function UserPermissionsTest::testUserPermissionChanges

Tests changing user permissions through the permissions pages.

File

core/modules/user/tests/src/Functional/UserPermissionsTest.php, line 63

Class

UserPermissionsTest

Verifies role permissions can be added and removed via the permissions page.

Namespace

Code

public function testUserPermissionChanges() : void {
  $permissions_hash_generator = $this->container
    ->get('user_permissions_hash_generator');
  $storage = $this->container
    ->get('entity_type.manager')
    ->getStorage('user_role');
  // Create an additional role and mark it as admin role.
  Role::create([
    'is_admin' => TRUE,
    'id' => 'administrator',
    'label' => 'Administrator',
  ])->save();
  $storage->resetCache();
  $this->drupalLogin($this->adminUser);
  $rid = $this->rid;
  $account = $this->adminUser;
  $previous_permissions_hash = $permissions_hash_generator->generate($account);
  $this->assertSame($previous_permissions_hash, $permissions_hash_generator->generate($this->loggedInUser));
  // Add a permission.
  $this->assertFalse($account->hasPermission('administer users'), 'User does not have "administer users" permission.');
  $edit = [];
  $edit[$rid . '[administer users]'] = TRUE;
  $this->drupalGet('admin/people/permissions');
  $this->submitForm($edit, 'Save permissions');
  $this->assertSession()
    ->pageTextContains('The changes have been saved.');
  $storage->resetCache();
  $this->assertTrue($account->hasPermission('administer users'), 'User now has "administer users" permission.');
  $current_permissions_hash = $permissions_hash_generator->generate($account);
  $this->assertSame($current_permissions_hash, $permissions_hash_generator->generate($this->loggedInUser));
  $this->assertNotEquals($previous_permissions_hash, $current_permissions_hash, 'Permissions hash has changed.');
  $previous_permissions_hash = $current_permissions_hash;
  // Remove a permission.
  $this->assertTrue($account->hasPermission('access user profiles'), 'User has "access user profiles" permission.');
  $edit = [];
  $edit[$rid . '[access user profiles]'] = FALSE;
  $this->drupalGet('admin/people/permissions');
  $this->submitForm($edit, 'Save permissions');
  $this->assertSession()
    ->pageTextContains('The changes have been saved.');
  $storage->resetCache();
  $this->assertFalse($account->hasPermission('access user profiles'), 'User no longer has "access user profiles" permission.');
  $current_permissions_hash = $permissions_hash_generator->generate($account);
  $this->assertSame($current_permissions_hash, $permissions_hash_generator->generate($this->loggedInUser));
  $this->assertNotEquals($previous_permissions_hash, $current_permissions_hash, 'Permissions hash has changed.');
  // Permissions can be changed using the module-specific pages with the same
  // result.
  $edit = [];
  $edit[$rid . '[access user profiles]'] = TRUE;
  $this->drupalGet('admin/people/permissions/module/user');
  $this->submitForm($edit, 'Save permissions');
  $this->assertSession()
    ->pageTextContains('The changes have been saved.');
  $storage->resetCache();
  $this->assertTrue($account->hasPermission('access user profiles'), 'User again has "access user profiles" permission.');
  $current_permissions_hash = $permissions_hash_generator->generate($account);
  $this->assertSame($current_permissions_hash, $permissions_hash_generator->generate($this->loggedInUser));
  $this->assertEquals($previous_permissions_hash, $current_permissions_hash, 'Permissions hash has reverted.');
  // Ensure that the admin role doesn't have any checkboxes.
  $this->drupalGet('admin/people/permissions');
  foreach (array_keys($this->container
    ->get('user.permissions')
    ->getPermissions()) as $permission) {
    $this->assertSession()
      ->checkboxChecked('administrator[' . $permission . ']');
    $this->assertSession()
      ->fieldDisabled('administrator[' . $permission . ']');
  }
}