aleph1.co.uk Git - yaffs-website/blob - web/core/modules/block_content/tests/src/Kernel/BlockContentAccessHandlerTest.php

   1 <?php
   2
   3 namespace Drupal\Tests\block_content\Kernel;
   4
   5 use Drupal\block_content\BlockContentAccessControlHandler;
   6 use Drupal\block_content\Entity\BlockContent;
   7 use Drupal\block_content\Entity\BlockContentType;
   8 use Drupal\Core\Access\AccessibleInterface;
   9 use Drupal\Core\Access\AccessResult;
  10 use Drupal\KernelTests\KernelTestBase;
  11 use Drupal\user\Entity\Role;
  12 use Drupal\user\Entity\User;
  13
  14 /**
  15  * Tests the block content entity access handler.
  16  *
  17  * @coversDefaultClass \Drupal\block_content\BlockContentAccessControlHandler
  18  *
  19  * @group block_content
  20  */
  21 class BlockContentAccessHandlerTest extends KernelTestBase {
  22
  23   /**
  24    * {@inheritdoc}
  25    */
  26   public static $modules = [
  27     'block',
  28     'block_content',
  29     'system',
  30     'user',
  31   ];
  32
  33   /**
  34    * The BlockContent access controller to test.
  35    *
  36    * @var \Drupal\block_content\BlockContentAccessControlHandler
  37    */
  38   protected $accessControlHandler;
  39
  40   /**
  41    * The BlockContent entity used for testing.
  42    *
  43    * @var \Drupal\block_content\Entity\BlockContent
  44    */
  45   protected $blockEntity;
  46
  47   /**
  48    * The test role.
  49    *
  50    * @var \Drupal\user\RoleInterface
  51    */
  52   protected $role;
  53
  54   /**
  55    * {@inheritdoc}
  56    */
  57   protected function setUp() {
  58     parent::setUp();
  59     $this->installSchema('system', ['sequence']);
  60     $this->installSchema('system', ['sequences']);
  61     $this->installSchema('user', ['users_data']);
  62     $this->installEntitySchema('user');
  63     $this->installEntitySchema('block_content');
  64
  65     // Create a block content type.
  66     $block_content_type = BlockContentType::create([
  67       'id' => 'square',
  68       'label' => 'A square block type',
  69       'description' => "Provides a block type that is square.",
  70     ]);
  71     $block_content_type->save();
  72
  73     $this->blockEntity = BlockContent::create([
  74       'info' => 'The Block',
  75       'type' => 'square',
  76     ]);
  77     $this->blockEntity->save();
  78
  79     // Create user 1 test does not have all permissions.
  80     User::create([
  81       'name' => 'admin',
  82     ])->save();
  83
  84     $this->role = Role::create([
  85       'id' => 'roly',
  86       'label' => 'roly poly',
  87     ]);
  88     $this->role->save();
  89     $this->accessControlHandler = new BlockContentAccessControlHandler(\Drupal::entityTypeManager()->getDefinition('block_content'), \Drupal::service('event_dispatcher'));
  90   }
  91
  92   /**
  93    * @covers ::checkAccess
  94    *
  95    * @dataProvider providerTestAccess
  96    */
  97   public function testAccess($operation, $published, $reusable, $permissions, $parent_access, $expected_access) {
  98     $published ? $this->blockEntity->setPublished() : $this->blockEntity->setUnpublished();
  99     $reusable ? $this->blockEntity->setReusable() : $this->blockEntity->setNonReusable();
 100
 101     $user = User::create([
 102       'name' => 'Someone',
 103       'mail' => 'hi@example.com',
 104     ]);
 105
 106     if ($permissions) {
 107       foreach ($permissions as $permission) {
 108         $this->role->grantPermission($permission);
 109       }
 110       $this->role->save();
 111     }
 112     $user->addRole($this->role->id());
 113     $user->save();
 114
 115     if ($parent_access) {
 116       $parent_entity = $this->prophesize(AccessibleInterface::class);
 117       $expected_parent_result = NULL;
 118       switch ($parent_access) {
 119         case 'allowed':
 120           $expected_parent_result = AccessResult::allowed();
 121           break;
 122
 123         case 'neutral':
 124           $expected_parent_result = AccessResult::neutral();
 125           break;
 126
 127         case 'forbidden':
 128           $expected_parent_result = AccessResult::forbidden();
 129           break;
 130       }
 131       $parent_entity->access($operation, $user, TRUE)
 132         ->willReturn($expected_parent_result)
 133         ->shouldBeCalled();
 134
 135       $this->blockEntity->setAccessDependency($parent_entity->reveal());
 136
 137     }
 138     $this->blockEntity->save();
 139
 140     $result = $this->accessControlHandler->access($this->blockEntity, $operation, $user, TRUE);
 141     switch ($expected_access) {
 142       case 'allowed':
 143         $this->assertTrue($result->isAllowed());
 144         break;
 145
 146       case 'forbidden':
 147         $this->assertTrue($result->isForbidden());
 148         break;
 149
 150       case  'neutral':
 151         $this->assertTrue($result->isNeutral());
 152         break;
 153
 154       default:
 155         $this->fail('Unexpected access type');
 156     }
 157   }
 158
 159   /**
 160    * Dataprovider for testAccess().
 161    */
 162   public function providerTestAccess() {
 163     $cases = [
 164       'view:published:reusable' => [
 165         'view',
 166         TRUE,
 167         TRUE,
 168         [],
 169         NULL,
 170         'allowed',
 171       ],
 172       'view:unpublished:reusable' => [
 173         'view',
 174         FALSE,
 175         TRUE,
 176         [],
 177         NULL,
 178         'neutral',
 179       ],
 180       'view:unpublished:reusable:admin' => [
 181         'view',
 182         FALSE,
 183         TRUE,
 184         ['administer blocks'],
 185         NULL,
 186         'allowed',
 187       ],
 188       'view:published:reusable:admin' => [
 189         'view',
 190         TRUE,
 191         TRUE,
 192         ['administer blocks'],
 193         NULL,
 194         'allowed',
 195       ],
 196       'view:published:non_reusable' => [
 197         'view',
 198         TRUE,
 199         FALSE,
 200         [],
 201         NULL,
 202         'forbidden',
 203       ],
 204       'view:published:non_reusable:parent_allowed' => [
 205         'view',
 206         TRUE,
 207         FALSE,
 208         [],
 209         'allowed',
 210         'allowed',
 211       ],
 212       'view:published:non_reusable:parent_neutral' => [
 213         'view',
 214         TRUE,
 215         FALSE,
 216         [],
 217         'neutral',
 218         'neutral',
 219       ],
 220       'view:published:non_reusable:parent_forbidden' => [
 221         'view',
 222         TRUE,
 223         FALSE,
 224         [],
 225         'forbidden',
 226         'forbidden',
 227       ],
 228     ];
 229     foreach (['update', 'delete'] as $operation) {
 230       $cases += [
 231         $operation . ':published:reusable' => [
 232           $operation,
 233           TRUE,
 234           TRUE,
 235           [],
 236           NULL,
 237           'neutral',
 238         ],
 239         $operation . ':unpublished:reusable' => [
 240           $operation,
 241           FALSE,
 242           TRUE,
 243           [],
 244           NULL,
 245           'neutral',
 246         ],
 247         $operation . ':unpublished:reusable:admin' => [
 248           $operation,
 249           FALSE,
 250           TRUE,
 251           ['administer blocks'],
 252           NULL,
 253           'allowed',
 254         ],
 255         $operation . ':published:reusable:admin' => [
 256           $operation,
 257           TRUE,
 258           TRUE,
 259           ['administer blocks'],
 260           NULL,
 261           'allowed',
 262         ],
 263         $operation . ':published:non_reusable' => [
 264           $operation,
 265           TRUE,
 266           FALSE,
 267           [],
 268           NULL,
 269           'forbidden',
 270         ],
 271         $operation . ':published:non_reusable:parent_allowed' => [
 272           $operation,
 273           TRUE,
 274           FALSE,
 275           [],
 276           'allowed',
 277           'neutral',
 278         ],
 279         $operation . ':published:non_reusable:parent_neutral' => [
 280           $operation,
 281           TRUE,
 282           FALSE,
 283           [],
 284           'neutral',
 285           'neutral',
 286         ],
 287         $operation . ':published:non_reusable:parent_forbidden' => [
 288           $operation,
 289           TRUE,
 290           FALSE,
 291           [],
 292           'forbidden',
 293           'forbidden',
 294         ],
 295       ];
 296       return $cases;
 297     }
 298   }
 299
 300 }