function WidgetAccessTest::testWidgetAccess

Same name in other branches
  1. 9 core/modules/media_library/tests/src/FunctionalJavascript/WidgetAccessTest.php \Drupal\Tests\media_library\FunctionalJavascript\WidgetAccessTest::testWidgetAccess()
  2. 8.9.x core/modules/media_library/tests/src/FunctionalJavascript/WidgetAccessTest.php \Drupal\Tests\media_library\FunctionalJavascript\WidgetAccessTest::testWidgetAccess()
  3. 10 core/modules/media_library/tests/src/FunctionalJavascript/WidgetAccessTest.php \Drupal\Tests\media_library\FunctionalJavascript\WidgetAccessTest::testWidgetAccess()

Tests that the widget access works as expected.

File

core/modules/media_library/tests/src/FunctionalJavascript/WidgetAccessTest.php, line 28

Class

WidgetAccessTest
Tests the media library UI access.

Namespace

Drupal\Tests\media_library\FunctionalJavascript

Code

public function testWidgetAccess() : void {
    $assert_session = $this->assertSession();
    $session = $this->getSession();
    $this->createMediaItems([
        'type_one' => [
            'Horse',
            'Bear',
        ],
    ]);
    $account = $this->drupalCreateUser([
        'create basic_page content',
    ]);
    $this->drupalLogin($account);
    // Assert users can not select media items they do not have access to.
    $unpublished_media = Media::create([
        'name' => 'Mosquito',
        'bundle' => 'type_one',
        'field_media_test' => 'Mosquito',
        'status' => FALSE,
    ]);
    $unpublished_media->save();
    // Visit a node create page.
    $this->drupalGet('node/add/basic_page');
    // Set the hidden value and trigger the mousedown event on the button via
    // JavaScript since the field and button are hidden.
    $session->executeScript("jQuery('[data-media-library-widget-value=\"field_unlimited_media\"]').val('1,2,{$unpublished_media->id()}')");
    $session->executeScript("jQuery('[data-media-library-widget-update=\"field_unlimited_media\"]').trigger('mousedown')");
    $this->assertElementExistsAfterWait('css', '.js-media-library-item');
    // Assert the published items are selected and the unpublished item is not
    // selected.
    $assert_session->pageTextContains('Horse');
    $assert_session->pageTextContains('Bear');
    $assert_session->pageTextNotContains('Mosquito');
    $this->drupalLogout();
    $role = Role::load(RoleInterface::ANONYMOUS_ID);
    $role->revokePermission('view media');
    $role->save();
    // Create a working state.
    $allowed_types = [
        'type_one',
        'type_two',
        'type_three',
        'type_four',
    ];
    // The opener parameters are not relevant to the test, but the opener
    // expects them to be there or it will deny access.
    $state = MediaLibraryState::create('media_library.opener.field_widget', $allowed_types, 'type_three', 2, [
        'entity_type_id' => 'node',
        'bundle' => 'basic_page',
        'field_name' => 'field_unlimited_media',
    ]);
    $url_options = [
        'query' => $state->all(),
    ];
    // Verify that unprivileged users can't access the widget view.
    $this->drupalGet('admin/content/media-widget', $url_options);
    $assert_session->responseContains('Access denied');
    $this->drupalGet('admin/content/media-widget-table', $url_options);
    $assert_session->responseContains('Access denied');
    $this->drupalGet('media-library', $url_options);
    $assert_session->responseContains('Access denied');
    // Allow users with 'view media' permission to access the media library view
    // and controller. Since we are using the node entity type in the state
    // object, ensure the user also has permission to work with those.
    $this->grantPermissions($role, [
        'create basic_page content',
        'view media',
    ]);
    $this->drupalGet('admin/content/media-widget', $url_options);
    $assert_session->elementExists('css', '.js-media-library-view');
    $this->drupalGet('admin/content/media-widget-table', $url_options);
    $assert_session->elementExists('css', '.js-media-library-view');
    $this->drupalGet('media-library', $url_options);
    $assert_session->elementExists('css', '.js-media-library-view');
    // Assert the user does not have access to the media add form if the user
    // does not have the 'create media' permission.
    $assert_session->fieldNotExists('files[upload][]');
    // Assert users can not access the widget displays of the media library view
    // without a valid media library state.
    $this->drupalGet('admin/content/media-widget');
    $assert_session->responseContains('Access denied');
    $this->drupalGet('admin/content/media-widget-table');
    $assert_session->responseContains('Access denied');
    $this->drupalGet('media-library');
    $assert_session->responseContains('Access denied');
    // Assert users with the 'create media' permission can access the media add
    // form.
    $this->grantPermissions($role, [
        'create media',
    ]);
    $this->drupalGet('media-library', $url_options);
    $assert_session->elementExists('css', '.js-media-library-view');
    $assert_session->fieldExists('Add files');
    // Assert the media library can not be accessed if the required state
    // parameters are changed without changing the hash.
    $this->drupalGet('media-library', [
        'query' => array_merge($url_options['query'], [
            'media_library_opener_id' => 'fail',
        ]),
    ]);
    $assert_session->responseContains('Access denied');
    $this->drupalGet('media-library', [
        'query' => array_merge($url_options['query'], [
            'media_library_allowed_types' => [
                'type_one',
                'type_two',
            ],
        ]),
    ]);
    $assert_session->responseContains('Access denied');
    $this->drupalGet('media-library', [
        'query' => array_merge($url_options['query'], [
            'media_library_selected_type' => 'type_one',
        ]),
    ]);
    $assert_session->responseContains('Access denied');
    $this->drupalGet('media-library', [
        'query' => array_merge($url_options['query'], [
            'media_library_remaining' => 3,
        ]),
    ]);
    $assert_session->responseContains('Access denied');
    $this->drupalGet('media-library', [
        'query' => array_merge($url_options['query'], [
            'hash' => 'fail',
        ]),
    ]);
    $assert_session->responseContains('Access denied');
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.