function UserTest::testCollectionFilterAccess

Same name and namespace in other branches

9 core/modules/jsonapi/tests/src/Functional/UserTest.php \Drupal\Tests\jsonapi\Functional\UserTest::testCollectionFilterAccess()
8.9.x core/modules/jsonapi/tests/src/Functional/UserTest.php \Drupal\Tests\jsonapi\Functional\UserTest::testCollectionFilterAccess()
10 core/modules/jsonapi/tests/src/Functional/UserTest.php \Drupal\Tests\jsonapi\Functional\UserTest::testCollectionFilterAccess()

File

core/modules/jsonapi/tests/src/Functional/UserTest.php, line 485

Class

UserTest: JSON:API integration test for the "User" content entity type.

Namespace

Drupal\Tests\jsonapi\Functional

Code

public function testCollectionFilterAccess() : void {
    // Set up data model.
    $this->assertTrue($this->container
        ->get('module_installer')
        ->install([
        'node',
    ], TRUE), 'Installed modules.');
    FieldStorageConfig::create([
        'entity_type' => static::$entityTypeId,
        'field_name' => 'field_favorite_animal',
        'type' => 'string',
    ])->setCardinality(1)
        ->save();
    FieldConfig::create([
        'entity_type' => static::$entityTypeId,
        'field_name' => 'field_favorite_animal',
        'bundle' => 'user',
    ])->setLabel('Test field')
        ->setTranslatable(FALSE)
        ->save();
    $this->drupalCreateContentType([
        'type' => 'x',
    ]);
    $this->rebuildAll();
    $this->grantPermissionsToTestedRole([
        'access content',
    ]);
    // Create data.
    $user_a = User::create([])->setUsername('A')
        ->activate();
    $user_a->save();
    $user_b = User::create([])->setUsername('B')
        ->set('field_favorite_animal', 'stegosaurus')
        ->block();
    $user_b->save();
    $node_a = Node::create([
        'type' => 'x',
    ])->setTitle('Owned by A')
        ->setOwner($user_a);
    $node_a->save();
    $node_b = Node::create([
        'type' => 'x',
    ])->setTitle('Owned by B')
        ->setOwner($user_b);
    $node_b->save();
    $node_anon_1 = Node::create([
        'type' => 'x',
    ])->setTitle('Owned by anon #1')
        ->setOwnerId(0);
    $node_anon_1->save();
    $node_anon_2 = Node::create([
        'type' => 'x',
    ])->setTitle('Owned by anon #2')
        ->setOwnerId(0);
    $node_anon_2->save();
    $node_auth_1 = Node::create([
        'type' => 'x',
    ])->setTitle('Owned by auth #1')
        ->setOwner($this->account);
    $node_auth_1->save();
    $favorite_animal_test_url = Url::fromRoute('jsonapi.user--user.collection')->setOption('query', [
        'filter[field_favorite_animal]' => 'stegosaurus',
    ]);
    // Test.
    $collection_url = Url::fromRoute('jsonapi.node--x.collection');
    $request_options = [];
    $request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
    $request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions());
    // ?filter[uid.id]=OWN_UUID requires no permissions: 1 result.
    $response = $this->request('GET', $collection_url->setOption('query', [
        'filter[uid.id]' => $this->account
            ->uuid(),
    ]), $request_options);
    $this->assertSession()
        ->responseHeaderContains('X-Drupal-Cache-Contexts', 'user.permissions');
    $doc = $this->getDocumentFromResponse($response);
    $this->assertCount(1, $doc['data']);
    $this->assertSame($node_auth_1->uuid(), $doc['data'][0]['id']);
    // ?filter[uid.id]=ANONYMOUS_UUID: 0 results.
    $response = $this->request('GET', $collection_url->setOption('query', [
        'filter[uid.id]' => User::load(0)->uuid(),
    ]), $request_options);
    $this->assertSession()
        ->responseHeaderContains('X-Drupal-Cache-Contexts', 'user.permissions');
    $doc = $this->getDocumentFromResponse($response);
    $this->assertCount(0, $doc['data']);
    // ?filter[uid.name]=A: 0 results.
    $response = $this->request('GET', $collection_url->setOption('query', [
        'filter[uid.name]' => 'A',
    ]), $request_options);
    $doc = $this->getDocumentFromResponse($response);
    $this->assertCount(0, $doc['data']);
    // /jsonapi/user/user?filter[field_favorite_animal]: 0 results.
    $response = $this->request('GET', $favorite_animal_test_url, $request_options);
    $doc = $this->getDocumentFromResponse($response);
    $this->assertSame(200, $response->getStatusCode());
    $this->assertCount(0, $doc['data']);
    // Grant "view" permission.
    $this->grantPermissionsToTestedRole([
        'access user profiles',
    ]);
    // ?filter[uid.id]=ANONYMOUS_UUID: 0 results.
    $response = $this->request('GET', $collection_url->setOption('query', [
        'filter[uid.id]' => User::load(0)->uuid(),
    ]), $request_options);
    $this->assertSession()
        ->responseHeaderContains('X-Drupal-Cache-Contexts', 'user.permissions');
    $doc = $this->getDocumentFromResponse($response);
    $this->assertCount(0, $doc['data']);
    // ?filter[uid.name]=A: 1 result since user A is active.
    $response = $this->request('GET', $collection_url->setOption('query', [
        'filter[uid.name]' => 'A',
    ]), $request_options);
    $this->assertSession()
        ->responseHeaderContains('X-Drupal-Cache-Contexts', 'user.permissions');
    $doc = $this->getDocumentFromResponse($response);
    $this->assertCount(1, $doc['data']);
    $this->assertSame($node_a->uuid(), $doc['data'][0]['id']);
    // ?filter[uid.name]=B: 0 results since user B is blocked.
    $response = $this->request('GET', $collection_url->setOption('query', [
        'filter[uid.name]' => 'B',
    ]), $request_options);
    $this->assertSession()
        ->responseHeaderContains('X-Drupal-Cache-Contexts', 'user.permissions');
    $doc = $this->getDocumentFromResponse($response);
    $this->assertCount(0, $doc['data']);
    // /jsonapi/user/user?filter[field_favorite_animal]: 0 results.
    $response = $this->request('GET', $favorite_animal_test_url, $request_options);
    $doc = $this->getDocumentFromResponse($response);
    $this->assertSame(200, $response->getStatusCode());
    $this->assertCount(0, $doc['data']);
    // Grant "admin" permission.
    $this->grantPermissionsToTestedRole([
        'administer users',
    ]);
    // ?filter[uid.name]=B: 1 result.
    $response = $this->request('GET', $collection_url->setOption('query', [
        'filter[uid.name]' => 'B',
    ]), $request_options);
    $this->assertSession()
        ->responseHeaderContains('X-Drupal-Cache-Contexts', 'user.permissions');
    $doc = $this->getDocumentFromResponse($response);
    $this->assertCount(1, $doc['data']);
    $this->assertSame($node_b->uuid(), $doc['data'][0]['id']);
    // /jsonapi/user/user?filter[field_favorite_animal]: 1 result.
    $response = $this->request('GET', $favorite_animal_test_url, $request_options);
    $doc = $this->getDocumentFromResponse($response);
    $this->assertSame(200, $response->getStatusCode());
    $this->assertCount(1, $doc['data']);
    $this->assertSame($user_b->uuid(), $doc['data'][0]['id']);
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.

function UserTest::testCollectionFilterAccess

File

Class

Namespace

Code

Search drupal 11.x

API Navigation

Breadcrumb

function UserTest::testCollectionFilterAccess

File

Class

Namespace

Code

Search drupal 11.x

API Navigation