function LinksetControllerTest::testAccess

Same name and namespace in other branches
  1. 10 core/modules/system/tests/src/Functional/Menu/LinksetControllerTest.php \Drupal\Tests\system\Functional\Menu\LinksetControllerTest::testAccess()

Test the access control functionality of the linkset endpoint.

By testing with different current users (Anonymous included) against the user account menu, this test ensures that the menu endpoint respects route access controls. E.g. it does not output links to which the current user does not have access (if it can be determined).

File

core/modules/system/tests/src/Functional/Menu/LinksetControllerTest.php, line 222

Class

LinksetControllerTest
Tests the behavior of the linkset controller.

Namespace

Drupal\Tests\system\Functional\Menu

Code

public function testAccess() : void {
    $this->enableEndpoint(TRUE);
    $expected_cacheability = new CacheableMetadata();
    $expected_cacheability->addCacheContexts([
        'user.permissions',
    ]);
    $expected_cacheability->addCacheTags([
        'config:system.menu.main',
        'config:user.role.anonymous',
        'http_response',
        'node:1',
        'node:2',
        'node:3',
    ]);
    // Warm the cache, then get a response and ensure it was warmed.
    $this->doRequest('GET', Url::fromUri('base:/system/menu/main/linkset'));
    $response = $this->doRequest('GET', Url::fromUri('base:/system/menu/main/linkset'));
    $this->assertDrupalResponseCacheability('HIT', $expected_cacheability, $response);
    // Ensure the "Our name" menu link is visible.
    $link_items = Json::decode((string) $response->getBody())['linkset'][0]['item'];
    $titles = array_column($link_items, 'title');
    $this->assertContains('Our name', $titles);
    // Now, unpublish the target node.
    $our_name_page = Node::load(2);
    assert($our_name_page instanceof NodeInterface);
    $our_name_page->setUnpublished()
        ->save();
    // Redo the request.
    $response = $this->doRequest('GET', Url::fromUri('base:/system/menu/main/linkset'));
    // Assert that the cache was invalidated.
    $this->assertDrupalResponseCacheability('MISS', $expected_cacheability, $response);
    // Ensure the "Our name" menu link is no longer visible.
    $link_items = Json::decode((string) $response->getBody())['linkset'][0]['item'];
    $titles = array_column($link_items, 'title');
    $this->assertNotContains('Our name', $titles);
    // Redo the request, but authenticate as the unpublished page's author.
    $response = $this->doRequest('GET', Url::fromUri('base:/system/menu/main/linkset'), 200, $this->authorAccount);
    $expected_cacheability = new CacheableMetadata();
    $expected_cacheability->addCacheContexts([
        'user',
    ]);
    $expected_cacheability->addCacheTags([
        'config:system.menu.main',
        'http_response',
        'node:1',
        'node:2',
        'node:3',
    ]);
    $this->assertDrupalResponseCacheability(FALSE, $expected_cacheability, $response);
    // Ensure the "Our name" menu link is visible.
    $link_items = Json::decode((string) $response->getBody())['linkset'][0]['item'];
    $titles = array_column($link_items, 'title');
    $this->assertContains('Our name', $titles);
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.