X-Git-Url: http://www.aleph1.co.uk/gitweb/?p=yaffs-website;a=blobdiff_plain;f=web%2Fmodules%2Fcontrib%2Fmedia_entity%2Ftests%2Fsrc%2FFunctional%2FMediaAccessTest.php;fp=web%2Fmodules%2Fcontrib%2Fmedia_entity%2Ftests%2Fsrc%2FFunctional%2FMediaAccessTest.php;h=b774fb599aa49a2f74d3238de7183ccb3c57ae6b;hp=0000000000000000000000000000000000000000;hb=af6d1fb995500ae68849458ee10d66abbdcfb252;hpb=680c79a86e3ed402f263faeac92e89fb6d9edcc0 diff --git a/web/modules/contrib/media_entity/tests/src/Functional/MediaAccessTest.php b/web/modules/contrib/media_entity/tests/src/Functional/MediaAccessTest.php new file mode 100644 index 000000000..b774fb599 --- /dev/null +++ b/web/modules/contrib/media_entity/tests/src/Functional/MediaAccessTest.php @@ -0,0 +1,102 @@ +testBundle = $this->drupalCreateMediaBundle(); + } + + /** + * Test some access control functionality. + */ + public function testMediaAccess() { + + $assert_session = $this->assertSession(); + + // Create media. + $media = Media::create([ + 'bundle' => $this->testBundle->id(), + 'name' => 'Unnamed', + ]); + $media->save(); + $user_media = Media::create([ + 'bundle' => $this->testBundle->id(), + 'name' => 'Unnamed', + 'uid' => $this->nonAdminUser->id(), + ]); + $user_media->save(); + + // We are logged-in as admin, so test 'administer media' permission. + $this->drupalGet('media/' . $user_media->id()); + $assert_session->statusCodeEquals(200); + $this->drupalGet('media/' . $user_media->id() . '/edit'); + $assert_session->statusCodeEquals(200); + $this->drupalGet('media/' . $user_media->id() . '/delete'); + $assert_session->statusCodeEquals(200); + + $this->drupalLogin($this->nonAdminUser); + /** @var \Drupal\user\RoleInterface $role */ + $role = Role::load('authenticated'); + + // Test 'view media' permission. + $this->drupalGet('media/' . $media->id()); + $assert_session->statusCodeEquals(403); + $this->grantPermissions($role, ['view media']); + $this->drupalGet('media/' . $media->id()); + $assert_session->statusCodeEquals(200); + + // Test 'create media' permission. + $this->drupalGet('media/add/' . $this->testBundle->id()); + $assert_session->statusCodeEquals(403); + $this->grantPermissions($role, ['create media']); + $this->drupalGet('media/add/' . $this->testBundle->id()); + $assert_session->statusCodeEquals(200); + + // Test 'update media' and 'delete media' permissions. + $this->drupalGet('media/' . $user_media->id() . '/edit'); + $assert_session->statusCodeEquals(403); + $this->drupalGet('media/' . $user_media->id() . '/delete'); + $assert_session->statusCodeEquals(403); + $this->grantPermissions($role, ['update media']); + $this->grantPermissions($role, ['delete media']); + $this->drupalGet('media/' . $user_media->id() . '/edit'); + $assert_session->statusCodeEquals(200); + $this->drupalGet('media/' . $user_media->id() . '/delete'); + $assert_session->statusCodeEquals(200); + + // Test 'update any media' and 'delete any media' permissions. + $this->drupalGet('media/' . $media->id() . '/edit'); + $assert_session->statusCodeEquals(403); + $this->drupalGet('media/' . $media->id() . '/delete'); + $assert_session->statusCodeEquals(403); + $this->grantPermissions($role, ['update any media']); + $this->grantPermissions($role, ['delete any media']); + $this->drupalGet('media/' . $media->id() . '/edit'); + $assert_session->statusCodeEquals(200); + $this->drupalGet('media/' . $media->id() . '/delete'); + $assert_session->statusCodeEquals(200); + + } + +}