class AccessTest
Same name in this branch
- 11.x core/modules/views/tests/src/Functional/Plugin/AccessTest.php \Drupal\Tests\views\Functional\Plugin\AccessTest
Same name in other branches
- 9 core/modules/file/tests/src/Kernel/AccessTest.php \Drupal\Tests\file\Kernel\AccessTest
- 9 core/modules/views/tests/src/Functional/Plugin/AccessTest.php \Drupal\Tests\views\Functional\Plugin\AccessTest
- 8.9.x core/modules/file/tests/src/Kernel/AccessTest.php \Drupal\Tests\file\Kernel\AccessTest
- 8.9.x core/modules/views/tests/src/Functional/Plugin/AccessTest.php \Drupal\Tests\views\Functional\Plugin\AccessTest
- 10 core/modules/file/tests/src/Kernel/AccessTest.php \Drupal\Tests\file\Kernel\AccessTest
- 10 core/modules/views/tests/src/Functional/Plugin/AccessTest.php \Drupal\Tests\views\Functional\Plugin\AccessTest
Tests for the File access control.
@group file
Hierarchy
- class \Drupal\KernelTests\KernelTestBase extends \PHPUnit\Framework\TestCase implements \Drupal\Core\DependencyInjection\ServiceProviderInterface uses \Drupal\KernelTests\AssertContentTrait, \Drupal\Tests\RandomGeneratorTrait, \Drupal\Tests\ConfigTestTrait, \Drupal\Tests\ExtensionListTestTrait, \Drupal\Tests\TestRequirementsTrait, \Drupal\Tests\PhpUnitCompatibilityTrait, \Prophecy\PhpUnit\ProphecyTrait, \Drupal\TestTools\Extension\DeprecationBridge\ExpectDeprecationTrait
- class \Drupal\Tests\file\Kernel\AccessTest extends \Drupal\KernelTests\KernelTestBase uses \Drupal\Tests\user\Traits\UserCreationTrait, \Drupal\Tests\TestFileCreationTrait
Expanded class hierarchy of AccessTest
File
-
core/
modules/ file/ tests/ src/ Kernel/ AccessTest.php, line 18
Namespace
Drupal\Tests\file\KernelView source
class AccessTest extends KernelTestBase {
use UserCreationTrait;
use TestFileCreationTrait;
/**
* {@inheritdoc}
*/
protected static $modules = [
'file',
'system',
'user',
];
/**
* {@inheritdoc}
*/
protected function setUp() : void {
parent::setUp();
$this->installEntitySchema('file');
$this->installEntitySchema('user');
$this->installSchema('file', [
'file_usage',
]);
}
/**
* Tests 'update' and 'delete' access to file entities.
*/
public function testFileAccess() : void {
// Create a user so the tested users do not have the magic ID of user 1.
$this->createUser();
$user_any = $this->createUser([
'delete any file',
]);
$this->assertGreaterThan(1, (int) $user_any->id());
$user_own = $this->createUser([
'delete own files',
]);
$test_files = $this->getTestFiles('text');
$file1 = File::create((array) $test_files[0]);
$file1->set('uid', $user_any->id());
$file1->save();
$file2 = File::create((array) $test_files[1]);
$file2->set('uid', $user_own->id());
$file2->save();
// User with "* any file" permissions should delete all files and update
// their own.
$this->assertTrue($file1->access('delete', $user_any));
$this->assertTrue($file1->access('update', $user_any));
$this->assertTrue($file2->access('delete', $user_any));
$this->assertFalse($file2->access('update', $user_any));
// User with "* own files" permissions should access only own files.
$this->assertFalse($file1->access('delete', $user_own));
$this->assertFalse($file1->access('update', $user_own));
$this->assertTrue($file2->access('delete', $user_own));
$this->assertTrue($file2->access('update', $user_own));
// Ensure cacheability metadata is correct.
/** @var \Drupal\Core\Access\AccessResult $access */
$access = $file2->access('delete', $user_any, TRUE);
$this->assertSame([
'user.permissions',
], $access->getCacheContexts());
$this->assertSame([], $access->getCacheTags());
/** @var \Drupal\Core\Access\AccessResult $access */
$access = $file2->access('delete', $user_own, TRUE);
$this->assertSame([
'user.permissions',
'user',
], $access->getCacheContexts());
$this->assertSame([
'file:2',
], $access->getCacheTags());
/** @var \Drupal\Core\Access\AccessResult $access */
$access = $file2->access('update', $user_any, TRUE);
$this->assertSame([], $access->getCacheContexts());
$this->assertSame([], $access->getCacheTags());
/** @var \Drupal\Core\Access\AccessResult $access */
$access = $file2->access('update', $user_own, TRUE);
$this->assertSame([], $access->getCacheContexts());
$this->assertSame([], $access->getCacheTags());
// User without permissions should not be able to delete files even if they
// are the owner.
$user_none = $this->createUser();
$file3 = File::create([
'uid' => $user_none->id(),
'filename' => 'druplicon.txt',
'filemime' => 'text/plain',
]);
$this->assertFalse($file3->access('delete', $user_none));
$this->assertTrue($file3->access('update', $user_none));
// Create a file with no user entity.
$file4 = File::create([
'filename' => 'druplicon.txt',
'filemime' => 'text/plain',
]);
$this->assertFalse($file4->access('delete', $user_own));
$this->assertFalse($file4->access('update', $user_own));
$this->assertTrue($file4->access('delete', $user_any));
$this->assertFalse($file4->access('update', $user_any));
}
/**
* Tests file entity field access.
*
* @see \Drupal\file\FileAccessControlHandler::checkFieldAccess()
*/
public function testCheckFieldAccess() : void {
$this->setUpCurrentUser();
/** @var \Drupal\file\FileInterface $file */
$file = File::create([
'uri' => 'public://test.png',
]);
// While creating a file entity access will be allowed for create-only
// fields.
$this->assertTrue($file->get('uri')
->access('edit'));
$this->assertTrue($file->get('filemime')
->access('edit'));
$this->assertTrue($file->get('filesize')
->access('edit'));
// Access to the status field is denied whilst creating a file entity.
$this->assertFalse($file->get('status')
->access('edit'));
$file->save();
// After saving the entity is no longer new and, therefore, access to
// create-only fields and the status field will be denied.
$this->assertFalse($file->get('uri')
->access('edit'));
$this->assertFalse($file->get('filemime')
->access('edit'));
$this->assertFalse($file->get('filesize')
->access('edit'));
$this->assertFalse($file->get('status')
->access('edit'));
}
/**
* Tests create access is always denied even for user 1.
*
* @see \Drupal\file\FileAccessControlHandler::checkCreateAccess()
*/
public function testCreateAccess() : void {
$user1 = $this->createUser([
'delete own files',
]);
$this->assertSame('1', $user1->id());
$file = File::create([
'uid' => $user1->id(),
'filename' => 'druplicon.txt',
'filemime' => 'text/plain',
]);
$this->assertFalse($file->access('create'));
\Drupal::currentUser()->setAccount($user1);
$this->assertFalse($file->access('create'));
}
/**
* Tests cacheability metadata.
*/
public function testFileCacheability() : void {
$file = File::create([
'filename' => 'green-scarf',
'uri' => 'private://green-scarf',
'filemime' => 'text/plain',
]);
$file->setPermanent();
$file->save();
\Drupal::service('session')->set('anonymous_allowed_file_ids', [
$file->id() => $file->id(),
]);
$account = User::getAnonymousUser();
$file->setOwnerId($account->id())
->save();
$this->assertSame([
'session',
'user',
], $file->access('view', $account, TRUE)
->getCacheContexts());
$this->assertSame([
'session',
'user',
], $file->access('download', $account, TRUE)
->getCacheContexts());
$account = $this->createUser();
$file->setOwnerId($account->id())
->save();
$this->assertSame([
'user',
], $file->access('view', $account, TRUE)
->getCacheContexts());
$this->assertSame([
'user',
], $file->access('download', $account, TRUE)
->getCacheContexts());
}
}
Members
Title Sort descending | Modifiers | Object type | Summary | Overriden Title | Overrides |
---|---|---|---|---|---|
AccessTest::$modules | protected static | property | Modules to install. | Overrides KernelTestBase::$modules | |
AccessTest::setUp | protected | function | Overrides KernelTestBase::setUp | ||
AccessTest::testCheckFieldAccess | public | function | Tests file entity field access. | ||
AccessTest::testCreateAccess | public | function | Tests create access is always denied even for user 1. | ||
AccessTest::testFileAccess | public | function | Tests 'update' and 'delete' access to file entities. | ||
AccessTest::testFileCacheability | public | function | Tests cacheability metadata. | ||
AssertContentTrait::$content | protected | property | The current raw content. | ||
AssertContentTrait::$drupalSettings | protected | property | The drupalSettings value from the current raw $content. | ||
AssertContentTrait::$elements | protected | property | The XML structure parsed from the current raw $content. | 1 | |
AssertContentTrait::$plainTextContent | protected | property | The plain-text content of raw $content (text nodes). | ||
AssertContentTrait::assertEscaped | protected | function | Passes if the raw text IS found escaped on the loaded page, fail otherwise. | ||
AssertContentTrait::assertField | protected | function | Asserts that a field exists with the given name or ID. | ||
AssertContentTrait::assertFieldById | protected | function | Asserts that a field exists with the given ID and value. | ||
AssertContentTrait::assertFieldByName | protected | function | Asserts that a field exists with the given name and value. | ||
AssertContentTrait::assertFieldByXPath | protected | function | Asserts that a field exists in the current page by the given XPath. | ||
AssertContentTrait::assertFieldChecked | protected | function | Asserts that a checkbox field in the current page is checked. | ||
AssertContentTrait::assertFieldsByValue | protected | function | Asserts that a field exists in the current page with a given Xpath result. | ||
AssertContentTrait::assertLink | protected | function | Passes if a link with the specified label is found. | ||
AssertContentTrait::assertLinkByHref | protected | function | Passes if a link containing a given href (part) is found. | ||
AssertContentTrait::assertNoDuplicateIds | protected | function | Asserts that each HTML ID is used for just a single element. | ||
AssertContentTrait::assertNoEscaped | protected | function | Passes if raw text IS NOT found escaped on loaded page, fail otherwise. | ||
AssertContentTrait::assertNoField | protected | function | Asserts that a field does not exist with the given name or ID. | ||
AssertContentTrait::assertNoFieldById | protected | function | Asserts that a field does not exist with the given ID and value. | ||
AssertContentTrait::assertNoFieldByName | protected | function | Asserts that a field does not exist with the given name and value. | ||
AssertContentTrait::assertNoFieldByXPath | protected | function | Asserts that a field does not exist or its value does not match, by XPath. | ||
AssertContentTrait::assertNoFieldChecked | protected | function | Asserts that a checkbox field in the current page is not checked. | ||
AssertContentTrait::assertNoLink | protected | function | Passes if a link with the specified label is not found. | ||
AssertContentTrait::assertNoLinkByHref | protected | function | Passes if a link containing a given href (part) is not found. | ||
AssertContentTrait::assertNoLinkByHrefInMainRegion | protected | function | Passes if a link containing a given href is not found in the main region. | ||
AssertContentTrait::assertNoOption | protected | function | Asserts that a select option in the current page does not exist. | ||
AssertContentTrait::assertNoOptionSelected | protected | function | Asserts that a select option in the current page is not checked. | ||
AssertContentTrait::assertNoPattern | protected | function | Triggers a pass if the perl regex pattern is not found in raw content. | ||
AssertContentTrait::assertNoRaw | protected | function | Passes if the raw text is NOT found on the loaded page, fail otherwise. | ||
AssertContentTrait::assertNoText | protected | function | Passes if the page (with HTML stripped) does not contains the text. | ||
AssertContentTrait::assertNoTitle | protected | function | Pass if the page title is not the given string. | ||
AssertContentTrait::assertNoUniqueText | protected | function | Passes if the text is found MORE THAN ONCE on the text version of the page. | ||
AssertContentTrait::assertOption | protected | function | Asserts that a select option in the current page exists. | ||
AssertContentTrait::assertOptionByText | protected | function | Asserts that a select option with the visible text exists. | ||
AssertContentTrait::assertOptionSelected | protected | function | Asserts that a select option in the current page is checked. | ||
AssertContentTrait::assertOptionSelectedWithDrupalSelector | protected | function | Asserts that a select option in the current page is checked. | ||
AssertContentTrait::assertOptionWithDrupalSelector | protected | function | Asserts that a select option in the current page exists. | ||
AssertContentTrait::assertPattern | protected | function | Triggers a pass if the Perl regex pattern is found in the raw content. | ||
AssertContentTrait::assertRaw | protected | function | Passes if the raw text IS found on the loaded page, fail otherwise. | ||
AssertContentTrait::assertText | protected | function | Passes if the page (with HTML stripped) contains the text. | ||
AssertContentTrait::assertTextHelper | protected | function | Helper for assertText and assertNoText. | ||
AssertContentTrait::assertTextPattern | protected | function | Asserts that a Perl regex pattern is found in the plain-text content. | ||
AssertContentTrait::assertThemeOutput | protected | function | Asserts themed output. | ||
AssertContentTrait::assertTitle | protected | function | Pass if the page title is the given string. | ||
AssertContentTrait::assertUniqueText | protected | function | Passes if the text is found ONLY ONCE on the text version of the page. | ||
AssertContentTrait::assertUniqueTextHelper | protected | function | Helper for assertUniqueText and assertNoUniqueText. | ||
AssertContentTrait::buildXPathQuery | protected | function | Builds an XPath query. | ||
AssertContentTrait::constructFieldXpath | protected | function | Helper: Constructs an XPath for the given set of attributes and value. | ||
AssertContentTrait::cssSelect | protected | function | Searches elements using a CSS selector in the raw content. | ||
AssertContentTrait::getAllOptions | protected | function | Get all option elements, including nested options, in a select. | ||
AssertContentTrait::getDrupalSettings | protected | function | Gets the value of drupalSettings for the currently-loaded page. | ||
AssertContentTrait::getRawContent | protected | function | Gets the current raw content. | ||
AssertContentTrait::getSelectedItem | protected | function | Get the selected value from a select field. | ||
AssertContentTrait::getTextContent | protected | function | Retrieves the plain-text content from the current raw content. | ||
AssertContentTrait::parse | protected | function | Parse content returned from curlExec using DOM and SimpleXML. | ||
AssertContentTrait::removeWhiteSpace | protected | function | Removes all white-space between HTML tags from the raw content. | ||
AssertContentTrait::setDrupalSettings | protected | function | Sets the value of drupalSettings for the currently-loaded page. | ||
AssertContentTrait::setRawContent | protected | function | Sets the raw content (e.g. HTML). | ||
AssertContentTrait::xpath | protected | function | Performs an xpath search on the contents of the internal browser. | ||
ConfigTestTrait::configImporter | protected | function | Returns a ConfigImporter object to import test configuration. | ||
ConfigTestTrait::copyConfig | protected | function | Copies configuration objects from source storage to target storage. | ||
ExpectDeprecationTrait::expectDeprecation | public | function | Adds an expected deprecation. | ||
ExpectDeprecationTrait::getCallableName | private static | function | Returns a callable as a string suitable for inclusion in a message. | ||
ExpectDeprecationTrait::setUpErrorHandler | public | function | Sets up the test error handler. | ||
ExpectDeprecationTrait::tearDownErrorHandler | public | function | Tears down the test error handler. | ||
ExtensionListTestTrait::getModulePath | protected | function | Gets the path for the specified module. | ||
ExtensionListTestTrait::getThemePath | protected | function | Gets the path for the specified theme. | ||
KernelTestBase::$backupStaticAttributes | protected | property | Back up and restore static class properties that may be changed by tests. | ||
KernelTestBase::$backupStaticAttributesBlacklist | protected | property | Contains a few static class properties for performance. | ||
KernelTestBase::$classLoader | protected | property | |||
KernelTestBase::$configImporter | protected | property | @todo Move into Config test base class. | 6 | |
KernelTestBase::$configSchemaCheckerExclusions | protected static | property | An array of config object names that are excluded from schema checking. | 4 | |
KernelTestBase::$container | protected | property | |||
KernelTestBase::$databasePrefix | protected | property | |||
KernelTestBase::$keyValue | protected | property | The key_value service that must persist between container rebuilds. | ||
KernelTestBase::$root | protected | property | The app root. | ||
KernelTestBase::$siteDirectory | protected | property | |||
KernelTestBase::$strictConfigSchema | protected | property | Set to TRUE to strict check all configuration saved. | 9 | |
KernelTestBase::$usesSuperUserAccessPolicy | protected | property | Set to TRUE to make user 1 a super user. | 3 | |
KernelTestBase::$vfsRoot | protected | property | The virtual filesystem root directory. | ||
KernelTestBase::assertPostConditions | protected | function | 1 | ||
KernelTestBase::bootEnvironment | protected | function | Bootstraps a basic test environment. | ||
KernelTestBase::bootKernel | protected | function | Bootstraps a kernel for a test. | 1 | |
KernelTestBase::config | protected | function | Configuration accessor for tests. Returns non-overridden configuration. | ||
KernelTestBase::disableModules | protected | function | Disables modules for this test. | ||
KernelTestBase::enableModules | protected | function | Enables modules for this test. | 1 | |
KernelTestBase::getConfigSchemaExclusions | protected | function | Gets the config schema exclusions for this test. | ||
KernelTestBase::getDatabaseConnectionInfo | protected | function | Returns the Database connection info to be used for this test. | 2 | |
KernelTestBase::getDatabasePrefix | public | function | |||
KernelTestBase::getExtensionsForModules | private | function | Returns Extension objects for $modules to install. | ||
KernelTestBase::getModulesToEnable | private static | function | Returns the modules to install for this test. | ||
KernelTestBase::initFileCache | protected | function | Initializes the FileCache component. | ||
KernelTestBase::installConfig | protected | function | Installs default configuration for a given list of modules. | ||
KernelTestBase::installEntitySchema | protected | function | Installs the storage schema for a specific entity type. | ||
KernelTestBase::installSchema | protected | function | Installs database tables from a module schema definition. | ||
KernelTestBase::register | public | function | Registers test-specific services. | Overrides ServiceProviderInterface::register | 27 |
KernelTestBase::render | protected | function | Renders a render array. | 1 | |
KernelTestBase::setInstallProfile | protected | function | Sets the install profile and rebuilds the container to update it. | ||
KernelTestBase::setSetting | protected | function | Sets an in-memory Settings variable. | ||
KernelTestBase::setUpBeforeClass | public static | function | 1 | ||
KernelTestBase::setUpFilesystem | protected | function | Sets up the filesystem, so things like the file directory. | 2 | |
KernelTestBase::tearDown | protected | function | 7 | ||
KernelTestBase::tearDownCloseDatabaseConnection | public | function | Additional tear down method to close the connection at the end. | ||
KernelTestBase::vfsDump | protected | function | Dumps the current state of the virtual filesystem to STDOUT. | ||
KernelTestBase::__construct | public | function | |||
KernelTestBase::__sleep | public | function | Prevents serializing any properties. | ||
RandomGeneratorTrait::getRandomGenerator | protected | function | Gets the random generator for the utility methods. | ||
RandomGeneratorTrait::randomMachineName | protected | function | Generates a unique random string containing letters and numbers. | ||
RandomGeneratorTrait::randomObject | public | function | Generates a random PHP object. | ||
RandomGeneratorTrait::randomString | public | function | Generates a pseudo-random string of ASCII characters of codes 32 to 126. | ||
StorageCopyTrait::replaceStorageContents | protected static | function | Copy the configuration from one storage to another and remove stale items. | ||
TestFileCreationTrait::$generatedTestFiles | protected | property | Whether the files were copied to the test files directory. | ||
TestFileCreationTrait::compareFiles | protected | function | Compares two files based on size and file name. | ||
TestFileCreationTrait::generateFile | protected static | function | Generates a test file. | ||
TestFileCreationTrait::getTestFiles | protected | function | Gets a list of files that can be used in tests. | ||
TestRequirementsTrait::getDrupalRoot | protected static | function | Returns the Drupal root directory. | ||
UserCreationTrait::checkPermissions | protected | function | Checks whether a given list of permission names is valid. | ||
UserCreationTrait::createAdminRole | protected | function | Creates an administrative role. | ||
UserCreationTrait::createRole | protected | function | Creates a role with specified permissions. | ||
UserCreationTrait::createUser | protected | function | Create a user with a given set of permissions. | ||
UserCreationTrait::grantPermissions | protected | function | Grant permissions to a user role. | ||
UserCreationTrait::setCurrentUser | protected | function | Switch the current logged in user. | ||
UserCreationTrait::setUpCurrentUser | protected | function | Creates a random user account and sets it as current user. |
Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.