3 namespace Drupal\Tests\media\Functional;
5 use Drupal\media\Entity\Media;
6 use Drupal\Tests\system\Functional\Cache\AssertPageCacheContextsAndTagsTrait;
7 use Drupal\user\Entity\Role;
8 use Drupal\user\RoleInterface;
11 * Basic access tests for Media.
15 class MediaAccessTest extends MediaFunctionalTestBase {
17 use AssertPageCacheContextsAndTagsTrait;
22 public static $modules = [
30 protected function setUp() {
32 // This is needed to provide the user cache context for a below assertion.
33 $this->drupalPlaceBlock('local_tasks_block');
37 * Test some access control functionality.
39 public function testMediaAccess() {
40 $assert_session = $this->assertSession();
42 $media_type = $this->createMediaType();
45 $media = Media::create([
46 'bundle' => $media_type->id(),
50 $user_media = Media::create([
51 'bundle' => $media_type->id(),
53 'uid' => $this->nonAdminUser->id(),
57 // We are logged in as admin, so test 'administer media' permission.
58 $this->drupalGet('media/add/' . $media_type->id());
59 $this->assertCacheContext('user.permissions');
60 $assert_session->statusCodeEquals(200);
61 $this->drupalGet('media/' . $user_media->id());
62 $this->assertCacheContext('user.permissions');
63 $assert_session->statusCodeEquals(200);
64 $this->drupalGet('media/' . $user_media->id() . '/edit');
65 $this->assertCacheContext('user.permissions');
66 $assert_session->statusCodeEquals(200);
67 $this->drupalGet('media/' . $user_media->id() . '/delete');
68 $this->assertCacheContext('user.permissions');
69 $assert_session->statusCodeEquals(200);
71 $this->drupalLogin($this->nonAdminUser);
72 /** @var \Drupal\user\RoleInterface $role */
73 $role = Role::load(RoleInterface::AUTHENTICATED_ID);
75 // Test 'view media' permission.
76 user_role_revoke_permissions($role->id(), ['view media']);
77 $this->drupalGet('media/' . $media->id());
78 $this->assertCacheContext('user.permissions');
79 $assert_session->statusCodeEquals(403);
80 $access_result = $media->access('view', NULL, TRUE);
81 $this->assertSame("The 'view media' permission is required and the media item must be published.", $access_result->getReason());
82 $this->grantPermissions($role, ['view media']);
83 $this->drupalGet('media/' . $media->id());
84 $this->assertCacheContext('user.permissions');
85 $assert_session->statusCodeEquals(200);
87 // Test 'create BUNDLE media' permission.
88 $this->drupalGet('media/add/' . $media_type->id());
89 $this->assertCacheContext('user.permissions');
90 $assert_session->statusCodeEquals(403);
91 $permissions = ['create ' . $media_type->id() . ' media'];
92 $this->grantPermissions($role, $permissions);
93 $this->drupalGet('media/add/' . $media_type->id());
94 $this->assertCacheContext('user.permissions');
95 $assert_session->statusCodeEquals(200);
96 user_role_revoke_permissions($role->id(), $permissions);
97 $role = Role::load(RoleInterface::AUTHENTICATED_ID);
99 // Test 'create media' permission.
100 $this->drupalGet('media/add/' . $media_type->id());
101 $this->assertCacheContext('user.permissions');
102 $assert_session->statusCodeEquals(403);
103 $permissions = ['create media'];
104 $this->grantPermissions($role, $permissions);
105 $this->drupalGet('media/add/' . $media_type->id());
106 $this->assertCacheContext('user.permissions');
107 $assert_session->statusCodeEquals(200);
108 user_role_revoke_permissions($role->id(), $permissions);
109 $role = Role::load(RoleInterface::AUTHENTICATED_ID);
111 // Test 'edit own BUNDLE media' and 'delete own BUNDLE media' permissions.
112 $this->drupalGet('media/' . $user_media->id() . '/edit');
113 $this->assertCacheContext('user.permissions');
114 $assert_session->statusCodeEquals(403);
115 $this->drupalGet('media/' . $user_media->id() . '/delete');
116 $this->assertCacheContext('user.permissions');
117 $assert_session->statusCodeEquals(403);
119 'edit own ' . $user_media->bundle() . ' media',
120 'delete own ' . $user_media->bundle() . ' media',
122 $this->grantPermissions($role, $permissions);
123 $this->drupalGet('media/' . $user_media->id() . '/edit');
124 $this->assertCacheContext('user');
125 $assert_session->statusCodeEquals(200);
126 $this->drupalGet('media/' . $user_media->id() . '/delete');
127 $this->assertCacheContext('user');
128 $assert_session->statusCodeEquals(200);
129 user_role_revoke_permissions($role->id(), $permissions);
130 $role = Role::load(RoleInterface::AUTHENTICATED_ID);
132 // Test 'edit any BUNDLE media' and 'delete any BUNDLE media' permissions.
133 $this->drupalGet('media/' . $media->id() . '/edit');
134 $this->assertCacheContext('user.permissions');
135 $assert_session->statusCodeEquals(403);
136 $this->drupalGet('media/' . $media->id() . '/delete');
137 $this->assertCacheContext('user.permissions');
138 $assert_session->statusCodeEquals(403);
140 'edit any ' . $media->bundle() . ' media',
141 'delete any ' . $media->bundle() . ' media',
143 $this->grantPermissions($role, $permissions);
144 $this->drupalGet('media/' . $media->id() . '/edit');
145 $this->assertCacheContext('user.permissions');
146 $assert_session->statusCodeEquals(200);
147 $this->drupalGet('media/' . $media->id() . '/delete');
148 $this->assertCacheContext('user.permissions');
149 $assert_session->statusCodeEquals(200);
151 // Test the 'access media overview' permission.
152 $this->grantPermissions($role, ['access content overview']);
153 $this->drupalGet('admin/content');
154 $assert_session->linkByHrefNotExists('/admin/content/media');
155 $this->assertCacheContext('user');
157 // Create a new role, which implicitly checks if the permission exists.
158 $mediaOverviewRole = $this->createRole(['access content overview', 'access media overview']);
159 $this->nonAdminUser->addRole($mediaOverviewRole);
160 $this->nonAdminUser->save();
162 $this->drupalGet('admin/content');
163 $assert_session->linkByHrefExists('/admin/content/media');
164 $this->clickLink('Media');
165 $this->assertCacheContext('user.permissions');
166 $assert_session->statusCodeEquals(200);
167 $assert_session->elementExists('css', '.view-media');
168 $assert_session->pageTextContains($this->loggedInUser->getDisplayName());
169 $assert_session->pageTextContains($this->nonAdminUser->getDisplayName());
170 $assert_session->linkByHrefExists('/media/' . $media->id());
171 $assert_session->linkByHrefExists('/media/' . $user_media->id());