function UserTest::testCollectionFilterAccess
Same name in other branches
- 9 core/modules/jsonapi/tests/src/Functional/UserTest.php \Drupal\Tests\jsonapi\Functional\UserTest::testCollectionFilterAccess()
- 10 core/modules/jsonapi/tests/src/Functional/UserTest.php \Drupal\Tests\jsonapi\Functional\UserTest::testCollectionFilterAccess()
- 11.x core/modules/jsonapi/tests/src/Functional/UserTest.php \Drupal\Tests\jsonapi\Functional\UserTest::testCollectionFilterAccess()
File
-
core/
modules/ jsonapi/ tests/ src/ Functional/ UserTest.php, line 456
Class
- UserTest
- JSON:API integration test for the "User" content entity type.
Namespace
Drupal\Tests\jsonapi\FunctionalCode
public function testCollectionFilterAccess() {
// Set up data model.
$this->assertTrue($this->container
->get('module_installer')
->install([
'node',
], TRUE), 'Installed modules.');
FieldStorageConfig::create([
'entity_type' => static::$entityTypeId,
'field_name' => 'field_favorite_animal',
'type' => 'string',
])->setCardinality(1)
->save();
FieldConfig::create([
'entity_type' => static::$entityTypeId,
'field_name' => 'field_favorite_animal',
'bundle' => 'user',
])->setLabel('Test field')
->setTranslatable(FALSE)
->save();
$this->drupalCreateContentType([
'type' => 'x',
]);
$this->rebuildAll();
$this->grantPermissionsToTestedRole([
'access content',
]);
// Create data.
$user_a = User::create([])->setUsername('A')
->activate();
$user_a->save();
$user_b = User::create([])->setUsername('B')
->set('field_favorite_animal', 'stegosaurus')
->block();
$user_b->save();
$node_a = Node::create([
'type' => 'x',
])->setTitle('Owned by A')
->setOwner($user_a);
$node_a->save();
$node_b = Node::create([
'type' => 'x',
])->setTitle('Owned by B')
->setOwner($user_b);
$node_b->save();
$node_anon_1 = Node::create([
'type' => 'x',
])->setTitle('Owned by anon #1')
->setOwnerId(0);
$node_anon_1->save();
$node_anon_2 = Node::create([
'type' => 'x',
])->setTitle('Owned by anon #2')
->setOwnerId(0);
$node_anon_2->save();
$node_auth_1 = Node::create([
'type' => 'x',
])->setTitle('Owned by auth #1')
->setOwner($this->account);
$node_auth_1->save();
$favorite_animal_test_url = Url::fromRoute('jsonapi.user--user.collection')->setOption('query', [
'filter[field_favorite_animal]' => 'stegosaurus',
]);
// Test.
$collection_url = Url::fromRoute('jsonapi.node--x.collection');
$request_options = [];
$request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
$request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions());
// ?filter[uid.id]=OWN_UUID requires no permissions: 1 result.
$response = $this->request('GET', $collection_url->setOption('query', [
'filter[uid.id]' => $this->account
->uuid(),
]), $request_options);
$this->assertSession()
->responseHeaderContains('X-Drupal-Cache-Contexts', 'user.permissions');
$doc = Json::decode((string) $response->getBody());
$this->assertCount(1, $doc['data']);
$this->assertSame($node_auth_1->uuid(), $doc['data'][0]['id']);
// ?filter[uid.id]=ANONYMOUS_UUID: 0 results.
$response = $this->request('GET', $collection_url->setOption('query', [
'filter[uid.id]' => User::load(0)->uuid(),
]), $request_options);
$this->assertSession()
->responseHeaderContains('X-Drupal-Cache-Contexts', 'user.permissions');
$doc = Json::decode((string) $response->getBody());
$this->assertCount(0, $doc['data']);
// ?filter[uid.name]=A: 0 results.
$response = $this->request('GET', $collection_url->setOption('query', [
'filter[uid.name]' => 'A',
]), $request_options);
$doc = Json::decode((string) $response->getBody());
$this->assertCount(0, $doc['data']);
// /jsonapi/user/user?filter[field_favorite_animal]: 0 results.
$response = $this->request('GET', $favorite_animal_test_url, $request_options);
$this->assertSame(200, $response->getStatusCode());
$doc = Json::decode((string) $response->getBody());
$this->assertCount(0, $doc['data']);
// Grant "view" permission.
$this->grantPermissionsToTestedRole([
'access user profiles',
]);
// ?filter[uid.id]=ANONYMOUS_UUID: 0 results.
$response = $this->request('GET', $collection_url->setOption('query', [
'filter[uid.id]' => User::load(0)->uuid(),
]), $request_options);
$this->assertSession()
->responseHeaderContains('X-Drupal-Cache-Contexts', 'user.permissions');
$doc = Json::decode((string) $response->getBody());
$this->assertCount(0, $doc['data']);
// ?filter[uid.name]=A: 1 result since user A is active.
$response = $this->request('GET', $collection_url->setOption('query', [
'filter[uid.name]' => 'A',
]), $request_options);
$this->assertSession()
->responseHeaderContains('X-Drupal-Cache-Contexts', 'user.permissions');
$doc = Json::decode((string) $response->getBody());
$this->assertCount(1, $doc['data']);
$this->assertSame($node_a->uuid(), $doc['data'][0]['id']);
// ?filter[uid.name]=B: 0 results since user B is blocked.
$response = $this->request('GET', $collection_url->setOption('query', [
'filter[uid.name]' => 'B',
]), $request_options);
$this->assertSession()
->responseHeaderContains('X-Drupal-Cache-Contexts', 'user.permissions');
$doc = Json::decode((string) $response->getBody());
$this->assertCount(0, $doc['data']);
// /jsonapi/user/user?filter[field_favorite_animal]: 0 results.
$response = $this->request('GET', $favorite_animal_test_url, $request_options);
$this->assertSame(200, $response->getStatusCode());
$doc = Json::decode((string) $response->getBody());
$this->assertCount(0, $doc['data']);
// Grant "admin" permission.
$this->grantPermissionsToTestedRole([
'administer users',
]);
// ?filter[uid.name]=B: 1 result.
$response = $this->request('GET', $collection_url->setOption('query', [
'filter[uid.name]' => 'B',
]), $request_options);
$this->assertSession()
->responseHeaderContains('X-Drupal-Cache-Contexts', 'user.permissions');
$doc = Json::decode((string) $response->getBody());
$this->assertCount(1, $doc['data']);
$this->assertSame($node_b->uuid(), $doc['data'][0]['id']);
// /jsonapi/user/user?filter[field_favorite_animal]: 1 result.
$response = $this->request('GET', $favorite_animal_test_url, $request_options);
$this->assertSame(200, $response->getStatusCode());
$doc = Json::decode((string) $response->getBody());
$this->assertCount(1, $doc['data']);
$this->assertSame($user_b->uuid(), $doc['data'][0]['id']);
}
Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.