function MediaLibraryAccessTest::testViewAccess

Same name and namespace in other branches
  1. 8.9.x core/modules/media_library/tests/src/Kernel/MediaLibraryAccessTest.php \Drupal\Tests\media_library\Kernel\MediaLibraryAccessTest::testViewAccess()
  2. 10 core/modules/media_library/tests/src/Kernel/MediaLibraryAccessTest.php \Drupal\Tests\media_library\Kernel\MediaLibraryAccessTest::testViewAccess()
  3. 11.x core/modules/media_library/tests/src/Kernel/MediaLibraryAccessTest.php \Drupal\Tests\media_library\Kernel\MediaLibraryAccessTest::testViewAccess()

Tests that media library access respects the media_library view.

File

core/modules/media_library/tests/src/Kernel/MediaLibraryAccessTest.php, line 338

Class

MediaLibraryAccessTest
Tests the media library access.

Namespace

Drupal\Tests\media_library\Kernel

Code

public function testViewAccess() {
    
    /** @var \Drupal\media_library\MediaLibraryUiBuilder $ui_builder */
    $ui_builder = $this->container
        ->get('media_library.ui_builder');
    // Create a media library state to test access.
    $state = MediaLibraryState::create('media_library.opener.field_widget', [
        'file',
        'image',
    ], 'file', 2, [
        'entity_type_id' => 'entity_test',
        'bundle' => 'test',
        'field_name' => 'field_test_media',
    ]);
    // Create a clone of the view so we can reset the original later.
    $view_original = clone Views::getView('media_library');
    // Create our test users. Both have permission to create entity_test content
    // so that we can specifically test Views-related access checking.
    // @see ::testEntityCreateAccess()
    $forbidden_account = $this->createUser([
        'create test entity_test_with_bundle entities',
    ]);
    $allowed_account = $this->createUser([
        'create test entity_test_with_bundle entities',
        'view media',
    ]);
    // Assert the 'view media' permission is needed to access the library and
    // validate the cache dependencies.
    $access_result = $ui_builder->checkAccess($forbidden_account, $state);
    $this->assertAccess($access_result, FALSE, "The 'view media' permission is required.", $view_original->storage
        ->getCacheTags(), [
        'url.query_args',
        'user.permissions',
    ]);
    // Assert that the media library access is denied when the view widget
    // display is deleted.
    $view_storage = Views::getView('media_library')->storage;
    $displays = $view_storage->get('display');
    unset($displays['widget']);
    $view_storage->set('display', $displays);
    $view_storage->save();
    $access_result = $ui_builder->checkAccess($allowed_account, $state);
    $this->assertAccess($access_result, FALSE, 'The media library widget display does not exist.', $view_original->storage
        ->getCacheTags());
    // Restore the original view and assert that the media library controller
    // works again.
    $view_original->storage
        ->save();
    $access_result = $ui_builder->checkAccess($allowed_account, $state);
    $this->assertAccess($access_result, TRUE, NULL, $view_original->storage
        ->getCacheTags(), [
        'url.query_args',
        'user.permissions',
    ]);
    // Assert that the media library access is denied when the entire media
    // library view is deleted.
    Views::getView('media_library')->storage
        ->delete();
    $access_result = $ui_builder->checkAccess($allowed_account, $state);
    $this->assertAccess($access_result, FALSE, 'The media library view does not exist.');
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.