class UserTest

Same name in this branch
  1. 10 core/modules/user/tests/src/Unit/Plugin/Core/Entity/UserTest.php \Drupal\Tests\user\Unit\Plugin\Core\Entity\UserTest
  2. 10 core/modules/user/tests/src/Kernel/Plugin/migrate/source/d6/UserTest.php \Drupal\Tests\user\Kernel\Plugin\migrate\source\d6\UserTest
  3. 10 core/modules/user/tests/src/Kernel/Plugin/migrate/source/d7/UserTest.php \Drupal\Tests\user\Kernel\Plugin\migrate\source\d7\UserTest
Same name in other branches
  1. 9 core/modules/jsonapi/tests/src/Functional/UserTest.php \Drupal\Tests\jsonapi\Functional\UserTest
  2. 9 core/modules/user/tests/src/Unit/Plugin/Core/Entity/UserTest.php \Drupal\Tests\user\Unit\Plugin\Core\Entity\UserTest
  3. 9 core/modules/user/tests/src/Kernel/Plugin/migrate/source/d6/UserTest.php \Drupal\Tests\user\Kernel\Plugin\migrate\source\d6\UserTest
  4. 9 core/modules/user/tests/src/Kernel/Plugin/migrate/source/d7/UserTest.php \Drupal\Tests\user\Kernel\Plugin\migrate\source\d7\UserTest
  5. 8.9.x core/modules/jsonapi/tests/src/Functional/UserTest.php \Drupal\Tests\jsonapi\Functional\UserTest
  6. 8.9.x core/modules/user/tests/src/Unit/Plugin/Core/Entity/UserTest.php \Drupal\Tests\user\Unit\Plugin\Core\Entity\UserTest
  7. 8.9.x core/modules/user/tests/src/Kernel/Plugin/migrate/source/d6/UserTest.php \Drupal\Tests\user\Kernel\Plugin\migrate\source\d6\UserTest
  8. 8.9.x core/modules/user/tests/src/Kernel/Plugin/migrate/source/d7/UserTest.php \Drupal\Tests\user\Kernel\Plugin\migrate\source\d7\UserTest
  9. 11.x core/modules/jsonapi/tests/src/Functional/UserTest.php \Drupal\Tests\jsonapi\Functional\UserTest
  10. 11.x core/modules/user/tests/src/Unit/Plugin/Core/Entity/UserTest.php \Drupal\Tests\user\Unit\Plugin\Core\Entity\UserTest
  11. 11.x core/modules/user/tests/src/Kernel/Plugin/migrate/source/d6/UserTest.php \Drupal\Tests\user\Kernel\Plugin\migrate\source\d6\UserTest
  12. 11.x core/modules/user/tests/src/Kernel/Plugin/migrate/source/d7/UserTest.php \Drupal\Tests\user\Kernel\Plugin\migrate\source\d7\UserTest

JSON:API integration test for the "User" content entity type.

@group jsonapi @group #slow

Hierarchy

Expanded class hierarchy of UserTest

File

core/modules/jsonapi/tests/src/Functional/UserTest.php, line 24

Namespace

Drupal\Tests\jsonapi\Functional
View source
class UserTest extends ResourceTestBase {
    const BATCH_TEST_NODE_COUNT = 15;
    
    /**
     * {@inheritdoc}
     */
    protected static $modules = [
        'user',
        'jsonapi_test_user',
        'node',
    ];
    
    /**
     * {@inheritdoc}
     */
    protected $defaultTheme = 'stark';
    
    /**
     * {@inheritdoc}
     */
    protected static $entityTypeId = 'user';
    
    /**
     * {@inheritdoc}
     */
    protected static $resourceTypeName = 'user--user';
    
    /**
     * {@inheritdoc}
     */
    protected static $patchProtectedFieldNames = [
        'changed' => NULL,
    ];
    
    /**
     * {@inheritdoc}
     */
    protected static $anonymousUsersCanViewLabels = TRUE;
    
    /**
     * {@inheritdoc}
     *
     * @var \Drupal\taxonomy\TermInterface
     */
    protected $entity;
    
    /**
     * {@inheritdoc}
     */
    protected static $labelFieldName = 'display_name';
    
    /**
     * {@inheritdoc}
     */
    protected static $firstCreatedEntityId = 4;
    
    /**
     * {@inheritdoc}
     */
    protected static $secondCreatedEntityId = 5;
    
    /**
     * {@inheritdoc}
     */
    protected function setUpAuthorization($method) {
        // @todo Remove this in
        $this->grantPermissionsToTestedRole([
            'access content',
        ]);
        switch ($method) {
            case 'GET':
                $this->grantPermissionsToTestedRole([
                    'access user profiles',
                ]);
                break;
            case 'POST':
            case 'PATCH':
            case 'DELETE':
                $this->grantPermissionsToTestedRole([
                    'administer users',
                ]);
                break;
        }
    }
    
    /**
     * {@inheritdoc}
     */
    protected function createEntity() {
        // Create a "Llama" user.
        $user = User::create([
            'created' => 123456789,
        ]);
        $user->setUsername('Llama')
            ->setChangedTime(123456789)
            ->activate()
            ->save();
        return $user;
    }
    
    /**
     * {@inheritdoc}
     */
    protected function createAnotherEntity($key) {
        
        /** @var \Drupal\user\UserInterface $user */
        $user = $this->getEntityDuplicate($this->entity, $key);
        $user->setUsername($user->label() . '_' . $key);
        $user->setEmail("{$key}@example.com");
        $user->save();
        return $user;
    }
    
    /**
     * {@inheritdoc}
     */
    protected function doTestDeleteIndividual() : void {
        $this->config('user.settings')
            ->set('cancel_method', 'user_cancel_delete')
            ->save(TRUE);
        parent::doTestDeleteIndividual();
    }
    
    /**
     * {@inheritdoc}
     */
    protected function getExpectedDocument() {
        $self_url = Url::fromUri('base:/jsonapi/user/user/' . $this->entity
            ->uuid())
            ->setAbsolute()
            ->toString(TRUE)
            ->getGeneratedUrl();
        return [
            'jsonapi' => [
                'meta' => [
                    'links' => [
                        'self' => [
                            'href' => 'http://jsonapi.org/format/1.0/',
                        ],
                    ],
                ],
                'version' => '1.0',
            ],
            'links' => [
                'self' => [
                    'href' => $self_url,
                ],
            ],
            'data' => [
                'id' => $this->entity
                    ->uuid(),
                'type' => 'user--user',
                'links' => [
                    'self' => [
                        'href' => $self_url,
                    ],
                ],
                'attributes' => [
                    'display_name' => 'Llama',
                    'created' => '1973-11-29T21:33:09+00:00',
                    'changed' => (new \DateTime())->setTimestamp($this->entity
                        ->getChangedTime())
                        ->setTimezone(new \DateTimeZone('UTC'))
                        ->format(\DateTime::RFC3339),
                    'default_langcode' => TRUE,
                    'langcode' => 'en',
                    'name' => 'Llama',
                    'drupal_internal__uid' => 3,
                ],
            ],
        ];
    }
    
    /**
     * {@inheritdoc}
     */
    protected function getExpectedCacheContexts(?array $sparse_fieldset = NULL) {
        $cache_contexts = parent::getExpectedCacheContexts($sparse_fieldset);
        if ($sparse_fieldset === NULL || !empty(array_intersect([
            'mail',
            'display_name',
        ], $sparse_fieldset))) {
            $cache_contexts = Cache::mergeContexts($cache_contexts, [
                'user',
            ]);
        }
        return $cache_contexts;
    }
    
    /**
     * {@inheritdoc}
     */
    protected function getPostDocument() {
        return [
            'data' => [
                'type' => 'user--user',
                'attributes' => [
                    'name' => 'Drama llama',
                ],
            ],
        ];
    }
    
    /**
     * {@inheritdoc}
     */
    protected function getPatchDocument() {
        return [
            'data' => [
                'id' => $this->entity
                    ->uuid(),
                'type' => 'user--user',
                'attributes' => [
                    'name' => 'Drama llama 2',
                ],
            ],
        ];
    }
    
    /**
     * {@inheritdoc}
     */
    protected function getExpectedUnauthorizedAccessMessage($method) {
        switch ($method) {
            case 'GET':
                return "The 'access user profiles' permission is required and the user must be active.";
            case 'PATCH':
                return "Users can only update their own account, unless they have the 'administer users' permission.";
            case 'DELETE':
                return "The 'cancel account' permission is required.";
            default:
                return parent::getExpectedUnauthorizedAccessMessage($method);
        }
    }
    
    /**
     * Tests PATCHing security-sensitive base fields of the logged in account.
     */
    public function testPatchDxForSecuritySensitiveBaseFields() : void {
        // @todo Remove line below in favor of commented line in https://www.drupal.org/project/drupal/issues/2878463.
        $url = Url::fromRoute(sprintf('jsonapi.user--user.individual'), [
            'entity' => $this->account
                ->uuid(),
        ]);
        
        /* $url = $this->account->toUrl('jsonapi'); */
        // Since this test must be performed by the user that is being modified,
        // we must use $this->account, not $this->entity.
        $request_options = [];
        $request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
        $request_options[RequestOptions::HEADERS]['Content-Type'] = 'application/vnd.api+json';
        $request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions());
        $response = $this->request('GET', $url, $request_options);
        $original_normalization = $this->getDocumentFromResponse($response);
        // Test case 1: changing email.
        $normalization = $original_normalization;
        $normalization['data']['attributes']['mail'] = 'new-email@example.com';
        $request_options[RequestOptions::BODY] = Json::encode($normalization);
        // DX: 405 when read-only mode is enabled.
        $response = $this->request('PATCH', $url, $request_options);
        $this->assertResourceErrorResponse(405, sprintf("JSON:API is configured to accept only read operations. Site administrators can configure this at %s.", Url::fromUri('base:/admin/config/services/jsonapi')->setAbsolute()
            ->toString(TRUE)
            ->getGeneratedUrl()), $url, $response);
        $this->assertSame([
            'GET',
        ], $response->getHeader('Allow'));
        $this->config('jsonapi.settings')
            ->set('read_only', FALSE)
            ->save(TRUE);
        // DX: 422 when changing email without providing the password.
        $response = $this->request('PATCH', $url, $request_options);
        $this->assertResourceErrorResponse(422, 'mail: Your current password is missing or incorrect; it\'s required to change the Email.', NULL, $response, '/data/attributes/mail');
        $normalization['data']['attributes']['pass']['existing'] = 'wrong';
        $request_options[RequestOptions::BODY] = Json::encode($normalization);
        // DX: 422 when changing email while providing a wrong password.
        $response = $this->request('PATCH', $url, $request_options);
        $this->assertResourceErrorResponse(422, 'mail: Your current password is missing or incorrect; it\'s required to change the Email.', NULL, $response, '/data/attributes/mail');
        $normalization['data']['attributes']['pass']['existing'] = $this->account->passRaw;
        $request_options[RequestOptions::BODY] = Json::encode($normalization);
        // 200 for well-formed request.
        $response = $this->request('PATCH', $url, $request_options);
        $this->assertResourceResponse(200, FALSE, $response);
        // Test case 2: changing password.
        $normalization = $this->getDocumentFromResponse($response);
        $normalization['data']['attributes']['mail'] = 'new-email@example.com';
        $new_password = $this->randomString();
        $normalization['data']['attributes']['pass']['value'] = $new_password;
        $request_options[RequestOptions::BODY] = Json::encode($normalization);
        // DX: 422 when changing password without providing the current password.
        $response = $this->request('PATCH', $url, $request_options);
        $this->assertResourceErrorResponse(422, 'pass: Your current password is missing or incorrect; it\'s required to change the Password.', NULL, $response, '/data/attributes/pass');
        $normalization['data']['attributes']['pass']['existing'] = $this->account->passRaw;
        $request_options[RequestOptions::BODY] = Json::encode($normalization);
        // 200 for well-formed request.
        $response = $this->request('PATCH', $url, $request_options);
        $this->assertResourceResponse(200, FALSE, $response);
        // Verify that we can log in with the new password.
        $this->assertRpcLogin($this->account
            ->getAccountName(), $new_password);
        // Update password in $this->account, prepare for future requests.
        $this->account->passRaw = $new_password;
        $request_options = [];
        $request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
        $request_options[RequestOptions::HEADERS]['Content-Type'] = 'application/vnd.api+json';
        $request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions());
        // Test case 3: changing name.
        $normalization = $this->getDocumentFromResponse($response);
        $normalization['data']['attributes']['mail'] = 'new-email@example.com';
        $normalization['data']['attributes']['pass']['existing'] = $new_password;
        $normalization['data']['attributes']['name'] = 'Cooler Llama';
        $request_options[RequestOptions::BODY] = Json::encode($normalization);
        // DX: 403 when modifying username without required permission.
        $response = $this->request('PATCH', $url, $request_options);
        $this->assertResourceErrorResponse(403, 'The current user is not allowed to PATCH the selected field (name).', $url, $response, '/data/attributes/name');
        $this->grantPermissionsToTestedRole([
            'change own username',
        ]);
        // 200 for well-formed request.
        $response = $this->request('PATCH', $url, $request_options);
        $this->assertResourceResponse(200, FALSE, $response);
        // Verify that we can log in with the new username.
        $this->assertRpcLogin('Cooler Llama', $new_password);
    }
    
    /**
     * Verifies that logging in with the given username and password works.
     *
     * @param string $username
     *   The username to log in with.
     * @param string $password
     *   The password to log in with.
     *
     * @internal
     */
    protected function assertRpcLogin(string $username, string $password) : void {
        $request_body = [
            'name' => $username,
            'pass' => $password,
        ];
        $request_options = [
            RequestOptions::HEADERS => [],
            RequestOptions::BODY => Json::encode($request_body),
        ];
        $response = $this->request('POST', Url::fromRoute('user.login.http')->setRouteParameter('_format', 'json'), $request_options);
        $this->assertSame(200, $response->getStatusCode());
    }
    
    /**
     * Tests PATCHing security-sensitive base fields to change other users.
     */
    public function testPatchSecurityOtherUser() : void {
        // @todo Remove line below in favor of commented line in https://www.drupal.org/project/drupal/issues/2878463.
        $url = Url::fromRoute(sprintf('jsonapi.user--user.individual'), [
            'entity' => $this->account
                ->uuid(),
        ]);
        
        /* $url = $this->account->toUrl('jsonapi'); */
        $original_normalization = $this->normalize($this->account, $url);
        // Since this test must be performed by the user that is being modified,
        // we must use $this->account, not $this->entity.
        $request_options = [];
        $request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
        $request_options[RequestOptions::HEADERS]['Content-Type'] = 'application/vnd.api+json';
        $request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions());
        $normalization = $original_normalization;
        $normalization['data']['attributes']['mail'] = 'new-email@example.com';
        $request_options[RequestOptions::BODY] = Json::encode($normalization);
        // DX: 405 when read-only mode is enabled.
        $response = $this->request('PATCH', $url, $request_options);
        $this->assertResourceErrorResponse(405, sprintf("JSON:API is configured to accept only read operations. Site administrators can configure this at %s.", Url::fromUri('base:/admin/config/services/jsonapi')->setAbsolute()
            ->toString(TRUE)
            ->getGeneratedUrl()), $url, $response);
        $this->assertSame([
            'GET',
        ], $response->getHeader('Allow'));
        $this->config('jsonapi.settings')
            ->set('read_only', FALSE)
            ->save(TRUE);
        // Try changing user 1's email.
        $user1 = $original_normalization;
        $user1['data']['attributes']['mail'] = 'another_email_address@example.com';
        $user1['data']['attributes']['uid'] = 1;
        $user1['data']['attributes']['name'] = 'another_user_name';
        $user1['data']['attributes']['pass']['existing'] = $this->account->passRaw;
        $request_options[RequestOptions::BODY] = Json::encode($user1);
        $response = $this->request('PATCH', $url, $request_options);
        // Ensure the email address has not changed.
        $this->assertEquals('admin@example.com', $this->entityStorage
            ->loadUnchanged(1)
            ->getEmail());
        $this->assertResourceErrorResponse(403, 'The current user is not allowed to PATCH the selected field (uid). The entity ID cannot be changed.', $url, $response, '/data/attributes/uid');
    }
    
    /**
     * Tests GETting privacy-sensitive base fields.
     */
    public function testGetMailFieldOnlyVisibleToOwner() : void {
        // Create user B, with the same roles (and hence permissions) as user A.
        $user_a = $this->account;
        $pass = \Drupal::service('password_generator')->generate();
        $user_b = User::create([
            'name' => 'sibling-of-' . $user_a->getAccountName(),
            'mail' => 'sibling-of-' . $user_a->getAccountName() . '@example.com',
            'pass' => $pass,
            'status' => 1,
            'roles' => $user_a->getRoles(),
        ]);
        $user_b->save();
        $user_b->passRaw = $pass;
        // Grant permission to role that both users use.
        $this->grantPermissionsToTestedRole([
            'access user profiles',
        ]);
        $collection_url = Url::fromRoute('jsonapi.user--user.collection', [], [
            'query' => [
                'sort' => 'drupal_internal__uid',
            ],
        ]);
        // @todo Remove line below in favor of commented line in https://www.drupal.org/project/drupal/issues/2878463.
        $user_a_url = Url::fromRoute(sprintf('jsonapi.user--user.individual'), [
            'entity' => $user_a->uuid(),
        ]);
        
        /* $user_a_url = $user_a->toUrl('jsonapi'); */
        $request_options = [];
        $request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
        $request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions());
        // Viewing user A as user A: "mail" field is accessible.
        $response = $this->request('GET', $user_a_url, $request_options);
        $doc = $this->getDocumentFromResponse($response);
        $this->assertArrayHasKey('mail', $doc['data']['attributes']);
        // Also when looking at the collection.
        $response = $this->request('GET', $collection_url, $request_options);
        $doc = $this->getDocumentFromResponse($response);
        $this->assertSame($user_a->uuid(), $doc['data']['2']['id']);
        $this->assertArrayHasKey('mail', $doc['data'][2]['attributes'], "Own user--user resource's 'mail' field is visible.");
        $this->assertSame($user_b->uuid(), $doc['data'][count($doc['data']) - 1]['id']);
        $this->assertArrayNotHasKey('mail', $doc['data'][count($doc['data']) - 1]['attributes']);
        // Now request the same URLs, but as user B (same roles/permissions).
        $this->account = $user_b;
        $request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions());
        // Viewing user A as user B: "mail" field should be inaccessible.
        $response = $this->request('GET', $user_a_url, $request_options);
        $doc = $this->getDocumentFromResponse($response);
        $this->assertArrayNotHasKey('mail', $doc['data']['attributes']);
        // Also when looking at the collection.
        $response = $this->request('GET', $collection_url, $request_options);
        $doc = $this->getDocumentFromResponse($response);
        $this->assertSame($user_a->uuid(), $doc['data']['2']['id']);
        $this->assertArrayNotHasKey('mail', $doc['data'][2]['attributes']);
        $this->assertSame($user_b->uuid(), $doc['data'][count($doc['data']) - 1]['id']);
        $this->assertArrayHasKey('mail', $doc['data'][count($doc['data']) - 1]['attributes']);
        // Now grant permission to view user email addresses and verify.
        $this->grantPermissionsToTestedRole([
            'view user email addresses',
        ]);
        // Viewing user A as user B: "mail" field should be accessible.
        $response = $this->request('GET', $user_a_url, $request_options);
        $doc = $this->getDocumentFromResponse($response);
        $this->assertArrayHasKey('mail', $doc['data']['attributes']);
        // Also when looking at the collection.
        $response = $this->request('GET', $collection_url, $request_options);
        $doc = $this->getDocumentFromResponse($response);
        $this->assertSame($user_a->uuid(), $doc['data']['2']['id']);
        $this->assertArrayHasKey('mail', $doc['data'][2]['attributes']);
    }
    
    /**
     * Tests good error DX when trying to filter users by role.
     */
    public function testQueryInvolvingRoles() : void {
        $this->setUpAuthorization('GET');
        $collection_url = Url::fromRoute('jsonapi.user--user.collection', [], [
            'query' => [
                'filter[roles.id][value]' => 'e9b1de3f-9517-4c27-bef0-0301229de792',
            ],
        ]);
        $request_options = [];
        $request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
        $request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions());
        // The 'administer users' permission is required to filter by role entities.
        $this->grantPermissionsToTestedRole([
            'administer users',
        ]);
        $response = $this->request('GET', $collection_url, $request_options);
        $expected_cache_contexts = [
            'url.path',
            'url.query_args',
            'url.site',
        ];
        $this->assertResourceErrorResponse(400, "Filtering on config entities is not supported by Drupal's entity API. You tried to filter on a Role config entity.", $collection_url, $response, FALSE, [
            '4xx-response',
            'http_response',
        ], $expected_cache_contexts, FALSE, 'MISS');
    }
    
    /**
     * Tests that the collection contains the anonymous user.
     */
    public function testCollectionContainsAnonymousUser() : void {
        $url = Url::fromRoute('jsonapi.user--user.collection', [], [
            'query' => [
                'sort' => 'drupal_internal__uid',
            ],
        ]);
        $request_options = [];
        $request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
        $request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions());
        $response = $this->request('GET', $url, $request_options);
        $doc = $this->getDocumentFromResponse($response);
        $this->assertCount(4, $doc['data']);
        $this->assertSame(User::load(0)->uuid(), $doc['data'][0]['id']);
        $this->assertSame('User 0', $doc['data'][0]['attributes']['display_name']);
    }
    
    /**
     * {@inheritdoc}
     */
    public function testCollectionFilterAccess() : void {
        // Set up data model.
        $this->assertTrue($this->container
            ->get('module_installer')
            ->install([
            'node',
        ], TRUE), 'Installed modules.');
        FieldStorageConfig::create([
            'entity_type' => static::$entityTypeId,
            'field_name' => 'field_favorite_animal',
            'type' => 'string',
        ])->setCardinality(1)
            ->save();
        FieldConfig::create([
            'entity_type' => static::$entityTypeId,
            'field_name' => 'field_favorite_animal',
            'bundle' => 'user',
        ])->setLabel('Test field')
            ->setTranslatable(FALSE)
            ->save();
        $this->drupalCreateContentType([
            'type' => 'x',
        ]);
        $this->rebuildAll();
        $this->grantPermissionsToTestedRole([
            'access content',
        ]);
        // Create data.
        $user_a = User::create([])->setUsername('A')
            ->activate();
        $user_a->save();
        $user_b = User::create([])->setUsername('B')
            ->set('field_favorite_animal', 'stegosaurus')
            ->block();
        $user_b->save();
        $node_a = Node::create([
            'type' => 'x',
        ])->setTitle('Owned by A')
            ->setOwner($user_a);
        $node_a->save();
        $node_b = Node::create([
            'type' => 'x',
        ])->setTitle('Owned by B')
            ->setOwner($user_b);
        $node_b->save();
        $node_anon_1 = Node::create([
            'type' => 'x',
        ])->setTitle('Owned by anon #1')
            ->setOwnerId(0);
        $node_anon_1->save();
        $node_anon_2 = Node::create([
            'type' => 'x',
        ])->setTitle('Owned by anon #2')
            ->setOwnerId(0);
        $node_anon_2->save();
        $node_auth_1 = Node::create([
            'type' => 'x',
        ])->setTitle('Owned by auth #1')
            ->setOwner($this->account);
        $node_auth_1->save();
        $favorite_animal_test_url = Url::fromRoute('jsonapi.user--user.collection')->setOption('query', [
            'filter[field_favorite_animal]' => 'stegosaurus',
        ]);
        // Test.
        $collection_url = Url::fromRoute('jsonapi.node--x.collection');
        $request_options = [];
        $request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
        $request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions());
        // ?filter[uid.id]=OWN_UUID requires no permissions: 1 result.
        $response = $this->request('GET', $collection_url->setOption('query', [
            'filter[uid.id]' => $this->account
                ->uuid(),
        ]), $request_options);
        $this->assertSession()
            ->responseHeaderContains('X-Drupal-Cache-Contexts', 'user.permissions');
        $doc = $this->getDocumentFromResponse($response);
        $this->assertCount(1, $doc['data']);
        $this->assertSame($node_auth_1->uuid(), $doc['data'][0]['id']);
        // ?filter[uid.id]=ANONYMOUS_UUID: 0 results.
        $response = $this->request('GET', $collection_url->setOption('query', [
            'filter[uid.id]' => User::load(0)->uuid(),
        ]), $request_options);
        $this->assertSession()
            ->responseHeaderContains('X-Drupal-Cache-Contexts', 'user.permissions');
        $doc = $this->getDocumentFromResponse($response);
        $this->assertCount(0, $doc['data']);
        // ?filter[uid.name]=A: 0 results.
        $response = $this->request('GET', $collection_url->setOption('query', [
            'filter[uid.name]' => 'A',
        ]), $request_options);
        $doc = $this->getDocumentFromResponse($response);
        $this->assertCount(0, $doc['data']);
        // /jsonapi/user/user?filter[field_favorite_animal]: 0 results.
        $response = $this->request('GET', $favorite_animal_test_url, $request_options);
        $doc = $this->getDocumentFromResponse($response);
        $this->assertSame(200, $response->getStatusCode());
        $this->assertCount(0, $doc['data']);
        // Grant "view" permission.
        $this->grantPermissionsToTestedRole([
            'access user profiles',
        ]);
        // ?filter[uid.id]=ANONYMOUS_UUID: 0 results.
        $response = $this->request('GET', $collection_url->setOption('query', [
            'filter[uid.id]' => User::load(0)->uuid(),
        ]), $request_options);
        $this->assertSession()
            ->responseHeaderContains('X-Drupal-Cache-Contexts', 'user.permissions');
        $doc = $this->getDocumentFromResponse($response);
        $this->assertCount(0, $doc['data']);
        // ?filter[uid.name]=A: 1 result since user A is active.
        $response = $this->request('GET', $collection_url->setOption('query', [
            'filter[uid.name]' => 'A',
        ]), $request_options);
        $this->assertSession()
            ->responseHeaderContains('X-Drupal-Cache-Contexts', 'user.permissions');
        $doc = $this->getDocumentFromResponse($response);
        $this->assertCount(1, $doc['data']);
        $this->assertSame($node_a->uuid(), $doc['data'][0]['id']);
        // ?filter[uid.name]=B: 0 results since user B is blocked.
        $response = $this->request('GET', $collection_url->setOption('query', [
            'filter[uid.name]' => 'B',
        ]), $request_options);
        $this->assertSession()
            ->responseHeaderContains('X-Drupal-Cache-Contexts', 'user.permissions');
        $doc = $this->getDocumentFromResponse($response);
        $this->assertCount(0, $doc['data']);
        // /jsonapi/user/user?filter[field_favorite_animal]: 0 results.
        $response = $this->request('GET', $favorite_animal_test_url, $request_options);
        $doc = $this->getDocumentFromResponse($response);
        $this->assertSame(200, $response->getStatusCode());
        $this->assertCount(0, $doc['data']);
        // Grant "admin" permission.
        $this->grantPermissionsToTestedRole([
            'administer users',
        ]);
        // ?filter[uid.name]=B: 1 result.
        $response = $this->request('GET', $collection_url->setOption('query', [
            'filter[uid.name]' => 'B',
        ]), $request_options);
        $this->assertSession()
            ->responseHeaderContains('X-Drupal-Cache-Contexts', 'user.permissions');
        $doc = $this->getDocumentFromResponse($response);
        $this->assertCount(1, $doc['data']);
        $this->assertSame($node_b->uuid(), $doc['data'][0]['id']);
        // /jsonapi/user/user?filter[field_favorite_animal]: 1 result.
        $response = $this->request('GET', $favorite_animal_test_url, $request_options);
        $doc = $this->getDocumentFromResponse($response);
        $this->assertSame(200, $response->getStatusCode());
        $this->assertCount(1, $doc['data']);
        $this->assertSame($user_b->uuid(), $doc['data'][0]['id']);
    }
    
    /**
     * Tests users with altered display names.
     */
    public function testResaveAccountName() : void {
        $this->config('jsonapi.settings')
            ->set('read_only', FALSE)
            ->save(TRUE);
        $this->setUpAuthorization('PATCH');
        $original_name = $this->entity
            ->get('name')->value;
        $url = Url::fromRoute('jsonapi.user--user.individual', [
            'entity' => $this->entity
                ->uuid(),
        ]);
        $request_options = [];
        $request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
        $request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions());
        $response = $this->request('GET', $url, $request_options);
        // Send the unchanged data back.
        $request_options[RequestOptions::BODY] = (string) $response->getBody();
        $request_options[RequestOptions::HEADERS]['Content-Type'] = 'application/vnd.api+json';
        $response = $this->request('PATCH', $url, $request_options);
        $this->assertEquals(200, $response->getStatusCode());
        // Load the user entity again, make sure the name was not changed.
        $this->entityStorage
            ->resetCache();
        $updated_user = $this->entityStorage
            ->load($this->entity
            ->id());
        $this->assertEquals($original_name, $updated_user->get('name')->value);
    }
    
    /**
     * Tests if JSON:API respects user.settings.cancel_method: user_cancel_block.
     */
    public function testDeleteRespectsUserCancelBlock() : void {
        $cancel_method = 'user_cancel_block';
        $this->config('jsonapi.settings')
            ->set('read_only', FALSE)
            ->save(TRUE);
        $this->config('user.settings')
            ->set('cancel_method', $cancel_method)
            ->save(TRUE);
        $account = $this->createAnotherEntity($cancel_method);
        $node = $this->drupalCreateNode([
            'uid' => $account->id(),
        ]);
        $this->sendDeleteRequestForUser($account, $cancel_method);
        $user_storage = $this->container
            ->get('entity_type.manager')
            ->getStorage('user');
        $user_storage->resetCache([
            $account->id(),
        ]);
        $account = $user_storage->load($account->id());
        $this->assertNotNull($account, 'User is not deleted after JSON:API DELETE operation with user.settings.cancel_method: ' . $cancel_method);
        $this->assertTrue($account->isBlocked(), 'User is blocked after JSON:API DELETE operation with user.settings.cancel_method: ' . $cancel_method);
        $node_storage = $this->container
            ->get('entity_type.manager')
            ->getStorage('node');
        $node_storage->resetCache([
            $node->id(),
        ]);
        $test_node = $node_storage->load($node->id());
        $this->assertNotNull($test_node, 'Node of the user is not deleted.');
        $this->assertTrue($test_node->isPublished(), 'Node of the user is published.');
        $test_node = $node_storage->loadRevision($node->getRevisionId());
        $this->assertTrue($test_node->isPublished(), 'Node revision of the user is published.');
    }
    
    /**
     * Tests if JSON:API respects user.settings.cancel_method: user_cancel_block_unpublish.
     */
    public function testDeleteRespectsUserCancelBlockUnpublish() : void {
        $cancel_method = 'user_cancel_block_unpublish';
        $this->config('jsonapi.settings')
            ->set('read_only', FALSE)
            ->save(TRUE);
        $this->config('user.settings')
            ->set('cancel_method', $cancel_method)
            ->save(TRUE);
        $account = $this->createAnotherEntity($cancel_method);
        $node = $this->drupalCreateNode([
            'uid' => $account->id(),
        ]);
        $this->sendDeleteRequestForUser($account, $cancel_method);
        $user_storage = $this->container
            ->get('entity_type.manager')
            ->getStorage('user');
        $user_storage->resetCache([
            $account->id(),
        ]);
        $account = $user_storage->load($account->id());
        $this->assertNotNull($account, 'User is not deleted after JSON:API DELETE operation with user.settings.cancel_method: ' . $cancel_method);
        $this->assertTrue($account->isBlocked(), 'User is blocked after JSON:API DELETE operation with user.settings.cancel_method: ' . $cancel_method);
        $node_storage = $this->container
            ->get('entity_type.manager')
            ->getStorage('node');
        $node_storage->resetCache([
            $node->id(),
        ]);
        $test_node = $node_storage->load($node->id());
        $this->assertNotNull($test_node, 'Node of the user is not deleted.');
        $this->assertFalse($test_node->isPublished(), 'Node of the user is no longer published.');
        $test_node = $node_storage->loadRevision($node->getRevisionId());
        $this->assertFalse($test_node->isPublished(), 'Node revision of the user is no longer published.');
    }
    
    /**
     * Tests if JSON:API respects user.settings.cancel_method: user_cancel_block_unpublish.
     * @group jsonapi
     */
    public function testDeleteRespectsUserCancelBlockUnpublishAndProcessesBatches() : void {
        $cancel_method = 'user_cancel_block_unpublish';
        $this->config('jsonapi.settings')
            ->set('read_only', FALSE)
            ->save(TRUE);
        $this->config('user.settings')
            ->set('cancel_method', $cancel_method)
            ->save(TRUE);
        $account = $this->createAnotherEntity($cancel_method);
        $nodeCount = self::BATCH_TEST_NODE_COUNT;
        $node_ids = [];
        $nodes = [];
        while ($nodeCount-- > 0) {
            $node = $this->drupalCreateNode([
                'uid' => $account->id(),
            ]);
            $nodes[] = $node;
            $node_ids[] = $node->id();
        }
        $this->sendDeleteRequestForUser($account, $cancel_method);
        $user_storage = $this->container
            ->get('entity_type.manager')
            ->getStorage('user');
        $user_storage->resetCache([
            $account->id(),
        ]);
        $account = $user_storage->load($account->id());
        $this->assertNotNull($account, 'User is not deleted after JSON:API DELETE operation with user.settings.cancel_method: ' . $cancel_method);
        $this->assertTrue($account->isBlocked(), 'User is blocked after JSON:API DELETE operation with user.settings.cancel_method: ' . $cancel_method);
        $node_storage = $this->container
            ->get('entity_type.manager')
            ->getStorage('node');
        $node_storage->resetCache($node_ids);
        $test_nodes = $node_storage->loadMultiple($node_ids);
        $this->assertCount(self::BATCH_TEST_NODE_COUNT, $test_nodes, 'Nodes of the user are not deleted.');
        foreach ($test_nodes as $test_node) {
            $this->assertFalse($test_node->isPublished(), 'Node of the user is no longer published.');
        }
        foreach ($nodes as $node) {
            $test_node = $node_storage->loadRevision($node->getRevisionId());
            $this->assertFalse($test_node->isPublished(), 'Node revision of the user is no longer published.');
        }
    }
    
    /**
     * Tests if JSON:API respects user.settings.cancel_method: user_cancel_reassign.
     */
    public function testDeleteRespectsUserCancelReassign() : void {
        $cancel_method = 'user_cancel_reassign';
        $this->config('jsonapi.settings')
            ->set('read_only', FALSE)
            ->save(TRUE);
        $this->config('user.settings')
            ->set('cancel_method', $cancel_method)
            ->save(TRUE);
        $account = $this->createAnotherEntity($cancel_method);
        $node = $this->drupalCreateNode([
            'uid' => $account->id(),
        ]);
        $this->sendDeleteRequestForUser($account, $cancel_method);
        $user_storage = $this->container
            ->get('entity_type.manager')
            ->getStorage('user');
        $user_storage->resetCache([
            $account->id(),
        ]);
        $account = $user_storage->load($account->id());
        $this->assertNull($account, 'User is deleted after JSON:API DELETE operation with user.settings.cancel_method: ' . $cancel_method);
        $node_storage = $this->container
            ->get('entity_type.manager')
            ->getStorage('node');
        $node_storage->resetCache([
            $node->id(),
        ]);
        $test_node = $node_storage->load($node->id());
        $this->assertNotNull($test_node, 'Node of the user is not deleted.');
        $this->assertTrue($test_node->isPublished(), 'Node of the user is still published.');
        $this->assertEquals(0, $test_node->getOwnerId(), 'Node of the user has been attributed to anonymous user.');
        $test_node = $node_storage->loadRevision($node->getRevisionId());
        $this->assertTrue($test_node->isPublished(), 'Node revision of the user is still published.');
        $this->assertEquals(0, $test_node->getRevisionUser()
            ->id(), 'Node revision of the user has been attributed to anonymous user.');
    }
    
    /**
     * Tests if JSON:API respects user.settings.cancel_method: user_cancel_delete.
     */
    public function testDeleteRespectsUserCancelDelete() : void {
        $cancel_method = 'user_cancel_delete';
        $this->config('jsonapi.settings')
            ->set('read_only', FALSE)
            ->save(TRUE);
        $this->config('user.settings')
            ->set('cancel_method', $cancel_method)
            ->save(TRUE);
        $account = $this->createAnotherEntity($cancel_method);
        $node = $this->drupalCreateNode([
            'uid' => $account->id(),
        ]);
        $url = Url::fromRoute(sprintf('jsonapi.%s.individual', static::$resourceTypeName), [
            'entity' => $account->uuid(),
        ]);
        $request_options = [];
        $request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
        $request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions());
        $this->setUpAuthorization('DELETE');
        $response = $this->request('DELETE', $url, $request_options);
        $this->assertResourceResponse(204, NULL, $response);
        $node_storage = $this->container
            ->get('entity_type.manager')
            ->getStorage('node');
        $user_storage = $this->container
            ->get('entity_type.manager')
            ->getStorage('user');
        $user_storage->resetCache([
            $account->id(),
        ]);
        $account = $user_storage->load($account->id());
        $this->assertNull($account, 'User is deleted after JSON:API DELETE operation with user.settings.cancel_method: ' . $cancel_method);
        $node_storage->resetCache([
            $node->id(),
        ]);
        $test_node = $node_storage->load($node->id());
        $this->assertNull($test_node, 'Node of the user is deleted.');
    }
    
    /**
     * {@inheritdoc}
     */
    protected function getModifiedEntityForPostTesting() {
        $modified = parent::getModifiedEntityForPostTesting();
        $modified['data']['attributes']['name'] = $this->randomMachineName();
        return $modified;
    }
    
    /**
     * {@inheritdoc}
     */
    protected function makeNormalizationInvalid(array $document, $entity_key) {
        if ($entity_key === 'label') {
            $document['data']['attributes']['name'] = [
                0 => $document['data']['attributes']['name'],
                1 => 'Second Title',
            ];
            return $document;
        }
        return parent::makeNormalizationInvalid($document, $entity_key);
    }
    
    /**
     * @param \Drupal\user\UserInterface $account
     *   The user account.
     * @param string $cancel_method
     *   The cancel method.
     */
    private function sendDeleteRequestForUser(UserInterface $account, string $cancel_method) {
        $url = Url::fromRoute(sprintf('jsonapi.%s.individual', static::$resourceTypeName), [
            'entity' => $account->uuid(),
        ]);
        $request_options = [];
        $request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
        $request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions());
        $this->setUpAuthorization('DELETE');
        $response = $this->request('DELETE', $url, $request_options);
        $this->assertResourceResponse(204, NULL, $response);
    }

}

Members

Title Sort descending Deprecated Modifiers Object type Summary Member alias Overriden Title Overrides
BlockCreationTrait::placeBlock protected function Creates a block instance based on default settings. Aliased as: drupalPlaceBlock
BrowserHtmlDebugTrait::$htmlOutputBaseUrl protected property The Base URI to use for links to the output files.
BrowserHtmlDebugTrait::$htmlOutputClassName protected property Class name for HTML output logging.
BrowserHtmlDebugTrait::$htmlOutputCounter protected property Counter for HTML output logging.
BrowserHtmlDebugTrait::$htmlOutputCounterStorage protected property Counter storage for HTML output logging.
BrowserHtmlDebugTrait::$htmlOutputDirectory protected property Directory name for HTML output logging.
BrowserHtmlDebugTrait::$htmlOutputEnabled protected property HTML output enabled.
BrowserHtmlDebugTrait::$htmlOutputFile protected property The file name to write the list of URLs to.
BrowserHtmlDebugTrait::$htmlOutputTestId protected property HTML output test ID.
BrowserHtmlDebugTrait::formatHtmlOutputHeaders protected function Formats HTTP headers as string for HTML output logging.
BrowserHtmlDebugTrait::getHtmlOutputHeaders protected function Returns headers in HTML output format. 1
BrowserHtmlDebugTrait::getResponseLogHandler protected function Provides a Guzzle middleware handler to log every response received.
BrowserHtmlDebugTrait::htmlOutput protected function Logs a HTML output message in a text file.
BrowserHtmlDebugTrait::initBrowserOutputFile protected function Creates the directory to store browser output.
BrowserTestBase::$baseUrl protected property The base URL.
BrowserTestBase::$configImporter protected property The config importer that can be used in a test.
BrowserTestBase::$customTranslations protected property An array of custom translations suitable for SettingsEditor::rewrite().
BrowserTestBase::$mink protected property Mink session manager.
BrowserTestBase::$minkDefaultDriverArgs protected property Mink default driver params.
BrowserTestBase::$minkDefaultDriverClass protected property Mink class for the default driver to use. 1
BrowserTestBase::$originalContainer protected property The original container.
BrowserTestBase::$originalShutdownCallbacks protected property The original array of shutdown function callbacks.
BrowserTestBase::$preserveGlobalState protected property
BrowserTestBase::$profile protected property The profile to install as a basis for testing. 40
BrowserTestBase::$runTestInSeparateProcess protected property Browser tests are run in separate processes to prevent collisions between
code that may be loaded by tests.
BrowserTestBase::$timeLimit protected property Time limit in seconds for the test.
BrowserTestBase::$translationFilesDirectory protected property The translation file directory for the test environment.
BrowserTestBase::cleanupEnvironment protected function Clean up the test environment.
BrowserTestBase::config protected function Configuration accessor for tests. Returns non-overridden configuration.
BrowserTestBase::filePreDeleteCallback public static function Ensures test files are deletable.
BrowserTestBase::getDefaultDriverInstance protected function Gets an instance of the default Mink driver.
BrowserTestBase::getDrupalSettings protected function Gets the JavaScript drupalSettings variable for the currently-loaded page. 1
BrowserTestBase::getHttpClient protected function Obtain the HTTP client for the system under test.
BrowserTestBase::getMinkDriverArgs protected function Gets the Mink driver args from an environment variable. 1
BrowserTestBase::getOptions protected function Helper function to get the options of select field.
BrowserTestBase::getSession public function Returns Mink session.
BrowserTestBase::getSessionCookies protected function Get session cookies from current session.
BrowserTestBase::getTestMethodCaller protected function Retrieves the current calling line in the class under test. Overrides BrowserHtmlDebugTrait::getTestMethodCaller
BrowserTestBase::initFrontPage protected function Visits the front page when initializing Mink. 3
BrowserTestBase::initMink protected function Initializes Mink sessions. 1
BrowserTestBase::installDrupal public function Installs Drupal into the test site. 2
BrowserTestBase::registerSessions protected function Registers additional Mink sessions.
BrowserTestBase::setUpAppRoot protected function Sets up the root application path.
BrowserTestBase::setUpBeforeClass public static function 1
BrowserTestBase::tearDown protected function 3
BrowserTestBase::translatePostValues protected function Transforms a nested array into a flat array suitable for submitForm().
BrowserTestBase::xpath protected function Performs an xpath search on the contents of the internal browser.
BrowserTestBase::__get public function
BrowserTestBase::__sleep public function Prevents serializing any properties.
ConfigTestTrait::configImporter protected function Returns a ConfigImporter object to import test configuration.
ConfigTestTrait::copyConfig protected function Copies configuration objects from source storage to target storage.
ContentModerationTestTrait::addEntityTypeAndBundleToWorkflow protected function Adds an entity type ID / bundle ID to the given workflow. 1
ContentModerationTestTrait::createEditorialWorkflow protected function Creates the editorial workflow. 1
ContentTypeCreationTrait::createContentType protected function Creates a custom content type based on default settings. Aliased as: drupalCreateContentType 1
ExtensionListTestTrait::getModulePath protected function Gets the path for the specified module.
ExtensionListTestTrait::getThemePath protected function Gets the path for the specified theme.
FunctionalTestSetupTrait::$apcuEnsureUniquePrefix protected property The flag to set 'apcu_ensure_unique_prefix' setting. 1
FunctionalTestSetupTrait::$classLoader protected property The class loader to use for installation and initialization of setup.
FunctionalTestSetupTrait::$rootUser protected property The "#1" admin user.
FunctionalTestSetupTrait::$usesSuperUserAccessPolicy protected property Set to TRUE to make user 1 a super user. 10
FunctionalTestSetupTrait::doInstall protected function Execute the non-interactive installer. 2
FunctionalTestSetupTrait::getDatabaseTypes protected function Returns all supported database driver installer objects.
FunctionalTestSetupTrait::initConfig protected function Initialize various configurations post-installation. 1
FunctionalTestSetupTrait::initKernel protected function Initializes the kernel after installation.
FunctionalTestSetupTrait::initSettings protected function Initialize settings created during install.
FunctionalTestSetupTrait::initUserSession protected function Initializes user 1 for the site to be installed.
FunctionalTestSetupTrait::installDefaultThemeFromClassProperty protected function Installs the default theme defined by `static::$defaultTheme` when needed. 1
FunctionalTestSetupTrait::installModulesFromClassProperty protected function Install modules defined by `static::$modules`. 1
FunctionalTestSetupTrait::installParameters protected function Returns the parameters that will be used when the test installs Drupal. 8
FunctionalTestSetupTrait::prepareEnvironment protected function Prepares the current environment for running the test. 28
FunctionalTestSetupTrait::prepareRequestForGenerator protected function Creates a mock request and sets it on the generator.
FunctionalTestSetupTrait::prepareSettings protected function Prepares site settings and services before installation. 4
FunctionalTestSetupTrait::rebuildAll protected function Resets and rebuilds the environment after setup.
FunctionalTestSetupTrait::rebuildContainer protected function Rebuilds \Drupal::getContainer().
FunctionalTestSetupTrait::resetAll protected function Resets all data structures after having enabled new modules.
FunctionalTestSetupTrait::setContainerParameter protected function Changes parameters in the services.yml file.
FunctionalTestSetupTrait::setupBaseUrl protected function Sets up the base URL based upon the environment variable.
FunctionalTestSetupTrait::writeSettings protected function Rewrites the settings.php file of the test site. 1
GetDocumentFromResponseTrait::getDocumentFromResponse protected function Retrieve document from response, with basic validation.
NodeCreationTrait::createNode protected function Creates a node based on default settings. Aliased as: drupalCreateNode
NodeCreationTrait::getNodeByTitle public function Get a node from the database based on its title. Aliased as: drupalGetNodeByTitle
PhpUnitWarnings::$deprecationWarnings private static property Deprecation warnings from PHPUnit to raise with @trigger_error().
PhpUnitWarnings::addWarning public function Converts PHPUnit deprecation warnings to E_USER_DEPRECATED.
RandomGeneratorTrait::getRandomGenerator protected function Gets the random generator for the utility methods.
RandomGeneratorTrait::randomMachineName protected function Generates a unique random string containing letters and numbers.
RandomGeneratorTrait::randomObject public function Generates a random PHP object.
RandomGeneratorTrait::randomString public function Generates a pseudo-random string of ASCII characters of codes 32 to 126.
RandomGeneratorTrait::randomStringValidate Deprecated public function Callback for random string validation.
RefreshVariablesTrait::refreshVariables protected function Refreshes in-memory configuration and state information. 2
ResourceResponseTestTrait::addOmittedObject protected static function Add the omitted object to the document or merges it if one already exists.
ResourceResponseTestTrait::collectionHasResourceIdentifier protected static function Determines if a given resource exists in a list of resources.
ResourceResponseTestTrait::errorsToOmittedObject protected static function Maps error objects into an omitted object.
ResourceResponseTestTrait::extractLinks protected static function Extracts links from a document using a list of relationship field names.
ResourceResponseTestTrait::getAccessDeniedResponse protected static function Gets a generic forbidden response.
ResourceResponseTestTrait::getEmptyCollectionResponse protected function Gets a generic empty collection response.
ResourceResponseTestTrait::getExpectedIncludedResourceResponse protected function Gets an array of expected ResourceResponses for the given include paths.
ResourceResponseTestTrait::getLinkPaths protected static function Turns a list of relationship field names into an array of link paths.
ResourceResponseTestTrait::getRelatedLink protected static function Creates a related resource link for a given resource identifier and field.
ResourceResponseTestTrait::getRelatedResponses protected function Gets an array of related responses for the given field names.
ResourceResponseTestTrait::getRelationshipLink protected static function Creates a relationship link for a given resource identifier and field.
ResourceResponseTestTrait::getRelationshipResponses protected function Gets an array of relationship responses for the given field names.
ResourceResponseTestTrait::getResourceLink protected static function Creates an individual resource link for a given resource identifier.
ResourceResponseTestTrait::getResourceLinks protected static function Creates individual resource links for a list of resource identifiers.
ResourceResponseTestTrait::getResponses protected function Gets responses from an array of links.
ResourceResponseTestTrait::isResourceIdentifier protected static function Checks if a given array is a resource identifier.
ResourceResponseTestTrait::mergeOmittedObjects protected static function Merges the links of two omitted objects and returns a new omitted object.
ResourceResponseTestTrait::resetOmittedLinkKeys protected static function Resets omitted link keys.
ResourceResponseTestTrait::sortOmittedLinks protected static function Sorts an omitted link object array by href.
ResourceResponseTestTrait::sortResourceCollection protected static function Sorts a collection of resources or resource identifiers.
ResourceResponseTestTrait::toCollectionResourceResponse protected static function Merges individual responses into a collection response.
ResourceResponseTestTrait::toResourceIdentifier protected static function Maps an entity to a resource identifier.
ResourceResponseTestTrait::toResourceResponse protected static function Maps a response object to a JSON:API ResourceResponse.
ResourceResponseTestTrait::toResourceResponses protected static function Maps an array of PSR responses to JSON:API ResourceResponses.
ResourceTestBase::$account protected property The account to use for authentication.
ResourceTestBase::$anotherEntity protected property Another entity of the same type used for testing.
ResourceTestBase::$entityStorage protected property The entity storage.
ResourceTestBase::$jsonApiMember protected static property The standard `jsonapi` top-level document member.
ResourceTestBase::$newRevisionsShouldBeAutomatic protected static property Whether new revisions of updated entities should be created by default. 2
ResourceTestBase::$resourceType protected property The JSON:API resource type for the tested entity type plus bundle.
ResourceTestBase::$resourceTypeIsVersionable protected static property Whether the tested JSON:API resource is versionable. 7
ResourceTestBase::$serializer protected property The serializer service.
ResourceTestBase::$uniqueFieldNames protected static property Fields that need unique values. 1
ResourceTestBase::$uuidKey protected property The UUID key.
ResourceTestBase::alterExpectedDocumentForRevision protected function Alters the expected JSON:API document for revisions.
ResourceTestBase::assertResourceErrorResponse protected function Asserts that a resource error response has the given message.
ResourceTestBase::assertResourceResponse protected function Asserts that a resource response has the given status code and body.
ResourceTestBase::assertSameDocument protected function Asserts that an expected document matches the response body.
ResourceTestBase::decorateExpectedResponseForIncludedFields protected static function Decorates the expected response with included data and cache metadata.
ResourceTestBase::decorateResourceIdentifierWithDrupalInternalTargetId protected static function Adds drupal_internal__target_id to the meta of a resource identifier.
ResourceTestBase::doTestIncluded protected function Tests included resources.
ResourceTestBase::doTestPatchIndividual protected function Tests PATCHing an individual resource, plus edge cases to ensure good DX. 2
ResourceTestBase::doTestPostIndividual protected function Tests POSTing an individual resource, plus edge cases to ensure good DX. 1
ResourceTestBase::doTestRelated protected function Performs one round of related route testing.
ResourceTestBase::doTestRelationshipGet protected function Performs one round of relationship route testing.
ResourceTestBase::doTestRelationshipMutation protected function Performs one round of relationship POST, PATCH and DELETE route testing. 1
ResourceTestBase::doTestSparseFieldSets protected function Tests sparse field sets.
ResourceTestBase::entityAccess protected static function Checks access for the given operation on the given entity. 3
ResourceTestBase::entityFieldAccess protected static function Checks access for the given field operation on the given entity.
ResourceTestBase::entityLoadUnchanged protected function Loads an entity in the test container, ignoring the static cache.
ResourceTestBase::getAuthenticationRequestOptions protected function Returns Guzzle request options for authentication.
ResourceTestBase::getData protected function Sets up a collection of entities of the same type for testing.
ResourceTestBase::getEditorialPermissions protected function Gets an array of permissions required to view and update any tested entity. 1
ResourceTestBase::getEntityDuplicate protected function
ResourceTestBase::getExpectedCacheTags protected function The expected cache tags for the GET/HEAD response of the test entity. 5
ResourceTestBase::getExpectedCollectionCacheability protected static function Computes the cacheability for a given entity collection. 5
ResourceTestBase::getExpectedCollectionResponse protected function Returns a JSON:API collection document for the expected entities.
ResourceTestBase::getExpectedGetIndividualResourceResponse protected function Gets the expected individual ResourceResponse for GET.
ResourceTestBase::getExpectedGetRelationshipDocument protected function Gets an expected document for the given relationship.
ResourceTestBase::getExpectedGetRelationshipDocumentData protected function Gets the expected document data for the given relationship. 2
ResourceTestBase::getExpectedGetRelationshipResponse protected function Gets an expected ResourceResponse for the given relationship.
ResourceTestBase::getExpectedRelatedResponse protected function Builds an expected related ResourceResponse for the given field.
ResourceTestBase::getExpectedRelatedResponses protected function Builds an array of expected related ResourceResponses, keyed by field name.
ResourceTestBase::getExpectedUnauthorizedAccessCacheability protected function Returns the expected cacheability for an unauthorized response. 8
ResourceTestBase::getExtraRevisionCacheTags protected function The expected cache tags when checking revision responses.
ResourceTestBase::getIncludePermissions protected static function Authorize the user under test with additional permissions to view includes. 2
ResourceTestBase::getModifiedEntityForPatchTesting protected static function Clones the given entity and modifies all PATCH-protected fields.
ResourceTestBase::getNestedIncludePaths protected function Gets an array of all nested include paths to be tested.
ResourceTestBase::getRelationshipFieldNames protected function Gets a list of public relationship names for the resource type under test.
ResourceTestBase::getSparseFieldSets protected function Returns an array of sparse fields sets to test. 4
ResourceTestBase::grantIncludedPermissions protected function Grants authorization to view includes.
ResourceTestBase::grantPermissionsToTestedRole protected function Grants permissions to the authenticated role.
ResourceTestBase::isReferenceFieldDefinition protected static function Determines if a given field definition is a reference field.
ResourceTestBase::normalize protected function Generates a JSON:API normalization for the given entity.
ResourceTestBase::recursiveKsort protected static function Recursively sorts an array by key.
ResourceTestBase::removeResourceTypeFromDocument protected function Makes the JSON:API document violate the spec by omitting the resource type.
ResourceTestBase::resaveEntity protected function
ResourceTestBase::revokePermissions protected function Ensure the anonymous and authenticated roles have no permissions at all.
ResourceTestBase::revokePermissionsFromTestedRole protected function Revokes permissions from the authenticated role.
ResourceTestBase::setUp protected function Overrides BrowserTestBase::setUp 3
ResourceTestBase::setUpFields protected function Sets up additional fields for testing.
ResourceTestBase::setUpRevisionAuthorization protected function Sets up the necessary authorization for handling revisions. 4
ResourceTestBase::testCollection public function Tests GETting a collection of resources. 1
ResourceTestBase::testGetIndividual public function Tests GETting an individual resource, plus edge cases to ensure good DX. 2
ResourceTestBase::testIndividual public function Tests POST/PATCH/DELETE for an individual resource. 1
ResourceTestBase::testRelated public function Tests GET of the related resource of an individual resource. 2
ResourceTestBase::testRelationships public function Tests CRUD of individual resource relationship data. 1
ResourceTestBase::testRevisions public function Tests individual and collection revisions. 1
SessionTestTrait::$sessionName protected property The name of the session cookie.
SessionTestTrait::generateSessionName protected function Generates a session cookie name.
SessionTestTrait::getSessionName protected function Returns the session name in use on the child site.
StorageCopyTrait::replaceStorageContents protected static function Copy the configuration from one storage to another and remove stale items.
TestRequirementsTrait::checkModuleRequirements Deprecated private function Checks missing module requirements.
TestRequirementsTrait::checkRequirements Deprecated protected function Check module requirements for the Drupal use case.
TestRequirementsTrait::getDrupalRoot protected static function Returns the Drupal root directory.
TestSetupTrait::$configSchemaCheckerExclusions protected static property An array of config object names that are excluded from schema checking. 2
TestSetupTrait::$container protected property The dependency injection container used in the test.
TestSetupTrait::$databasePrefix protected property The database prefix of this test run.
TestSetupTrait::$kernel protected property The DrupalKernel instance used in the test.
TestSetupTrait::$originalSite protected property The site directory of the original parent site.
TestSetupTrait::$privateFilesDirectory protected property The private file directory for the test environment.
TestSetupTrait::$publicFilesDirectory protected property The public file directory for the test environment.
TestSetupTrait::$root protected property The app root.
TestSetupTrait::$siteDirectory protected property The site directory of this test run.
TestSetupTrait::$strictConfigSchema protected property Set to TRUE to strict check all configuration saved. 4
TestSetupTrait::$tempFilesDirectory protected property The temporary file directory for the test environment.
TestSetupTrait::$testId protected property The test run ID.
TestSetupTrait::changeDatabasePrefix protected function Changes the database connection to the prefixed one.
TestSetupTrait::getConfigSchemaExclusions protected function Gets the config schema exclusions for this test.
TestSetupTrait::getDatabaseConnection Deprecated public static function Returns the database connection to the site under test.
TestSetupTrait::prepareDatabasePrefix protected function Generates a database prefix for running tests. 1
UiHelperTrait::$loggedInUser protected property The current user logged in using the Mink controlled browser.
UiHelperTrait::$maximumMetaRefreshCount protected property The number of meta refresh redirects to follow, or NULL if unlimited.
UiHelperTrait::$metaRefreshCount protected property The number of meta refresh redirects followed during ::drupalGet().
UiHelperTrait::$useOneTimeLoginLinks protected property Use one-time login links instead of submitting the login form. 3
UiHelperTrait::assertSession public function Returns WebAssert object. 1
UiHelperTrait::buildUrl protected function Builds an absolute URL from a system path or a URL object.
UiHelperTrait::checkForMetaRefresh protected function Checks for meta refresh tag and if found call drupalGet() recursively.
UiHelperTrait::click protected function Clicks the element with the given CSS selector.
UiHelperTrait::clickLink protected function Follows a link by complete name.
UiHelperTrait::cssSelect protected function Searches elements using a CSS selector in the raw content.
UiHelperTrait::cssSelectToXpath protected function Translates a CSS expression to its XPath equivalent.
UiHelperTrait::drupalGet protected function Retrieves a Drupal path or an absolute path. 3
UiHelperTrait::drupalLogin protected function Logs in a user using the Mink controlled browser.
UiHelperTrait::drupalLogout protected function Logs a user out of the Mink controlled browser and confirms.
UiHelperTrait::drupalResetSession protected function Resets the current active session back to Anonymous session.
UiHelperTrait::drupalUserIsLoggedIn protected function Returns whether a given user account is logged in.
UiHelperTrait::getAbsoluteUrl protected function Takes a path and returns an absolute path.
UiHelperTrait::getTextContent protected function Retrieves the plain-text content from the current page.
UiHelperTrait::getUrl protected function Get the current URL from the browser.
UiHelperTrait::isTestUsingGuzzleClient protected function Determines if test is using DrupalTestBrowser.
UiHelperTrait::prepareRequest protected function Prepare for a request to testing site. 1
UiHelperTrait::submitForm protected function Fills and submits a form.
UserCreationTrait::checkPermissions protected function Checks whether a given list of permission names is valid.
UserCreationTrait::createAdminRole protected function Creates an administrative role.
UserCreationTrait::createRole protected function Creates a role with specified permissions. Aliased as: drupalCreateRole
UserCreationTrait::createUser protected function Create a user with a given set of permissions. Aliased as: drupalCreateUser
UserCreationTrait::grantPermissions protected function Grant permissions to a user role.
UserCreationTrait::setCurrentUser protected function Switch the current logged in user.
UserCreationTrait::setUpCurrentUser protected function Creates a random user account and sets it as current user.
UserTest::$anonymousUsersCanViewLabels protected static property Whether anonymous users can view labels of this resource type. Overrides ResourceTestBase::$anonymousUsersCanViewLabels
UserTest::$defaultTheme protected property The theme to install as the default for testing. Overrides BrowserTestBase::$defaultTheme
UserTest::$entity protected property Overrides ResourceTestBase::$entity
UserTest::$entityTypeId protected static property The tested entity type. Overrides ResourceTestBase::$entityTypeId
UserTest::$firstCreatedEntityId protected static property The entity ID for the first created entity in testPost(). Overrides ResourceTestBase::$firstCreatedEntityId
UserTest::$labelFieldName protected static property Specify which field is the 'label' field for testing a POST edge case. Overrides ResourceTestBase::$labelFieldName
UserTest::$modules protected static property Modules to install. Overrides ResourceTestBase::$modules
UserTest::$patchProtectedFieldNames protected static property The fields that are protected against modification during PATCH requests. Overrides ResourceTestBase::$patchProtectedFieldNames
UserTest::$resourceTypeName protected static property The name of the tested JSON:API resource type. Overrides ResourceTestBase::$resourceTypeName
UserTest::$secondCreatedEntityId protected static property The entity ID for the second created entity in testPost(). Overrides ResourceTestBase::$secondCreatedEntityId
UserTest::assertRpcLogin protected function Verifies that logging in with the given username and password works.
UserTest::BATCH_TEST_NODE_COUNT constant
UserTest::createAnotherEntity protected function Creates another entity to be tested. Overrides ResourceTestBase::createAnotherEntity
UserTest::createEntity protected function Creates the entity to be tested. Overrides ResourceTestBase::createEntity
UserTest::doTestDeleteIndividual protected function Tests DELETEing an individual resource, plus edge cases to ensure good DX. Overrides ResourceTestBase::doTestDeleteIndividual
UserTest::getExpectedCacheContexts protected function The expected cache contexts for the GET/HEAD response of the test entity. Overrides ResourceTestBase::getExpectedCacheContexts
UserTest::getExpectedDocument protected function Returns the expected JSON:API document for the entity. Overrides ResourceTestBase::getExpectedDocument
UserTest::getExpectedUnauthorizedAccessMessage protected function Return the expected error message. Overrides ResourceTestBase::getExpectedUnauthorizedAccessMessage
UserTest::getModifiedEntityForPostTesting protected function Gets the normalized POST entity with random values for its unique fields. Overrides ResourceTestBase::getModifiedEntityForPostTesting
UserTest::getPatchDocument protected function Returns the JSON:API PATCH document. Overrides ResourceTestBase::getPatchDocument
UserTest::getPostDocument protected function Returns the JSON:API POST document. Overrides ResourceTestBase::getPostDocument
UserTest::makeNormalizationInvalid protected function Makes the given JSON:API document invalid. Overrides ResourceTestBase::makeNormalizationInvalid
UserTest::sendDeleteRequestForUser private function
UserTest::setUpAuthorization protected function Sets up the necessary authorization. Overrides ResourceTestBase::setUpAuthorization
UserTest::testCollectionContainsAnonymousUser public function Tests that the collection contains the anonymous user.
UserTest::testCollectionFilterAccess public function
UserTest::testDeleteRespectsUserCancelBlock public function Tests if JSON:API respects user.settings.cancel_method: user_cancel_block.
UserTest::testDeleteRespectsUserCancelBlockUnpublish public function Tests if JSON:API respects user.settings.cancel_method: user_cancel_block_unpublish.
UserTest::testDeleteRespectsUserCancelBlockUnpublishAndProcessesBatches public function Tests if JSON:API respects user.settings.cancel_method: user_cancel_block_unpublish.
@group jsonapi
UserTest::testDeleteRespectsUserCancelDelete public function Tests if JSON:API respects user.settings.cancel_method: user_cancel_delete.
UserTest::testDeleteRespectsUserCancelReassign public function Tests if JSON:API respects user.settings.cancel_method: user_cancel_reassign.
UserTest::testGetMailFieldOnlyVisibleToOwner public function Tests GETting privacy-sensitive base fields.
UserTest::testPatchDxForSecuritySensitiveBaseFields public function Tests PATCHing security-sensitive base fields of the logged in account.
UserTest::testPatchSecurityOtherUser public function Tests PATCHing security-sensitive base fields to change other users.
UserTest::testQueryInvolvingRoles public function Tests good error DX when trying to filter users by role.
UserTest::testResaveAccountName public function Tests users with altered display names.
XdebugRequestTrait::extractCookiesFromRequest protected function Adds xdebug cookies, from request setup.

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.