = [];
$request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
$request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions());
// Go back to a simpler scenario: revoke the admin permission, publish the // comment and uninstall the query access test module. $this->revokePermissionsFromTestedRole(['administer comments']);
$this->entity->setPublished()->save();
$this->assertTrue($this->container->get('module_installer')->uninstall(['jsonapi_test_field_filter_access'], TRUE), 'Uninstalled modules.');
// ?filter[spotlight.LABEL]: 1 result. Just as already tested above in // ::doTestCollectionFilterAccessForPublishableEntities(). $collection_filter_url = $collection_url->setOption('query', ["filter[spotlight.subject]" => $this->entity->label()]);
$response = $this->request('GET', $collection_filter_url, $request_options);
$doc = Json::decode((string) $response->getBody());
$this->assertCount(1, $doc['data']);
// Mark the commented entity as inaccessible. \Drupal::state()->set('jsonapi__entity_test_filter_access_blacklist', [$this->entity->getCommentedEntityId()]);
Cache::invalidateTags(['state:jsonapi__entity_test_filter_access_blacklist']);
'url.query_args:sort',
'url.site',
'user.permissions',
];
$this->assertResourceErrorResponse(403, $message, $collection_filter_url, $response, FALSE, $expected_cache_tags, $expected_cache_contexts, FALSE, 'MISS');
// And ensure the it is allowed when the proper permission is granted. $this->grantPermissionsToTestedRole(['filter by spotlight field']);
$response = $this->request('GET', $collection_filter_url, $request_options);
$doc = Json::decode((string) $response->getBody());
$this->assertCount(1, $doc['data']);
$this->assertSame($referencing_entity->uuid(), $doc['data'][0]['id']);
$this->revokePermissionsFromTestedRole(['filter by spotlight field']);
$this->assertTrue($this->container->get('module_installer')->uninstall(['jsonapi_test_field_filter_access'], TRUE), 'Uninstalled modules.');
return $referencing_entity;
}
/** * Implements ::testCollectionFilterAccess() for permission + status access. * * @param string $label_field_name * The entity type's label field name. * @param string $view_permission * The entity type's permission that grants 'view' access (for published * entities of this type). * @param string $admin_permission * The entity type's permission that grants 'view' access (for unpublished * entities of this type). * * @return \Drupal\Core\Entity\EntityInterface * The referencing entity. */
'url.site',
'user.permissions',
];
$this->assertResourceErrorResponse(403, $message, $collection_filter_url, $response, FALSE, $expected_cache_tags, $expected_cache_contexts, FALSE, 'MISS');
// And ensure the it is allowed when the proper permission is granted. $this->grantPermissionsToTestedRole(['filter by spotlight field']);
$response = $this->request('GET', $collection_filter_url, $request_options);
$doc = Json::decode((string) $response->getBody());
$this->assertCount(1, $doc['data']);
$this->assertSame($referencing_entity->uuid(), $doc['data'][0]['id']);
$this->revokePermissionsFromTestedRole(['filter by spotlight field']);
$this->assertTrue($this->container->get('module_installer')->uninstall(['jsonapi_test_field_filter_access'], TRUE), 'Uninstalled modules.');
return $referencing_entity;
}
/** * Implements ::testCollectionFilterAccess() for permission + status access. * * @param string $label_field_name * The entity type's label field name. * @param string $view_permission * The entity type's permission that grants 'view' access (for published * entities of this type). * @param string $admin_permission * The entity type's permission that grants 'view' access (for unpublished * entities of this type). * * @return \Drupal\Core\Entity\EntityInterface * The referencing entity. */
public function testCollectionFilterAccess() {
$label_field_name = 'title';
$this->doTestCollectionFilterAccessForPublishableEntities($label_field_name, 'access content', 'bypass node access');
$collection_url = Url::fromRoute('jsonapi.entity_test--bar.collection');
$collection_filter_url = $collection_url->setOption('query', ["filter[spotlight.$label_field_name]" => $this->entity->label()]);
$request_options = [];
$request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
$request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions());
$this->revokePermissionsFromTestedRole(['bypass node access']);
// 0 results because the node is unpublished. $response = $this->request('GET', $collection_filter_url, $request_options);
$doc = Json::decode((string) $response->getBody());
$this->assertCount(0, $doc['data']);
$this->grantPermissionsToTestedRole(['view own unpublished content']);
// 1 result because the current user is the owner of the unpublished node. $response = $this->request('GET', $collection_filter_url, $request_options);
$doc = Json::decode((string) $response->getBody());