function CommonCollectionFilterAccessTestPatternsTrait::doTestCollectionFilterAccessBasedOnPermissions

Same name and namespace in other branches

9 core/modules/jsonapi/tests/src/Traits/CommonCollectionFilterAccessTestPatternsTrait.php \Drupal\Tests\jsonapi\Traits\CommonCollectionFilterAccessTestPatternsTrait::doTestCollectionFilterAccessBasedOnPermissions()
8.9.x core/modules/jsonapi/tests/src/Traits/CommonCollectionFilterAccessTestPatternsTrait.php \Drupal\Tests\jsonapi\Traits\CommonCollectionFilterAccessTestPatternsTrait::doTestCollectionFilterAccessBasedOnPermissions()
10 core/modules/jsonapi/tests/src/Traits/CommonCollectionFilterAccessTestPatternsTrait.php \Drupal\Tests\jsonapi\Traits\CommonCollectionFilterAccessTestPatternsTrait::doTestCollectionFilterAccessBasedOnPermissions()

Implements ::testCollectionFilterAccess() for pure permission-based access.

Parameters

string $label_field_name: The entity type's label field name.

string $view_permission: The entity type's permission that grants 'view' access.

Return value

\Drupal\Core\Entity\EntityInterface The referencing entity.

5 calls to CommonCollectionFilterAccessTestPatternsTrait::doTestCollectionFilterAccessBasedOnPermissions()

CommonCollectionFilterAccessTestPatternsTrait::doTestCollectionFilterAccessForPublishableEntities in core/modules/jsonapi/tests/src/Traits/CommonCollectionFilterAccessTestPatternsTrait.php: Implements ::testCollectionFilterAccess() for permission + status access.
FileTest::testCollectionFilterAccess in core/modules/jsonapi/tests/src/Functional/FileTest.php
MenuLinkContentTest::testCollectionFilterAccess in core/modules/jsonapi/tests/src/Functional/MenuLinkContentTest.php
ShortcutTest::testCollectionFilterAccess in core/modules/jsonapi/tests/src/Functional/ShortcutTest.php
TermTest::testCollectionFilterAccess in core/modules/jsonapi/tests/src/Functional/TermTest.php

File

core/modules/jsonapi/tests/src/Traits/CommonCollectionFilterAccessTestPatternsTrait.php, line 34

Class

CommonCollectionFilterAccessTestPatternsTrait: Provides common filter access control tests.

Namespace

Drupal\Tests\jsonapi\Traits

Code

public function doTestCollectionFilterAccessBasedOnPermissions($label_field_name, $view_permission) {
    assert($this instanceof ResourceTestBase);
    // Set up data model.
    $this->assertTrue($this->container
        ->get('module_installer')
        ->install([
        'entity_test',
    ], TRUE), 'Installed modules.');
    entity_test_create_bundle('bar', NULL, 'entity_test');
    $this->createEntityReferenceField('entity_test', 'bar', 'spotlight', NULL, static::$entityTypeId, 'default', [
        'target_bundles' => [
            $this->entity
                ->bundle() => $this->entity
                ->bundle(),
        ],
    ]);
    $this->rebuildAll();
    $this->grantPermissionsToTestedRole([
        'view test entity',
    ]);
    // Create data.
    $referencing_entity = EntityTest::create([
        'name' => 'Camelids',
        'type' => 'bar',
        'spotlight' => [
            'target_id' => $this->entity
                ->id(),
        ],
    ]);
    $referencing_entity->save();
    // Test.
    $collection_url = Url::fromRoute('jsonapi.entity_test--bar.collection');
    // Specifying a delta exercises TemporaryQueryGuard more thoroughly.
    $filter_path = "spotlight.0.{$label_field_name}";
    $collection_filter_url = $collection_url->setOption('query', [
        "filter[{$filter_path}]" => $this->entity
            ->label(),
    ]);
    $request_options = [];
    $request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
    $request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions());
    if ($view_permission !== NULL) {
        // ?filter[spotlight.LABEL]: 0 results.
        $response = $this->request('GET', $collection_filter_url, $request_options);
        $doc = Json::decode((string) $response->getBody());
        $this->assertCount(0, $doc['data']);
        // Grant "view" permission.
        $this->grantPermissionsToTestedRole([
            $view_permission,
        ]);
    }
    // ?filter[spotlight.LABEL]: 1 result.
    $response = $this->request('GET', $collection_filter_url, $request_options);
    $doc = Json::decode((string) $response->getBody());
    $this->assertCount(1, $doc['data']);
    $this->assertSame($referencing_entity->uuid(), $doc['data'][0]['id']);
    // ?filter[spotlight.LABEL]: 1 result.
    $response = $this->request('GET', $collection_filter_url, $request_options);
    $doc = Json::decode((string) $response->getBody());
    $this->assertCount(1, $doc['data']);
    $this->assertSame($referencing_entity->uuid(), $doc['data'][0]['id']);
    // Install the jsonapi_test_field_filter_access module, which contains a
    // hook_jsonapi_entity_field_filter_access() implementation that forbids
    // access to the spotlight field if the 'filter by spotlight field'
    // permission is not granted.
    $this->assertTrue($this->container
        ->get('module_installer')
        ->install([
        'jsonapi_test_field_filter_access',
    ], TRUE), 'Installed modules.');
    $this->rebuildAll();
    // Ensure that a 403 response is generated for attempting to filter by a
    // field that is forbidden by an implementation of
    // hook_jsonapi_entity_field_filter_access() .
    $response = $this->request('GET', $collection_filter_url, $request_options);
    $message = "The current user is not authorized to filter by the `spotlight` field, given in the path `spotlight`.";
    $expected_cache_tags = [
        '4xx-response',
        'http_response',
    ];
    $expected_cache_contexts = [
        'url.query_args:filter',
        'url.query_args:sort',
        'url.site',
        'user.permissions',
    ];
    $this->assertResourceErrorResponse(403, $message, $collection_filter_url, $response, FALSE, $expected_cache_tags, $expected_cache_contexts, FALSE, 'MISS');
    // And ensure the it is allowed when the proper permission is granted.
    $this->grantPermissionsToTestedRole([
        'filter by spotlight field',
    ]);
    $response = $this->request('GET', $collection_filter_url, $request_options);
    $doc = Json::decode((string) $response->getBody());
    $this->assertCount(1, $doc['data']);
    $this->assertSame($referencing_entity->uuid(), $doc['data'][0]['id']);
    $this->revokePermissionsFromTestedRole([
        'filter by spotlight field',
    ]);
    $this->assertTrue($this->container
        ->get('module_installer')
        ->uninstall([
        'jsonapi_test_field_filter_access',
    ], TRUE), 'Uninstalled modules.');
    return $referencing_entity;
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.

function CommonCollectionFilterAccessTestPatternsTrait::doTestCollectionFilterAccessBasedOnPermissions

Parameters

Return value

File

Class

Namespace

Code

Search drupal 11.x

API Navigation

Breadcrumb

function CommonCollectionFilterAccessTestPatternsTrait::doTestCollectionFilterAccessBasedOnPermissions

Parameters

Return value

File

Class

Namespace

Code

Search drupal 11.x

API Navigation