function NodeTest::testCollectionFilterAccess
Same name in other branches
- 8.9.x core/modules/jsonapi/tests/src/Functional/NodeTest.php \Drupal\Tests\jsonapi\Functional\NodeTest::testCollectionFilterAccess()
- 10 core/modules/jsonapi/tests/src/Functional/NodeTest.php \Drupal\Tests\jsonapi\Functional\NodeTest::testCollectionFilterAccess()
- 11.x core/modules/jsonapi/tests/src/Functional/NodeTest.php \Drupal\Tests\jsonapi\Functional\NodeTest::testCollectionFilterAccess()
File
-
core/
modules/ jsonapi/ tests/ src/ Functional/ NodeTest.php, line 490
Class
- NodeTest
- JSON:API integration test for the "Node" content entity type.
Namespace
Drupal\Tests\jsonapi\FunctionalCode
public function testCollectionFilterAccess() {
$label_field_name = 'title';
$this->doTestCollectionFilterAccessForPublishableEntities($label_field_name, 'access content', 'bypass node access');
$collection_url = Url::fromRoute('jsonapi.entity_test--bar.collection');
$collection_filter_url = $collection_url->setOption('query', [
"filter[spotlight.{$label_field_name}]" => $this->entity
->label(),
]);
$request_options = [];
$request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
$request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions());
$this->revokePermissionsFromTestedRole([
'bypass node access',
]);
// 0 results because the node is unpublished.
$response = $this->request('GET', $collection_filter_url, $request_options);
$doc = Json::decode((string) $response->getBody());
$this->assertCount(0, $doc['data']);
$this->grantPermissionsToTestedRole([
'view own unpublished content',
]);
// 1 result because the current user is the owner of the unpublished node.
$response = $this->request('GET', $collection_filter_url, $request_options);
$doc = Json::decode((string) $response->getBody());
$this->assertCount(1, $doc['data']);
$this->entity
->setOwnerId(0)
->save();
// 0 results because the current user is no longer the owner.
$response = $this->request('GET', $collection_filter_url, $request_options);
$doc = Json::decode((string) $response->getBody());
$this->assertCount(0, $doc['data']);
// Assert bubbling of cacheability from query alter hook.
$this->assertTrue($this->container
->get('module_installer')
->install([
'node_access_test',
], TRUE), 'Installed modules.');
node_access_rebuild();
$this->rebuildAll();
$response = $this->request('GET', $collection_filter_url, $request_options);
$this->assertContains('user.node_grants:view', explode(' ', $response->getHeader('X-Drupal-Cache-Contexts')[0]));
}
Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.