function FilterFormatAccessTest::testFormatWidgetPermissions
Same name in other branches
- 8.9.x core/modules/filter/tests/src/Functional/FilterFormatAccessTest.php \Drupal\Tests\filter\Functional\FilterFormatAccessTest::testFormatWidgetPermissions()
- 10 core/modules/filter/tests/src/Functional/FilterFormatAccessTest.php \Drupal\Tests\filter\Functional\FilterFormatAccessTest::testFormatWidgetPermissions()
- 11.x core/modules/filter/tests/src/Functional/FilterFormatAccessTest.php \Drupal\Tests\filter\Functional\FilterFormatAccessTest::testFormatWidgetPermissions()
Tests editing a page using a disallowed text format.
Verifies that regular users and administrators are able to edit a page, but not allowed to change the fields which use an inaccessible text format. Also verifies that fields which use a text format that does not exist can be edited by administrators only, but that the administrator is forced to choose a new format before saving the page.
File
-
core/
modules/ filter/ tests/ src/ Functional/ FilterFormatAccessTest.php, line 215
Class
- FilterFormatAccessTest
- Tests access to text formats.
Namespace
Drupal\Tests\filter\FunctionalCode
public function testFormatWidgetPermissions() {
$body_value_key = 'body[0][value]';
$body_format_key = 'body[0][format]';
// Create node to edit.
$this->drupalLogin($this->adminUser);
$edit = [];
$edit['title[0][value]'] = $this->randomMachineName(8);
$edit[$body_value_key] = $this->randomMachineName(16);
$edit[$body_format_key] = $this->disallowedFormat
->id();
$this->drupalGet('node/add/page');
$this->submitForm($edit, 'Save');
$node = $this->drupalGetNodeByTitle($edit['title[0][value]']);
// Try to edit with a less privileged user.
$this->drupalLogin($this->webUser);
$this->drupalGet('node/' . $node->id());
$this->clickLink('Edit');
// Verify that body field is read-only and contains replacement value.
$this->assertSession()
->fieldDisabled($body_value_key);
$this->assertSession()
->fieldValueEquals($body_value_key, 'This field has been disabled because you do not have sufficient permissions to edit it.');
// Verify that title can be changed, but preview displays original body.
$new_edit = [];
$new_edit['title[0][value]'] = $this->randomMachineName(8);
$this->submitForm($new_edit, 'Preview');
$this->assertSession()
->pageTextContains($edit[$body_value_key]);
// Save and verify that only the title was changed.
$this->drupalGet('node/' . $node->id() . '/edit');
$this->submitForm($new_edit, 'Save');
$this->assertSession()
->pageTextNotContains($edit['title[0][value]']);
$this->assertSession()
->pageTextContains($new_edit['title[0][value]']);
$this->assertSession()
->pageTextContains($edit[$body_value_key]);
// Check that even an administrator with "administer filters" permission
// cannot edit the body field if they do not have specific permission to
// use its stored format. (This must be disallowed so that the
// administrator is never forced to switch the text format to something
// else.)
$this->drupalLogin($this->filterAdminUser);
$this->drupalGet('node/' . $node->id() . '/edit');
$this->assertSession()
->fieldDisabled($body_value_key);
$this->assertSession()
->fieldValueEquals($body_value_key, 'This field has been disabled because you do not have sufficient permissions to edit it.');
// Disable the text format used above.
$this->disallowedFormat
->disable()
->save();
$this->resetFilterCaches();
// Log back in as the less privileged user and verify that the body field
// is still disabled, since the less privileged user should not be able to
// edit content that does not have an assigned format.
$this->drupalLogin($this->webUser);
$this->drupalGet('node/' . $node->id() . '/edit');
$this->assertSession()
->fieldDisabled($body_value_key);
$this->assertSession()
->fieldValueEquals($body_value_key, 'This field has been disabled because you do not have sufficient permissions to edit it.');
// Log back in as the filter administrator and verify that the body field
// can be edited.
$this->drupalLogin($this->filterAdminUser);
$this->drupalGet('node/' . $node->id() . '/edit');
$this->assertSession()
->fieldEnabled($body_value_key);
$this->assertSession()
->fieldExists($body_format_key);
// Verify that trying to save the node without selecting a new text format
// produces an error message, and does not result in the node being saved.
$old_title = $new_edit['title[0][value]'];
$new_title = $this->randomMachineName(8);
$edit = [];
$edit['title[0][value]'] = $new_title;
$this->drupalGet('node/' . $node->id() . '/edit');
$this->submitForm($edit, 'Save');
$this->assertSession()
->statusMessageContains('Text format field is required.', 'error');
$this->drupalGet('node/' . $node->id());
$this->assertSession()
->pageTextContains($old_title);
$this->assertSession()
->pageTextNotContains($new_title);
// Now select a new text format and make sure the node can be saved.
$edit[$body_format_key] = filter_fallback_format();
$this->drupalGet('node/' . $node->id() . '/edit');
$this->submitForm($edit, 'Save');
$this->assertSession()
->addressEquals('node/' . $node->id());
$this->assertSession()
->pageTextContains($new_title);
$this->assertSession()
->pageTextNotContains($old_title);
// Switch the text format to a new one, then disable that format and all
// other formats on the site (leaving only the fallback format).
$this->drupalLogin($this->adminUser);
$edit = [
$body_format_key => $this->allowedFormat
->id(),
];
$this->drupalGet('node/' . $node->id() . '/edit');
$this->submitForm($edit, 'Save');
$this->assertSession()
->addressEquals('node/' . $node->id());
foreach (filter_formats() as $format) {
if (!$format->isFallbackFormat()) {
$format->disable()
->save();
}
}
// Since there is now only one available text format, the widget for
// selecting a text format would normally not display when the content is
// edited. However, we need to verify that the filter administrator still
// is forced to make a conscious choice to reassign the text to a different
// format.
$this->drupalLogin($this->filterAdminUser);
$old_title = $new_title;
$new_title = $this->randomMachineName(8);
$edit = [];
$edit['title[0][value]'] = $new_title;
$this->drupalGet('node/' . $node->id() . '/edit');
$this->submitForm($edit, 'Save');
$this->assertSession()
->statusMessageContains('Text format field is required.', 'error');
$this->drupalGet('node/' . $node->id());
$this->assertSession()
->pageTextContains($old_title);
$this->assertSession()
->pageTextNotContains($new_title);
$edit[$body_format_key] = filter_fallback_format();
$this->drupalGet('node/' . $node->id() . '/edit');
$this->submitForm($edit, 'Save');
$this->assertSession()
->addressEquals('node/' . $node->id());
$this->assertSession()
->pageTextContains($new_title);
$this->assertSession()
->pageTextNotContains($old_title);
}
Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.