3 namespace Drupal\Tests\entity\Kernel\QueryAccess;
5 use Drupal\entity_module_test\Entity\EnhancedEntityWithOwner;
6 use Drupal\KernelTests\Core\Entity\EntityKernelTestBase;
7 use Drupal\views\Tests\ViewResultAssertionTrait;
8 use Drupal\views\Views;
11 * Test uncacheable query access filtering for EntityQuery and Views.
15 * @see \Drupal\entity\QueryAccess\UncacheableQueryAccessHandler
16 * @see \Drupal\entity\QueryAccess\EntityQueryAlter
17 * @see \Drupal\entity\QueryAccess\ViewsQueryAlter
19 class UncacheableQueryAccessTest extends EntityKernelTestBase {
21 use ViewResultAssertionTrait;
26 * @var \Drupal\Core\Entity\ContentEntityInterface[]
31 * The entity_test_enhanced storage.
33 * @var \Drupal\Core\Entity\EntityStorageInterface
40 public static $modules = [
51 protected function setUp() {
54 $this->installEntitySchema('entity_test_enhanced_with_owner');
55 $this->installConfig(['entity_module_test']);
57 // Create uid: 1 here so that it's skipped in test cases.
58 $admin_user = $this->createUser();
60 $first_entity = EnhancedEntityWithOwner::create([
65 $first_entity->save();
67 $first_entity->set('name', 'First!');
68 $first_entity->set('status', 0);
69 $first_entity->setNewRevision(TRUE);
70 $first_entity->save();
72 $second_entity = EnhancedEntityWithOwner::create([
77 $second_entity->save();
79 $second_entity->set('name', 'Second!');
80 $second_entity->set('status', 1);
81 $second_entity->setNewRevision(TRUE);
82 $second_entity->save();
84 $third_entity = EnhancedEntityWithOwner::create([
89 $third_entity->save();
91 $third_entity->set('name', 'Third!');
92 $third_entity->setNewRevision(TRUE);
93 $third_entity->save();
95 $this->entities = [$first_entity, $second_entity, $third_entity];
96 $this->storage = \Drupal::entityTypeManager()->getStorage('entity_test_enhanced_with_owner');
100 * Tests EntityQuery filtering.
102 public function testEntityQuery() {
103 // Admin permission, full access.
104 $admin_user = $this->createUser([], ['administer entity_test_enhanced_with_owner']);
105 \Drupal::currentUser()->setAccount($admin_user);
107 $result = $this->storage->getQuery()->sort('id')->execute();
108 $this->assertEquals([
109 $this->entities[0]->id(),
110 $this->entities[1]->id(),
111 $this->entities[2]->id(),
112 ], array_values($result));
114 // No view permissions, no access.
115 $user = $this->createUser([], ['access content']);
116 \Drupal::currentUser()->setAccount($user);
118 $result = $this->storage->getQuery()->execute();
119 $this->assertEmpty($result);
121 // View own (published-only).
122 $user = $this->createUser([], ['view own entity_test_enhanced_with_owner']);
123 \Drupal::currentUser()->setAccount($user);
125 $this->entities[0]->set('user_id', $user->id());
126 $this->entities[0]->save();
127 $this->entities[1]->set('user_id', $user->id());
128 $this->entities[1]->save();
130 $result = $this->storage->getQuery()->sort('id')->execute();
131 $this->assertEquals([
132 $this->entities[1]->id(),
133 ], array_values($result));
135 // View any (published-only).
136 $user = $this->createUser([], ['view any entity_test_enhanced_with_owner']);
137 \Drupal::currentUser()->setAccount($user);
139 $result = $this->storage->getQuery()->sort('id')->execute();
140 $this->assertEquals([
141 $this->entities[1]->id(),
142 $this->entities[2]->id(),
143 ], array_values($result));
145 // View own unpublished.
146 $user = $this->createUser([], ['view own unpublished entity_test_enhanced_with_owner']);
147 \Drupal::currentUser()->setAccount($user);
149 $this->entities[0]->set('user_id', $user->id());
150 $this->entities[0]->save();
151 $this->entities[1]->set('user_id', $user->id());
152 $this->entities[1]->save();
154 $result = $this->storage->getQuery()->sort('id')->execute();
155 $this->assertEquals([
156 $this->entities[0]->id(),
157 ], array_values($result));
159 // View own unpublished + view any (published-only).
160 $user = $this->createUser([], [
161 'view own unpublished entity_test_enhanced_with_owner',
162 'view any entity_test_enhanced_with_owner',
164 \Drupal::currentUser()->setAccount($user);
166 $this->entities[0]->set('user_id', $user->id());
167 $this->entities[0]->save();
169 $result = $this->storage->getQuery()->sort('id')->execute();
170 $this->assertEquals([
171 $this->entities[0]->id(),
172 $this->entities[1]->id(),
173 $this->entities[2]->id(),
174 ], array_values($result));
176 // View own $first_bundle + View any $second_bundle.
177 $user = $this->createUser([], [
178 'view own first entity_test_enhanced_with_owner',
179 'view any second entity_test_enhanced_with_owner',
181 \Drupal::currentUser()->setAccount($user);
183 $this->entities[1]->set('user_id', $user->id());
184 $this->entities[1]->save();
186 $result = $this->storage->getQuery()->sort('id')->execute();
187 $this->assertEquals([
188 $this->entities[1]->id(),
189 $this->entities[2]->id(),
190 ], array_values($result));
194 * Tests EntityQuery filtering when all revisions are queried.
196 public function testEntityQueryWithRevisions() {
197 // Admin permission, full access.
198 $admin_user = $this->createUser([], ['administer entity_test_enhanced_with_owner']);
199 \Drupal::currentUser()->setAccount($admin_user);
201 $result = $this->storage->getQuery()->allRevisions()->sort('id')->execute();
202 $this->assertEquals([
203 '1' => $this->entities[0]->id(),
204 '2' => $this->entities[0]->id(),
205 '3' => $this->entities[1]->id(),
206 '4' => $this->entities[1]->id(),
207 '5' => $this->entities[2]->id(),
208 '6' => $this->entities[2]->id(),
211 // No view permissions, no access.
212 $user = $this->createUser([], ['access content']);
213 \Drupal::currentUser()->setAccount($user);
215 $result = $this->storage->getQuery()->allRevisions()->execute();
216 $this->assertEmpty($result);
218 // View own (published-only).
219 $user = $this->createUser([], ['view own entity_test_enhanced_with_owner']);
220 \Drupal::currentUser()->setAccount($user);
222 // The user_id field is not revisionable, which means that updating it
223 // will modify both revisions for each entity.
224 $this->entities[0]->set('user_id', $user->id());
225 $this->entities[0]->save();
226 $this->entities[1]->set('user_id', $user->id());
227 $this->entities[1]->save();
229 $result = $this->storage->getQuery()->allRevisions()->sort('id')->execute();
230 $this->assertEquals([
231 '1' => $this->entities[0]->id(),
232 '4' => $this->entities[1]->id(),
235 // View any (published-only).
236 $user = $this->createUser([], ['view any entity_test_enhanced_with_owner']);
237 \Drupal::currentUser()->setAccount($user);
239 $result = $this->storage->getQuery()->allRevisions()->sort('id')->execute();
240 $this->assertEquals([
241 '1' => $this->entities[0]->id(),
242 '4' => $this->entities[1]->id(),
243 '5' => $this->entities[2]->id(),
244 '6' => $this->entities[2]->id(),
247 // View own unpublished.
248 $user = $this->createUser([], ['view own unpublished entity_test_enhanced_with_owner']);
249 \Drupal::currentUser()->setAccount($user);
251 $this->entities[0]->set('user_id', $user->id());
252 $this->entities[0]->save();
253 $this->entities[1]->set('user_id', $user->id());
254 $this->entities[1]->save();
256 $result = $this->storage->getQuery()->allRevisions()->sort('id')->execute();
257 $this->assertEquals([
258 '2' => $this->entities[0]->id(),
259 '3' => $this->entities[1]->id(),
262 // View own unpublished + view any (published-only).
263 $user = $this->createUser([], [
264 'view own unpublished entity_test_enhanced_with_owner',
265 'view any entity_test_enhanced_with_owner',
267 \Drupal::currentUser()->setAccount($user);
269 $this->entities[0]->set('user_id', $user->id());
270 $this->entities[0]->save();
272 $result = $this->storage->getQuery()->allRevisions()->sort('id')->execute();
273 $this->assertEquals([
274 '1' => $this->entities[0]->id(),
275 '2' => $this->entities[0]->id(),
276 '4' => $this->entities[1]->id(),
277 '5' => $this->entities[2]->id(),
278 '6' => $this->entities[2]->id(),
281 // View own $first_bundle + View any $second_bundle.
282 $user = $this->createUser([], [
283 'view own first entity_test_enhanced_with_owner',
284 'view any second entity_test_enhanced_with_owner',
286 \Drupal::currentUser()->setAccount($user);
288 $this->entities[1]->set('user_id', $user->id());
289 $this->entities[1]->save();
291 $result = $this->storage->getQuery()->allRevisions()->sort('id')->execute();
292 $this->assertEquals([
293 '4' => $this->entities[1]->id(),
294 '5' => $this->entities[2]->id(),
295 '6' => $this->entities[2]->id(),
300 * Tests Views filtering.
302 public function testViews() {
303 // Admin permission, full access.
304 $admin_user = $this->createUser([], ['administer entity_test_enhanced_with_owner']);
305 \Drupal::currentUser()->setAccount($admin_user);
307 $view = Views::getView('entity_test_enhanced_with_owner');
309 $this->assertIdenticalResultset($view, [
310 ['id' => $this->entities[0]->id()],
311 ['id' => $this->entities[1]->id()],
312 ['id' => $this->entities[2]->id()],
315 // No view permissions, no access.
316 $user = $this->createUser([], ['access content']);
317 \Drupal::currentUser()->setAccount($user);
319 $view = Views::getView('entity_test_enhanced_with_owner');
321 $this->assertIdenticalResultset($view, []);
323 // View own (published-only).
324 $user = $this->createUser([], ['view own entity_test_enhanced_with_owner']);
325 \Drupal::currentUser()->setAccount($user);
327 $this->entities[0]->set('user_id', $user->id());
328 $this->entities[0]->save();
329 $this->entities[1]->set('user_id', $user->id());
330 $this->entities[1]->save();
332 $view = Views::getView('entity_test_enhanced_with_owner');
334 $this->assertIdenticalResultset($view, [
335 ['id' => $this->entities[1]->id()],
338 // View any (published-only).
339 $user = $this->createUser([], ['view any entity_test_enhanced_with_owner']);
340 \Drupal::currentUser()->setAccount($user);
342 $view = Views::getView('entity_test_enhanced_with_owner');
344 $this->assertIdenticalResultset($view, [
345 ['id' => $this->entities[1]->id()],
346 ['id' => $this->entities[2]->id()],
349 // View own unpublished.
350 $user = $this->createUser([], ['view own unpublished entity_test_enhanced_with_owner']);
351 \Drupal::currentUser()->setAccount($user);
353 $this->entities[0]->set('user_id', $user->id());
354 $this->entities[0]->save();
355 $this->entities[1]->set('user_id', $user->id());
356 $this->entities[1]->save();
358 $view = Views::getView('entity_test_enhanced_with_owner');
360 $this->assertIdenticalResultset($view, [
361 ['id' => $this->entities[0]->id()],
364 // View own unpublished + view any (published-only).
365 $user = $this->createUser([], [
366 'view own unpublished entity_test_enhanced_with_owner',
367 'view any entity_test_enhanced_with_owner',
369 \Drupal::currentUser()->setAccount($user);
371 $this->entities[0]->set('user_id', $user->id());
372 $this->entities[0]->save();
374 $view = Views::getView('entity_test_enhanced_with_owner');
376 $this->assertIdenticalResultset($view, [
377 ['id' => $this->entities[0]->id()],
378 ['id' => $this->entities[1]->id()],
379 ['id' => $this->entities[2]->id()],
382 // View own $first_bundle + View any $second_bundle.
383 $user = $this->createUser([], [
384 'view own first entity_test_enhanced_with_owner',
385 'view any second entity_test_enhanced_with_owner',
387 \Drupal::currentUser()->setAccount($user);
389 $this->entities[1]->set('user_id', $user->id());
390 $this->entities[1]->save();
392 $view = Views::getView('entity_test_enhanced_with_owner');
394 $this->assertIdenticalResultset($view, [
395 ['id' => $this->entities[1]->id()],
396 ['id' => $this->entities[2]->id()],
401 * Tests Views filtering when all revisions are queried.
403 public function testViewsWithRevisions() {
404 // Admin permission, full access.
405 $admin_user = $this->createUser([], ['administer entity_test_enhanced_with_owner']);
406 \Drupal::currentUser()->setAccount($admin_user);
408 $view = Views::getView('entity_test_enhanced_with_owner_revisions');
410 $this->assertIdenticalResultset($view, [
411 ['vid' => '1', 'id' => $this->entities[0]->id()],
412 ['vid' => '2', 'id' => $this->entities[0]->id()],
413 ['vid' => '3', 'id' => $this->entities[1]->id()],
414 ['vid' => '4', 'id' => $this->entities[1]->id()],
415 ['vid' => '5', 'id' => $this->entities[2]->id()],
416 ['vid' => '6', 'id' => $this->entities[2]->id()],
417 ], ['vid' => 'vid']);
419 // No view permissions, no access.
420 $user = $this->createUser([], ['access content']);
421 \Drupal::currentUser()->setAccount($user);
423 $view = Views::getView('entity_test_enhanced_with_owner_revisions');
425 $this->assertIdenticalResultset($view, []);
427 // View own (published-only).
428 $user = $this->createUser([], ['view own entity_test_enhanced_with_owner']);
429 \Drupal::currentUser()->setAccount($user);
431 $this->entities[0]->set('user_id', $user->id());
432 $this->entities[0]->save();
433 $this->entities[1]->set('user_id', $user->id());
434 $this->entities[1]->save();
436 $view = Views::getView('entity_test_enhanced_with_owner_revisions');
438 $this->assertIdenticalResultset($view, [
439 ['vid' => '1', 'id' => $this->entities[0]->id()],
440 ['vid' => '4', 'id' => $this->entities[1]->id()],
441 ], ['vid' => 'vid']);
443 // View any (published-only).
444 $user = $this->createUser([], ['view any entity_test_enhanced_with_owner']);
445 \Drupal::currentUser()->setAccount($user);
447 $view = Views::getView('entity_test_enhanced_with_owner_revisions');
449 $this->assertIdenticalResultset($view, [
450 ['vid' => '1', 'id' => $this->entities[0]->id()],
451 ['vid' => '4', 'id' => $this->entities[1]->id()],
452 ['vid' => '5', 'id' => $this->entities[2]->id()],
453 ['vid' => '6', 'id' => $this->entities[2]->id()],
454 ], ['vid' => 'vid']);
456 // View own unpublished.
457 $user = $this->createUser([], ['view own unpublished entity_test_enhanced_with_owner']);
458 \Drupal::currentUser()->setAccount($user);
460 $this->entities[0]->set('user_id', $user->id());
461 $this->entities[0]->save();
462 $this->entities[1]->set('user_id', $user->id());
463 $this->entities[1]->save();
465 $view = Views::getView('entity_test_enhanced_with_owner_revisions');
467 $this->assertIdenticalResultset($view, [
468 ['vid' => '2', 'id' => $this->entities[0]->id()],
469 ['vid' => '3', 'id' => $this->entities[1]->id()],
470 ], ['vid' => 'vid']);
472 // View own unpublished + view any (published-only).
473 $user = $this->createUser([], [
474 'view own unpublished entity_test_enhanced_with_owner',
475 'view any entity_test_enhanced_with_owner',
477 \Drupal::currentUser()->setAccount($user);
479 $this->entities[0]->set('user_id', $user->id());
480 $this->entities[0]->save();
482 $view = Views::getView('entity_test_enhanced_with_owner_revisions');
484 $this->assertIdenticalResultset($view, [
485 ['vid' => '1', 'id' => $this->entities[0]->id()],
486 ['vid' => '2', 'id' => $this->entities[0]->id()],
487 ['vid' => '4', 'id' => $this->entities[1]->id()],
488 ['vid' => '5', 'id' => $this->entities[2]->id()],
489 ['vid' => '6', 'id' => $this->entities[2]->id()],
490 ], ['vid' => 'vid']);
492 // View own $first_bundle + View any $second_bundle.
493 $user = $this->createUser([], [
494 'view own first entity_test_enhanced_with_owner',
495 'view any second entity_test_enhanced_with_owner',
497 \Drupal::currentUser()->setAccount($user);
499 $this->entities[1]->set('user_id', $user->id());
500 $this->entities[1]->save();
502 $view = Views::getView('entity_test_enhanced_with_owner_revisions');
504 $this->assertIdenticalResultset($view, [
505 ['vid' => '4', 'id' => $this->entities[1]->id()],
506 ['vid' => '5', 'id' => $this->entities[2]->id()],
507 ['vid' => '6', 'id' => $this->entities[2]->id()],
508 ], ['vid' => 'vid']);