function VocabularyPermissionsTest::testVocabularyPermissionsTaxonomyTerm

Create, edit and delete a taxonomy term via the user interface.

File

core/modules/taxonomy/tests/src/Functional/VocabularyPermissionsTest.php, line 248

Class

VocabularyPermissionsTest

Tests the taxonomy vocabulary permissions.

Namespace

Code

public function testVocabularyPermissionsTaxonomyTerm() : void {
  // Vocabulary used for creating, removing and editing terms.
  $vocabulary = $this->createVocabulary();
  // Test as admin user.
  $user = $this->drupalCreateUser([
    'administer taxonomy',
  ]);
  $this->drupalLogin($user);
  // Visit the main taxonomy administration page.
  $this->drupalGet('admin/structure/taxonomy/manage/' . $vocabulary->id() . '/add');
  $this->assertSession()
    ->statusCodeEquals(200);
  $this->assertSession()
    ->fieldExists('edit-name-0-value');
  // Submit the term.
  $edit = [];
  $edit['name[0][value]'] = $this->randomMachineName();
  $this->submitForm($edit, 'Save');
  $this->assertSession()
    ->pageTextContains('Created new term ' . $edit['name[0][value]'] . '.');
  // Verify that the creation message contains a link to a term.
  $this->assertSession()
    ->elementExists('xpath', '//div[@data-drupal-messages]//a[contains(@href, "term/")]');
  $terms = \Drupal::entityTypeManager()->getStorage('taxonomy_term')
    ->loadByProperties([
    'name' => $edit['name[0][value]'],
  ]);
  $term = reset($terms);
  // Edit the term.
  $this->drupalGet('taxonomy/term/' . $term->id() . '/edit');
  $this->assertSession()
    ->statusCodeEquals(200);
  $this->assertSession()
    ->pageTextContains($edit['name[0][value]']);
  $edit['name[0][value]'] = $this->randomMachineName();
  $this->submitForm($edit, 'Save');
  $this->assertSession()
    ->pageTextContains('Updated term ' . $edit['name[0][value]'] . '.');
  // Delete the vocabulary.
  $this->drupalGet('taxonomy/term/' . $term->id() . '/delete');
  $this->assertSession()
    ->pageTextContains("Are you sure you want to delete the taxonomy term {$edit['name[0][value]']}?");
  // Confirm deletion.
  $this->submitForm([], 'Delete');
  $this->assertSession()
    ->pageTextContains("Deleted term {$edit['name[0][value]']}.");
  // Test as user with "create" permissions.
  $user = $this->drupalCreateUser([
    "create terms in {$vocabulary->id()}",
  ]);
  $this->drupalLogin($user);
  $assert_session = $this->assertSession();
  // Create a new term.
  $this->drupalGet('admin/structure/taxonomy/manage/' . $vocabulary->id() . '/add');
  $assert_session->statusCodeEquals(200);
  $assert_session->fieldExists('name[0][value]');
  // Submit the term.
  $edit = [];
  $edit['name[0][value]'] = $this->randomMachineName();
  $this->submitForm($edit, 'Save');
  $assert_session->pageTextContains("Created new term {$edit['name[0][value]']}.");
  $terms = \Drupal::entityTypeManager()->getStorage('taxonomy_term')
    ->loadByProperties([
    'name' => $edit['name[0][value]'],
  ]);
  $term = reset($terms);
  // Ensure that edit and delete access is denied.
  $this->drupalGet('taxonomy/term/' . $term->id() . '/edit');
  $assert_session->statusCodeEquals(403);
  $this->drupalGet('taxonomy/term/' . $term->id() . '/delete');
  $assert_session->statusCodeEquals(403);
  // Test as user with "edit" permissions.
  $user = $this->drupalCreateUser([
    "edit terms in {$vocabulary->id()}",
  ]);
  $this->drupalLogin($user);
  // Ensure the taxonomy term add form is denied.
  $this->drupalGet('admin/structure/taxonomy/manage/' . $vocabulary->id() . '/add');
  $this->assertSession()
    ->statusCodeEquals(403);
  // Create a test term.
  $term = $this->createTerm($vocabulary);
  // Edit the term.
  $this->drupalGet('taxonomy/term/' . $term->id() . '/edit');
  $this->assertSession()
    ->statusCodeEquals(200);
  $this->assertSession()
    ->pageTextContains($term->getName());
  $edit['name[0][value]'] = $this->randomMachineName();
  $this->submitForm($edit, 'Save');
  $this->assertSession()
    ->pageTextContains('Updated term ' . $edit['name[0][value]'] . '.');
  // Verify that the update message contains a link to a term.
  $this->assertSession()
    ->elementExists('xpath', '//div[@data-drupal-messages]//a[contains(@href, "term/")]');
  // Ensure the term cannot be deleted.
  $this->drupalGet('taxonomy/term/' . $term->id() . '/delete');
  $this->assertSession()
    ->statusCodeEquals(403);
  // Test as user with "delete" permissions.
  $user = $this->drupalCreateUser([
    "delete terms in {$vocabulary->id()}",
  ]);
  $this->drupalLogin($user);
  // Ensure the taxonomy term add form is denied.
  $this->drupalGet('admin/structure/taxonomy/manage/' . $vocabulary->id() . '/add');
  $this->assertSession()
    ->statusCodeEquals(403);
  // Create a test term.
  $term = $this->createTerm($vocabulary);
  // Ensure that the term cannot be edited.
  $this->drupalGet('taxonomy/term/' . $term->id() . '/edit');
  $this->assertSession()
    ->statusCodeEquals(403);
  // Delete the vocabulary.
  $this->drupalGet('taxonomy/term/' . $term->id() . '/delete');
  $this->assertSession()
    ->pageTextContains("Are you sure you want to delete the taxonomy term {$term->getName()}?");
  // Confirm deletion.
  $this->submitForm([], 'Delete');
  $this->assertSession()
    ->pageTextContains("Deleted term {$term->getName()}.");
  // Test as user without proper permissions.
  $user = $this->drupalCreateUser();
  $this->drupalLogin($user);
  // Ensure the taxonomy term add form is denied.
  $this->drupalGet('admin/structure/taxonomy/manage/' . $vocabulary->id() . '/add');
  $this->assertSession()
    ->statusCodeEquals(403);
  // Create a test term.
  $term = $this->createTerm($vocabulary);
  // Ensure that the term cannot be edited.
  $this->drupalGet('taxonomy/term/' . $term->id() . '/edit');
  $this->assertSession()
    ->statusCodeEquals(403);
  // Ensure the term cannot be deleted.
  $this->drupalGet('taxonomy/term/' . $term->id() . '/delete');
  $this->assertSession()
    ->statusCodeEquals(403);
}