Tests the AccessPolicyProcessor service.
@covers \Drupal\Core\Session\AccessPolicyBase @covers \Drupal\Core\Session\AccessPolicyProcessor @group Session
Hierarchy
- class \Drupal\Tests\UnitTestCase extends \PHPUnit\Framework\TestCase uses \Drupal\Tests\PhpUnitCompatibilityTrait, \Prophecy\PhpUnit\ProphecyTrait, \Symfony\Bridge\PhpUnit\ExpectDeprecationTrait, RandomGeneratorTrait, PhpUnitWarnings
- class \Drupal\Tests\Core\Session\AccessPolicyProcessorTest
Expanded class hierarchy of AccessPolicyProcessorTest
File
- core/
tests/ Drupal/ Tests/ Core/ Session/ AccessPolicyProcessorTest.php, line 32
Namespace
Drupal\Tests\Core\SessionView source
class AccessPolicyProcessorTest extends UnitTestCase {
/**
* {@inheritdoc}
*/
public function setUp() : void {
parent::setUp();
$cache_context_manager = $this
->prophesize(CacheContextsManager::class);
$cache_context_manager
->assertValidTokens(Argument::any())
->willReturn(TRUE);
$container = $this
->prophesize(ContainerInterface::class);
$container
->get('cache_contexts_manager')
->willReturn($cache_context_manager
->reveal());
\Drupal::setContainer($container
->reveal());
}
/**
* Tests that access policies are properly processed.
*/
public function testCalculatePermissions() {
$account = $this
->prophesize(AccountInterface::class)
->reveal();
$access_policy = new BarAccessPolicy();
$processor = $this
->setUpAccessPolicyProcessor();
$processor
->addAccessPolicy($access_policy);
$access_policy_permissions = $access_policy
->calculatePermissions($account, 'bar');
$access_policy_permissions
->addCacheTags([
'access_policies',
]);
$this
->assertEquals(new CalculatedPermissions($access_policy_permissions), $processor
->processAccessPolicies($account, 'bar'));
}
/**
* Tests that access policies that do not apply are not processed.
*/
public function testCalculatePermissionsNoApply() {
$account = $this
->prophesize(AccountInterface::class)
->reveal();
$access_policy = new BarAccessPolicy();
$processor = $this
->setUpAccessPolicyProcessor();
$processor
->addAccessPolicy($access_policy);
$no_permissions = new RefinableCalculatedPermissions();
$no_permissions
->addCacheTags([
'access_policies',
]);
$calculated_permissions = $processor
->processAccessPolicies($account, 'nothing');
$this
->assertEquals(new CalculatedPermissions($no_permissions), $calculated_permissions);
}
/**
* Tests that access policies can alter the final result.
*/
public function testAlterPermissions() {
$account = $this
->prophesize(AccountInterface::class)
->reveal();
$processor = $this
->setUpAccessPolicyProcessor();
$processor
->addAccessPolicy(new BarAccessPolicy());
$processor
->addAccessPolicy(new BarAlterAccessPolicy());
$actual_permissions = $processor
->processAccessPolicies($account, 'bar')
->getItem('bar', 1)
->getPermissions();
$this
->assertEquals([
'foo',
'baz',
], $actual_permissions);
}
/**
* Tests that alters that do not apply are not processed.
*/
public function testAlterPermissionsNoApply() {
$account = $this
->prophesize(AccountInterface::class)
->reveal();
$processor = $this
->setUpAccessPolicyProcessor();
$processor
->addAccessPolicy($access_policy = new FooAccessPolicy());
$processor
->addAccessPolicy(new BarAlterAccessPolicy());
$access_policy_permissions = $access_policy
->calculatePermissions($account, 'foo');
$access_policy_permissions
->addCacheTags([
'access_policies',
]);
$this
->assertEquals(new CalculatedPermissions($access_policy_permissions), $processor
->processAccessPolicies($account, 'foo'));
}
/**
* Tests that access policies which do nothing are properly processed.
*/
public function testEmptyCalculator() {
$account = $this
->prophesize(AccountInterface::class)
->reveal();
$access_policy = new EmptyAccessPolicy();
$processor = $this
->setUpAccessPolicyProcessor();
$processor
->addAccessPolicy($access_policy);
$access_policy_permissions = $access_policy
->calculatePermissions($account, 'anything');
$access_policy_permissions
->addCacheTags([
'access_policies',
]);
$calculated_permissions = $processor
->processAccessPolicies($account, 'anything');
$this
->assertEquals(new CalculatedPermissions($access_policy_permissions), $calculated_permissions);
}
/**
* Tests that everything works if no access policies are present.
*/
public function testNoCalculators() {
$account = $this
->prophesize(AccountInterface::class)
->reveal();
$processor = $this
->setUpAccessPolicyProcessor();
$no_permissions = new RefinableCalculatedPermissions();
$no_permissions
->addCacheTags([
'access_policies',
]);
$calculated_permissions = $processor
->processAccessPolicies($account, 'anything');
$this
->assertEquals(new CalculatedPermissions($no_permissions), $calculated_permissions);
}
/**
* Tests the wrong scope exception.
*/
public function testWrongScopeException() {
$processor = $this
->setUpAccessPolicyProcessor();
$processor
->addAccessPolicy(new AlwaysAddsAccessPolicy());
$this
->expectException(AccessPolicyScopeException::class);
$this
->expectExceptionMessage(sprintf('The access policy "%s" returned permissions for scopes other than "%s".', AlwaysAddsAccessPolicy::class, 'bar'));
$processor
->processAccessPolicies($this
->prophesize(AccountInterface::class)
->reveal(), 'bar');
}
/**
* Tests the multiple scopes exception.
*/
public function testMultipleScopeException() {
$processor = $this
->setUpAccessPolicyProcessor();
$processor
->addAccessPolicy(new FooAccessPolicy());
$processor
->addAccessPolicy(new AlwaysAddsAccessPolicy());
$this
->expectException(AccessPolicyScopeException::class);
$this
->expectExceptionMessage(sprintf('The access policy "%s" returned permissions for scopes other than "%s".', AlwaysAddsAccessPolicy::class, 'foo'));
$processor
->processAccessPolicies($this
->prophesize(AccountInterface::class)
->reveal(), 'foo');
}
/**
* Tests the multiple scopes exception.
*/
public function testMultipleScopeAlterException() {
$processor = $this
->setUpAccessPolicyProcessor();
$processor
->addAccessPolicy(new FooAccessPolicy());
$processor
->addAccessPolicy(new AlwaysAltersAccessPolicy());
$this
->expectException(AccessPolicyScopeException::class);
$this
->expectExceptionMessage(sprintf('The access policy "%s" altered permissions in a scope other than "%s".', AlwaysAltersAccessPolicy::class, 'foo'));
$processor
->processAccessPolicies($this
->prophesize(AccountInterface::class)
->reveal(), 'foo');
}
/**
* Tests if the account switcher switches properly when user cache context is present.
*
* @param bool $has_user_context
* Whether a user based cache context is present.
* @param bool $is_current_user
* Whether the passed in account is the current user.
* @param bool $should_call_switcher
* Whether the account switcher should be called.
*
* @dataProvider accountSwitcherProvider
*/
public function testAccountSwitcher(bool $has_user_context, bool $is_current_user, bool $should_call_switcher) {
$account = $this
->prophesize(AccountInterface::class);
$account
->id()
->willReturn(2);
$account = $account
->reveal();
$current_user = $this
->prophesize(AccountProxyInterface::class);
$current_user
->id()
->willReturn($is_current_user ? 2 : 13);
$account_switcher = $this
->prophesize(AccountSwitcherInterface::class);
if ($should_call_switcher) {
$account_switcher
->switchTo($account)
->shouldBeCalledTimes(1);
$account_switcher
->switchBack()
->shouldBeCalledTimes(1);
}
else {
$account_switcher
->switchTo($account)
->shouldNotBeCalled();
$account_switcher
->switchBack()
->shouldNotBeCalled();
}
$processor = $this
->setUpAccessPolicyProcessor(NULL, NULL, NULL, $current_user
->reveal(), $account_switcher
->reveal());
$processor
->addAccessPolicy(new BarAccessPolicy());
if ($has_user_context) {
$processor
->addAccessPolicy(new UserContextAccessPolicy());
}
$processor
->processAccessPolicies($account, 'bar');
}
/**
* Data provider for testAccountSwitcher().
*
* @return array
* A list of testAccountSwitcher method arguments.
*/
public static function accountSwitcherProvider() {
$cases['no-user-context-no-current-user'] = [
'has_user_context' => FALSE,
'is_current_user' => FALSE,
'should_call_switcher' => FALSE,
];
$cases['no-user-context-current-user'] = [
'has_user_context' => FALSE,
'is_current_user' => TRUE,
'should_call_switcher' => FALSE,
];
$cases['user-context-no-current-user'] = [
'has_user_context' => TRUE,
'is_current_user' => FALSE,
'should_call_switcher' => TRUE,
];
$cases['user-context-current-user'] = [
'has_user_context' => TRUE,
'is_current_user' => TRUE,
'should_call_switcher' => FALSE,
];
return $cases;
}
/**
* Tests if the caches are called correctly.
*
* @dataProvider cachingProvider
*/
public function testCaching(bool $db_cache_hit, bool $static_cache_hit) {
if ($static_cache_hit) {
$this
->assertFalse($db_cache_hit, 'DB cache should never be checked when there is a static hit.');
}
$account = $this
->prophesize(AccountInterface::class)
->reveal();
$scope = 'bar';
$bar_access_policy = new BarAccessPolicy();
$bar_permissions = $bar_access_policy
->calculatePermissions($account, $scope);
$bar_permissions
->addCacheTags([
'access_policies',
]);
$none_refinable_bar_permissions = new CalculatedPermissions($bar_permissions);
$cache_static = $this
->prophesize(VariationCacheInterface::class);
$cache_db = $this
->prophesize(VariationCacheInterface::class);
if (!$static_cache_hit) {
if (!$db_cache_hit) {
$cache_db
->get(Argument::cetera())
->willReturn(FALSE);
$cache_db
->set(Argument::any(), $bar_permissions, Argument::cetera())
->shouldBeCalled();
}
else {
$cache_item = new CacheItem($bar_permissions);
$cache_db
->get(Argument::cetera())
->willReturn($cache_item);
$cache_db
->set()
->shouldNotBeCalled();
}
$cache_static
->get(Argument::cetera())
->willReturn(FALSE);
$cache_static
->set(Argument::any(), $none_refinable_bar_permissions, Argument::cetera())
->shouldBeCalled();
}
else {
$cache_item = new CacheItem($none_refinable_bar_permissions);
$cache_static
->get(Argument::cetera())
->willReturn($cache_item);
$cache_static
->set()
->shouldNotBeCalled();
}
$cache_static = $cache_static
->reveal();
$cache_db = $cache_db
->reveal();
$processor = $this
->setUpAccessPolicyProcessor($cache_db, $cache_static);
$processor
->addAccessPolicy($bar_access_policy);
$permissions = $processor
->processAccessPolicies($account, $scope);
$this
->assertEquals($none_refinable_bar_permissions, $permissions, 'Cached permission matches calculated.');
}
/**
* Data provider for testCaching().
*
* @return array
* A list of testAccountSwitcher method arguments.
*/
public static function cachingProvider() {
$cases = [
'no-cache' => [
FALSE,
FALSE,
],
'static-cache-hit' => [
FALSE,
TRUE,
],
'db-cache-hit' => [
TRUE,
FALSE,
],
];
return $cases;
}
/**
* Tests that only the cache contexts for policies that apply are added.
*/
public function testCacheContexts() {
// BazAccessPolicy and BarAlterAccessPolicy shouldn't add any contexts.
$initial_cacheability = (new CacheableMetadata())
->addCacheContexts([
'foo',
'bar',
]);
$final_cacheability = (new CacheableMetadata())
->addCacheContexts([
'foo',
'bar',
])
->addCacheTags([
'access_policies',
]);
$variation_cache = $this
->prophesize(VariationCacheInterface::class);
$variation_cache
->get(Argument::cetera())
->willReturn(FALSE);
$variation_cache
->set([
'access_policies',
'anything',
], Argument::any(), $final_cacheability, $initial_cacheability)
->shouldBeCalled();
$cache_static = $this
->prophesize(CacheBackendInterface::class);
$cache_static
->get('access_policies:access_policy_processor:contexts:anything')
->willReturn(FALSE);
$cache_static
->set('access_policies:access_policy_processor:contexts:anything', [
'foo',
'bar',
])
->shouldBeCalled();
$processor = $this
->setUpAccessPolicyProcessor($variation_cache
->reveal(), NULL, $cache_static
->reveal());
foreach ([
new FooAccessPolicy(),
new BarAccessPolicy(),
new BazAccessPolicy(),
new BarAlterAccessPolicy(),
] as $access_policy) {
$processor
->addAccessPolicy($access_policy);
}
$processor
->processAccessPolicies($this
->prophesize(AccountInterface::class)
->reveal(), 'anything');
}
/**
* Tests that the persistent cache contexts are added properly.
*/
public function testCacheContextCaching() {
$cache_entry = new \stdClass();
$cache_entry->data = [
'baz',
];
$cache_static = $this
->prophesize(CacheBackendInterface::class);
$cache_static
->get('access_policies:access_policy_processor:contexts:anything')
->willReturn($cache_entry);
$cache_static
->set('access_policies:access_policy_processor:contexts:anything', Argument::any())
->shouldNotBeCalled();
// Hard-coded to "baz" because of the above cache entry.
$initial_cacheability = (new CacheableMetadata())
->addCacheContexts([
'baz',
]);
// Still adds in "foo" and "bar" in calculatePermissions(). Under normal
// circumstances this would trigger an exception in VariationCache, but we
// deliberately poison the cache in this test to see if it's called.
$final_cacheability = (new CacheableMetadata())
->addCacheContexts([
'foo',
'bar',
])
->addCacheTags([
'access_policies',
]);
$variation_cache = $this
->prophesize(VariationCacheInterface::class);
$variation_cache
->get([
'access_policies',
'anything',
], $initial_cacheability)
->shouldBeCalled()
->willReturn(FALSE);
$variation_cache
->set([
'access_policies',
'anything',
], Argument::any(), $final_cacheability, $initial_cacheability)
->shouldBeCalled();
$processor = $this
->setUpAccessPolicyProcessor($variation_cache
->reveal(), NULL, $cache_static
->reveal());
foreach ([
new FooAccessPolicy(),
new BarAccessPolicy(),
new BazAccessPolicy(),
new BarAlterAccessPolicy(),
] as $access_policy) {
$processor
->addAccessPolicy($access_policy);
}
$processor
->processAccessPolicies($this
->prophesize(AccountInterface::class)
->reveal(), 'anything');
}
/**
* Sets up the access policy processor.
*
* @return \Drupal\Core\Session\AccessPolicyProcessorInterface
*/
protected function setUpAccessPolicyProcessor(VariationCacheInterface $variation_cache = NULL, VariationCacheInterface $variation_cache_static = NULL, CacheBackendInterface $cache_static = NULL, AccountProxyInterface $current_user = NULL, AccountSwitcherInterface $account_switcher = NULL) {
// Prophecy does not accept a willReturn call on a mocked method if said
// method has a return type of void. However, without willReturn() or any
// other will* call, the method mock will not be registered.
$prophecy_workaround = function () {
};
if (!isset($variation_cache)) {
$variation_cache = $this
->prophesize(VariationCacheInterface::class);
$variation_cache
->get(Argument::cetera())
->willReturn(FALSE);
$variation_cache
->set(Argument::cetera())
->will($prophecy_workaround);
$variation_cache = $variation_cache
->reveal();
}
if (!isset($variation_cache_static)) {
$variation_cache_static = $this
->prophesize(VariationCacheInterface::class);
$variation_cache_static
->get(Argument::cetera())
->willReturn(FALSE);
$variation_cache_static
->set(Argument::cetera())
->will($prophecy_workaround);
$variation_cache_static = $variation_cache_static
->reveal();
}
if (!isset($cache_static)) {
$cache_static = $this
->prophesize(CacheBackendInterface::class);
$cache_static
->get(Argument::cetera())
->willReturn(FALSE);
$cache_static
->set(Argument::cetera())
->will($prophecy_workaround);
$cache_static = $cache_static
->reveal();
}
if (!isset($current_user)) {
$current_user = $this
->prophesize(AccountProxyInterface::class)
->reveal();
}
if (!isset($account_switcher)) {
$account_switcher = $this
->prophesize(AccountSwitcherInterface::class)
->reveal();
}
return new AccessPolicyProcessor($variation_cache, $variation_cache_static, $cache_static, $current_user, $account_switcher);
}
}
Members
Name | Modifiers | Type | Description | Overrides |
---|---|---|---|---|
AccessPolicyProcessorTest:: |
public static | function | Data provider for testAccountSwitcher(). | |
AccessPolicyProcessorTest:: |
public static | function | Data provider for testCaching(). | |
AccessPolicyProcessorTest:: |
public | function |
Overrides UnitTestCase:: |
|
AccessPolicyProcessorTest:: |
protected | function | Sets up the access policy processor. | |
AccessPolicyProcessorTest:: |
public | function | Tests if the account switcher switches properly when user cache context is present. | |
AccessPolicyProcessorTest:: |
public | function | Tests that access policies can alter the final result. | |
AccessPolicyProcessorTest:: |
public | function | Tests that alters that do not apply are not processed. | |
AccessPolicyProcessorTest:: |
public | function | Tests that the persistent cache contexts are added properly. | |
AccessPolicyProcessorTest:: |
public | function | Tests that only the cache contexts for policies that apply are added. | |
AccessPolicyProcessorTest:: |
public | function | Tests if the caches are called correctly. | |
AccessPolicyProcessorTest:: |
public | function | Tests that access policies are properly processed. | |
AccessPolicyProcessorTest:: |
public | function | Tests that access policies that do not apply are not processed. | |
AccessPolicyProcessorTest:: |
public | function | Tests that access policies which do nothing are properly processed. | |
AccessPolicyProcessorTest:: |
public | function | Tests the multiple scopes exception. | |
AccessPolicyProcessorTest:: |
public | function | Tests the multiple scopes exception. | |
AccessPolicyProcessorTest:: |
public | function | Tests that everything works if no access policies are present. | |
AccessPolicyProcessorTest:: |
public | function | Tests the wrong scope exception. | |
PhpUnitWarnings:: |
private static | property | Deprecation warnings from PHPUnit to raise with @trigger_error(). | |
PhpUnitWarnings:: |
public | function | Converts PHPUnit deprecation warnings to E_USER_DEPRECATED. | |
RandomGeneratorTrait:: |
protected | function | Gets the random generator for the utility methods. | |
RandomGeneratorTrait:: |
protected | function | Generates a unique random string containing letters and numbers. | |
RandomGeneratorTrait:: |
public | function | Generates a random PHP object. | |
RandomGeneratorTrait:: |
public | function | Generates a pseudo-random string of ASCII characters of codes 32 to 126. | |
RandomGeneratorTrait:: |
public | function | Callback for random string validation. | |
UnitTestCase:: |
protected | property | The app root. | 1 |
UnitTestCase:: |
protected | function | Returns a stub class resolver. | |
UnitTestCase:: |
public | function | Returns a stub config factory that behaves according to the passed array. | |
UnitTestCase:: |
public | function | Returns a stub config storage that returns the supplied configuration. | |
UnitTestCase:: |
protected | function | Sets up a container with a cache tags invalidator. | |
UnitTestCase:: |
public | function | Returns a stub translation manager that just returns the passed string. | |
UnitTestCase:: |
public static | function | ||
UnitTestCase:: |
public | function |