function BulkFormAccessTest::testUserDeleteAccess

Tests if users that may not be deleted, can not be deleted in bulk.

File

core/modules/user/tests/src/Functional/Views/BulkFormAccessTest.php, line 100

Class

BulkFormAccessTest

Tests if entity access is respected on a user bulk form.

Namespace

Code

public function testUserDeleteAccess() : void {
    // Create two authenticated users.
    $account = $this->drupalCreateUser([], 'no_delete');
    $account2 = $this->drupalCreateUser([], 'may_delete');
    // Log in as user admin.
    $this->drupalLogin($this->drupalCreateUser([
        'administer users',
    ]));
    // Ensure that the account "no_delete" can not be deleted.
    $this->drupalGet('user/' . $account->id() . '/cancel');
    $this->assertSession()
        ->statusCodeEquals(403);
    // Ensure that the account "may_delete" *can* be deleted.
    $this->drupalGet('user/' . $account2->id() . '/cancel');
    $this->assertSession()
        ->statusCodeEquals(200);
    // Test deleting the accounts "no_delete" and "may_delete".
    $edit = [
        'user_bulk_form[' . ($account->id() - 1) . ']' => TRUE,
        'user_bulk_form[' . ($account2->id() - 1) . ']' => TRUE,
        'action' => 'user_cancel_user_action',
    ];
    $this->drupalGet('test-user-bulk-form');
    $this->submitForm($edit, 'Apply to selected items');
    $edit = [
        'user_cancel_method' => 'user_cancel_delete',
    ];
    $this->submitForm($edit, 'Confirm');
    // Ensure the account "no_delete" still exists.
    $account = User::load($account->id());
    $this->assertNotNull($account, 'The user "no_delete" is not deleted.');
    // Ensure the account "may_delete" no longer exists.
    $account = User::load($account2->id());
    $this->assertNull($account, 'The user "may_delete" is deleted.');
}