function ContactPersonalTest::testPersonalContactAccess

Tests access to the personal contact form.

File

core/modules/contact/tests/src/Functional/ContactPersonalTest.php, line 136

Class

ContactPersonalTest

Tests personal contact form functionality.

Namespace

Code

public function testPersonalContactAccess() : void {
  // Test allowed access to admin user's contact form.
  $this->drupalLogin($this->webUser);
  $this->drupalGet('user/' . $this->adminUser
    ->id() . '/contact');
  $this->assertSession()
    ->statusCodeEquals(200);
  // Check the page title is properly displayed.
  $this->assertSession()
    ->pageTextContains('Contact ' . $this->adminUser
    ->getDisplayName());
  // Test denied access to admin user's own contact form.
  $this->drupalLogout();
  $this->drupalLogin($this->adminUser);
  $this->drupalGet('user/' . $this->adminUser
    ->id() . '/contact');
  $this->assertSession()
    ->statusCodeEquals(403);
  // Test allowed access to user with contact form enabled.
  $this->drupalLogin($this->webUser);
  $this->drupalGet('user/' . $this->contactUser
    ->id() . '/contact');
  $this->assertSession()
    ->statusCodeEquals(200);
  // Test that there is no access to personal contact forms for users
  // without an email address configured.
  $original_email = $this->contactUser
    ->getEmail();
  $this->contactUser
    ->setEmail(FALSE)
    ->save();
  $this->drupalGet('user/' . $this->contactUser
    ->id() . '/contact');
  $this->assertSession()
    ->statusCodeEquals(404);
  // Test that the 'contact tab' does not appear on the user profiles
  // for users without an email address configured.
  $this->drupalGet('user/' . $this->contactUser
    ->id());
  $contact_link = '/user/' . $this->contactUser
    ->id() . '/contact';
  $this->assertSession()
    ->statusCodeEquals(200);
  $this->assertSession()
    ->linkByHrefNotExists($contact_link, 'The "contact" tab is hidden on profiles for users with no email address');
  // Restore original email address.
  $this->contactUser
    ->setEmail($original_email)
    ->save();
  // Test denied access to the user's own contact form.
  $this->drupalGet('user/' . $this->webUser
    ->id() . '/contact');
  $this->assertSession()
    ->statusCodeEquals(403);
  // Test always denied access to the anonymous user contact form.
  $this->drupalGet('user/0/contact');
  $this->assertSession()
    ->statusCodeEquals(403);
  // Test that anonymous users can access the contact form.
  $this->drupalLogout();
  user_role_grant_permissions(RoleInterface::ANONYMOUS_ID, [
    'access user contact forms',
  ]);
  $this->drupalGet('user/' . $this->contactUser
    ->id() . '/contact');
  $this->assertSession()
    ->statusCodeEquals(200);
  // Test that anonymous users can access admin user's contact form.
  $this->drupalGet('user/' . $this->adminUser
    ->id() . '/contact');
  $this->assertSession()
    ->statusCodeEquals(200);
  $this->assertCacheContext('user');
  // Revoke the personal contact permission for the anonymous user.
  user_role_revoke_permissions(RoleInterface::ANONYMOUS_ID, [
    'access user contact forms',
  ]);
  $this->drupalGet('user/' . $this->contactUser
    ->id() . '/contact');
  $this->assertSession()
    ->statusCodeEquals(403);
  $this->assertCacheContext('user');
  $this->drupalGet('user/' . $this->adminUser
    ->id() . '/contact');
  $this->assertSession()
    ->statusCodeEquals(403);
  // Disable the personal contact form.
  $this->drupalLogin($this->adminUser);
  $edit = [
    'contact_default_status' => FALSE,
  ];
  $this->drupalGet('admin/config/people/accounts');
  $this->submitForm($edit, 'Save configuration');
  $this->assertSession()
    ->pageTextContains('The configuration options have been saved.');
  $this->drupalLogout();
  // Re-create our contacted user with personal contact forms disabled by
  // default.
  $this->contactUser = $this->drupalCreateUser();
  // Test denied access to a user with contact form disabled.
  $this->drupalLogin($this->webUser);
  $this->drupalGet('user/' . $this->contactUser
    ->id() . '/contact');
  $this->assertSession()
    ->statusCodeEquals(403);
  // Test allowed access for admin user to a user with contact form disabled.
  $this->drupalLogin($this->adminUser);
  $this->drupalGet('user/' . $this->contactUser
    ->id() . '/contact');
  $this->assertSession()
    ->statusCodeEquals(200);
  // Re-create our contacted user as a blocked user.
  $this->contactUser = $this->drupalCreateUser();
  $this->contactUser
    ->block();
  $this->contactUser
    ->save();
  // Test that blocked users can still be contacted by admin.
  $this->drupalGet('user/' . $this->contactUser
    ->id() . '/contact');
  $this->assertSession()
    ->statusCodeEquals(200);
  // Test that blocked users cannot be contacted by non-admins.
  $this->drupalLogin($this->webUser);
  $this->drupalGet('user/' . $this->contactUser
    ->id() . '/contact');
  $this->assertSession()
    ->statusCodeEquals(403);
  // Test enabling and disabling the contact page through the user profile
  // form.
  $this->drupalGet('user/' . $this->webUser
    ->id() . '/edit');
  $this->assertSession()
    ->checkboxNotChecked('edit-contact--2');
  $this->assertNull(\Drupal::service('user.data')->get('contact', $this->webUser
    ->id(), 'enabled'), 'Personal contact form disabled');
  $this->submitForm([
    'contact' => TRUE,
  ], 'Save');
  $this->assertSession()
    ->checkboxChecked('edit-contact--2');
  $this->assertNotEmpty(\Drupal::service('user.data')->get('contact', $this->webUser
    ->id(), 'enabled'), 'Personal contact form enabled');
  // Test with disabled global default contact form in combination with a user
  // that has the contact form enabled.
  $this->config('contact.settings')
    ->set('user_default_enabled', FALSE)
    ->save();
  $this->contactUser = $this->drupalCreateUser();
  \Drupal::service('user.data')->set('contact', $this->contactUser
    ->id(), 'enabled', 1);
  $this->drupalGet('user/' . $this->contactUser
    ->id() . '/contact');
  $this->assertSession()
    ->statusCodeEquals(200);
}