function StyleSerializerTest::testRestViewsAuthentication

Same name and namespace in other branches
  1. 9 core/modules/rest/tests/src/Functional/Views/StyleSerializerTest.php \Drupal\Tests\rest\Functional\Views\StyleSerializerTest::testRestViewsAuthentication()
  2. 8.9.x core/modules/rest/tests/src/Functional/Views/StyleSerializerTest.php \Drupal\Tests\rest\Functional\Views\StyleSerializerTest::testRestViewsAuthentication()
  3. 11.x core/modules/rest/tests/src/Functional/Views/StyleSerializerTest.php \Drupal\Tests\rest\Functional\Views\StyleSerializerTest::testRestViewsAuthentication()

Checks that the auth options restricts access to a REST views display.

File

core/modules/rest/tests/src/Functional/Views/StyleSerializerTest.php, line 88

Class

StyleSerializerTest
Tests the serializer style plugin.

Namespace

Drupal\Tests\rest\Functional\Views

Code

public function testRestViewsAuthentication() : void {
  // Assume the view is hidden behind a permission.
  $this->drupalGet('test/serialize/auth_with_perm', [
    'query' => [
      '_format' => 'json',
    ],
  ]);
  $this->assertSession()
    ->statusCodeEquals(401);
  // Not even logging in would make it possible to see the view, because then
  // we are denied based on authentication method (cookie).
  $this->drupalLogin($this->adminUser);
  $this->drupalGet('test/serialize/auth_with_perm', [
    'query' => [
      '_format' => 'json',
    ],
  ]);
  $this->assertSession()
    ->statusCodeEquals(403);
  $this->drupalLogout();
  // But if we use the basic auth authentication strategy, we should be able
  // to see the page.
  $url = $this->buildUrl('test/serialize/auth_with_perm');
  $response = \Drupal::httpClient()->get($url, [
    'auth' => [
      $this->adminUser
        ->getAccountName(),
      $this->adminUser->pass_raw,
    ],
    'query' => [
      '_format' => 'json',
    ],
  ]);
  // Ensure that any changes to variables in the other thread are picked up.
  $this->refreshVariables();
  $this->assertSession()
    ->statusCodeEquals(200);
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.