View source
<?php
declare (strict_types=1);
namespace Drupal\Tests\media_library\Kernel;
use Drupal\Core\Access\AccessResult;
use Drupal\Core\Access\AccessResultReasonInterface;
use Drupal\entity_test\Entity\EntityTestBundle;
use Drupal\entity_test\Entity\EntityTestWithBundle;
use Drupal\field\Entity\FieldConfig;
use Drupal\field\Entity\FieldStorageConfig;
use Drupal\KernelTests\KernelTestBase;
use Drupal\media_library\MediaLibraryState;
use Drupal\Tests\media\Traits\MediaTypeCreationTrait;
use Drupal\Tests\user\Traits\UserCreationTrait;
use Drupal\views\Views;
class MediaLibraryAccessTest extends KernelTestBase {
use UserCreationTrait;
use MediaTypeCreationTrait;
protected static $modules = [
'entity_test',
'media',
'media_library',
'media_library_test',
'filter',
'file',
'field',
'image',
'system',
'views',
'user',
];
protected function setUp() : void {
parent::setUp();
$this
->installEntitySchema('user');
$this
->installEntitySchema('file');
$this
->installSchema('file', 'file_usage');
$this
->installEntitySchema('entity_test_with_bundle');
$this
->installEntitySchema('filter_format');
$this
->installEntitySchema('media');
$this
->installConfig([
'field',
'system',
'file',
'image',
'media',
'media_library',
]);
EntityTestBundle::create([
'id' => 'test',
])
->save();
$field_storage = FieldStorageConfig::create([
'type' => 'entity_reference',
'field_name' => 'field_test_media',
'entity_type' => 'entity_test_with_bundle',
'settings' => [
'target_type' => 'media',
],
]);
$field_storage
->save();
FieldConfig::create([
'field_storage' => $field_storage,
'bundle' => 'test',
])
->save();
$this
->createUser([]);
}
public function testFieldWidgetEntityCreateAccess() {
$ui_builder = $this->container
->get('media_library.ui_builder');
$state = MediaLibraryState::create('media_library.opener.field_widget', [
'file',
'image',
], 'file', 2, [
'entity_type_id' => 'entity_test_with_bundle',
'bundle' => 'test',
'field_name' => 'field_test_media',
]);
$access_result = $ui_builder
->checkAccess($this
->createUser(), $state);
$this
->assertAccess($access_result, FALSE, "The following permissions are required: 'administer entity_test content' OR 'administer entity_test_with_bundle content' OR 'create test entity_test_with_bundle entities'.", [], [
'url.query_args',
'user.permissions',
]);
$account = $this
->createUser([
'create test entity_test_with_bundle entities',
'view media',
]);
$access_result = $ui_builder
->checkAccess($account, $state);
$this
->assertAccess($access_result, TRUE, NULL, Views::getView('media_library')->storage
->getCacheTags(), [
'url.query_args',
'user.permissions',
]);
}
public function testEditorOpenerAccess($media_embed_enabled, $can_use_format) {
$format = $this->container
->get('entity_type.manager')
->getStorage('filter_format')
->create([
'format' => $this
->randomMachineName(),
'name' => $this
->randomString(),
'filters' => [
'media_embed' => [
'status' => $media_embed_enabled,
],
],
]);
$format
->save();
$permissions = [
'access media overview',
'view media',
];
if ($can_use_format) {
$permissions[] = $format
->getPermissionName();
}
$state = MediaLibraryState::create('media_library.opener.editor', [
'image',
], 'image', 1, [
'filter_format_id' => $format
->id(),
]);
$access_result = $this->container
->get('media_library.ui_builder')
->checkAccess($this
->createUser($permissions), $state);
if ($media_embed_enabled && $can_use_format) {
$this
->assertAccess($access_result, TRUE, NULL, Views::getView('media_library')->storage
->getCacheTags(), [
'user.permissions',
]);
}
else {
$this
->assertAccess($access_result, FALSE, NULL, [], [
'user.permissions',
]);
}
}
public static function editorOpenerAccessProvider() {
return [
'media_embed filter enabled' => [
TRUE,
TRUE,
],
'media_embed filter disabled' => [
FALSE,
TRUE,
],
'media_embed filter enabled, user not allowed to use text format' => [
TRUE,
FALSE,
],
];
}
public function testFieldWidgetEntityEditAccess() {
$ui_builder = $this->container
->get('media_library.ui_builder');
$forbidden_entity = EntityTestWithBundle::create([
'type' => 'test',
'name' => 'forbid_access',
]);
$forbidden_entity
->save();
$state = MediaLibraryState::create('media_library.opener.field_widget', [
'file',
'image',
], 'file', 2, [
'entity_type_id' => $forbidden_entity
->getEntityTypeId(),
'bundle' => $forbidden_entity
->bundle(),
'field_name' => 'field_test_media',
'entity_id' => $forbidden_entity
->id(),
]);
$access_result = $ui_builder
->checkAccess($this
->createUser(), $state);
$this
->assertAccess($access_result, FALSE, NULL, [], [
'url.query_args',
]);
$neutral_entity = EntityTestWithBundle::create([
'type' => 'test',
'name' => $this
->randomString(),
]);
$neutral_entity
->save();
$parameters = $state
->getOpenerParameters();
$parameters['entity_id'] = $neutral_entity
->id();
$state = MediaLibraryState::create($state
->getOpenerId(), $state
->getAllowedTypeIds(), $state
->getSelectedTypeId(), $state
->getAvailableSlots(), $parameters);
$access_result = $ui_builder
->checkAccess($this
->createUser(), $state);
$this
->assertTrue($access_result
->isNeutral());
$this
->assertAccess($access_result, FALSE, NULL, [], [
'url.query_args',
'user.permissions',
]);
$account = $this
->createUser([
'administer entity_test content',
'view media',
]);
$access_result = $ui_builder
->checkAccess($account, $state);
$this
->assertAccess($access_result, TRUE, NULL, Views::getView('media_library')->storage
->getCacheTags(), [
'url.query_args',
'user.permissions',
]);
}
public static function providerFieldWidgetEntityFieldAccess() : array {
return [
[
'entity_reference',
],
[
'entity_reference_subclass',
],
];
}
public function testFieldWidgetEntityFieldAccess(string $field_type) {
$field_storage = FieldStorageConfig::create([
'type' => $field_type,
'entity_type' => 'entity_test_with_bundle',
'field_name' => 'field_media_no_access',
'settings' => [
'target_type' => 'media',
],
]);
$field_storage
->save();
FieldConfig::create([
'field_storage' => $field_storage,
'bundle' => 'test',
])
->save();
$ui_builder = $this->container
->get('media_library.ui_builder');
$account = $this
->createUser([
'administer entity_test content',
]);
$state = MediaLibraryState::create('media_library.opener.field_widget', [
'file',
'image',
], 'file', 2, [
'entity_type_id' => 'entity_test_with_bundle',
'bundle' => 'test',
'field_name' => $field_storage
->getName(),
]);
$access_result = $ui_builder
->checkAccess($account, $state);
$this
->assertAccess($access_result, FALSE, 'Field access denied by test module', [], [
'url.query_args',
'user.permissions',
]);
$entity = EntityTestWithBundle::create([
'type' => 'test',
'name' => $this
->randomString(),
]);
$entity
->save();
$parameters = $state
->getOpenerParameters();
$parameters['entity_id'] = $entity
->id();
$state = MediaLibraryState::create($state
->getOpenerId(), $state
->getAllowedTypeIds(), $state
->getSelectedTypeId(), $state
->getAvailableSlots(), $parameters);
$access_result = $ui_builder
->checkAccess($account, $state);
$this
->assertAccess($access_result, FALSE, 'Field access denied by test module', [], [
'url.query_args',
'user.permissions',
]);
}
public function testViewAccess() {
$ui_builder = $this->container
->get('media_library.ui_builder');
$state = MediaLibraryState::create('media_library.opener.field_widget', [
'file',
'image',
], 'file', 2, [
'entity_type_id' => 'entity_test_with_bundle',
'bundle' => 'test',
'field_name' => 'field_test_media',
]);
$view_original = clone Views::getView('media_library');
$forbidden_account = $this
->createUser([
'create test entity_test_with_bundle entities',
]);
$allowed_account = $this
->createUser([
'create test entity_test_with_bundle entities',
'view media',
]);
$access_result = $ui_builder
->checkAccess($forbidden_account, $state);
$this
->assertAccess($access_result, FALSE, "The 'view media' permission is required.", $view_original->storage
->getCacheTags(), [
'url.query_args',
'user.permissions',
]);
$view_storage = Views::getView('media_library')->storage;
$displays = $view_storage
->get('display');
unset($displays['widget']);
$view_storage
->set('display', $displays);
$view_storage
->save();
$access_result = $ui_builder
->checkAccess($allowed_account, $state);
$this
->assertAccess($access_result, FALSE, 'The media library widget display does not exist.', $view_original->storage
->getCacheTags());
$view_original->storage
->save();
$access_result = $ui_builder
->checkAccess($allowed_account, $state);
$this
->assertAccess($access_result, TRUE, NULL, $view_original->storage
->getCacheTags(), [
'url.query_args',
'user.permissions',
]);
Views::getView('media_library')->storage
->delete();
$access_result = $ui_builder
->checkAccess($allowed_account, $state);
$this
->assertAccess($access_result, FALSE, 'The media library view does not exist.');
}
public function testAddFormAccess() : void {
$media_types = [
$this
->createMediaType('image', [
'id' => 'deny_access',
])
->id(),
$this
->createMediaType('image')
->id(),
];
$account = $this
->createUser([
'create media',
]);
$this
->setCurrentUser($account);
$ui_builder = $this->container
->get('media_library.ui_builder');
$state = MediaLibraryState::create('test', $media_types, $media_types[0], 1);
$build = $ui_builder
->buildUi($state);
$this
->assertEmpty($build['content']['form']);
$state = MediaLibraryState::create('test', $media_types, $media_types[1], 1);
$build = $ui_builder
->buildUi($state);
$this
->assertNotEmpty($build['content']['form']);
}
private function assertAccess(AccessResult $access_result, bool $is_allowed, string $expected_reason = NULL, array $expected_cache_tags = [], array $expected_cache_contexts = []) : void {
$this
->assertSame($is_allowed, $access_result
->isAllowed());
if ($access_result instanceof AccessResultReasonInterface && isset($expected_reason)) {
$this
->assertSame($expected_reason, $access_result
->getReason());
}
$this
->assertEqualsCanonicalizing($expected_cache_tags, $access_result
->getCacheTags());
$this
->assertEqualsCanonicalizing($expected_cache_contexts, $access_result
->getCacheContexts());
}
}