'filtered_html',
'name' => 'Filtered HTML',
'weight' => 0,
'filters' => [
'filter_caption' => [
'status' => 1,
],
],
]);
$filtered_html_format->save();
// Create a node type.
$this->drupalCreateContentType([
'type' => 'article',
'name' => 'Article',
]);
// Create one node of the above node type using the above text format.
$this->drupalCreateNode([
'type' => 'article',
'body' => [
0 => [
'value' => '
Do you also love Drupal?
',
'format' => 'filtered_html',
],
],
]);
}
/**
* Test loading of untransformed text when a user doesn't have access to it.
*/
public function testUsersWithoutPermission() {
// Create 3 users, each with insufficient permissions, i.e. without either
// or both of the following permissions:
// - the 'access in-place editing' permission
// - the 'edit any article content' permission (necessary to edit node 1)
$users = [
$this->drupalCreateUser(static::$basicPermissions),
$this->drupalCreateUser(array_merge(static::$basicPermissions, ['edit any article content'])),
$this->drupalCreateUser(array_merge(static::$basicPermissions, ['access in-place editing'])),
];
// Now test with each of the 3 users with insufficient permissions.
foreach ($users as $user) {
$this->drupalLogin($user);
$this->drupalGet('node/1');
// Ensure the text is transformed.
$this->assertRaw('
Do you also love Drupal?
Druplicon');
$client = $this->getHttpClient();
// Retrieving the untransformed text should result in an 403 response and
// return a different error message depending of the missing permission.
$response = $client->post($this->buildUrl('editor/node/1/body/en/full'), [
'query' => http_build_query([MainContentViewSubscriber::WRAPPER_FORMAT => 'drupal_ajax']),
'cookies' => $this->getSessionCookies(),
'headers' => [
'Accept' => 'application/json',
'Content-Type' => 'application/x-www-form-urlencoded',
],
'http_errors' => FALSE,
]);
$this->assertEquals(403, $response->getStatusCode());
if (!$user->hasPermission('access in-place editing')) {
$message = "The 'access in-place editing' permission is required.";
}
else {
$message = '';
}
$body = Json::decode($response->getBody());
$this->assertIdentical($message, $body['message']);
}
}
/**
* Test loading of untransformed text when a user does have access to it.
*/
public function testUserWithPermission() {
$user = $this->drupalCreateUser(array_merge(static::$basicPermissions, ['edit any article content', 'access in-place editing']));
$this->drupalLogin($user);
$this->drupalGet('node/1');
// Ensure the text is transformed.
$this->assertRaw('
Do you also love Drupal?
Druplicon');
$client = $this->getHttpClient();
$response = $client->post($this->buildUrl('editor/node/1/body/en/full'), [
'query' => http_build_query([MainContentViewSubscriber::WRAPPER_FORMAT => 'drupal_ajax']),
'cookies' => $this->getSessionCookies(),
'headers' => [
'Accept' => 'application/json',
'Content-Type' => 'application/x-www-form-urlencoded',
],
'http_errors' => FALSE,
]);
$this->assertEquals(200, $response->getStatusCode());
$ajax_commands = Json::decode($response->getBody());
$this->assertIdentical(1, count($ajax_commands), 'The untransformed text POST request results in one AJAX command.');
$this->assertIdentical('editorGetUntransformedText', $ajax_commands[0]['command'], 'The first AJAX command is an editorGetUntransformedText command.');
$this->assertIdentical('
Do you also love Drupal?
', $ajax_commands[0]['data'], 'The editorGetUntransformedText command contains the expected data.');
}
}