function BulkFormAccessTest::testUserDeleteAccess

Tests if users that may not be deleted, can not be deleted in bulk.

File

core/modules/user/tests/src/Functional/Views/BulkFormAccessTest.php, line 100

Class

BulkFormAccessTest

Tests if entity access is respected on a user bulk form.

Namespace

Code

public function testUserDeleteAccess() : void {
  // Create two authenticated users.
  $account = $this->drupalCreateUser([], 'no_delete');
  $account2 = $this->drupalCreateUser([], 'may_delete');
  // Log in as user admin.
  $this->drupalLogin($this->drupalCreateUser([
    'administer users',
  ]));
  // Ensure that the account "no_delete" can not be deleted.
  $this->drupalGet('user/' . $account->id() . '/cancel');
  $this->assertSession()
    ->statusCodeEquals(403);
  // Ensure that the account "may_delete" *can* be deleted.
  $this->drupalGet('user/' . $account2->id() . '/cancel');
  $this->assertSession()
    ->statusCodeEquals(200);
  // Test deleting the accounts "no_delete" and "may_delete".
  $edit = [
    'user_bulk_form[' . ($account->id() - 1) . ']' => TRUE,
    'user_bulk_form[' . ($account2->id() - 1) . ']' => TRUE,
    'action' => 'user_cancel_user_action',
  ];
  $this->drupalGet('test-user-bulk-form');
  $this->submitForm($edit, 'Apply to selected items');
  $edit = [
    'user_cancel_method' => 'user_cancel_delete',
  ];
  $this->submitForm($edit, 'Confirm');
  // Ensure the account "no_delete" still exists.
  $account = User::load($account->id());
  $this->assertNotNull($account, 'The user "no_delete" is not deleted.');
  // Ensure the account "may_delete" no longer exists.
  $account = User::load($account2->id());
  $this->assertNull($account, 'The user "may_delete" is deleted.');
}