X-Git-Url: http://aleph1.co.uk/gitweb/?a=blobdiff_plain;f=web%2Fcore%2Fmodules%2Ftaxonomy%2Ftests%2Fsrc%2FFunctional%2FVocabularyPermissionsTest.php;h=bb94a96da67a50761c6e71b82dd26d58f399d740;hb=1c1cb0980bfa6caf0c24cce671b6bb541dc87583;hp=3ba8868f5449d50f10244508a903745d3396945c;hpb=a2bd1bf0c2c1f1a17d188f4dc0726a45494cefae;p=yaffs-website diff --git a/web/core/modules/taxonomy/tests/src/Functional/VocabularyPermissionsTest.php b/web/core/modules/taxonomy/tests/src/Functional/VocabularyPermissionsTest.php index 3ba8868f5..bb94a96da 100644 --- a/web/core/modules/taxonomy/tests/src/Functional/VocabularyPermissionsTest.php +++ b/web/core/modules/taxonomy/tests/src/Functional/VocabularyPermissionsTest.php @@ -2,6 +2,8 @@ namespace Drupal\Tests\taxonomy\Functional; +use Drupal\Component\Utility\Unicode; + /** * Tests the taxonomy vocabulary permissions. * @@ -9,10 +11,210 @@ namespace Drupal\Tests\taxonomy\Functional; */ class VocabularyPermissionsTest extends TaxonomyTestBase { + /** + * Modules to enable. + * + * @var array + */ + public static $modules = ['help']; + protected function setUp() { parent::setUp(); $this->drupalPlaceBlock('page_title_block'); + $this->drupalPlaceBlock('local_actions_block'); + $this->drupalPlaceBlock('help_block'); + } + + /** + * Create, edit and delete a vocabulary via the user interface. + */ + public function testVocabularyPermissionsVocabulary() { + // VocabularyTest.php already tests for user with "administer taxonomy" + // permission. + + // Test as user without proper permissions. + $authenticated_user = $this->drupalCreateUser([]); + $this->drupalLogin($authenticated_user); + + $assert_session = $this->assertSession(); + + // Visit the main taxonomy administration page. + $this->drupalGet('admin/structure/taxonomy'); + $assert_session->statusCodeEquals(403); + + // Test as user with "access taxonomy overview" permissions. + $proper_user = $this->drupalCreateUser(['access taxonomy overview']); + $this->drupalLogin($proper_user); + + // Visit the main taxonomy administration page. + $this->drupalGet('admin/structure/taxonomy'); + $assert_session->statusCodeEquals(200); + $assert_session->pageTextContains('Vocabulary name'); + $assert_session->linkNotExists('Add vocabulary'); + } + + /** + * Test the vocabulary overview permission. + */ + public function testTaxonomyVocabularyOverviewPermissions() { + // Create two vocabularies, one with two terms, the other without any term. + /** @var \Drupal\taxonomy\Entity\Vocabulary $vocabulary1 , $vocabulary2 */ + $vocabulary1 = $this->createVocabulary(); + $vocabulary2 = $this->createVocabulary(); + $vocabulary1_id = $vocabulary1->id(); + $vocabulary2_id = $vocabulary2->id(); + $this->createTerm($vocabulary1); + $this->createTerm($vocabulary1); + + // Assert expected help texts on first vocabulary. + $edit_help_text = t('You can reorganize the terms in @capital_name using their drag-and-drop handles, and group terms under a parent term by sliding them under and to the right of the parent.', ['@capital_name' => Unicode::ucfirst($vocabulary1->label())]); + $no_edit_help_text = t('@capital_name contains the following terms.', ['@capital_name' => Unicode::ucfirst($vocabulary1->label())]); + + $assert_session = $this->assertSession(); + + // Logged in as admin user with 'administer taxonomy' permission. + $admin_user = $this->drupalCreateUser(['administer taxonomy']); + $this->drupalLogin($admin_user); + $this->drupalGet('admin/structure/taxonomy/manage/' . $vocabulary1_id . '/overview'); + $assert_session->statusCodeEquals(200); + $assert_session->linkExists('Edit'); + $assert_session->linkExists('Delete'); + $assert_session->linkExists('Add term'); + $assert_session->buttonExists('Save'); + $assert_session->pageTextContains('Weight'); + $assert_session->fieldExists('Weight'); + $assert_session->pageTextContains($edit_help_text); + + // Visit vocabulary overview without terms. 'Add term' should be shown. + $this->drupalGet('admin/structure/taxonomy/manage/' . $vocabulary2_id . '/overview'); + $assert_session->statusCodeEquals(200); + $assert_session->pageTextContains('No terms available'); + $assert_session->linkExists('Add term'); + + // Login as a user without any of the required permissions. + $no_permission_user = $this->drupalCreateUser(); + $this->drupalLogin($no_permission_user); + $this->drupalGet('admin/structure/taxonomy/manage/' . $vocabulary1_id . '/overview'); + $assert_session->statusCodeEquals(403); + $this->drupalGet('admin/structure/taxonomy/manage/' . $vocabulary2_id . '/overview'); + $assert_session->statusCodeEquals(403); + + // Log in as a user with only the overview permission, neither edit nor + // delete operations must be available and no Save button. + $overview_only_user = $this->drupalCreateUser(['access taxonomy overview']); + $this->drupalLogin($overview_only_user); + $this->drupalGet('admin/structure/taxonomy/manage/' . $vocabulary1_id . '/overview'); + $assert_session->statusCodeEquals(200); + $assert_session->linkNotExists('Edit'); + $assert_session->linkNotExists('Delete'); + $assert_session->buttonNotExists('Save'); + $assert_session->pageTextContains('Weight'); + $assert_session->fieldNotExists('Weight'); + $assert_session->linkNotExists('Add term'); + $assert_session->pageTextContains($no_edit_help_text); + + // Visit vocabulary overview without terms. 'Add term' should not be shown. + $this->drupalGet('admin/structure/taxonomy/manage/' . $vocabulary2_id . '/overview'); + $assert_session->statusCodeEquals(200); + $assert_session->pageTextContains('No terms available'); + $assert_session->linkNotExists('Add term'); + + // Login as a user with permission to edit terms, only edit link should be + // visible. + $edit_user = $this->createUser([ + 'access taxonomy overview', + 'edit terms in ' . $vocabulary1_id, + 'edit terms in ' . $vocabulary2_id, + ]); + $this->drupalLogin($edit_user); + $this->drupalGet('admin/structure/taxonomy/manage/' . $vocabulary1_id . '/overview'); + $assert_session->statusCodeEquals(200); + $assert_session->linkExists('Edit'); + $assert_session->linkNotExists('Delete'); + $assert_session->buttonExists('Save'); + $assert_session->pageTextContains('Weight'); + $assert_session->fieldExists('Weight'); + $assert_session->linkNotExists('Add term'); + $assert_session->pageTextContains($edit_help_text); + + // Visit vocabulary overview without terms. 'Add term' should not be shown. + $this->drupalGet('admin/structure/taxonomy/manage/' . $vocabulary2_id . '/overview'); + $assert_session->statusCodeEquals(200); + $assert_session->pageTextContains('No terms available'); + $assert_session->linkNotExists('Add term'); + + // Login as a user with permission only to delete terms. + $edit_delete_user = $this->createUser([ + 'access taxonomy overview', + 'delete terms in ' . $vocabulary1_id, + 'delete terms in ' . $vocabulary2_id, + ]); + $this->drupalLogin($edit_delete_user); + $this->drupalGet('admin/structure/taxonomy/manage/' . $vocabulary1_id . '/overview'); + $assert_session->statusCodeEquals(200); + $assert_session->linkNotExists('Edit'); + $assert_session->linkExists('Delete'); + $assert_session->linkNotExists('Add term'); + $assert_session->buttonNotExists('Save'); + $assert_session->pageTextContains('Weight'); + $assert_session->fieldNotExists('Weight'); + $assert_session->pageTextContains($no_edit_help_text); + + // Visit vocabulary overview without terms. 'Add term' should not be shown. + $this->drupalGet('admin/structure/taxonomy/manage/' . $vocabulary2_id . '/overview'); + $assert_session->statusCodeEquals(200); + $assert_session->pageTextContains('No terms available'); + $assert_session->linkNotExists('Add term'); + + // Login as a user with permission to edit and delete terms. + $edit_delete_user = $this->createUser([ + 'access taxonomy overview', + 'edit terms in ' . $vocabulary1_id, + 'delete terms in ' . $vocabulary1_id, + 'edit terms in ' . $vocabulary2_id, + 'delete terms in ' . $vocabulary2_id, + ]); + $this->drupalLogin($edit_delete_user); + $this->drupalGet('admin/structure/taxonomy/manage/' . $vocabulary1_id . '/overview'); + $assert_session->statusCodeEquals(200); + $assert_session->linkExists('Edit'); + $assert_session->linkExists('Delete'); + $assert_session->linkNotExists('Add term'); + $assert_session->buttonExists('Save'); + $assert_session->pageTextContains('Weight'); + $assert_session->fieldExists('Weight'); + $assert_session->pageTextContains($edit_help_text); + + // Visit vocabulary overview without terms. 'Add term' should not be shown. + $this->drupalGet('admin/structure/taxonomy/manage/' . $vocabulary2_id . '/overview'); + $assert_session->statusCodeEquals(200); + $assert_session->pageTextContains('No terms available'); + $assert_session->linkNotExists('Add term'); + + // Login as a user with permission to create new terms, only add new term + // link should be visible. + $edit_user = $this->createUser([ + 'access taxonomy overview', + 'create terms in ' . $vocabulary1_id, + 'create terms in ' . $vocabulary2_id, + ]); + $this->drupalLogin($edit_user); + $this->drupalGet('admin/structure/taxonomy/manage/' . $vocabulary1_id . '/overview'); + $assert_session->statusCodeEquals(200); + $assert_session->linkNotExists('Edit'); + $assert_session->linkNotExists('Delete'); + $assert_session->linkExists('Add term'); + $assert_session->buttonNotExists('Save'); + $assert_session->pageTextContains('Weight'); + $assert_session->fieldNotExists('Weight'); + $assert_session->pageTextContains($no_edit_help_text); + + // Visit vocabulary overview without terms. 'Add term' should not be shown. + $this->drupalGet('admin/structure/taxonomy/manage/' . $vocabulary2_id . '/overview'); + $assert_session->statusCodeEquals(200); + $assert_session->pageTextContains('No terms available'); + $assert_session->linkExists('Add term'); } /** @@ -42,7 +244,9 @@ class VocabularyPermissionsTest extends TaxonomyTestBase { $view_link = $this->xpath('//div[@class="messages"]//a[contains(@href, :href)]', [':href' => 'term/']); $this->assert(isset($view_link), 'The message area contains a link to a term'); - $terms = taxonomy_term_load_multiple_by_name($edit['name[0][value]']); + $terms = \Drupal::entityTypeManager() + ->getStorage('taxonomy_term') + ->loadByProperties(['name' => $edit['name[0][value]']]); $term = reset($terms); // Edit the term. @@ -62,6 +266,35 @@ class VocabularyPermissionsTest extends TaxonomyTestBase { $this->drupalPostForm(NULL, NULL, t('Delete')); $this->assertRaw(t('Deleted term %name.', ['%name' => $edit['name[0][value]']]), 'Term deleted.'); + // Test as user with "create" permissions. + $user = $this->drupalCreateUser(["create terms in {$vocabulary->id()}"]); + $this->drupalLogin($user); + + $assert_session = $this->assertSession(); + + // Create a new term. + $this->drupalGet('admin/structure/taxonomy/manage/' . $vocabulary->id() . '/add'); + $assert_session->statusCodeEquals(200); + $assert_session->fieldExists('name[0][value]'); + + // Submit the term. + $edit = []; + $edit['name[0][value]'] = $this->randomMachineName(); + + $this->drupalPostForm(NULL, $edit, t('Save')); + $assert_session->pageTextContains(t('Created new term @name.', ['@name' => $edit['name[0][value]']])); + + $terms = \Drupal::entityTypeManager() + ->getStorage('taxonomy_term') + ->loadByProperties(['name' => $edit['name[0][value]']]); + $term = reset($terms); + + // Ensure that edit and delete access is denied. + $this->drupalGet('taxonomy/term/' . $term->id() . '/edit'); + $assert_session->statusCodeEquals(403); + $this->drupalGet('taxonomy/term/' . $term->id() . '/delete'); + $assert_session->statusCodeEquals(403); + // Test as user with "edit" permissions. $user = $this->drupalCreateUser(["edit terms in {$vocabulary->id()}"]); $this->drupalLogin($user);