function NodeTest::testCollectionFilterAccess

Same name and namespace in other branches
  1. 9 core/modules/jsonapi/tests/src/Functional/NodeTest.php \Drupal\Tests\jsonapi\Functional\NodeTest::testCollectionFilterAccess()
  2. 8.9.x core/modules/jsonapi/tests/src/Functional/NodeTest.php \Drupal\Tests\jsonapi\Functional\NodeTest::testCollectionFilterAccess()
  3. 10 core/modules/jsonapi/tests/src/Functional/NodeTest.php \Drupal\Tests\jsonapi\Functional\NodeTest::testCollectionFilterAccess()

File

core/modules/jsonapi/tests/src/Functional/NodeTest.php, line 498

Class

NodeTest
JSON:API integration test for the "Node" content entity type.

Namespace

Drupal\Tests\jsonapi\Functional

Code

public function testCollectionFilterAccess() : void {
  $label_field_name = 'title';
  $this->doTestCollectionFilterAccessForPublishableEntities($label_field_name, 'access content', 'bypass node access');
  $collection_url = Url::fromRoute('jsonapi.entity_test--bar.collection');
  $collection_filter_url = $collection_url->setOption('query', [
    "filter[spotlight.{$label_field_name}]" => $this->entity
      ->label(),
  ]);
  $request_options = [];
  $request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
  $request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions());
  $this->revokePermissionsFromTestedRole([
    'bypass node access',
  ]);
  // 0 results because the node is unpublished.
  $response = $this->request('GET', $collection_filter_url, $request_options);
  $doc = $this->getDocumentFromResponse($response);
  $this->assertCount(0, $doc['data']);
  $this->grantPermissionsToTestedRole([
    'view own unpublished content',
  ]);
  // 1 result because the current user is the owner of the unpublished node.
  $response = $this->request('GET', $collection_filter_url, $request_options);
  $doc = $this->getDocumentFromResponse($response);
  $this->assertCount(1, $doc['data']);
  $this->entity
    ->setOwnerId(0)
    ->save();
  // 0 results because the current user is no longer the owner.
  $response = $this->request('GET', $collection_filter_url, $request_options);
  $doc = $this->getDocumentFromResponse($response);
  $this->assertCount(0, $doc['data']);
  // Assert bubbling of cacheability from query alter hook.
  $this->assertTrue($this->container
    ->get('module_installer')
    ->install([
    'node_access_test',
  ], TRUE), 'Installed modules.');
  node_access_rebuild();
  $this->rebuildAll();
  $response = $this->request('GET', $collection_filter_url, $request_options);
  $this->assertContains('user.node_grants:view', explode(' ', $response->getHeader('X-Drupal-Cache-Contexts')[0]));
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.