3 namespace Drupal\Tests\taxonomy\Functional;
5 use Drupal\Component\Utility\Unicode;
8 * Tests the taxonomy vocabulary permissions.
12 class VocabularyPermissionsTest extends TaxonomyTestBase {
19 public static $modules = ['help'];
21 protected function setUp() {
24 $this->drupalPlaceBlock('page_title_block');
25 $this->drupalPlaceBlock('local_actions_block');
26 $this->drupalPlaceBlock('help_block');
30 * Create, edit and delete a vocabulary via the user interface.
32 public function testVocabularyPermissionsVocabulary() {
33 // VocabularyTest.php already tests for user with "administer taxonomy"
36 // Test as user without proper permissions.
37 $authenticated_user = $this->drupalCreateUser([]);
38 $this->drupalLogin($authenticated_user);
40 $assert_session = $this->assertSession();
42 // Visit the main taxonomy administration page.
43 $this->drupalGet('admin/structure/taxonomy');
44 $assert_session->statusCodeEquals(403);
46 // Test as user with "access taxonomy overview" permissions.
47 $proper_user = $this->drupalCreateUser(['access taxonomy overview']);
48 $this->drupalLogin($proper_user);
50 // Visit the main taxonomy administration page.
51 $this->drupalGet('admin/structure/taxonomy');
52 $assert_session->statusCodeEquals(200);
53 $assert_session->pageTextContains('Vocabulary name');
54 $assert_session->linkNotExists('Add vocabulary');
58 * Test the vocabulary overview permission.
60 public function testTaxonomyVocabularyOverviewPermissions() {
61 // Create two vocabularies, one with two terms, the other without any term.
62 /** @var \Drupal\taxonomy\Entity\Vocabulary $vocabulary1 , $vocabulary2 */
63 $vocabulary1 = $this->createVocabulary();
64 $vocabulary2 = $this->createVocabulary();
65 $vocabulary1_id = $vocabulary1->id();
66 $vocabulary2_id = $vocabulary2->id();
67 $this->createTerm($vocabulary1);
68 $this->createTerm($vocabulary1);
70 // Assert expected help texts on first vocabulary.
71 $edit_help_text = t('You can reorganize the terms in @capital_name using their drag-and-drop handles, and group terms under a parent term by sliding them under and to the right of the parent.', ['@capital_name' => Unicode::ucfirst($vocabulary1->label())]);
72 $no_edit_help_text = t('@capital_name contains the following terms.', ['@capital_name' => Unicode::ucfirst($vocabulary1->label())]);
74 $assert_session = $this->assertSession();
76 // Logged in as admin user with 'administer taxonomy' permission.
77 $admin_user = $this->drupalCreateUser(['administer taxonomy']);
78 $this->drupalLogin($admin_user);
79 $this->drupalGet('admin/structure/taxonomy/manage/' . $vocabulary1_id . '/overview');
80 $assert_session->statusCodeEquals(200);
81 $assert_session->linkExists('Edit');
82 $assert_session->linkExists('Delete');
83 $assert_session->linkExists('Add term');
84 $assert_session->buttonExists('Save');
85 $assert_session->pageTextContains('Weight');
86 $assert_session->pageTextContains($edit_help_text);
88 // Visit vocabulary overview without terms. 'Add term' should be shown.
89 $this->drupalGet('admin/structure/taxonomy/manage/' . $vocabulary2_id . '/overview');
90 $assert_session->statusCodeEquals(200);
91 $assert_session->pageTextContains('No terms available');
92 $assert_session->linkExists('Add term');
94 // Login as a user without any of the required permissions.
95 $no_permission_user = $this->drupalCreateUser();
96 $this->drupalLogin($no_permission_user);
97 $this->drupalGet('admin/structure/taxonomy/manage/' . $vocabulary1_id . '/overview');
98 $assert_session->statusCodeEquals(403);
99 $this->drupalGet('admin/structure/taxonomy/manage/' . $vocabulary2_id . '/overview');
100 $assert_session->statusCodeEquals(403);
102 // Log in as a user with only the overview permission, neither edit nor
103 // delete operations must be available and no Save button.
104 $overview_only_user = $this->drupalCreateUser(['access taxonomy overview']);
105 $this->drupalLogin($overview_only_user);
106 $this->drupalGet('admin/structure/taxonomy/manage/' . $vocabulary1_id . '/overview');
107 $assert_session->statusCodeEquals(200);
108 $assert_session->linkNotExists('Edit');
109 $assert_session->linkNotExists('Delete');
110 $assert_session->buttonNotExists('Save');
111 $assert_session->pageTextNotContains('Weight');
112 $assert_session->linkNotExists('Add term');
113 $assert_session->pageTextContains($no_edit_help_text);
115 // Visit vocabulary overview without terms. 'Add term' should not be shown.
116 $this->drupalGet('admin/structure/taxonomy/manage/' . $vocabulary2_id . '/overview');
117 $assert_session->statusCodeEquals(200);
118 $assert_session->pageTextContains('No terms available');
119 $assert_session->linkNotExists('Add term');
121 // Login as a user with permission to edit terms, only edit link should be
123 $edit_user = $this->createUser([
124 'access taxonomy overview',
125 'edit terms in ' . $vocabulary1_id,
126 'edit terms in ' . $vocabulary2_id,
128 $this->drupalLogin($edit_user);
129 $this->drupalGet('admin/structure/taxonomy/manage/' . $vocabulary1_id . '/overview');
130 $assert_session->statusCodeEquals(200);
131 $assert_session->linkExists('Edit');
132 $assert_session->linkNotExists('Delete');
133 $assert_session->buttonExists('Save');
134 $assert_session->pageTextContains('Weight');
135 $assert_session->linkNotExists('Add term');
136 $assert_session->pageTextContains($edit_help_text);
138 // Visit vocabulary overview without terms. 'Add term' should not be shown.
139 $this->drupalGet('admin/structure/taxonomy/manage/' . $vocabulary2_id . '/overview');
140 $assert_session->statusCodeEquals(200);
141 $assert_session->pageTextContains('No terms available');
142 $assert_session->linkNotExists('Add term');
144 // Login as a user with permission only to delete terms.
145 $edit_delete_user = $this->createUser([
146 'access taxonomy overview',
147 'delete terms in ' . $vocabulary1_id,
148 'delete terms in ' . $vocabulary2_id,
150 $this->drupalLogin($edit_delete_user);
151 $this->drupalGet('admin/structure/taxonomy/manage/' . $vocabulary1_id . '/overview');
152 $assert_session->statusCodeEquals(200);
153 $assert_session->linkNotExists('Edit');
154 $assert_session->linkExists('Delete');
155 $assert_session->linkNotExists('Add term');
156 $assert_session->buttonNotExists('Save');
157 $assert_session->pageTextNotContains('Weight');
158 $assert_session->pageTextContains($no_edit_help_text);
160 // Visit vocabulary overview without terms. 'Add term' should not be shown.
161 $this->drupalGet('admin/structure/taxonomy/manage/' . $vocabulary2_id . '/overview');
162 $assert_session->statusCodeEquals(200);
163 $assert_session->pageTextContains('No terms available');
164 $assert_session->linkNotExists('Add term');
166 // Login as a user with permission to edit and delete terms.
167 $edit_delete_user = $this->createUser([
168 'access taxonomy overview',
169 'edit terms in ' . $vocabulary1_id,
170 'delete terms in ' . $vocabulary1_id,
171 'edit terms in ' . $vocabulary2_id,
172 'delete terms in ' . $vocabulary2_id,
174 $this->drupalLogin($edit_delete_user);
175 $this->drupalGet('admin/structure/taxonomy/manage/' . $vocabulary1_id . '/overview');
176 $assert_session->statusCodeEquals(200);
177 $assert_session->linkExists('Edit');
178 $assert_session->linkExists('Delete');
179 $assert_session->linkNotExists('Add term');
180 $assert_session->buttonExists('Save');
181 $assert_session->pageTextContains('Weight');
182 $assert_session->pageTextContains($edit_help_text);
184 // Visit vocabulary overview without terms. 'Add term' should not be shown.
185 $this->drupalGet('admin/structure/taxonomy/manage/' . $vocabulary2_id . '/overview');
186 $assert_session->statusCodeEquals(200);
187 $assert_session->pageTextContains('No terms available');
188 $assert_session->linkNotExists('Add term');
190 // Login as a user with permission to create new terms, only add new term
191 // link should be visible.
192 $edit_user = $this->createUser([
193 'access taxonomy overview',
194 'create terms in ' . $vocabulary1_id,
195 'create terms in ' . $vocabulary2_id,
197 $this->drupalLogin($edit_user);
198 $this->drupalGet('admin/structure/taxonomy/manage/' . $vocabulary1_id . '/overview');
199 $assert_session->statusCodeEquals(200);
200 $assert_session->linkNotExists('Edit');
201 $assert_session->linkNotExists('Delete');
202 $assert_session->linkExists('Add term');
203 $assert_session->buttonNotExists('Save');
204 $assert_session->pageTextNotContains('Weight');
205 $assert_session->pageTextContains($no_edit_help_text);
207 // Visit vocabulary overview without terms. 'Add term' should not be shown.
208 $this->drupalGet('admin/structure/taxonomy/manage/' . $vocabulary2_id . '/overview');
209 $assert_session->statusCodeEquals(200);
210 $assert_session->pageTextContains('No terms available');
211 $assert_session->linkExists('Add term');
215 * Create, edit and delete a taxonomy term via the user interface.
217 public function testVocabularyPermissionsTaxonomyTerm() {
218 // Vocabulary used for creating, removing and editing terms.
219 $vocabulary = $this->createVocabulary();
221 // Test as admin user.
222 $user = $this->drupalCreateUser(['administer taxonomy']);
223 $this->drupalLogin($user);
225 // Visit the main taxonomy administration page.
226 $this->drupalGet('admin/structure/taxonomy/manage/' . $vocabulary->id() . '/add');
227 $this->assertResponse(200);
228 $this->assertField('edit-name-0-value', 'Add taxonomy term form opened successfully.');
232 $edit['name[0][value]'] = $this->randomMachineName();
234 $this->drupalPostForm(NULL, $edit, t('Save'));
235 $this->assertText(t('Created new term @name.', ['@name' => $edit['name[0][value]']]), 'Term created successfully.');
237 // Verify that the creation message contains a link to a term.
238 $view_link = $this->xpath('//div[@class="messages"]//a[contains(@href, :href)]', [':href' => 'term/']);
239 $this->assert(isset($view_link), 'The message area contains a link to a term');
241 $terms = \Drupal::entityTypeManager()
242 ->getStorage('taxonomy_term')
243 ->loadByProperties(['name' => $edit['name[0][value]']]);
244 $term = reset($terms);
247 $this->drupalGet('taxonomy/term/' . $term->id() . '/edit');
248 $this->assertResponse(200);
249 $this->assertText($edit['name[0][value]'], 'Edit taxonomy term form opened successfully.');
251 $edit['name[0][value]'] = $this->randomMachineName();
252 $this->drupalPostForm(NULL, $edit, t('Save'));
253 $this->assertText(t('Updated term @name.', ['@name' => $edit['name[0][value]']]), 'Term updated successfully.');
255 // Delete the vocabulary.
256 $this->drupalGet('taxonomy/term/' . $term->id() . '/delete');
257 $this->assertRaw(t('Are you sure you want to delete the @entity-type %label?', ['@entity-type' => 'taxonomy term', '%label' => $edit['name[0][value]']]), 'Delete taxonomy term form opened successfully.');
260 $this->drupalPostForm(NULL, NULL, t('Delete'));
261 $this->assertRaw(t('Deleted term %name.', ['%name' => $edit['name[0][value]']]), 'Term deleted.');
263 // Test as user with "create" permissions.
264 $user = $this->drupalCreateUser(["create terms in {$vocabulary->id()}"]);
265 $this->drupalLogin($user);
267 $assert_session = $this->assertSession();
269 // Create a new term.
270 $this->drupalGet('admin/structure/taxonomy/manage/' . $vocabulary->id() . '/add');
271 $assert_session->statusCodeEquals(200);
272 $assert_session->fieldExists('name[0][value]');
276 $edit['name[0][value]'] = $this->randomMachineName();
278 $this->drupalPostForm(NULL, $edit, t('Save'));
279 $assert_session->pageTextContains(t('Created new term @name.', ['@name' => $edit['name[0][value]']]));
281 $terms = \Drupal::entityTypeManager()
282 ->getStorage('taxonomy_term')
283 ->loadByProperties(['name' => $edit['name[0][value]']]);
284 $term = reset($terms);
286 // Ensure that edit and delete access is denied.
287 $this->drupalGet('taxonomy/term/' . $term->id() . '/edit');
288 $assert_session->statusCodeEquals(403);
289 $this->drupalGet('taxonomy/term/' . $term->id() . '/delete');
290 $assert_session->statusCodeEquals(403);
292 // Test as user with "edit" permissions.
293 $user = $this->drupalCreateUser(["edit terms in {$vocabulary->id()}"]);
294 $this->drupalLogin($user);
296 // Visit the main taxonomy administration page.
297 $this->drupalGet('admin/structure/taxonomy/manage/' . $vocabulary->id() . '/add');
298 $this->assertResponse(403, 'Add taxonomy term form open failed.');
300 // Create a test term.
301 $term = $this->createTerm($vocabulary);
304 $this->drupalGet('taxonomy/term/' . $term->id() . '/edit');
305 $this->assertResponse(200);
306 $this->assertText($term->getName(), 'Edit taxonomy term form opened successfully.');
308 $edit['name[0][value]'] = $this->randomMachineName();
309 $this->drupalPostForm(NULL, $edit, t('Save'));
310 $this->assertText(t('Updated term @name.', ['@name' => $edit['name[0][value]']]), 'Term updated successfully.');
312 // Verify that the update message contains a link to a term.
313 $view_link = $this->xpath('//div[@class="messages"]//a[contains(@href, :href)]', [':href' => 'term/']);
314 $this->assert(isset($view_link), 'The message area contains a link to a term');
316 // Delete the vocabulary.
317 $this->drupalGet('taxonomy/term/' . $term->id() . '/delete');
318 $this->assertResponse(403, 'Delete taxonomy term form open failed.');
320 // Test as user with "delete" permissions.
321 $user = $this->drupalCreateUser(["delete terms in {$vocabulary->id()}"]);
322 $this->drupalLogin($user);
324 // Visit the main taxonomy administration page.
325 $this->drupalGet('admin/structure/taxonomy/manage/' . $vocabulary->id() . '/add');
326 $this->assertResponse(403, 'Add taxonomy term form open failed.');
328 // Create a test term.
329 $term = $this->createTerm($vocabulary);
332 $this->drupalGet('taxonomy/term/' . $term->id() . '/edit');
333 $this->assertResponse(403, 'Edit taxonomy term form open failed.');
335 // Delete the vocabulary.
336 $this->drupalGet('taxonomy/term/' . $term->id() . '/delete');
337 $this->assertRaw(t('Are you sure you want to delete the @entity-type %label?', ['@entity-type' => 'taxonomy term', '%label' => $term->getName()]), 'Delete taxonomy term form opened successfully.');
340 $this->drupalPostForm(NULL, NULL, t('Delete'));
341 $this->assertRaw(t('Deleted term %name.', ['%name' => $term->getName()]), 'Term deleted.');
343 // Test as user without proper permissions.
344 $user = $this->drupalCreateUser();
345 $this->drupalLogin($user);
347 // Visit the main taxonomy administration page.
348 $this->drupalGet('admin/structure/taxonomy/manage/' . $vocabulary->id() . '/add');
349 $this->assertResponse(403, 'Add taxonomy term form open failed.');
351 // Create a test term.
352 $term = $this->createTerm($vocabulary);
355 $this->drupalGet('taxonomy/term/' . $term->id() . '/edit');
356 $this->assertResponse(403, 'Edit taxonomy term form open failed.');
358 // Delete the vocabulary.
359 $this->drupalGet('taxonomy/term/' . $term->id() . '/delete');
360 $this->assertResponse(403, 'Delete taxonomy term form open failed.');