CodeExplorer
You are a developer and looking for Shopware projects?
Apply Now!
user_role_change_permissions example
$this->setCommentSettings('form_location', CommentItemInterface::FORM_BELOW, 'Set comment form location');
$this->node->comment = CommentItemInterface::OPEN;
$this->node->save();
// Change user permissions. $perms = [
'access comments' => 1,
'post comments' => 1,
'skip comment approval' => 1,
'edit own comments' => 1,
];
user_role_change_permissions(RoleInterface::ANONYMOUS_ID, $perms);
$nid = $this->node->id();
// Assert basic link is output, actual functionality is unit-tested in // \Drupal\comment\Tests\CommentLinkBuilderTest. foreach (['node', "node/$nid"] as $path) {
$this->drupalGet($path);
// In teaser view, a link containing the comment count is always // expected. if ($path == 'node') {
$this->node->comment = CommentItemInterface::OPEN;
$this->node->save();
// Change user permissions. $perms = [
'access comments' => 1,
'post comments' => 1,
'skip comment approval' => 1,
'edit own comments' => 1,
];
user_role_change_permissions(RoleInterface::ANONYMOUS_ID, $perms);
$nid = $this->node->id();
// Assert basic link is output, actual functionality is unit-tested in // \Drupal\comment\Tests\CommentLinkBuilderTest. foreach (['node', "node/$nid"] as $path) {
$this->drupalGet($path);
// In teaser view, a link containing the comment count is always // expected. if ($path == 'node') {
$this->assertCommentAccess(TRUE, 'Admin user has access comments permission and no search permission, but comments should be indexed because admin user inherits authenticated user\'s permission to search');
}
/** * Set permissions for role. */
public function setRolePermissions($rid, $access_comments = FALSE, $search_content = TRUE) {
$permissions = [
'access comments' => $access_comments,
'search content' => $search_content,
];
user_role_change_permissions($rid, $permissions);
}
/** * Update search index and search for comment. * * @internal */
public function assertCommentAccess(bool $assume_access, string $message): void {
// Invoke search index update. \Drupal::service('search.index')->markForReindex('node_search', $this->node->id());
$this->cronRun();
}
/** * Set permissions for role. */
public function setRolePermissions($rid, $access_comments = FALSE, $search_content = TRUE) {
$permissions = [
'access comments' => $access_comments,
'search content' => $search_content,
];
user_role_change_permissions($rid, $permissions);
}
/** * Update search index and search for comment. * * @internal */
public function assertCommentAccess(bool $assume_access, string $message): void {
// Invoke search index update. \Drupal::service('search.index')->markForReindex('node_search', $this->node->id());
$this->cronRun();
/**
* {@inheritdoc}
*/
protected $defaultTheme = 'stark';
/** * {@inheritdoc} */
protected function setUp(): void {
parent::setUp();
// Set up permissions for anonymous attacker user. user_role_change_permissions(RoleInterface::ANONYMOUS_ID, [
'create article content' => TRUE,
'access content' => TRUE,
]);
}
/** * Tests the basic node submission for an anonymous visitor. */
public function testAnonymousNode() {
$type = 'Article';
$title = 'test page';
protected $defaultTheme = 'stark';
/** * {@inheritdoc} */
protected function setUp(): void {
parent::setUp();
// Set up permissions for anonymous attacker user. user_role_change_permissions(RoleInterface::ANONYMOUS_ID, [
'create article content' => TRUE,
'access content' => TRUE,
]);
}
/** * Tests the basic node submission for an anonymous visitor. */
public function testAnonymousNode() {
$type = 'Article';
$title = 'test page';
public function testResponsiveImageFieldFormattersPublic() {
$this->addTestImageStyleMappings();
$this->doTestResponsiveImageFieldFormatters('public');
}
/** * Tests responsive image formatters on node display for private files. */
public function testResponsiveImageFieldFormattersPrivate() {
$this->addTestImageStyleMappings();
// Remove access content permission from anonymous users. user_role_change_permissions(RoleInterface::ANONYMOUS_ID, ['access content' => FALSE]);
$this->doTestResponsiveImageFieldFormatters('private');
}
/** * Tests responsive image formatters when image style is empty. */
public function testResponsiveImageFieldFormattersEmptyStyle() {
$this->addTestImageStyleMappings(TRUE);
$this->doTestResponsiveImageFieldFormatters('public', TRUE);
}
$this->addTestImageStyleMappings();
$this->doTestResponsiveImageFieldFormatters('public');
}
/** * Tests responsive image formatters on node display for private files. */
public function testResponsiveImageFieldFormattersPrivate() {
$this->addTestImageStyleMappings();
// Remove access content permission from anonymous users. user_role_change_permissions(RoleInterface::ANONYMOUS_ID, ['access content' => FALSE]);
$this->doTestResponsiveImageFieldFormatters('private');
}
/** * Tests responsive image formatters when image style is empty. */
public function testResponsiveImageFieldFormattersEmptyStyle() {
$this->addTestImageStyleMappings(TRUE);
$this->doTestResponsiveImageFieldFormatters('public', TRUE);
}
$this->assertSession()->linkByHrefNotExists('node/' . $node->id() . '/translations');
$this->drupalLogout();
// Verify there's a translation operation link for users with enough // permissions. $this->drupalLogin($this->baseUser2);
$this->drupalGet('admin/content');
$this->assertSession()->linkByHrefExists('node/' . $node->id() . '/translations');
// Ensure that an unintended misconfiguration of permissions does not open // access to the translation form, see https://www.drupal.org/node/2558905. $this->drupalLogout();
user_role_change_permissions(
Role::AUTHENTICATED_ID,
[
'create content translations' => TRUE,
'access content' => FALSE,
]
);
$this->drupalLogin($this->baseUser1);
$this->drupalGet($node->toUrl('drupal:content-translation-overview'));
$this->assertSession()->statusCodeEquals(403);
// Ensure that the translation overview is also not accessible when the user
$this->drupalLogout();
// Verify there's a translation operation link for users with enough // permissions. $this->drupalLogin($this->baseUser2);
$this->drupalGet('admin/content');
$this->assertSession()->linkByHrefExists('node/' . $node->id() . '/translations');
// Ensure that an unintended misconfiguration of permissions does not open // access to the translation form, see https://www.drupal.org/node/2558905. $this->drupalLogout();
user_role_change_permissions(
Role::AUTHENTICATED_ID,
[
'create content translations' => TRUE,
'access content' => FALSE,
]
);
$this->drupalLogin($this->baseUser1);
$this->drupalGet($node->toUrl('drupal:content-translation-overview'));
$this->assertSession()->statusCodeEquals(403);
// Ensure that the translation overview is also not accessible when the user
if (!$update && !$this->isSyncing()) {
// Default configuration of modules and installation profiles is allowed // to specify a list of user roles to grant access to for the new format; // apply the defined user role permissions when a new format is inserted // and has a non-empty $roles property. // Note: user_role_change_permissions() triggers a call chain back into // \Drupal\filter\FilterPermissions::permissions() and lastly // filter_formats(), so its cache must be reset upfront. if (($roles = $this->get('roles')) && $permission = $this->getPermissionName()) {
foreach (user_roles() as $rid => $name) {
$enabled = in_array($rid, $roles, TRUE);
user_role_change_permissions($rid, [$permission => $enabled]);
}
}
}
}
/** * Returns if this format is the fallback format. * * The fallback format can never be disabled. It must always be available. * * @return bool * TRUE if this format is the fallback format, FALSE otherwise. */
// Default configuration of modules and installation profiles is allowed // to specify a list of user roles to grant access to for the new format; // apply the defined user role permissions when a new format is inserted // and has a non-empty $roles property. // Note: user_role_change_permissions() triggers a call chain back into // \Drupal\filter\FilterPermissions::permissions() and lastly // filter_formats(), so its cache must be reset upfront. if (($roles = $this->get('roles')) && $permission = $this->getPermissionName()) {
foreach (user_roles() as $rid => $name) {
$enabled = in_array($rid, $roles, TRUE);
user_role_change_permissions($rid, [$permission => $enabled]);
}
}
}
}
/** * Returns if this format is the fallback format. * * The fallback format can never be disabled. It must always be available. * * @return bool * TRUE if this format is the fallback format, FALSE otherwise. */
// Verify current permissions.
$this->assertFalse($account->hasPermission('administer users'), 'User does not have "administer users" permission.');
$this->assertTrue($account->hasPermission('access user profiles'), 'User has "access user profiles" permission.');
$this->assertTrue($account->hasPermission('administer site configuration'), 'User has "administer site configuration" permission.');
// Change permissions. $permissions = [
'administer users' => 1,
'access user profiles' => 0,
];
user_role_change_permissions($rid, $permissions);
// Verify proper permission changes. $this->assertTrue($account->hasPermission('administer users'), 'User now has "administer users" permission.');
$this->assertFalse($account->hasPermission('access user profiles'), 'User no longer has "access user profiles" permission.');
$this->assertTrue($account->hasPermission('administer site configuration'), 'User still has "administer site configuration" permission.');
// Verify the permissions hash has changed. $current_permissions_hash = $permissions_hash_generator->generate($account);
$this->assertNotEquals($previous_permissions_hash, $current_permissions_hash, 'Permissions hash has changed.');
}
$this->assertTrue($account->hasPermission('access user profiles'), 'User has "access user profiles" permission.');
$this->assertTrue($account->hasPermission('administer site configuration'), 'User has "administer site configuration" permission.');
// Change permissions. $permissions = [
'administer users' => 1,
'access user profiles' => 0,
];
user_role_change_permissions($rid, $permissions);
// Verify proper permission changes. $this->assertTrue($account->hasPermission('administer users'), 'User now has "administer users" permission.');
$this->assertFalse($account->hasPermission('access user profiles'), 'User no longer has "access user profiles" permission.');
$this->assertTrue($account->hasPermission('administer site configuration'), 'User still has "administer site configuration" permission.');
// Verify the permissions hash has changed. $current_permissions_hash = $permissions_hash_generator->generate($account);
$this->assertNotEquals($previous_permissions_hash, $current_permissions_hash, 'Permissions hash has changed.');
}
public function testImageFieldFormattersPublic() {
$this->_testImageFieldFormatters('public');
}
/** * Tests image formatters on node display for private files. */
public function testImageFieldFormattersPrivate() {
// Remove access content permission from anonymous users. user_role_change_permissions(RoleInterface::ANONYMOUS_ID, ['access content' => FALSE]);
$this->_testImageFieldFormatters('private');
}
/** * Tests image formatters on node display. */
public function _testImageFieldFormatters($scheme) {
/** @var \Drupal\Core\Render\RendererInterface $renderer */
$renderer = $this->container->get('renderer');
$node_storage = $this->container->get('entity_type.manager')->getStorage('node');
$field_name = strtolower($this->randomMachineName());
\Drupal::service('module_installer')->install(['views']);
$view = Views::getView('comment');
$view->storage->enable()->save();
\Drupal::service('router.builder')->rebuildIfNeeded();
}
/** * Tests comment approval functionality through admin/content/comment. */
public function testApprovalAdminInterface() {
// Set anonymous comments to require approval. user_role_change_permissions(RoleInterface::ANONYMOUS_ID, [
'access comments' => TRUE,
'post comments' => TRUE,
'skip comment approval' => FALSE,
]);
$this->drupalPlaceBlock('page_title_block');
$this->drupalLogin($this->adminUser);
// Ensure that doesn't require contact info. $this->setCommentAnonymous(CommentInterface::ANONYMOUS_MAYNOT_CONTACT);
// Test that the comments page loads correctly when there are no comments. $this->drupalGet('admin/content/comment');
$view = Views::getView('comment');
$view->storage->enable()->save();
\Drupal::service('router.builder')->rebuildIfNeeded();
}
/** * Tests comment approval functionality through admin/content/comment. */
public function testApprovalAdminInterface() {
// Set anonymous comments to require approval. user_role_change_permissions(RoleInterface::ANONYMOUS_ID, [
'access comments' => TRUE,
'post comments' => TRUE,
'skip comment approval' => FALSE,
]);
$this->drupalPlaceBlock('page_title_block');
$this->drupalLogin($this->adminUser);
// Ensure that doesn't require contact info. $this->setCommentAnonymous(CommentInterface::ANONYMOUS_MAYNOT_CONTACT);
// Test that the comments page loads correctly when there are no comments. $this->drupalGet('admin/content/comment');
$this->assertSession()->pageTextContains($this->entity->label());
$limited_user = $this->drupalCreateUser([
'administer comments',
]);
$this->drupalLogin($limited_user);
$this->drupalGet('admin/content/comment');
$this->assertSession()->pageTextNotContains($this->entity->label());
$this->drupalLogout();
// Deny anonymous users access to comments. user_role_change_permissions(RoleInterface::ANONYMOUS_ID, [
'access comments' => FALSE,
'post comments' => FALSE,
'skip comment approval' => FALSE,
'view test entity' => TRUE,
]);
// Attempt to view comments while disallowed. $this->drupalGet('entity-test/' . $this->entity->id());
// Verify that comments were not displayed. $this->assertSession()->responseNotMatches('@<h2[^>]*>Comments</h2>@');
$this->assertSession()->linkNotExists('Add new comment', 'Link to add comment was found.');
$limited_user = $this->drupalCreateUser([
'administer comments',
]);
$this->drupalLogin($limited_user);
$this->drupalGet('admin/content/comment');
$this->assertSession()->pageTextNotContains($this->entity->label());
$this->drupalLogout();
// Deny anonymous users access to comments. user_role_change_permissions(RoleInterface::ANONYMOUS_ID, [
'access comments' => FALSE,
'post comments' => FALSE,
'skip comment approval' => FALSE,
'view test entity' => TRUE,
]);
// Attempt to view comments while disallowed. $this->drupalGet('entity-test/' . $this->entity->id());
// Verify that comments were not displayed. $this->assertSession()->responseNotMatches('@<h2[^>]*>Comments</h2>@');
$this->assertSession()->linkNotExists('Add new comment', 'Link to add comment was found.');
$this->performCommentOperation($anonymous_comment3, 'delete');
$this->drupalGet('admin/content/comment');
$this->assertSession()->responseNotContains('comments[' . $anonymous_comment3->id() . ']');
$this->drupalLogout();
// Comment 3 was deleted. $this->drupalGet('comment/reply/node/' . $this->node->id() . '/comment/' . $anonymous_comment3->id());
$this->assertSession()->statusCodeEquals(403);
// Reset. user_role_change_permissions(RoleInterface::ANONYMOUS_ID, [
'access comments' => FALSE,
'post comments' => FALSE,
'skip comment approval' => FALSE,
]);
// Attempt to view comments while disallowed. // NOTE: if authenticated user has permission to post comments, then a // "Login or register to post comments" type link may be shown. $this->drupalGet('node/' . $this->node->id());
// Verify that comments were not displayed. $this->assertSession()->responseNotMatches('@<h2[^>]*>Comments</h2>@');
$this->drupalGet('admin/content/comment');
$this->assertSession()->responseNotContains('comments[' . $anonymous_comment3->id() . ']');
$this->drupalLogout();
// Comment 3 was deleted. $this->drupalGet('comment/reply/node/' . $this->node->id() . '/comment/' . $anonymous_comment3->id());
$this->assertSession()->statusCodeEquals(403);
// Reset. user_role_change_permissions(RoleInterface::ANONYMOUS_ID, [
'access comments' => FALSE,
'post comments' => FALSE,
'skip comment approval' => FALSE,
]);
// Attempt to view comments while disallowed. // NOTE: if authenticated user has permission to post comments, then a // "Login or register to post comments" type link may be shown. $this->drupalGet('node/' . $this->node->id());
// Verify that comments were not displayed. $this->assertSession()->responseNotMatches('@<h2[^>]*>Comments</h2>@');
$this->assertSession()->statusCodeEquals(403);
// Ensure the temporary file cannot be downloaded by another user. $account = $this->drupalCreateUser();
$this->drupalLogin($account);
$this->drupalGet($file_url);
$this->assertSession()->statusCodeEquals(403);
// As an anonymous user, create a temporary file with no references and // confirm that only the session that uploaded it may view it. $this->drupalLogout();
user_role_change_permissions(
RoleInterface::ANONYMOUS_ID,
[
"create $type_name content" => TRUE,
'access content' => TRUE,
]
);
$test_file = $this->getTestFile('text');
$this->drupalGet('node/add/' . $type_name);
$edit = ['files[' . $field_name . '_0]' => $file_system->realpath($test_file->getFileUri())];
$this->submitForm($edit, 'Upload');
/** @var \Drupal\file\FileStorageInterface $file_storage */
// Ensure the temporary file cannot be downloaded by another user. $account = $this->drupalCreateUser();
$this->drupalLogin($account);
$this->drupalGet($file_url);
$this->assertSession()->statusCodeEquals(403);
// As an anonymous user, create a temporary file with no references and // confirm that only the session that uploaded it may view it. $this->drupalLogout();
user_role_change_permissions(
RoleInterface::ANONYMOUS_ID,
[
"create $type_name content" => TRUE,
'access content' => TRUE,
]
);
$test_file = $this->getTestFile('text');
$this->drupalGet('node/add/' . $type_name);
$edit = ['files[' . $field_name . '_0]' => $file_system->realpath($test_file->getFileUri())];
$this->submitForm($edit, 'Upload');
/** @var \Drupal\file\FileStorageInterface $file_storage */
else {
foreach ($value as $instance_id => $config) {
$format->setFilterConfig($instance_id, $config);
}
}
}
$format->save();
// Save user permissions. if ($permission = $format->getPermissionName()) {
foreach ($form_state->getValue('roles') as $rid => $enabled) {
user_role_change_permissions($rid, [$permission => $enabled]);
}
}
return $this->entity;
}
/** * {@inheritdoc} */
protected function actions(array $form, FormStateInterface $form_state) {
$actions = parent::actions($form, $form_state);
foreach ($value as $instance_id => $config) {
$format->setFilterConfig($instance_id, $config);
}
}
}
$format->save();
// Save user permissions. if ($permission = $format->getPermissionName()) {
foreach ($form_state->getValue('roles') as $rid => $enabled) {
user_role_change_permissions($rid, [$permission => $enabled]);
}
}
return $this->entity;
}
/** * {@inheritdoc} */
protected function actions(array $form, FormStateInterface $form_state) {
$actions = parent::actions($form, $form_state);
'create article content',
]);
}
/** * Tests the recent comments block. */
public function testRecentNodeBlock() {
$this->drupalLogin($this->adminUser);
// Disallow anonymous users to view content. user_role_change_permissions(RoleInterface::ANONYMOUS_ID, [
'access content' => FALSE,
]);
// Enable the recent content block with two items. $block = $this->drupalPlaceBlock('views_block:content_recent-block_1', ['id' => 'test_block', 'items_per_page' => 2]);
// Test that block is not visible without nodes. $this->drupalGet('');
$this->assertSession()->pageTextContains('No content available.');
// Add some test nodes.
]);
}
/** * Tests the recent comments block. */
public function testRecentNodeBlock() {
$this->drupalLogin($this->adminUser);
// Disallow anonymous users to view content. user_role_change_permissions(RoleInterface::ANONYMOUS_ID, [
'access content' => FALSE,
]);
// Enable the recent content block with two items. $block = $this->drupalPlaceBlock('views_block:content_recent-block_1', ['id' => 'test_block', 'items_per_page' => 2]);
// Test that block is not visible without nodes. $this->drupalGet('');
$this->assertSession()->pageTextContains('No content available.');
// Add some test nodes.
protected function setUp(): void {
parent::setUp();
$this->drupalPlaceBlock('page_title_block');
}
/** * Tests comment approval functionality through admin/content/comment. */
public function testApprovalAdminInterface() {
// Set anonymous comments to require approval. user_role_change_permissions(RoleInterface::ANONYMOUS_ID, [
'access comments' => TRUE,
'post comments' => TRUE,
'skip comment approval' => FALSE,
]);
$this->drupalLogin($this->adminUser);
// Ensure that doesn't require contact info. $this->setCommentAnonymous(CommentInterface::ANONYMOUS_MAYNOT_CONTACT);
// Test that the comments page loads correctly when there are no comments $this->drupalGet('admin/content/comment');
$this->assertSession()->pageTextContains('No comments available.');
parent::setUp();
$this->drupalPlaceBlock('page_title_block');
}
/** * Tests comment approval functionality through admin/content/comment. */
public function testApprovalAdminInterface() {
// Set anonymous comments to require approval. user_role_change_permissions(RoleInterface::ANONYMOUS_ID, [
'access comments' => TRUE,
'post comments' => TRUE,
'skip comment approval' => FALSE,
]);
$this->drupalLogin($this->adminUser);
// Ensure that doesn't require contact info. $this->setCommentAnonymous(CommentInterface::ANONYMOUS_MAYNOT_CONTACT);
// Test that the comments page loads correctly when there are no comments $this->drupalGet('admin/content/comment');
$this->assertSession()->pageTextContains('No comments available.');