function FilterFormatAccessTest::testFormatWidgetPermissions

Same name and namespace in other branches
  1. 9 core/modules/filter/tests/src/Functional/FilterFormatAccessTest.php \Drupal\Tests\filter\Functional\FilterFormatAccessTest::testFormatWidgetPermissions()
  2. 10 core/modules/filter/tests/src/Functional/FilterFormatAccessTest.php \Drupal\Tests\filter\Functional\FilterFormatAccessTest::testFormatWidgetPermissions()
  3. 11.x core/modules/filter/tests/src/Functional/FilterFormatAccessTest.php \Drupal\Tests\filter\Functional\FilterFormatAccessTest::testFormatWidgetPermissions()

Tests editing a page using a disallowed text format.

Verifies that regular users and administrators are able to edit a page, but not allowed to change the fields which use an inaccessible text format. Also verifies that fields which use a text format that does not exist can be edited by administrators only, but that the administrator is forced to choose a new format before saving the page.

File

core/modules/filter/tests/src/Functional/FilterFormatAccessTest.php, line 219

Class

FilterFormatAccessTest
Tests access to text formats.

Namespace

Drupal\Tests\filter\Functional

Code

public function testFormatWidgetPermissions() {
    $body_value_key = 'body[0][value]';
    $body_format_key = 'body[0][format]';
    // Create node to edit.
    $this->drupalLogin($this->adminUser);
    $edit = [];
    $edit['title[0][value]'] = $this->randomMachineName(8);
    $edit[$body_value_key] = $this->randomMachineName(16);
    $edit[$body_format_key] = $this->disallowedFormat
        ->id();
    $this->drupalPostForm('node/add/page', $edit, t('Save'));
    $node = $this->drupalGetNodeByTitle($edit['title[0][value]']);
    // Try to edit with a less privileged user.
    $this->drupalLogin($this->webUser);
    $this->drupalGet('node/' . $node->id());
    $this->clickLink(t('Edit'));
    // Verify that body field is read-only and contains replacement value.
    $this->assertFieldByXPath("//textarea[@name='{$body_value_key}' and @disabled='disabled']", t('This field has been disabled because you do not have sufficient permissions to edit it.'), 'Text format access denied message found.');
    // Verify that title can be changed, but preview displays original body.
    $new_edit = [];
    $new_edit['title[0][value]'] = $this->randomMachineName(8);
    $this->drupalPostForm(NULL, $new_edit, t('Preview'));
    $this->assertText($edit[$body_value_key], 'Old body found in preview.');
    // Save and verify that only the title was changed.
    $this->drupalPostForm('node/' . $node->id() . '/edit', $new_edit, t('Save'));
    $this->assertNoText($edit['title[0][value]'], 'Old title not found.');
    $this->assertText($new_edit['title[0][value]'], 'New title found.');
    $this->assertText($edit[$body_value_key], 'Old body found.');
    // Check that even an administrator with "administer filters" permission
    // cannot edit the body field if they do not have specific permission to
    // use its stored format. (This must be disallowed so that the
    // administrator is never forced to switch the text format to something
    // else.)
    $this->drupalLogin($this->filterAdminUser);
    $this->drupalGet('node/' . $node->id() . '/edit');
    $this->assertFieldByXPath("//textarea[@name='{$body_value_key}' and @disabled='disabled']", t('This field has been disabled because you do not have sufficient permissions to edit it.'), 'Text format access denied message found.');
    // Disable the text format used above.
    $this->disallowedFormat
        ->disable()
        ->save();
    $this->resetFilterCaches();
    // Log back in as the less privileged user and verify that the body field
    // is still disabled, since the less privileged user should not be able to
    // edit content that does not have an assigned format.
    $this->drupalLogin($this->webUser);
    $this->drupalGet('node/' . $node->id() . '/edit');
    $this->assertFieldByXPath("//textarea[@name='{$body_value_key}' and @disabled='disabled']", t('This field has been disabled because you do not have sufficient permissions to edit it.'), 'Text format access denied message found.');
    // Log back in as the filter administrator and verify that the body field
    // can be edited.
    $this->drupalLogin($this->filterAdminUser);
    $this->drupalGet('node/' . $node->id() . '/edit');
    $this->assertNoFieldByXPath("//textarea[@name='{$body_value_key}' and @disabled='disabled']", NULL, 'Text format access denied message not found.');
    $this->assertFieldByXPath("//select[@name='{$body_format_key}']", NULL, 'Text format selector found.');
    // Verify that trying to save the node without selecting a new text format
    // produces an error message, and does not result in the node being saved.
    $old_title = $new_edit['title[0][value]'];
    $new_title = $this->randomMachineName(8);
    $edit = [];
    $edit['title[0][value]'] = $new_title;
    $this->drupalPostForm('node/' . $node->id() . '/edit', $edit, t('Save'));
    $this->assertText(t('@name field is required.', [
        '@name' => t('Text format'),
    ]), 'Error message is displayed.');
    $this->drupalGet('node/' . $node->id());
    $this->assertText($old_title, 'Old title found.');
    $this->assertNoText($new_title, 'New title not found.');
    // Now select a new text format and make sure the node can be saved.
    $edit[$body_format_key] = filter_fallback_format();
    $this->drupalPostForm('node/' . $node->id() . '/edit', $edit, t('Save'));
    $this->assertUrl('node/' . $node->id());
    $this->assertText($new_title, 'New title found.');
    $this->assertNoText($old_title, 'Old title not found.');
    // Switch the text format to a new one, then disable that format and all
    // other formats on the site (leaving only the fallback format).
    $this->drupalLogin($this->adminUser);
    $edit = [
        $body_format_key => $this->allowedFormat
            ->id(),
    ];
    $this->drupalPostForm('node/' . $node->id() . '/edit', $edit, t('Save'));
    $this->assertUrl('node/' . $node->id());
    foreach (filter_formats() as $format) {
        if (!$format->isFallbackFormat()) {
            $format->disable()
                ->save();
        }
    }
    // Since there is now only one available text format, the widget for
    // selecting a text format would normally not display when the content is
    // edited. However, we need to verify that the filter administrator still
    // is forced to make a conscious choice to reassign the text to a different
    // format.
    $this->drupalLogin($this->filterAdminUser);
    $old_title = $new_title;
    $new_title = $this->randomMachineName(8);
    $edit = [];
    $edit['title[0][value]'] = $new_title;
    $this->drupalPostForm('node/' . $node->id() . '/edit', $edit, t('Save'));
    $this->assertText(t('@name field is required.', [
        '@name' => t('Text format'),
    ]), 'Error message is displayed.');
    $this->drupalGet('node/' . $node->id());
    $this->assertText($old_title, 'Old title found.');
    $this->assertNoText($new_title, 'New title not found.');
    $edit[$body_format_key] = filter_fallback_format();
    $this->drupalPostForm('node/' . $node->id() . '/edit', $edit, t('Save'));
    $this->assertUrl('node/' . $node->id());
    $this->assertText($new_title, 'New title found.');
    $this->assertNoText($old_title, 'Old title not found.');
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.