function AccessDeniedTest::testAccessDenied

Same name in other branches
  1. 9 core/modules/system/tests/src/Functional/System/AccessDeniedTest.php \Drupal\Tests\system\Functional\System\AccessDeniedTest::testAccessDenied()
  2. 10 core/modules/system/tests/src/Functional/System/AccessDeniedTest.php \Drupal\Tests\system\Functional\System\AccessDeniedTest::testAccessDenied()
  3. 11.x core/modules/system/tests/src/Functional/System/AccessDeniedTest.php \Drupal\Tests\system\Functional\System\AccessDeniedTest::testAccessDenied()

File

core/modules/system/tests/src/Functional/System/AccessDeniedTest.php, line 52

Class

AccessDeniedTest
Tests page access denied functionality, including custom 403 pages.

Namespace

Drupal\Tests\system\Functional\System

Code

public function testAccessDenied() {
    $this->drupalGet('admin');
    $this->assertText(t('Access denied'), 'Found the default 403 page');
    $this->assertSession()
        ->statusCodeEquals(403);
    // Ensure that users without permission are denied access and have the
    // correct path information in drupalSettings.
    $this->drupalLogin($this->createUser([]));
    $this->drupalGet('admin', [
        'query' => [
            'foo' => 'bar',
        ],
    ]);
    $settings = $this->getDrupalSettings();
    $this->assertEqual($settings['path']['currentPath'], 'admin');
    $this->assertEqual($settings['path']['currentPathIsAdmin'], TRUE);
    $this->assertEqual($settings['path']['currentQuery'], [
        'foo' => 'bar',
    ]);
    $this->drupalLogin($this->adminUser);
    // Set a custom 404 page without a starting slash.
    $edit = [
        'site_403' => 'user/' . $this->adminUser
            ->id(),
    ];
    $this->drupalPostForm('admin/config/system/site-information', $edit, t('Save configuration'));
    $this->assertRaw(new FormattableMarkup("The path '%path' has to start with a slash.", [
        '%path' => $edit['site_403'],
    ]));
    // Use a custom 403 page.
    $edit = [
        'site_403' => '/user/' . $this->adminUser
            ->id(),
    ];
    $this->drupalPostForm('admin/config/system/site-information', $edit, t('Save configuration'));
    // Enable the user login block.
    $block = $this->drupalPlaceBlock('user_login_block', [
        'id' => 'login',
    ]);
    // Log out and check that the user login block is shown on custom 403 pages.
    $this->drupalLogout();
    $this->drupalGet('admin');
    $this->assertText($this->adminUser
        ->getAccountName(), 'Found the custom 403 page');
    $this->assertText(t('Username'), 'Blocks are shown on the custom 403 page');
    // Log back in and remove the custom 403 page.
    $this->drupalLogin($this->adminUser);
    $edit = [
        'site_403' => '',
    ];
    $this->drupalPostForm('admin/config/system/site-information', $edit, t('Save configuration'));
    // Logout and check that the user login block is shown on default 403 pages.
    $this->drupalLogout();
    $this->drupalGet('admin');
    $this->assertText(t('Access denied'), 'Found the default 403 page');
    $this->assertSession()
        ->statusCodeEquals(403);
    $this->assertText(t('Username'), 'Blocks are shown on the default 403 page');
    // Log back in, set the custom 403 page to /user/login and remove the block
    $this->drupalLogin($this->adminUser);
    $this->config('system.site')
        ->set('page.403', '/user/login')
        ->save();
    $block->disable()
        ->save();
    // Check that we can log in from the 403 page.
    $this->drupalLogout();
    $edit = [
        'name' => $this->adminUser
            ->getAccountName(),
        'pass' => $this->adminUser->pass_raw,
    ];
    $this->drupalPostForm('admin/config/system/site-information', $edit, t('Log in'));
    // Check that we're still on the same page.
    $this->assertText(t('Basic site settings'));
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.