function TermAccessTest::testTermAccess

Same name in other branches
  1. 9 core/modules/taxonomy/tests/src/Functional/TermAccessTest.php \Drupal\Tests\taxonomy\Functional\TermAccessTest::testTermAccess()
  2. 8.9.x core/modules/taxonomy/tests/src/Functional/TermAccessTest.php \Drupal\Tests\taxonomy\Functional\TermAccessTest::testTermAccess()
  3. 11.x core/modules/taxonomy/tests/src/Functional/TermAccessTest.php \Drupal\Tests\taxonomy\Functional\TermAccessTest::testTermAccess()

Tests access control functionality for taxonomy terms.

File

core/modules/taxonomy/tests/src/Functional/TermAccessTest.php, line 28

Class

TermAccessTest
Tests the taxonomy term access permissions.

Namespace

Drupal\Tests\taxonomy\Functional

Code

public function testTermAccess() : void {
    $assert_session = $this->assertSession();
    $vocabulary = $this->createVocabulary();
    // Create two terms.
    $published_term = Term::create([
        'vid' => $vocabulary->id(),
        'name' => 'Published term',
        'status' => 1,
    ]);
    $published_term->save();
    $unpublished_term = Term::create([
        'vid' => $vocabulary->id(),
        'name' => 'Unpublished term',
        'status' => 0,
    ]);
    $unpublished_term->save();
    // Start off logged in as admin.
    $this->drupalLogin($this->drupalCreateUser([
        'administer taxonomy',
    ]));
    // Test the 'administer taxonomy' permission.
    $this->drupalGet('taxonomy/term/' . $published_term->id());
    $assert_session->statusCodeEquals(200);
    $this->assertTermAccess($published_term, 'view', TRUE);
    $this->drupalGet('taxonomy/term/' . $unpublished_term->id());
    $assert_session->statusCodeEquals(200);
    $this->assertTermAccess($unpublished_term, 'view', TRUE);
    $this->drupalGet('taxonomy/term/' . $published_term->id() . '/edit');
    $assert_session->statusCodeEquals(200);
    $this->assertTermAccess($published_term, 'update', TRUE);
    $this->drupalGet('taxonomy/term/' . $unpublished_term->id() . '/edit');
    $assert_session->statusCodeEquals(200);
    $this->assertTermAccess($unpublished_term, 'update', TRUE);
    $this->drupalGet('taxonomy/term/' . $published_term->id() . '/delete');
    $assert_session->statusCodeEquals(200);
    $this->assertTermAccess($published_term, 'delete', TRUE);
    $this->drupalGet('taxonomy/term/' . $unpublished_term->id() . '/delete');
    $assert_session->statusCodeEquals(200);
    $this->assertTermAccess($unpublished_term, 'delete', TRUE);
    // Test the 'access content' permission.
    $this->drupalLogin($this->drupalCreateUser([
        'access content',
    ]));
    $this->drupalGet('taxonomy/term/' . $published_term->id());
    $assert_session->statusCodeEquals(200);
    $this->assertTermAccess($published_term, 'view', TRUE);
    $this->drupalGet('taxonomy/term/' . $unpublished_term->id());
    $assert_session->statusCodeEquals(403);
    $this->assertTermAccess($unpublished_term, 'view', FALSE, "The 'access content' permission is required and the taxonomy term must be published.");
    $this->drupalGet('taxonomy/term/' . $published_term->id() . '/edit');
    $assert_session->statusCodeEquals(403);
    $this->assertTermAccess($published_term, 'update', FALSE, "The following permissions are required: 'edit terms in {$vocabulary->id()}' OR 'administer taxonomy'.");
    $this->drupalGet('taxonomy/term/' . $unpublished_term->id() . '/edit');
    $assert_session->statusCodeEquals(403);
    $this->assertTermAccess($unpublished_term, 'update', FALSE, "The following permissions are required: 'edit terms in {$vocabulary->id()}' OR 'administer taxonomy'.");
    $this->drupalGet('taxonomy/term/' . $published_term->id() . '/delete');
    $assert_session->statusCodeEquals(403);
    $this->assertTermAccess($published_term, 'delete', FALSE, "The following permissions are required: 'delete terms in {$vocabulary->id()}' OR 'administer taxonomy'.");
    $this->drupalGet('taxonomy/term/' . $unpublished_term->id() . '/delete');
    $assert_session->statusCodeEquals(403);
    $this->assertTermAccess($unpublished_term, 'delete', FALSE, "The following permissions are required: 'delete terms in {$vocabulary->id()}' OR 'administer taxonomy'.");
    // Install the Views module and repeat the checks for the 'view' permission.
    \Drupal::service('module_installer')->install([
        'views',
    ], TRUE);
    $this->rebuildContainer();
    $this->drupalGet('taxonomy/term/' . $published_term->id());
    $assert_session->statusCodeEquals(200);
    // @todo Change this assertion to expect a 403 status code when
    //   https://www.drupal.org/project/drupal/issues/2983070 is fixed.
    $this->drupalGet('taxonomy/term/' . $unpublished_term->id());
    $assert_session->statusCodeEquals(404);
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.