function EditorIntegrationLoadingTest::testUsersWithoutPermission
Tests loading of untransformed text when a user doesn't have access to it.
File
-
core/
modules/ quickedit/ tests/ src/ Functional/ EditorIntegrationLoadingTest.php, line 77
Class
- EditorIntegrationLoadingTest
- Tests Quick Edit module integration endpoints.
Namespace
Drupal\Tests\quickedit\FunctionalCode
public function testUsersWithoutPermission() {
// Create 3 users, each with insufficient permissions, i.e. without either
// or both of the following permissions:
// - the 'access in-place editing' permission
// - the 'edit any article content' permission (necessary to edit node 1)
$users = [
$this->drupalCreateUser(static::$basicPermissions),
$this->drupalCreateUser(array_merge(static::$basicPermissions, [
'edit any article content',
])),
$this->drupalCreateUser(array_merge(static::$basicPermissions, [
'access in-place editing',
])),
];
// Now test with each of the 3 users with insufficient permissions.
foreach ($users as $user) {
$this->drupalLogin($user);
$this->drupalGet('node/1');
// Ensure the text is transformed.
$this->assertSession()
->responseContains('<p>Do you also love Drupal?</p><figure role="group" class="caption caption-img"><img src="druplicon.png" /><figcaption>Druplicon</figcaption></figure>');
$client = $this->getHttpClient();
// Retrieving the untransformed text should result in a 403 response and
// return a different error message depending of the missing permission.
$response = $client->post($this->buildUrl('quickedit/node/1/body/en/full'), [
'query' => http_build_query([
MainContentViewSubscriber::WRAPPER_FORMAT => 'drupal_ajax',
]),
'cookies' => $this->getSessionCookies(),
'headers' => [
'Accept' => 'application/json',
'Content-Type' => 'application/x-www-form-urlencoded',
],
'http_errors' => FALSE,
]);
$this->assertEquals(403, $response->getStatusCode());
if (!$user->hasPermission('access in-place editing')) {
$message = "The 'access in-place editing' permission is required.";
}
else {
$message = "The 'edit any article content' permission is required.";
}
$body = Json::decode($response->getBody());
$this->assertSame($message, $body['message']);
}
}
Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.