3 namespace Drupal\Tests\taxonomy\Functional;
5 use Drupal\taxonomy\Entity\Term;
6 use Drupal\taxonomy\TermInterface;
7 use Drupal\Tests\system\Functional\Cache\AssertPageCacheContextsAndTagsTrait;
10 * Tests the taxonomy term access permissions.
14 class TermAccessTest extends TaxonomyTestBase {
16 use AssertPageCacheContextsAndTagsTrait;
19 * Test access control functionality for taxonomy terms.
21 public function testTermAccess() {
22 $assert_session = $this->assertSession();
24 $vocabulary = $this->createVocabulary();
27 $published_term = Term::create([
28 'vid' => $vocabulary->id(),
29 'name' => 'Published term',
32 $published_term->save();
33 $unpublished_term = Term::create([
34 'vid' => $vocabulary->id(),
35 'name' => 'Unpublished term',
38 $unpublished_term->save();
40 // Start off logged in as admin.
41 $this->drupalLogin($this->drupalCreateUser(['administer taxonomy']));
43 // Test the 'administer taxonomy' permission.
44 $this->drupalGet('taxonomy/term/' . $published_term->id());
45 $assert_session->statusCodeEquals(200);
46 $this->assertTermAccess($published_term, 'view', TRUE);
47 $this->drupalGet('taxonomy/term/' . $unpublished_term->id());
48 $assert_session->statusCodeEquals(200);
49 $this->assertTermAccess($unpublished_term, 'view', TRUE);
51 $this->drupalGet('taxonomy/term/' . $published_term->id() . '/edit');
52 $assert_session->statusCodeEquals(200);
53 $this->assertTermAccess($published_term, 'update', TRUE);
54 $this->drupalGet('taxonomy/term/' . $unpublished_term->id() . '/edit');
55 $assert_session->statusCodeEquals(200);
56 $this->assertTermAccess($unpublished_term, 'update', TRUE);
58 $this->drupalGet('taxonomy/term/' . $published_term->id() . '/delete');
59 $assert_session->statusCodeEquals(200);
60 $this->assertTermAccess($published_term, 'delete', TRUE);
61 $this->drupalGet('taxonomy/term/' . $unpublished_term->id() . '/delete');
62 $assert_session->statusCodeEquals(200);
63 $this->assertTermAccess($unpublished_term, 'delete', TRUE);
65 // Test the 'access content' permission.
66 $this->drupalLogin($this->drupalCreateUser(['access content']));
68 $this->drupalGet('taxonomy/term/' . $published_term->id());
69 $assert_session->statusCodeEquals(200);
70 $this->assertTermAccess($published_term, 'view', TRUE);
72 $this->drupalGet('taxonomy/term/' . $unpublished_term->id());
73 $assert_session->statusCodeEquals(403);
74 $this->assertTermAccess($unpublished_term, 'view', FALSE, "The 'access content' permission is required and the taxonomy term must be published.");
76 $this->drupalGet('taxonomy/term/' . $published_term->id() . '/edit');
77 $assert_session->statusCodeEquals(403);
78 $this->assertTermAccess($published_term, 'update', FALSE, "The following permissions are required: 'edit terms in {$vocabulary->id()}' OR 'administer taxonomy'.");
79 $this->drupalGet('taxonomy/term/' . $unpublished_term->id() . '/edit');
80 $assert_session->statusCodeEquals(403);
81 $this->assertTermAccess($unpublished_term, 'update', FALSE, "The following permissions are required: 'edit terms in {$vocabulary->id()}' OR 'administer taxonomy'.");
83 $this->drupalGet('taxonomy/term/' . $published_term->id() . '/delete');
84 $assert_session->statusCodeEquals(403);
85 $this->assertTermAccess($published_term, 'delete', FALSE, "The following permissions are required: 'delete terms in {$vocabulary->id()}' OR 'administer taxonomy'.");
86 $this->drupalGet('taxonomy/term/' . $unpublished_term->id() . '/delete');
87 $assert_session->statusCodeEquals(403);
88 $this->assertTermAccess($unpublished_term, 'delete', FALSE, "The following permissions are required: 'delete terms in {$vocabulary->id()}' OR 'administer taxonomy'.");
90 // Install the Views module and repeat the checks for the 'view' permission.
91 \Drupal::service('module_installer')->install(['views'], TRUE);
92 $this->rebuildContainer();
94 $this->drupalGet('taxonomy/term/' . $published_term->id());
95 $assert_session->statusCodeEquals(200);
97 // @todo Change this assertion to expect a 403 status code when
98 // https://www.drupal.org/project/drupal/issues/2983070 is fixed.
99 $this->drupalGet('taxonomy/term/' . $unpublished_term->id());
100 $assert_session->statusCodeEquals(404);
104 * Checks access on taxonomy term.
106 * @param \Drupal\taxonomy\TermInterface $term
107 * A taxonomy term entity.
108 * @param $access_operation
109 * The entity operation, e.g. 'view', 'edit', 'delete', etc.
110 * @param bool $access_allowed
111 * Whether the current use has access to the given operation or not.
112 * @param string $access_reason
113 * (optional) The reason of the access result.
115 protected function assertTermAccess(TermInterface $term, $access_operation, $access_allowed, $access_reason = '') {
116 $access_result = $term->access($access_operation, NULL, TRUE);
117 $this->assertSame($access_allowed, $access_result->isAllowed());
119 if ($access_reason) {
120 $this->assertSame($access_reason, $access_result->getReason());