function MediaAccessTest::testMediaAccess

Same name in other branches
  1. 9 core/modules/media/tests/src/Functional/MediaAccessTest.php \Drupal\Tests\media\Functional\MediaAccessTest::testMediaAccess()
  2. 8.9.x core/modules/media/tests/src/Functional/MediaAccessTest.php \Drupal\Tests\media\Functional\MediaAccessTest::testMediaAccess()
  3. 11.x core/modules/media/tests/src/Functional/MediaAccessTest.php \Drupal\Tests\media\Functional\MediaAccessTest::testMediaAccess()

Tests some access control functionality.

File

core/modules/media/tests/src/Functional/MediaAccessTest.php, line 49

Class

MediaAccessTest
Basic access tests for Media.

Namespace

Drupal\Tests\media\Functional

Code

public function testMediaAccess() : void {
    $assert_session = $this->assertSession();
    $media_type = $this->createMediaType('test');
    \Drupal::configFactory()->getEditable('media.settings')
        ->set('standalone_url', TRUE)
        ->save(TRUE);
    $this->container
        ->get('router.builder')
        ->rebuild();
    // Create media.
    $media = Media::create([
        'bundle' => $media_type->id(),
        'name' => 'Unnamed',
    ]);
    $media->save();
    $user_media = Media::create([
        'bundle' => $media_type->id(),
        'name' => 'Unnamed',
        'uid' => $this->nonAdminUser
            ->id(),
    ]);
    $user_media->save();
    // We are logged in as admin, so test 'administer media' permission.
    $this->drupalGet('media/add/' . $media_type->id());
    $this->assertCacheContext('user.permissions');
    $assert_session->statusCodeEquals(200);
    $this->drupalGet('media/' . $user_media->id());
    $this->assertCacheContext('user.permissions');
    $assert_session->statusCodeEquals(200);
    $this->drupalGet('media/' . $user_media->id() . '/edit');
    $this->assertCacheContext('user.permissions');
    $assert_session->statusCodeEquals(200);
    $this->drupalGet('media/' . $user_media->id() . '/delete');
    $this->assertCacheContext('user.permissions');
    $assert_session->statusCodeEquals(200);
    $this->drupalLogin($this->nonAdminUser);
    
    /** @var \Drupal\user\RoleInterface $role */
    $role = Role::load(RoleInterface::AUTHENTICATED_ID);
    user_role_revoke_permissions($role->id(), [
        'view media',
    ]);
    // Test 'create BUNDLE media' permission.
    $this->drupalGet('media/add/' . $media_type->id());
    $this->assertCacheContext('user.permissions');
    $assert_session->statusCodeEquals(403);
    $permissions = [
        'create ' . $media_type->id() . ' media',
    ];
    $this->grantPermissions($role, $permissions);
    $this->drupalGet('media/add/' . $media_type->id());
    $this->assertCacheContext('user.permissions');
    $assert_session->statusCodeEquals(200);
    user_role_revoke_permissions($role->id(), $permissions);
    $role = Role::load(RoleInterface::AUTHENTICATED_ID);
    // Verify the author can not view the unpublished media item without
    // 'view own unpublished media' permission.
    $this->grantPermissions($role, [
        'view media',
    ]);
    $this->drupalGet('media/' . $user_media->id());
    $this->assertNoCacheContext('user');
    $this->assertCacheContext('user.permissions');
    $assert_session->statusCodeEquals(200);
    $previous_revision = $user_media->getLoadedRevisionId();
    $user_media->setUnpublished()
        ->setNewRevision();
    $user_media->save();
    $this->drupalGet('media/' . $user_media->id());
    $this->assertCacheContext('user.permissions');
    $assert_session->statusCodeEquals(403);
    $access_result = $user_media->access('view', NULL, TRUE);
    $this->assertSame("The user must be the owner and the 'view own unpublished media' permission is required when the media item is unpublished.", $access_result->getReason());
    $this->grantPermissions($role, [
        'view own unpublished media',
    ]);
    $this->drupalGet('media/' . $user_media->id());
    $this->assertCacheContext('user');
    $assert_session->statusCodeEquals(200);
    // Test revision access - logged-in user.
    $this->grantPermissions($role, [
        'view all media revisions',
    ]);
    $this->drupalGet('media/' . $user_media->id() . '/revisions');
    $this->assertCacheContext('user');
    $assert_session->statusCodeEquals(200);
    $this->drupalGet('media/' . $user_media->id() . '/revisions/' . $user_media->getRevisionId() . '/view');
    $this->assertCacheContext('user');
    $assert_session->statusCodeEquals(200);
    $this->drupalGet('media/' . $user_media->id() . '/revisions/' . $previous_revision . '/view');
    $this->assertCacheContext('user.permissions');
    $assert_session->statusCodeEquals(200);
    $role->revokePermission('view own unpublished media')
        ->save();
    $this->drupalGet('media/' . $user_media->id() . '/revisions/' . $user_media->getRevisionId() . '/view');
    $this->assertCacheContext('user.permissions');
    $assert_session->statusCodeEquals(403);
    $user_media->setPublished()
        ->setNewRevision();
    $user_media->save();
    // Revision access - logged-out user.
    $this->drupalLogout();
    $this->drupalGet('media/' . $user_media->id() . '/revisions');
    $assert_session->statusCodeEquals(403);
    $this->drupalGet('media/' . $user_media->id() . '/revisions/' . $user_media->getRevisionId() . '/view');
    $assert_session->statusCodeEquals(403);
    $this->drupalGet('media/' . $user_media->id() . '/revisions/' . $previous_revision . '/view');
    $assert_session->statusCodeEquals(403);
    // Reverse revision access testing changes.
    $role->revokePermission('view all media revisions')
        ->grantPermission('view own unpublished media')
        ->save();
    $user_media->setPublished()
        ->setNewRevision();
    $user_media->save();
    $this->drupalLogin($this->nonAdminUser);
    // Test 'create media' permission.
    $this->drupalGet('media/add/' . $media_type->id());
    $this->assertCacheContext('user.permissions');
    $assert_session->statusCodeEquals(403);
    $permissions = [
        'create media',
    ];
    $this->grantPermissions($role, $permissions);
    $this->drupalGet('media/add/' . $media_type->id());
    $this->assertCacheContext('user.permissions');
    $assert_session->statusCodeEquals(200);
    user_role_revoke_permissions($role->id(), $permissions);
    $role = Role::load(RoleInterface::AUTHENTICATED_ID);
    // Test 'edit own BUNDLE media' and 'delete own BUNDLE media' permissions.
    $this->drupalGet('media/' . $user_media->id() . '/edit');
    $this->assertCacheContext('user.permissions');
    $assert_session->statusCodeEquals(403);
    $this->drupalGet('media/' . $user_media->id() . '/delete');
    $this->assertCacheContext('user.permissions');
    $assert_session->statusCodeEquals(403);
    $permissions = [
        'edit own ' . $user_media->bundle() . ' media',
        'delete own ' . $user_media->bundle() . ' media',
    ];
    $this->grantPermissions($role, $permissions);
    $this->drupalGet('media/' . $user_media->id() . '/edit');
    $this->assertCacheContext('user');
    $assert_session->statusCodeEquals(200);
    $this->drupalGet('media/' . $user_media->id() . '/delete');
    $this->assertCacheContext('user');
    $assert_session->statusCodeEquals(200);
    user_role_revoke_permissions($role->id(), $permissions);
    $role = Role::load(RoleInterface::AUTHENTICATED_ID);
    // Test 'edit any BUNDLE media' and 'delete any BUNDLE media' permissions.
    $this->drupalGet('media/' . $media->id() . '/edit');
    $this->assertCacheContext('user.permissions');
    $assert_session->statusCodeEquals(403);
    $this->drupalGet('media/' . $media->id() . '/delete');
    $this->assertCacheContext('user.permissions');
    $assert_session->statusCodeEquals(403);
    $permissions = [
        'edit any ' . $media->bundle() . ' media',
        'delete any ' . $media->bundle() . ' media',
    ];
    $this->grantPermissions($role, $permissions);
    $this->drupalGet('media/' . $media->id() . '/edit');
    $this->assertCacheContext('user.permissions');
    $assert_session->statusCodeEquals(200);
    $this->drupalGet('media/' . $media->id() . '/delete');
    $this->assertCacheContext('user.permissions');
    $assert_session->statusCodeEquals(200);
    // Test the 'access media overview' permission.
    $this->grantPermissions($role, [
        'access content overview',
    ]);
    $this->drupalGet('admin/content');
    $assert_session->linkByHrefNotExists('/admin/content/media');
    $this->assertCacheContext('user');
    // Create a new role, which implicitly checks if the permission exists.
    $mediaOverviewRole = $this->createRole([
        'access content overview',
        'access media overview',
    ]);
    $this->nonAdminUser
        ->addRole($mediaOverviewRole)
        ->save();
    $this->drupalGet('admin/content');
    $assert_session->linkByHrefExists('/admin/content/media');
    $this->clickLink('Media');
    $this->assertCacheContext('user');
    $assert_session->statusCodeEquals(200);
    $assert_session->elementExists('css', '.views-element-container');
    // First row of the View contains media created by admin user.
    $assert_session->elementTextEquals('xpath', '//div[@class="views-element-container"]//tbody/tr[1]/td[contains(@class, "views-field-uid")]/a', $this->adminUser
        ->getDisplayName());
    $assert_session->elementTextEquals('xpath', "//div[@class='views-element-container']//tbody/tr[1]/td[contains(@class, 'views-field-name')]/a[contains(@href, '/media/{$media->id()}')]", 'Unnamed');
    // Second row of the View contains media created by non-admin user.
    $assert_session->elementTextEquals('xpath', '//div[@class="views-element-container"]//tbody/tr[2]/td[contains(@class, "views-field-uid")]/a', $this->nonAdminUser
        ->getDisplayName());
    $assert_session->elementTextEquals('xpath', "//div[@class='views-element-container']//tbody/tr[2]/td[contains(@class, 'views-field-name')]/a[contains(@href, '/media/{$user_media->id()}')]", 'Unnamed');
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.