3 namespace Drupal\Tests\media\Functional;
5 use Drupal\media\Entity\Media;
6 use Drupal\Tests\system\Functional\Cache\AssertPageCacheContextsAndTagsTrait;
7 use Drupal\user\Entity\Role;
8 use Drupal\user\RoleInterface;
11 * Basic access tests for Media.
15 class MediaAccessTest extends MediaUiFunctionalTest {
17 use AssertPageCacheContextsAndTagsTrait;
20 * Test some access control functionality.
22 public function testMediaAccess() {
23 $assert_session = $this->assertSession();
25 $media_type = $this->createMediaType();
28 $media = Media::create([
29 'bundle' => $media_type->id(),
33 $user_media = Media::create([
34 'bundle' => $media_type->id(),
36 'uid' => $this->nonAdminUser->id(),
40 // We are logged in as admin, so test 'administer media' permission.
41 $this->drupalGet('media/add/' . $media_type->id());
42 $this->assertCacheContext('user.permissions');
43 $assert_session->statusCodeEquals(200);
44 $this->drupalGet('media/' . $user_media->id());
45 $this->assertCacheContext('user.permissions');
46 $assert_session->statusCodeEquals(200);
47 $this->drupalGet('media/' . $user_media->id() . '/edit');
48 $this->assertCacheContext('user.permissions');
49 $assert_session->statusCodeEquals(200);
50 $this->drupalGet('media/' . $user_media->id() . '/delete');
51 $this->assertCacheContext('user.permissions');
52 $assert_session->statusCodeEquals(200);
54 $this->drupalLogin($this->nonAdminUser);
55 /** @var \Drupal\user\RoleInterface $role */
56 $role = Role::load(RoleInterface::AUTHENTICATED_ID);
58 // Test 'view media' permission.
59 user_role_revoke_permissions($role->id(), ['view media']);
60 $this->drupalGet('media/' . $media->id());
61 $this->assertCacheContext('user.permissions');
62 $assert_session->statusCodeEquals(403);
63 $access_result = $media->access('view', NULL, TRUE);
64 $this->assertSame("The 'view media' permission is required and the media item must be published.", $access_result->getReason());
65 $this->grantPermissions($role, ['view media']);
66 $this->drupalGet('media/' . $media->id());
67 $this->assertCacheContext('user');
68 $assert_session->statusCodeEquals(200);
70 // Test 'create media' permission.
71 $this->drupalGet('media/add/' . $media_type->id());
72 $this->assertCacheContext('user.permissions');
73 $assert_session->statusCodeEquals(403);
74 $this->grantPermissions($role, ['create media']);
75 $this->drupalGet('media/add/' . $media_type->id());
76 $this->assertCacheContext('user.permissions');
77 $assert_session->statusCodeEquals(200);
79 // Test 'update media' and 'delete media' permissions.
80 $this->drupalGet('media/' . $user_media->id() . '/edit');
81 $this->assertCacheContext('user');
82 $assert_session->statusCodeEquals(403);
83 $this->drupalGet('media/' . $user_media->id() . '/delete');
84 $this->assertCacheContext('user');
85 $assert_session->statusCodeEquals(403);
86 $this->grantPermissions($role, ['update media']);
87 $this->grantPermissions($role, ['delete media']);
88 $this->drupalGet('media/' . $user_media->id() . '/edit');
89 $this->assertCacheContext('user');
90 $assert_session->statusCodeEquals(200);
91 $this->drupalGet('media/' . $user_media->id() . '/delete');
92 $this->assertCacheContext('user');
93 $assert_session->statusCodeEquals(200);
95 // Test 'update any media' and 'delete any media' permissions.
96 $this->drupalGet('media/' . $media->id() . '/edit');
97 $this->assertCacheContext('user');
98 $assert_session->statusCodeEquals(403);
99 $this->drupalGet('media/' . $media->id() . '/delete');
100 $this->assertCacheContext('user');
101 $assert_session->statusCodeEquals(403);
102 $this->grantPermissions($role, ['update any media']);
103 $this->grantPermissions($role, ['delete any media']);
104 $this->drupalGet('media/' . $media->id() . '/edit');
105 $this->assertCacheContext('user.permissions');
106 $assert_session->statusCodeEquals(200);
107 $this->drupalGet('media/' . $media->id() . '/delete');
108 $this->assertCacheContext('user.permissions');
109 $assert_session->statusCodeEquals(200);
111 // Test the 'access media overview' permission.
112 $this->grantPermissions($role, ['access content overview']);
113 $this->drupalGet('admin/content');
114 $assert_session->linkByHrefNotExists('/admin/content/media');
115 $this->assertCacheContext('user');
117 // Create a new role, which implicitly checks if the permission exists.
118 $mediaOverviewRole = $this->createRole(['access content overview', 'access media overview']);
119 $this->nonAdminUser->addRole($mediaOverviewRole);
120 $this->nonAdminUser->save();
122 $this->drupalGet('admin/content');
123 $assert_session->linkByHrefExists('/admin/content/media');
124 $this->clickLink('Media');
125 $this->assertCacheContext('user.permissions');
126 $assert_session->statusCodeEquals(200);
127 $assert_session->elementExists('css', '.view-media');
128 $assert_session->pageTextContains($this->loggedInUser->getDisplayName());
129 $assert_session->pageTextContains($this->nonAdminUser->getDisplayName());
130 $assert_session->linkByHrefExists('/media/' . $media->id());
131 $assert_session->linkByHrefExists('/media/' . $user_media->id());