class RoleAccessCheckTest

Same name in other branches
  1. 9 core/tests/Drupal/Tests/Core/Route/RoleAccessCheckTest.php \Drupal\Tests\Core\Route\RoleAccessCheckTest
  2. 8.9.x core/tests/Drupal/Tests/Core/Route/RoleAccessCheckTest.php \Drupal\Tests\Core\Route\RoleAccessCheckTest
  3. 10 core/tests/Drupal/Tests/Core/Route/RoleAccessCheckTest.php \Drupal\Tests\Core\Route\RoleAccessCheckTest

@coversDefaultClass \Drupal\user\Access\RoleAccessCheck @group Access @group Route

Hierarchy

Expanded class hierarchy of RoleAccessCheckTest

File

core/tests/Drupal/Tests/Core/Route/RoleAccessCheckTest.php, line 21

Namespace

Drupal\Tests\Core\Route
View source
class RoleAccessCheckTest extends UnitTestCase {
    
    /**
     * Generates the test route collection.
     *
     * @return \Symfony\Component\Routing\RouteCollection
     *   Returns the test route collection.
     */
    protected function getTestRouteCollection() {
        $route_collection = new RouteCollection();
        $route_collection->add('role_test_1', new Route('/role_test_1', [
            '_controller' => '\\Drupal\\router_test\\TestControllers::test1',
        ], [
            '_role' => 'role_test_1',
        ]));
        $route_collection->add('role_test_2', new Route('/role_test_2', [
            '_controller' => '\\Drupal\\router_test\\TestControllers::test1',
        ], [
            '_role' => 'role_test_2',
        ]));
        $route_collection->add('role_test_3', new Route('/role_test_3', [
            '_controller' => '\\Drupal\\router_test\\TestControllers::test1',
        ], [
            '_role' => 'role_test_1,role_test_2',
        ]));
        // Ensure that trimming the values works on "OR" conjunctions.
        $route_collection->add('role_test_4', new Route('/role_test_4', [
            '_controller' => '\\Drupal\\router_test\\TestControllers::test1',
        ], [
            '_role' => 'role_test_1 , role_test_2',
        ]));
        $route_collection->add('role_test_5', new Route('/role_test_5', [
            '_controller' => '\\Drupal\\router_test\\TestControllers::test1',
        ], [
            '_role' => 'role_test_1+role_test_2',
        ]));
        // Ensure that trimming the values works on "AND" conjunctions.
        $route_collection->add('role_test_6', new Route('/role_test_6', [
            '_controller' => '\\Drupal\\router_test\\TestControllers::test1',
        ], [
            '_role' => 'role_test_1 + role_test_2',
        ]));
        return $route_collection;
    }
    
    /**
     * Provides data for the role access test.
     *
     * @see \Drupal\Tests\Core\Route\RouterRoleTest::testRoleAccess
     */
    public static function roleAccessProvider() {
        // Setup two different roles used in the test.
        $rid_1 = 'role_test_1';
        $rid_2 = 'role_test_2';
        // Setup one user with the first role, one with the second, one with both
        // and one final without any of these two roles.
        $account_1 = new UserSession([
            'uid' => 1,
            'roles' => [
                $rid_1,
            ],
        ]);
        $account_2 = new UserSession([
            'uid' => 2,
            'roles' => [
                $rid_2,
            ],
        ]);
        $account_12 = new UserSession([
            'uid' => 3,
            'roles' => [
                $rid_1,
                $rid_2,
            ],
        ]);
        $account_none = new UserSession([
            'uid' => 1,
            'roles' => [],
        ]);
        // Setup expected values; specify which paths can be accessed by which user.
        return [
            [
                'role_test_1',
                [
                    $account_1,
                    $account_12,
                ],
                [
                    $account_2,
                    $account_none,
                ],
            ],
            [
                'role_test_2',
                [
                    $account_2,
                    $account_12,
                ],
                [
                    $account_1,
                    $account_none,
                ],
            ],
            [
                'role_test_3',
                [
                    $account_12,
                ],
                [
                    $account_1,
                    $account_2,
                    $account_none,
                ],
            ],
            [
                'role_test_4',
                [
                    $account_12,
                ],
                [
                    $account_1,
                    $account_2,
                    $account_none,
                ],
            ],
            [
                'role_test_5',
                [
                    $account_1,
                    $account_2,
                    $account_12,
                ],
                [],
            ],
            [
                'role_test_6',
                [
                    $account_1,
                    $account_2,
                    $account_12,
                ],
                [],
            ],
        ];
    }
    
    /**
     * Tests role requirements on routes.
     *
     * @param string $path
     *   The path to check access for.
     * @param array $grant_accounts
     *   A list of accounts which should have access to the given path.
     * @param array $deny_accounts
     *   A list of accounts which should not have access to the given path.
     *
     * @see \Drupal\Tests\Core\Route\RouterRoleTest::getTestRouteCollection
     * @see \Drupal\Tests\Core\Route\RouterRoleTest::roleAccessProvider
     *
     * @dataProvider roleAccessProvider
     */
    public function testRoleAccess($path, $grant_accounts, $deny_accounts) : void {
        $cache_contexts_manager = $this->prophesize(CacheContextsManager::class);
        $cache_contexts_manager->assertValidTokens()
            ->willReturn(TRUE);
        $cache_contexts_manager->reveal();
        $container = new Container();
        $container->set('cache_contexts_manager', $cache_contexts_manager);
        \Drupal::setContainer($container);
        $role_access_check = new RoleAccessCheck();
        $collection = $this->getTestRouteCollection();
        foreach ($grant_accounts as $account) {
            $message = sprintf('Access granted for user with the roles %s on path: %s', implode(', ', $account->getRoles()), $path);
            $this->assertEquals(AccessResult::allowed()->addCacheContexts([
                'user.roles',
            ]), $role_access_check->access($collection->get($path), $account), $message);
        }
        // Check all users which don't have access.
        foreach ($deny_accounts as $account) {
            $message = sprintf('Access denied for user %s with the roles %s on path: %s', $account->id(), implode(', ', $account->getRoles()), $path);
            $has_access = $role_access_check->access($collection->get($path), $account);
            $this->assertEquals(AccessResult::neutral()->addCacheContexts([
                'user.roles',
            ]), $has_access, $message);
        }
    }

}

Members

Title Sort descending Modifiers Object type Summary Overrides
ExpectDeprecationTrait::expectDeprecation public function Adds an expected deprecation.
ExpectDeprecationTrait::getCallableName private static function Returns a callable as a string suitable for inclusion in a message.
ExpectDeprecationTrait::setUpErrorHandler public function Sets up the test error handler.
ExpectDeprecationTrait::tearDownErrorHandler public function Tears down the test error handler.
RandomGeneratorTrait::getRandomGenerator protected function Gets the random generator for the utility methods.
RandomGeneratorTrait::randomMachineName protected function Generates a unique random string containing letters and numbers.
RandomGeneratorTrait::randomObject public function Generates a random PHP object.
RandomGeneratorTrait::randomString public function Generates a pseudo-random string of ASCII characters of codes 32 to 126.
RoleAccessCheckTest::getTestRouteCollection protected function Generates the test route collection.
RoleAccessCheckTest::roleAccessProvider public static function Provides data for the role access test.
RoleAccessCheckTest::testRoleAccess public function Tests role requirements on routes.
UnitTestCase::$root protected property The app root.
UnitTestCase::getClassResolverStub protected function Returns a stub class resolver.
UnitTestCase::getConfigFactoryStub public function Returns a stub config factory that behaves according to the passed array.
UnitTestCase::getConfigStorageStub public function Returns a stub config storage that returns the supplied configuration.
UnitTestCase::getContainerWithCacheTagsInvalidator protected function Sets up a container with a cache tags invalidator.
UnitTestCase::getStringTranslationStub public function Returns a stub translation manager that just returns the passed string.
UnitTestCase::setUp protected function 358
UnitTestCase::setUpBeforeClass public static function

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.