VocabularyPermissionsTest.php

Same filename in other branches
  1. 9 core/modules/taxonomy/tests/src/Functional/VocabularyPermissionsTest.php
  2. 8.9.x core/modules/taxonomy/tests/src/Functional/VocabularyPermissionsTest.php
  3. 10 core/modules/taxonomy/tests/src/Functional/VocabularyPermissionsTest.php

Namespace

Drupal\Tests\taxonomy\Functional

File

core/modules/taxonomy/tests/src/Functional/VocabularyPermissionsTest.php

View source
<?php

declare (strict_types=1);
namespace Drupal\Tests\taxonomy\Functional;

use Drupal\Component\Utility\Unicode;

/**
 * Tests the taxonomy vocabulary permissions.
 *
 * @group taxonomy
 */
class VocabularyPermissionsTest extends TaxonomyTestBase {
    
    /**
     * {@inheritdoc}
     */
    protected static $modules = [
        'help',
    ];
    
    /**
     * {@inheritdoc}
     */
    protected $defaultTheme = 'stark';
    
    /**
     * {@inheritdoc}
     */
    protected function setUp() : void {
        parent::setUp();
        $this->drupalPlaceBlock('page_title_block');
        $this->drupalPlaceBlock('local_actions_block');
        $this->drupalPlaceBlock('help_block');
    }
    
    /**
     * Create, edit and delete a vocabulary via the user interface.
     */
    public function testVocabularyPermissionsVocabulary() : void {
        // VocabularyTest.php already tests for user with "administer taxonomy"
        // permission.
        // Test as user without proper permissions.
        $authenticated_user = $this->drupalCreateUser([]);
        $this->drupalLogin($authenticated_user);
        $assert_session = $this->assertSession();
        // Visit the main taxonomy administration page.
        $this->drupalGet('admin/structure/taxonomy');
        $assert_session->statusCodeEquals(403);
        // Test as user with "access taxonomy overview" permissions.
        $proper_user = $this->drupalCreateUser([
            'access taxonomy overview',
        ]);
        $this->drupalLogin($proper_user);
        // Visit the main taxonomy administration page.
        $this->drupalGet('admin/structure/taxonomy');
        $assert_session->statusCodeEquals(200);
        $assert_session->pageTextContains('Vocabulary name');
        $assert_session->linkNotExists('Add vocabulary');
    }
    
    /**
     * Tests the vocabulary overview permission.
     */
    public function testTaxonomyVocabularyOverviewPermissions() : void {
        // Create two vocabularies, one with two terms, the other without any term.
        
        /** @var \Drupal\taxonomy\Entity\Vocabulary $vocabulary1 , $vocabulary2 */
        $vocabulary1 = $this->createVocabulary();
        $vocabulary2 = $this->createVocabulary();
        $vocabulary1_id = $vocabulary1->id();
        $vocabulary2_id = $vocabulary2->id();
        $this->createTerm($vocabulary1);
        $this->createTerm($vocabulary1);
        // Assert expected help texts on first vocabulary.
        $vocabulary1_label = Unicode::ucfirst($vocabulary1->label());
        $edit_help_text = "You can reorganize the terms in {$vocabulary1_label} using their drag-and-drop handles, and group terms under a parent term by sliding them under and to the right of the parent.";
        $no_edit_help_text = "{$vocabulary1_label} contains the following terms.";
        $assert_session = $this->assertSession();
        // Logged in as admin user with 'administer taxonomy' permission.
        $admin_user = $this->drupalCreateUser([
            'administer taxonomy',
        ]);
        $this->drupalLogin($admin_user);
        $this->drupalGet('admin/structure/taxonomy/manage/' . $vocabulary1_id . '/overview');
        $assert_session->statusCodeEquals(200);
        $assert_session->linkExists('Edit');
        $assert_session->linkExists('Delete');
        $assert_session->linkExists('Add term');
        $assert_session->buttonExists('Save');
        $assert_session->pageTextContains('Weight');
        $assert_session->fieldExists('Weight');
        $assert_session->pageTextContains($edit_help_text);
        $this->submitForm([], 'Reset to alphabetical');
        $assert_session->statusCodeEquals(200);
        // Visit vocabulary overview without terms. 'Add term' should be shown.
        $this->drupalGet('admin/structure/taxonomy/manage/' . $vocabulary2_id . '/overview');
        $assert_session->statusCodeEquals(200);
        $assert_session->pageTextContains('No terms available');
        $assert_session->linkExists('Add term');
        // Login as a user without any of the required permissions.
        $no_permission_user = $this->drupalCreateUser();
        $this->drupalLogin($no_permission_user);
        $this->drupalGet('admin/structure/taxonomy/manage/' . $vocabulary1_id . '/overview');
        $assert_session->statusCodeEquals(403);
        $this->drupalGet('admin/structure/taxonomy/manage/' . $vocabulary2_id . '/overview');
        $assert_session->statusCodeEquals(403);
        // Log in as a user with only the overview permission, neither edit nor
        // delete operations must be available and no Save button.
        $overview_only_user = $this->drupalCreateUser([
            'access taxonomy overview',
        ]);
        $this->drupalLogin($overview_only_user);
        $this->drupalGet('admin/structure/taxonomy/manage/' . $vocabulary1_id . '/overview');
        $assert_session->statusCodeEquals(200);
        $assert_session->linkNotExists('Edit');
        $assert_session->linkNotExists('Delete');
        $assert_session->buttonNotExists('Save');
        $assert_session->buttonNotExists('Reset to alphabetical');
        $assert_session->pageTextContains('Weight');
        $assert_session->fieldNotExists('Weight');
        $assert_session->linkNotExists('Add term');
        $assert_session->pageTextContains($no_edit_help_text);
        // Visit vocabulary overview without terms. 'Add term' should not be shown.
        $this->drupalGet('admin/structure/taxonomy/manage/' . $vocabulary2_id . '/overview');
        $assert_session->statusCodeEquals(200);
        $assert_session->pageTextContains('No terms available');
        $assert_session->linkNotExists('Add term');
        // Login as a user with permission to edit terms, only edit link should be
        // visible.
        $edit_user = $this->createUser([
            'access taxonomy overview',
            'edit terms in ' . $vocabulary1_id,
            'edit terms in ' . $vocabulary2_id,
        ]);
        $this->drupalLogin($edit_user);
        $this->drupalGet('admin/structure/taxonomy/manage/' . $vocabulary1_id . '/overview');
        $assert_session->statusCodeEquals(200);
        $assert_session->linkExists('Edit');
        $assert_session->linkNotExists('Delete');
        $assert_session->buttonExists('Save');
        $assert_session->pageTextContains('Weight');
        $assert_session->fieldExists('Weight');
        $assert_session->linkNotExists('Add term');
        $assert_session->pageTextContains($edit_help_text);
        $this->submitForm([], 'Reset to alphabetical');
        $assert_session->statusCodeEquals(200);
        // Visit vocabulary overview without terms. 'Add term' should not be shown.
        $this->drupalGet('admin/structure/taxonomy/manage/' . $vocabulary2_id . '/overview');
        $assert_session->statusCodeEquals(200);
        $assert_session->pageTextContains('No terms available');
        $assert_session->linkNotExists('Add term');
        // Login as a user with permission only to delete terms.
        $edit_delete_user = $this->createUser([
            'access taxonomy overview',
            'delete terms in ' . $vocabulary1_id,
            'delete terms in ' . $vocabulary2_id,
        ]);
        $this->drupalLogin($edit_delete_user);
        $this->drupalGet('admin/structure/taxonomy/manage/' . $vocabulary1_id . '/overview');
        $assert_session->statusCodeEquals(200);
        $assert_session->linkNotExists('Edit');
        $assert_session->linkExists('Delete');
        $assert_session->linkNotExists('Add term');
        $assert_session->buttonNotExists('Save');
        $assert_session->buttonNotExists('Reset to alphabetical');
        $assert_session->pageTextContains('Weight');
        $assert_session->fieldNotExists('Weight');
        $assert_session->pageTextContains($no_edit_help_text);
        // Visit vocabulary overview without terms. 'Add term' should not be shown.
        $this->drupalGet('admin/structure/taxonomy/manage/' . $vocabulary2_id . '/overview');
        $assert_session->statusCodeEquals(200);
        $assert_session->pageTextContains('No terms available');
        $assert_session->linkNotExists('Add term');
        // Login as a user with permission to edit and delete terms.
        $edit_delete_user = $this->createUser([
            'access taxonomy overview',
            'edit terms in ' . $vocabulary1_id,
            'delete terms in ' . $vocabulary1_id,
            'edit terms in ' . $vocabulary2_id,
            'delete terms in ' . $vocabulary2_id,
        ]);
        $this->drupalLogin($edit_delete_user);
        $this->drupalGet('admin/structure/taxonomy/manage/' . $vocabulary1_id . '/overview');
        $assert_session->statusCodeEquals(200);
        $assert_session->linkExists('Edit');
        $assert_session->linkExists('Delete');
        $assert_session->linkNotExists('Add term');
        $assert_session->buttonExists('Save');
        $assert_session->pageTextContains('Weight');
        $assert_session->fieldExists('Weight');
        $assert_session->pageTextContains($edit_help_text);
        $this->submitForm([], 'Reset to alphabetical');
        $assert_session->statusCodeEquals(200);
        // Visit vocabulary overview without terms. 'Add term' should not be shown.
        $this->drupalGet('admin/structure/taxonomy/manage/' . $vocabulary2_id . '/overview');
        $assert_session->statusCodeEquals(200);
        $assert_session->pageTextContains('No terms available');
        $assert_session->linkNotExists('Add term');
        // Login as a user with permission to create new terms, only add new term
        // link should be visible.
        $edit_user = $this->createUser([
            'access taxonomy overview',
            'create terms in ' . $vocabulary1_id,
            'create terms in ' . $vocabulary2_id,
        ]);
        $this->drupalLogin($edit_user);
        $this->drupalGet('admin/structure/taxonomy/manage/' . $vocabulary1_id . '/overview');
        $assert_session->statusCodeEquals(200);
        $assert_session->linkNotExists('Edit');
        $assert_session->linkNotExists('Delete');
        $assert_session->linkExists('Add term');
        $assert_session->buttonNotExists('Save');
        $assert_session->buttonNotExists('Reset to alphabetical');
        $assert_session->pageTextContains('Weight');
        $assert_session->fieldNotExists('Weight');
        $assert_session->pageTextContains($no_edit_help_text);
        // Visit vocabulary overview without terms. 'Add term' should not be shown.
        $this->drupalGet('admin/structure/taxonomy/manage/' . $vocabulary2_id . '/overview');
        $assert_session->statusCodeEquals(200);
        $assert_session->pageTextContains('No terms available');
        $assert_session->linkExists('Add term');
        // Ensure the dynamic vocabulary permissions have the correct dependencies.
        $permissions = \Drupal::service('user.permissions')->getPermissions();
        $this->assertTrue(isset($permissions['create terms in ' . $vocabulary1_id]));
        $this->assertEquals([
            'config' => [
                $vocabulary1->getConfigDependencyName(),
            ],
        ], $permissions['create terms in ' . $vocabulary1_id]['dependencies']);
    }
    
    /**
     * Create, edit and delete a taxonomy term via the user interface.
     */
    public function testVocabularyPermissionsTaxonomyTerm() : void {
        // Vocabulary used for creating, removing and editing terms.
        $vocabulary = $this->createVocabulary();
        // Test as admin user.
        $user = $this->drupalCreateUser([
            'administer taxonomy',
        ]);
        $this->drupalLogin($user);
        // Visit the main taxonomy administration page.
        $this->drupalGet('admin/structure/taxonomy/manage/' . $vocabulary->id() . '/add');
        $this->assertSession()
            ->statusCodeEquals(200);
        $this->assertSession()
            ->fieldExists('edit-name-0-value');
        // Submit the term.
        $edit = [];
        $edit['name[0][value]'] = $this->randomMachineName();
        $this->submitForm($edit, 'Save');
        $this->assertSession()
            ->pageTextContains('Created new term ' . $edit['name[0][value]'] . '.');
        // Verify that the creation message contains a link to a term.
        $this->assertSession()
            ->elementExists('xpath', '//div[@data-drupal-messages]//a[contains(@href, "term/")]');
        $terms = \Drupal::entityTypeManager()->getStorage('taxonomy_term')
            ->loadByProperties([
            'name' => $edit['name[0][value]'],
        ]);
        $term = reset($terms);
        // Edit the term.
        $this->drupalGet('taxonomy/term/' . $term->id() . '/edit');
        $this->assertSession()
            ->statusCodeEquals(200);
        $this->assertSession()
            ->pageTextContains($edit['name[0][value]']);
        $edit['name[0][value]'] = $this->randomMachineName();
        $this->submitForm($edit, 'Save');
        $this->assertSession()
            ->pageTextContains('Updated term ' . $edit['name[0][value]'] . '.');
        // Delete the vocabulary.
        $this->drupalGet('taxonomy/term/' . $term->id() . '/delete');
        $this->assertSession()
            ->pageTextContains("Are you sure you want to delete the taxonomy term {$edit['name[0][value]']}?");
        // Confirm deletion.
        $this->submitForm([], 'Delete');
        $this->assertSession()
            ->pageTextContains("Deleted term {$edit['name[0][value]']}.");
        // Test as user with "create" permissions.
        $user = $this->drupalCreateUser([
            "create terms in {$vocabulary->id()}",
        ]);
        $this->drupalLogin($user);
        $assert_session = $this->assertSession();
        // Create a new term.
        $this->drupalGet('admin/structure/taxonomy/manage/' . $vocabulary->id() . '/add');
        $assert_session->statusCodeEquals(200);
        $assert_session->fieldExists('name[0][value]');
        // Submit the term.
        $edit = [];
        $edit['name[0][value]'] = $this->randomMachineName();
        $this->submitForm($edit, 'Save');
        $assert_session->pageTextContains("Created new term {$edit['name[0][value]']}.");
        $terms = \Drupal::entityTypeManager()->getStorage('taxonomy_term')
            ->loadByProperties([
            'name' => $edit['name[0][value]'],
        ]);
        $term = reset($terms);
        // Ensure that edit and delete access is denied.
        $this->drupalGet('taxonomy/term/' . $term->id() . '/edit');
        $assert_session->statusCodeEquals(403);
        $this->drupalGet('taxonomy/term/' . $term->id() . '/delete');
        $assert_session->statusCodeEquals(403);
        // Test as user with "edit" permissions.
        $user = $this->drupalCreateUser([
            "edit terms in {$vocabulary->id()}",
        ]);
        $this->drupalLogin($user);
        // Ensure the taxonomy term add form is denied.
        $this->drupalGet('admin/structure/taxonomy/manage/' . $vocabulary->id() . '/add');
        $this->assertSession()
            ->statusCodeEquals(403);
        // Create a test term.
        $term = $this->createTerm($vocabulary);
        // Edit the term.
        $this->drupalGet('taxonomy/term/' . $term->id() . '/edit');
        $this->assertSession()
            ->statusCodeEquals(200);
        $this->assertSession()
            ->pageTextContains($term->getName());
        $edit['name[0][value]'] = $this->randomMachineName();
        $this->submitForm($edit, 'Save');
        $this->assertSession()
            ->pageTextContains('Updated term ' . $edit['name[0][value]'] . '.');
        // Verify that the update message contains a link to a term.
        $this->assertSession()
            ->elementExists('xpath', '//div[@data-drupal-messages]//a[contains(@href, "term/")]');
        // Ensure the term cannot be deleted.
        $this->drupalGet('taxonomy/term/' . $term->id() . '/delete');
        $this->assertSession()
            ->statusCodeEquals(403);
        // Test as user with "delete" permissions.
        $user = $this->drupalCreateUser([
            "delete terms in {$vocabulary->id()}",
        ]);
        $this->drupalLogin($user);
        // Ensure the taxonomy term add form is denied.
        $this->drupalGet('admin/structure/taxonomy/manage/' . $vocabulary->id() . '/add');
        $this->assertSession()
            ->statusCodeEquals(403);
        // Create a test term.
        $term = $this->createTerm($vocabulary);
        // Ensure that the term cannot be edited.
        $this->drupalGet('taxonomy/term/' . $term->id() . '/edit');
        $this->assertSession()
            ->statusCodeEquals(403);
        // Delete the vocabulary.
        $this->drupalGet('taxonomy/term/' . $term->id() . '/delete');
        $this->assertSession()
            ->pageTextContains("Are you sure you want to delete the taxonomy term {$term->getName()}?");
        // Confirm deletion.
        $this->submitForm([], 'Delete');
        $this->assertSession()
            ->pageTextContains("Deleted term {$term->getName()}.");
        // Test as user without proper permissions.
        $user = $this->drupalCreateUser();
        $this->drupalLogin($user);
        // Ensure the taxonomy term add form is denied.
        $this->drupalGet('admin/structure/taxonomy/manage/' . $vocabulary->id() . '/add');
        $this->assertSession()
            ->statusCodeEquals(403);
        // Create a test term.
        $term = $this->createTerm($vocabulary);
        // Ensure that the term cannot be edited.
        $this->drupalGet('taxonomy/term/' . $term->id() . '/edit');
        $this->assertSession()
            ->statusCodeEquals(403);
        // Ensure the term cannot be deleted.
        $this->drupalGet('taxonomy/term/' . $term->id() . '/delete');
        $this->assertSession()
            ->statusCodeEquals(403);
    }

}

Classes

Title Deprecated Summary
VocabularyPermissionsTest Tests the taxonomy vocabulary permissions.

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.