X-Git-Url: http://www.aleph1.co.uk/gitweb/?p=yaffs-website;a=blobdiff_plain;f=web%2Fcore%2Fmodules%2Feditor%2Ftests%2Fsrc%2FFunctional%2FQuickEditIntegrationLoadingTest.php;fp=web%2Fcore%2Fmodules%2Feditor%2Ftests%2Fsrc%2FFunctional%2FQuickEditIntegrationLoadingTest.php;h=6f96971bb73fabdbb03b6e0036f5569f51e9f8d1;hp=0000000000000000000000000000000000000000;hb=0bf8d09d2542548982e81a441b1f16e75873a04f;hpb=74df008bdbb3a11eeea356744f39b802369bda3c

diff --git a/web/core/modules/editor/tests/src/Functional/QuickEditIntegrationLoadingTest.php b/web/core/modules/editor/tests/src/Functional/QuickEditIntegrationLoadingTest.php
new file mode 100644
index 000000000..6f96971bb
--- /dev/null
+++ b/web/core/modules/editor/tests/src/Functional/QuickEditIntegrationLoadingTest.php
@@ -0,0 +1,142 @@
+<?php
+
+namespace Drupal\Tests\editor\Functional;
+
+use Drupal\Component\Serialization\Json;
+use Drupal\Core\EventSubscriber\MainContentViewSubscriber;
+use Drupal\filter\Entity\FilterFormat;
+use Drupal\Tests\BrowserTestBase;
+
+/**
+ * Tests Quick Edit module integration endpoints.
+ *
+ * @group editor
+ */
+class QuickEditIntegrationLoadingTest extends BrowserTestBase {
+
+  /**
+   * Modules to enable.
+   *
+   * @var array
+   */
+  public static $modules = ['quickedit', 'filter', 'node', 'editor'];
+
+  /**
+   * The basic permissions necessary to view content and use in-place editing.
+   *
+   * @var array
+   */
+  protected static $basicPermissions = ['access content', 'create article content', 'use text format filtered_html', 'access contextual links'];
+
+  protected function setUp() {
+    parent::setUp();
+
+    // Create a text format.
+    $filtered_html_format = FilterFormat::create([
+      'format' => 'filtered_html',
+      'name' => 'Filtered HTML',
+      'weight' => 0,
+      'filters' => [
+        'filter_caption' => [
+          'status' => 1,
+        ],
+      ],
+    ]);
+    $filtered_html_format->save();
+
+    // Create a node type.
+    $this->drupalCreateContentType([
+      'type' => 'article',
+      'name' => 'Article',
+    ]);
+
+    // Create one node of the above node type using the above text format.
+    $this->drupalCreateNode([
+      'type' => 'article',
+      'body' => [
+        0 => [
+          'value' => '<p>Do you also love Drupal?</p><img src="druplicon.png" data-caption="Druplicon" />',
+          'format' => 'filtered_html',
+        ],
+      ],
+    ]);
+  }
+
+  /**
+   * Test loading of untransformed text when a user doesn't have access to it.
+   */
+  public function testUsersWithoutPermission() {
+    // Create 3 users, each with insufficient permissions, i.e. without either
+    // or both of the following permissions:
+    // - the 'access in-place editing' permission
+    // - the 'edit any article content' permission (necessary to edit node 1)
+    $users = [
+      $this->drupalCreateUser(static::$basicPermissions),
+      $this->drupalCreateUser(array_merge(static::$basicPermissions, ['edit any article content'])),
+      $this->drupalCreateUser(array_merge(static::$basicPermissions, ['access in-place editing'])),
+    ];
+
+    // Now test with each of the 3 users with insufficient permissions.
+    foreach ($users as $user) {
+      $this->drupalLogin($user);
+      $this->drupalGet('node/1');
+
+      // Ensure the text is transformed.
+      $this->assertRaw('<p>Do you also love Drupal?</p><figure role="group" class="caption caption-img"><img src="druplicon.png" /><figcaption>Druplicon</figcaption></figure>');
+
+      $client = $this->getHttpClient();
+
+      // Retrieving the untransformed text should result in an 403 response and
+      // return a different error message depending of the missing permission.
+      $response = $client->post($this->buildUrl('editor/node/1/body/en/full'), [
+        'query' => http_build_query([MainContentViewSubscriber::WRAPPER_FORMAT => 'drupal_ajax']),
+        'cookies' => $this->getSessionCookies(),
+        'headers' => [
+          'Accept' => 'application/json',
+          'Content-Type' => 'application/x-www-form-urlencoded',
+        ],
+        'http_errors' => FALSE,
+      ]);
+
+      $this->assertEquals(403, $response->getStatusCode());
+      if (!$user->hasPermission('access in-place editing')) {
+        $message = "The 'access in-place editing' permission is required.";
+      }
+      else {
+        $message = '';
+      }
+
+      $body = Json::decode($response->getBody());
+      $this->assertIdentical($message, $body['message']);
+    }
+  }
+
+  /**
+   * Test loading of untransformed text when a user does have access to it.
+   */
+  public function testUserWithPermission() {
+    $user = $this->drupalCreateUser(array_merge(static::$basicPermissions, ['edit any article content', 'access in-place editing']));
+    $this->drupalLogin($user);
+    $this->drupalGet('node/1');
+
+    // Ensure the text is transformed.
+    $this->assertRaw('<p>Do you also love Drupal?</p><figure role="group" class="caption caption-img"><img src="druplicon.png" /><figcaption>Druplicon</figcaption></figure>');
+    $client = $this->getHttpClient();
+    $response = $client->post($this->buildUrl('editor/node/1/body/en/full'), [
+      'query' => http_build_query([MainContentViewSubscriber::WRAPPER_FORMAT => 'drupal_ajax']),
+      'cookies' => $this->getSessionCookies(),
+      'headers' => [
+        'Accept' => 'application/json',
+        'Content-Type' => 'application/x-www-form-urlencoded',
+      ],
+      'http_errors' => FALSE,
+    ]);
+
+    $this->assertEquals(200, $response->getStatusCode());
+    $ajax_commands = Json::decode($response->getBody());
+    $this->assertIdentical(1, count($ajax_commands), 'The untransformed text POST request results in one AJAX command.');
+    $this->assertIdentical('editorGetUntransformedText', $ajax_commands[0]['command'], 'The first AJAX command is an editorGetUntransformedText command.');
+    $this->assertIdentical('<p>Do you also love Drupal?</p><img src="druplicon.png" data-caption="Druplicon" />', $ajax_commands[0]['data'], 'The editorGetUntransformedText command contains the expected data.');
+  }
+
+}
