function BulkFormAccessTest::testUserEditAccess

Same name in other branches
  1. 9 core/modules/user/tests/src/Functional/Views/BulkFormAccessTest.php \Drupal\Tests\user\Functional\Views\BulkFormAccessTest::testUserEditAccess()
  2. 10 core/modules/user/tests/src/Functional/Views/BulkFormAccessTest.php \Drupal\Tests\user\Functional\Views\BulkFormAccessTest::testUserEditAccess()
  3. 11.x core/modules/user/tests/src/Functional/Views/BulkFormAccessTest.php \Drupal\Tests\user\Functional\Views\BulkFormAccessTest::testUserEditAccess()

Tests if users that may not be edited, can not be edited in bulk.

File

core/modules/user/tests/src/Functional/Views/BulkFormAccessTest.php, line 39

Class

BulkFormAccessTest
Tests if entity access is respected on a user bulk form.

Namespace

Drupal\Tests\user\Functional\Views

Code

public function testUserEditAccess() {
    // Create an authenticated user.
    $no_edit_user = $this->drupalCreateUser([], 'no_edit');
    // Ensure this account is not blocked.
    $this->assertFalse($no_edit_user->isBlocked(), 'The user is not blocked.');
    // Log in as user admin.
    $admin_user = $this->drupalCreateUser([
        'administer users',
    ]);
    $this->drupalLogin($admin_user);
    // Ensure that the account "no_edit" can not be edited.
    $this->drupalGet('user/' . $no_edit_user->id() . '/edit');
    $this->assertFalse($no_edit_user->access('update', $admin_user));
    $this->assertSession()
        ->statusCodeEquals(403);
    // Test blocking the account "no_edit".
    $edit = [
        'user_bulk_form[' . ($no_edit_user->id() - 1) . ']' => TRUE,
        'action' => 'user_block_user_action',
    ];
    $this->drupalPostForm('test-user-bulk-form', $edit, t('Apply to selected items'));
    $this->assertSession()
        ->statusCodeEquals(200);
    $this->assertRaw(new FormattableMarkup('No access to execute %action on the @entity_type_label %entity_label.', [
        '%action' => 'Block the selected user(s)',
        '@entity_type_label' => 'User',
        '%entity_label' => $no_edit_user->label(),
    ]));
    // Re-load the account "no_edit" and ensure it is not blocked.
    $no_edit_user = User::load($no_edit_user->id());
    $this->assertFalse($no_edit_user->isBlocked(), 'The user is not blocked.');
    // Create a normal user which can be edited by the admin user
    $normal_user = $this->drupalCreateUser();
    $this->assertTrue($normal_user->access('update', $admin_user));
    $edit = [
        'user_bulk_form[' . ($normal_user->id() - 1) . ']' => TRUE,
        'action' => 'user_block_user_action',
    ];
    $this->drupalPostForm('test-user-bulk-form', $edit, t('Apply to selected items'));
    $normal_user = User::load($normal_user->id());
    $this->assertTrue($normal_user->isBlocked(), 'The user is blocked.');
    // Log in as user without the 'administer users' permission.
    $this->drupalLogin($this->drupalCreateUser());
    $edit = [
        'user_bulk_form[' . ($normal_user->id() - 1) . ']' => TRUE,
        'action' => 'user_unblock_user_action',
    ];
    $this->drupalPostForm('test-user-bulk-form', $edit, t('Apply to selected items'));
    // Re-load the normal user and ensure it is still blocked.
    $normal_user = User::load($normal_user->id());
    $this->assertTrue($normal_user->isBlocked(), 'The user is still blocked.');
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.