CodeExplorer
You are a developer and looking for Shopware projects?
Apply Now!
user_role_revoke_permissions example
public function testPrivateFileComment() {
$user = $this->drupalCreateUser(['access comments']);
// Grant the admin user required comment permissions. $roles = $this->adminUser->getRoles();
user_role_grant_permissions($roles[1], ['administer comment fields', 'administer comments']);
// Revoke access comments permission from anon user, grant post to // authenticated. user_role_revoke_permissions(RoleInterface::ANONYMOUS_ID, ['access comments']);
user_role_grant_permissions(RoleInterface::AUTHENTICATED_ID, ['post comments', 'skip comment approval']);
// Create a new field. $this->addDefaultCommentField('node', 'article');
$name = strtolower($this->randomMachineName());
$label = $this->randomMachineName();
$storage_edit = ['settings[uri_scheme]' => 'private'];
$this->fieldUIAddNewField('admin/structure/comment/manage/comment', $name, $label, 'file', $storage_edit);
// Manually clear cache on the tester side.
$this->drupalGet('media/' . $user_media->id() . '/edit');
$this->assertCacheContext('user.permissions');
$assert_session->statusCodeEquals(200);
$this->drupalGet('media/' . $user_media->id() . '/delete');
$this->assertCacheContext('user.permissions');
$assert_session->statusCodeEquals(200);
$this->drupalLogin($this->nonAdminUser);
/** @var \Drupal\user\RoleInterface $role */
$role = Role::load(RoleInterface::AUTHENTICATED_ID);
user_role_revoke_permissions($role->id(), ['view media']);
// Test 'create BUNDLE media' permission. $this->drupalGet('media/add/' . $media_type->id());
$this->assertCacheContext('user.permissions');
$assert_session->statusCodeEquals(403);
$permissions = ['create ' . $media_type->id() . ' media'];
$this->grantPermissions($role, $permissions);
$this->drupalGet('media/add/' . $media_type->id());
$this->assertCacheContext('user.permissions');
$assert_session->statusCodeEquals(200);
user_role_revoke_permissions($role->id(), $permissions);
$this->assertCacheContext('user.permissions');
$assert_session->statusCodeEquals(200);
$this->drupalGet('media/' . $user_media->id() . '/delete');
$this->assertCacheContext('user.permissions');
$assert_session->statusCodeEquals(200);
$this->drupalLogin($this->nonAdminUser);
/** @var \Drupal\user\RoleInterface $role */
$role = Role::load(RoleInterface::AUTHENTICATED_ID);
user_role_revoke_permissions($role->id(), ['view media']);
// Test 'create BUNDLE media' permission. $this->drupalGet('media/add/' . $media_type->id());
$this->assertCacheContext('user.permissions');
$assert_session->statusCodeEquals(403);
$permissions = ['create ' . $media_type->id() . ' media'];
$this->grantPermissions($role, $permissions);
$this->drupalGet('media/add/' . $media_type->id());
$this->assertCacheContext('user.permissions');
$assert_session->statusCodeEquals(200);
user_role_revoke_permissions($role->id(), $permissions);
protected static $modules = ['views'];
/** * {@inheritdoc} */
protected function setUp(): void {
parent::setUp();
// Remove the "view own unpublished content" permission which is set // by default for authenticated users so we can test this permission // correctly. user_role_revoke_permissions(RoleInterface::AUTHENTICATED_ID, ['view own unpublished content']);
$this->adminUser = $this->drupalCreateUser([
'access administration pages',
'access content overview',
'administer nodes',
'bypass node access',
]);
$this->baseUser1 = $this->drupalCreateUser(['access content overview']);
$this->baseUser2 = $this->drupalCreateUser([
'access content overview',
'view own unpublished content',
]);
/** * {@inheritdoc} */
protected function setUp(): void {
parent::setUp();
// Remove the "view own unpublished content" permission which is set // by default for authenticated users so we can test this permission // correctly. user_role_revoke_permissions(RoleInterface::AUTHENTICATED_ID, ['view own unpublished content']);
$this->adminUser = $this->drupalCreateUser([
'access administration pages',
'access content overview',
'administer nodes',
'bypass node access',
]);
$this->baseUser1 = $this->drupalCreateUser(['access content overview']);
$this->baseUser2 = $this->drupalCreateUser([
'access content overview',
'view own unpublished content',
]);
$this->addContactForm($name = mb_strtolower($this->randomMachineName(16)), $label = $this->randomMachineName(16), implode(',', [$recipients[0], $recipients[1], $recipients[2]]), '', FALSE);
$this->assertSession()->pageTextContains('Contact form ' . $label . ' has been added.');
// Try adding a form that already exists. $this->addContactForm($name, $label, '', '', FALSE);
$this->assertSession()->pageTextNotContains("Contact form $label has been added.");
$this->assertSession()->pageTextContains('The machine-readable name is already in use. It must be unique.');
$this->drupalLogout();
// Check to see that anonymous user cannot see contact page without permission. user_role_revoke_permissions(RoleInterface::ANONYMOUS_ID, ['access site-wide contact form']);
$this->drupalGet('contact');
$this->assertSession()->statusCodeEquals(403);
// Give anonymous user permission and see that page is viewable. user_role_grant_permissions(RoleInterface::ANONYMOUS_ID, ['access site-wide contact form']);
$this->drupalGet('contact');
$this->assertSession()->statusCodeEquals(200);
// Submit contact form with invalid values. $this->submitContact('', $recipients[0], $this->randomMachineName(16), $id, $this->randomMachineName(64));
$this->assertSession()->pageTextContains('Your name field is required.');
$this->assertSession()->pageTextContains('Contact form ' . $label . ' has been added.');
// Try adding a form that already exists. $this->addContactForm($name, $label, '', '', FALSE);
$this->assertSession()->pageTextNotContains("Contact form $label has been added.");
$this->assertSession()->pageTextContains('The machine-readable name is already in use. It must be unique.');
$this->drupalLogout();
// Check to see that anonymous user cannot see contact page without permission. user_role_revoke_permissions(RoleInterface::ANONYMOUS_ID, ['access site-wide contact form']);
$this->drupalGet('contact');
$this->assertSession()->statusCodeEquals(403);
// Give anonymous user permission and see that page is viewable. user_role_grant_permissions(RoleInterface::ANONYMOUS_ID, ['access site-wide contact form']);
$this->drupalGet('contact');
$this->assertSession()->statusCodeEquals(200);
// Submit contact form with invalid values. $this->submitContact('', $recipients[0], $this->randomMachineName(16), $id, $this->randomMachineName(64));
$this->assertSession()->pageTextContains('Your name field is required.');
$timestamp = REQUEST_TIME;
for ($i = 0; $i < 11; ++$i) {
$subject = ($i % 2) ? $this->randomMachineName() : '';
$comments[$i] = $this->postComment($this->node, $this->randomMachineName(), $subject);
$comments[$i]->created->value = $timestamp--;
$comments[$i]->save();
}
// Test that a user without the 'access comments' permission cannot see the // block. $this->drupalLogout();
user_role_revoke_permissions(RoleInterface::ANONYMOUS_ID, ['access comments']);
$this->drupalGet('');
$this->assertSession()->pageTextNotContains('Recent comments');
user_role_grant_permissions(RoleInterface::ANONYMOUS_ID, ['access comments']);
// Test that a user with the 'access comments' permission can see the // block. $this->drupalLogin($this->webUser);
$this->drupalGet('');
$this->assertSession()->pageTextContains('Recent comments');
// Test the only the 10 latest comments are shown and in the proper order.
for ($i = 0; $i < 11; ++$i) {
$subject = ($i % 2) ? $this->randomMachineName() : '';
$comments[$i] = $this->postComment($this->node, $this->randomMachineName(), $subject);
$comments[$i]->created->value = $timestamp--;
$comments[$i]->save();
}
// Test that a user without the 'access comments' permission cannot see the // block. $this->drupalLogout();
user_role_revoke_permissions(RoleInterface::ANONYMOUS_ID, ['access comments']);
$this->drupalGet('');
$this->assertSession()->pageTextNotContains('Recent comments');
user_role_grant_permissions(RoleInterface::ANONYMOUS_ID, ['access comments']);
// Test that a user with the 'access comments' permission can see the // block. $this->drupalLogin($this->webUser);
$this->drupalGet('');
$this->assertSession()->pageTextContains('Recent comments');
// Test the only the 10 latest comments are shown and in the proper order.
$this->drupalLogout();
user_role_grant_permissions(RoleInterface::ANONYMOUS_ID, ['access user contact forms']);
$this->drupalGet('user/' . $this->contactUser->id() . '/contact');
$this->assertSession()->statusCodeEquals(200);
// Test that anonymous users can access admin user's contact form. $this->drupalGet('user/' . $this->adminUser->id() . '/contact');
$this->assertSession()->statusCodeEquals(200);
$this->assertCacheContext('user');
// Revoke the personal contact permission for the anonymous user. user_role_revoke_permissions(RoleInterface::ANONYMOUS_ID, ['access user contact forms']);
$this->drupalGet('user/' . $this->contactUser->id() . '/contact');
$this->assertSession()->statusCodeEquals(403);
$this->assertCacheContext('user');
$this->drupalGet('user/' . $this->adminUser->id() . '/contact');
$this->assertSession()->statusCodeEquals(403);
// Disable the personal contact form. $this->drupalLogin($this->adminUser);
$edit = ['contact_default_status' => FALSE];
$this->drupalGet('admin/config/people/accounts');
$this->submitForm($edit, 'Save configuration');
user_role_grant_permissions(RoleInterface::ANONYMOUS_ID, ['access user contact forms']);
$this->drupalGet('user/' . $this->contactUser->id() . '/contact');
$this->assertSession()->statusCodeEquals(200);
// Test that anonymous users can access admin user's contact form. $this->drupalGet('user/' . $this->adminUser->id() . '/contact');
$this->assertSession()->statusCodeEquals(200);
$this->assertCacheContext('user');
// Revoke the personal contact permission for the anonymous user. user_role_revoke_permissions(RoleInterface::ANONYMOUS_ID, ['access user contact forms']);
$this->drupalGet('user/' . $this->contactUser->id() . '/contact');
$this->assertSession()->statusCodeEquals(403);
$this->assertCacheContext('user');
$this->drupalGet('user/' . $this->adminUser->id() . '/contact');
$this->assertSession()->statusCodeEquals(403);
// Disable the personal contact form. $this->drupalLogin($this->adminUser);
$edit = ['contact_default_status' => FALSE];
$this->drupalGet('admin/config/people/accounts');
$this->submitForm($edit, 'Save configuration');
// Get the last revision for simple checks.
/** @var \Drupal\media\MediaInterface $media */
$media = end($media_revisions);
// Test permissions. $this->drupalLogin($this->nonAdminUser);
/** @var \Drupal\user\RoleInterface $role */
$role = Role::load(RoleInterface::AUTHENTICATED_ID);
// Test 'view all media revisions' permission ('view media' permission is // needed as well). user_role_revoke_permissions($role->id(), ['view media', 'view all media revisions']);
$this->drupalGet('media/' . $media->id() . '/revisions/' . $media->getRevisionId() . '/view');
$assert->statusCodeEquals(403);
$this->grantPermissions($role, ['view media', 'view all media revisions']);
$this->drupalGet('media/' . $media->id() . '/revisions/' . $media->getRevisionId() . '/view');
$assert->statusCodeEquals(200);
// Confirm the revision page shows the correct title. $assert->pageTextContains($media->getName());
// Confirm that the last revision is the default revision. $this->assertTrue($media->isDefaultRevision(), 'Last revision is the default.');
}
$media = end($media_revisions);
// Test permissions. $this->drupalLogin($this->nonAdminUser);
/** @var \Drupal\user\RoleInterface $role */
$role = Role::load(RoleInterface::AUTHENTICATED_ID);
// Test 'view all media revisions' permission ('view media' permission is // needed as well). user_role_revoke_permissions($role->id(), ['view media', 'view all media revisions']);
$this->drupalGet('media/' . $media->id() . '/revisions/' . $media->getRevisionId() . '/view');
$assert->statusCodeEquals(403);
$this->grantPermissions($role, ['view media', 'view all media revisions']);
$this->drupalGet('media/' . $media->id() . '/revisions/' . $media->getRevisionId() . '/view');
$assert->statusCodeEquals(200);
// Confirm the revision page shows the correct title. $assert->pageTextContains($media->getName());
// Confirm that the last revision is the default revision. $this->assertTrue($media->isDefaultRevision(), 'Last revision is the default.');
}
$this->waitForOffCanvasToClose();
$this->getSession()->wait(100);
$this->getSession()->getPage()->find('css', static::TOOLBAR_EDIT_LINK_SELECTOR)->mouseOver();
$this->assertEditModeDisabled();
$this->assertNotEmpty($web_assert->waitForElement('css', '#drupal-live-announce:contains(Exited edit mode)'));
$web_assert->assertNoElementAfterWait('css', '.contextual-toolbar-tab button:contains(Editing)');
$web_assert->elementAttributeNotContains('css', '.dialog-off-canvas-main-canvas', 'class', 'js-settings-tray-edit-mode');
// Clean up test data so each test does not impact the next. $block->delete();
if ($permissions) {
user_role_revoke_permissions(Role::AUTHENTICATED_ID, $permissions);
}
}
/** * Creates tests for ::testBlocks(). */
public function getBlockTests() {
$blocks = [];
foreach ($this->getTestThemes() as $theme) {
$blocks += [
"$theme: block-powered" => [
$this->getSession()->wait(100);
$this->getSession()->getPage()->find('css', static::TOOLBAR_EDIT_LINK_SELECTOR)->mouseOver();
$this->assertEditModeDisabled();
$this->assertNotEmpty($web_assert->waitForElement('css', '#drupal-live-announce:contains(Exited edit mode)'));
$web_assert->assertNoElementAfterWait('css', '.contextual-toolbar-tab button:contains(Editing)');
$web_assert->elementAttributeNotContains('css', '.dialog-off-canvas-main-canvas', 'class', 'js-settings-tray-edit-mode');
// Clean up test data so each test does not impact the next. $block->delete();
if ($permissions) {
user_role_revoke_permissions(Role::AUTHENTICATED_ID, $permissions);
}
}
/** * Creates tests for ::testBlocks(). */
public function getBlockTests() {
$blocks = [];
foreach ($this->getTestThemes() as $theme) {
$blocks += [
"$theme: block-powered" => [
$body = 'comment body with skip comment approval';
$edit['subject[0][value]'] = $title;
$edit['comment_body[0][value]'] = $body;
$this->drupalGet($this->node->toUrl());
$this->submitForm($edit, 'Preview');
// Cannot use assertRaw here since both title and body are in the form. $preview = (string) $this->cssSelect('[data-drupal-selector="edit-comment-preview"]')[0]->getHtml();
$this->assertStringContainsString($title, $preview, 'Anonymous user can preview comment title.');
$this->assertStringContainsString($body, $preview, 'Anonymous user can preview comment body.');
// Preview comments (without `skip comment approval` permission). user_role_revoke_permissions(RoleInterface::ANONYMOUS_ID, ['skip comment approval']);
$edit = [];
$title = 'comment title without skip comment approval';
$body = 'comment body without skip comment approval';
$edit['subject[0][value]'] = $title;
$edit['comment_body[0][value]'] = $body;
$this->drupalGet($this->node->toUrl());
$this->submitForm($edit, 'Preview');
// Cannot use assertRaw here since both title and body are in the form. $preview = (string) $this->cssSelect('[data-drupal-selector="edit-comment-preview"]')[0]->getHtml();
$this->assertStringContainsString($title, $preview, 'Anonymous user can preview comment title.');
$this->assertStringContainsString($body, $preview, 'Anonymous user can preview comment body.');
$edit['subject[0][value]'] = $title;
$edit['comment_body[0][value]'] = $body;
$this->drupalGet($this->node->toUrl());
$this->submitForm($edit, 'Preview');
// Cannot use assertRaw here since both title and body are in the form. $preview = (string) $this->cssSelect('[data-drupal-selector="edit-comment-preview"]')[0]->getHtml();
$this->assertStringContainsString($title, $preview, 'Anonymous user can preview comment title.');
$this->assertStringContainsString($body, $preview, 'Anonymous user can preview comment body.');
// Preview comments (without `skip comment approval` permission). user_role_revoke_permissions(RoleInterface::ANONYMOUS_ID, ['skip comment approval']);
$edit = [];
$title = 'comment title without skip comment approval';
$body = 'comment body without skip comment approval';
$edit['subject[0][value]'] = $title;
$edit['comment_body[0][value]'] = $body;
$this->drupalGet($this->node->toUrl());
$this->submitForm($edit, 'Preview');
// Cannot use assertRaw here since both title and body are in the form. $preview = (string) $this->cssSelect('[data-drupal-selector="edit-comment-preview"]')[0]->getHtml();
$this->assertStringContainsString($title, $preview, 'Anonymous user can preview comment title.');
$this->assertStringContainsString($body, $preview, 'Anonymous user can preview comment body.');