123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300 |
- <?php
- namespace Drupal\Tests\block_content\Kernel;
- use Drupal\block_content\BlockContentAccessControlHandler;
- use Drupal\block_content\Entity\BlockContent;
- use Drupal\block_content\Entity\BlockContentType;
- use Drupal\Core\Access\AccessibleInterface;
- use Drupal\Core\Access\AccessResult;
- use Drupal\KernelTests\KernelTestBase;
- use Drupal\user\Entity\Role;
- use Drupal\user\Entity\User;
- /**
- * Tests the block content entity access handler.
- *
- * @coversDefaultClass \Drupal\block_content\BlockContentAccessControlHandler
- *
- * @group block_content
- */
- class BlockContentAccessHandlerTest extends KernelTestBase {
- /**
- * {@inheritdoc}
- */
- public static $modules = [
- 'block',
- 'block_content',
- 'system',
- 'user',
- ];
- /**
- * The BlockContent access controller to test.
- *
- * @var \Drupal\block_content\BlockContentAccessControlHandler
- */
- protected $accessControlHandler;
- /**
- * The BlockContent entity used for testing.
- *
- * @var \Drupal\block_content\Entity\BlockContent
- */
- protected $blockEntity;
- /**
- * The test role.
- *
- * @var \Drupal\user\RoleInterface
- */
- protected $role;
- /**
- * {@inheritdoc}
- */
- protected function setUp() {
- parent::setUp();
- $this->installSchema('system', ['sequence']);
- $this->installSchema('system', ['sequences']);
- $this->installSchema('user', ['users_data']);
- $this->installEntitySchema('user');
- $this->installEntitySchema('block_content');
- // Create a block content type.
- $block_content_type = BlockContentType::create([
- 'id' => 'square',
- 'label' => 'A square block type',
- 'description' => "Provides a block type that is square.",
- ]);
- $block_content_type->save();
- $this->blockEntity = BlockContent::create([
- 'info' => 'The Block',
- 'type' => 'square',
- ]);
- $this->blockEntity->save();
- // Create user 1 test does not have all permissions.
- User::create([
- 'name' => 'admin',
- ])->save();
- $this->role = Role::create([
- 'id' => 'roly',
- 'label' => 'roly poly',
- ]);
- $this->role->save();
- $this->accessControlHandler = new BlockContentAccessControlHandler(\Drupal::entityTypeManager()->getDefinition('block_content'), \Drupal::service('event_dispatcher'));
- }
- /**
- * @covers ::checkAccess
- *
- * @dataProvider providerTestAccess
- */
- public function testAccess($operation, $published, $reusable, $permissions, $parent_access, $expected_access) {
- $published ? $this->blockEntity->setPublished() : $this->blockEntity->setUnpublished();
- $reusable ? $this->blockEntity->setReusable() : $this->blockEntity->setNonReusable();
- $user = User::create([
- 'name' => 'Someone',
- 'mail' => 'hi@example.com',
- ]);
- if ($permissions) {
- foreach ($permissions as $permission) {
- $this->role->grantPermission($permission);
- }
- $this->role->save();
- }
- $user->addRole($this->role->id());
- $user->save();
- if ($parent_access) {
- $parent_entity = $this->prophesize(AccessibleInterface::class);
- $expected_parent_result = NULL;
- switch ($parent_access) {
- case 'allowed':
- $expected_parent_result = AccessResult::allowed();
- break;
- case 'neutral':
- $expected_parent_result = AccessResult::neutral();
- break;
- case 'forbidden':
- $expected_parent_result = AccessResult::forbidden();
- break;
- }
- $parent_entity->access($operation, $user, TRUE)
- ->willReturn($expected_parent_result)
- ->shouldBeCalled();
- $this->blockEntity->setAccessDependency($parent_entity->reveal());
- }
- $this->blockEntity->save();
- $result = $this->accessControlHandler->access($this->blockEntity, $operation, $user, TRUE);
- switch ($expected_access) {
- case 'allowed':
- $this->assertTrue($result->isAllowed());
- break;
- case 'forbidden':
- $this->assertTrue($result->isForbidden());
- break;
- case 'neutral':
- $this->assertTrue($result->isNeutral());
- break;
- default:
- $this->fail('Unexpected access type');
- }
- }
- /**
- * Dataprovider for testAccess().
- */
- public function providerTestAccess() {
- $cases = [
- 'view:published:reusable' => [
- 'view',
- TRUE,
- TRUE,
- [],
- NULL,
- 'allowed',
- ],
- 'view:unpublished:reusable' => [
- 'view',
- FALSE,
- TRUE,
- [],
- NULL,
- 'neutral',
- ],
- 'view:unpublished:reusable:admin' => [
- 'view',
- FALSE,
- TRUE,
- ['administer blocks'],
- NULL,
- 'allowed',
- ],
- 'view:published:reusable:admin' => [
- 'view',
- TRUE,
- TRUE,
- ['administer blocks'],
- NULL,
- 'allowed',
- ],
- 'view:published:non_reusable' => [
- 'view',
- TRUE,
- FALSE,
- [],
- NULL,
- 'forbidden',
- ],
- 'view:published:non_reusable:parent_allowed' => [
- 'view',
- TRUE,
- FALSE,
- [],
- 'allowed',
- 'allowed',
- ],
- 'view:published:non_reusable:parent_neutral' => [
- 'view',
- TRUE,
- FALSE,
- [],
- 'neutral',
- 'neutral',
- ],
- 'view:published:non_reusable:parent_forbidden' => [
- 'view',
- TRUE,
- FALSE,
- [],
- 'forbidden',
- 'forbidden',
- ],
- ];
- foreach (['update', 'delete'] as $operation) {
- $cases += [
- $operation . ':published:reusable' => [
- $operation,
- TRUE,
- TRUE,
- [],
- NULL,
- 'neutral',
- ],
- $operation . ':unpublished:reusable' => [
- $operation,
- FALSE,
- TRUE,
- [],
- NULL,
- 'neutral',
- ],
- $operation . ':unpublished:reusable:admin' => [
- $operation,
- FALSE,
- TRUE,
- ['administer blocks'],
- NULL,
- 'allowed',
- ],
- $operation . ':published:reusable:admin' => [
- $operation,
- TRUE,
- TRUE,
- ['administer blocks'],
- NULL,
- 'allowed',
- ],
- $operation . ':published:non_reusable' => [
- $operation,
- TRUE,
- FALSE,
- [],
- NULL,
- 'forbidden',
- ],
- $operation . ':published:non_reusable:parent_allowed' => [
- $operation,
- TRUE,
- FALSE,
- [],
- 'allowed',
- 'neutral',
- ],
- $operation . ':published:non_reusable:parent_neutral' => [
- $operation,
- TRUE,
- FALSE,
- [],
- 'neutral',
- 'neutral',
- ],
- $operation . ':published:non_reusable:parent_forbidden' => [
- $operation,
- TRUE,
- FALSE,
- [],
- 'forbidden',
- 'forbidden',
- ],
- ];
- return $cases;
- }
- }
- }
|