function QuickEditIntegrationLoadingTest::testUsersWithoutPermission

Test loading of untransformed text when a user doesn't have access to it.

File

core/modules/editor/tests/src/Functional/QuickEditIntegrationLoadingTest.php, line 73

Class

QuickEditIntegrationLoadingTest
Tests Quick Edit module integration endpoints.

Namespace

Drupal\Tests\editor\Functional

Code

public function testUsersWithoutPermission() {
    // Create 3 users, each with insufficient permissions, i.e. without either
    // or both of the following permissions:
    // - the 'access in-place editing' permission
    // - the 'edit any article content' permission (necessary to edit node 1)
    $users = [
        $this->drupalCreateUser(static::$basicPermissions),
        $this->drupalCreateUser(array_merge(static::$basicPermissions, [
            'edit any article content',
        ])),
        $this->drupalCreateUser(array_merge(static::$basicPermissions, [
            'access in-place editing',
        ])),
    ];
    // Now test with each of the 3 users with insufficient permissions.
    foreach ($users as $user) {
        $this->drupalLogin($user);
        $this->drupalGet('node/1');
        // Ensure the text is transformed.
        $this->assertRaw('<p>Do you also love Drupal?</p><figure role="group" class="caption caption-img"><img src="druplicon.png" /><figcaption>Druplicon</figcaption></figure>');
        $client = $this->getHttpClient();
        // Retrieving the untransformed text should result in an 403 response and
        // return a different error message depending of the missing permission.
        $response = $client->post($this->buildUrl('editor/node/1/body/en/full'), [
            'query' => http_build_query([
                MainContentViewSubscriber::WRAPPER_FORMAT => 'drupal_ajax',
            ]),
            'cookies' => $this->getSessionCookies(),
            'headers' => [
                'Accept' => 'application/json',
                'Content-Type' => 'application/x-www-form-urlencoded',
            ],
            'http_errors' => FALSE,
        ]);
        $this->assertEquals(403, $response->getStatusCode());
        if (!$user->hasPermission('access in-place editing')) {
            $message = "The 'access in-place editing' permission is required.";
        }
        else {
            $message = "The 'edit any article content' permission is required.";
        }
        $body = Json::decode($response->getBody());
        $this->assertSame($message, $body['message']);
    }
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.