function StyleSerializerTest::testRestViewsAuthentication
Same name in other branches
- 9 core/modules/rest/tests/src/Functional/Views/StyleSerializerTest.php \Drupal\Tests\rest\Functional\Views\StyleSerializerTest::testRestViewsAuthentication()
- 8.9.x core/modules/rest/tests/src/Functional/Views/StyleSerializerTest.php \Drupal\Tests\rest\Functional\Views\StyleSerializerTest::testRestViewsAuthentication()
- 11.x core/modules/rest/tests/src/Functional/Views/StyleSerializerTest.php \Drupal\Tests\rest\Functional\Views\StyleSerializerTest::testRestViewsAuthentication()
Checks that the auth options restricts access to a REST views display.
File
-
core/
modules/ rest/ tests/ src/ Functional/ Views/ StyleSerializerTest.php, line 88
Class
- StyleSerializerTest
- Tests the serializer style plugin.
Namespace
Drupal\Tests\rest\Functional\ViewsCode
public function testRestViewsAuthentication() : void {
// Assume the view is hidden behind a permission.
$this->drupalGet('test/serialize/auth_with_perm', [
'query' => [
'_format' => 'json',
],
]);
$this->assertSession()
->statusCodeEquals(401);
// Not even logging in would make it possible to see the view, because then
// we are denied based on authentication method (cookie).
$this->drupalLogin($this->adminUser);
$this->drupalGet('test/serialize/auth_with_perm', [
'query' => [
'_format' => 'json',
],
]);
$this->assertSession()
->statusCodeEquals(403);
$this->drupalLogout();
// But if we use the basic auth authentication strategy, we should be able
// to see the page.
$url = $this->buildUrl('test/serialize/auth_with_perm');
$response = \Drupal::httpClient()->get($url, [
'auth' => [
$this->adminUser
->getAccountName(),
$this->adminUser->pass_raw,
],
'query' => [
'_format' => 'json',
],
]);
// Ensure that any changes to variables in the other thread are picked up.
$this->refreshVariables();
$this->assertSession()
->statusCodeEquals(200);
}Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.