/**
* Tests user selection by roles.
*/
function testUserSelectionByRole()
{
$field_definition = FieldInstanceConfig::loadByName('user', 'user', 'user_reference');
$field_definition->settings['handler_settings']['filter']['role'] = array($this->role1->id() => $this->role1->id(), $this->role2->id() => 0);
$field_definition->settings['handler_settings']['filter']['type'] = 'role';
$field_definition->save();
$user1 = $this->createUser(array('name' => 'aabb'));
$user1->addRole($this->role1->id());
$user1->save();
$user2 = $this->createUser(array('name' => 'aabbb'));
$user2->addRole($this->role1->id());
$user2->save();
$user3 = $this->createUser(array('name' => 'aabbbb'));
$user3->addRole($this->role2->id());
$user3->save();
/** @var \Drupal\entity_reference\EntityReferenceAutocomplete $autocomplete */
$autocomplete = \Drupal::service('entity_reference.autocomplete');
$matches = $autocomplete->getMatches($field_definition, 'user', 'user', 'NULL', '', 'aabb');
$this->assertEqual(count($matches), 2);
$users = array();
foreach ($matches as $match) {
$users[] = $match['label'];
}
$this->assertTrue(in_array($user1->label(), $users));
$this->assertTrue(in_array($user2->label(), $users));
$this->assertFalse(in_array($user3->label(), $users));
$matches = $autocomplete->getMatches($field_definition, 'user', 'user', 'NULL', '', 'aabbbb');
$this->assertEqual(count($matches), 0, '');
}
/**
* Returns role entities allowed to masquerade as.
*
* @return \Drupal\user\RoleInterface[]
* An associative array with the role id as the key and the role object as
* value.
*/
protected function getUserRoles()
{
$roles = Role::loadMultiple();
// Do not allow masquerade as anonymous user, use private browsing.
unset($roles[RoleInterface::ANONYMOUS_ID]);
return $roles;
}
public function testRolePurchaseCheckout()
{
// Add role assignment to the test product.
$rid = $this->drupalCreateRole(array('access content'));
$this->drupalLogin($this->adminUser);
$this->drupalPostForm('node/' . $this->product->id() . '/edit/features', array('feature' => 'role'), t('Add'));
$edit = array('role' => $rid, 'end_override' => TRUE, 'expire_relative_duration' => 1, 'expire_relative_granularity' => 'day');
$this->drupalPostForm(NULL, $edit, t('Save feature'));
// Check out with the test product.
$method = $this->createPaymentMethod('other');
$this->addToCart($this->product);
$order = $this->checkout();
uc_payment_enter($order->id(), $method['id'], $order->getTotal());
// Test that the role was granted.
// @todo Re-enable when Rules is available.
// $this->assertTrue($order->getOwner()->hasRole($rid), 'Existing user was granted role.');
// Test that the email is correct.
$role = Role::load($rid);
// @todo Re-enable when Rules is available.
// $this->assertMailString('subject', $role->label(), 4, 'Role assignment email mentions role in subject line.');
// Test that the role product / user relation is deleted with the user.
user_delete($order->getOwnerId());
// Run cron to ensure deleted users are handled correctly.
$this->cronRun();
}
/**
* Returns the permission strings that a group of roles have.
*
* @param array $roleIDs
* The array of roleIDs to check.
* @param bool $groupByRoleId
* Choose whether to group permissions by role ID.
* @return array
* An array of the permissions untrusted roles have. If $groupByRoleId is
* true, the array key is the role ID, the value is the array of permissions
* the role has.
*/
public static function rolePermissions(array $roleIDs, $groupByRoleId = FALSE)
{
// Get the permissions the given roles have, grouped by roles.
$permissions_grouped = user_role_permissions($roleIDs);
// Fill up the administrative roles' permissions too.
foreach ($roleIDs as $roleID) {
$role = Role::load($roleID);
/** @var Role $role */
if ($role->isAdmin()) {
$permissions_grouped[$roleID] = static::permissions();
}
}
if ($groupByRoleId) {
// If the result should be grouped, we have nothing else to do.
return $permissions_grouped;
} else {
// Merge the grouped permissions into $untrusted_permissions.
$untrusted_permissions = array();
foreach ($permissions_grouped as $rid => $permissions) {
$untrusted_permissions = array_merge($untrusted_permissions, $permissions);
}
// Remove duplicate elements and fix indexes.
$untrusted_permissions = array_values(array_unique($untrusted_permissions));
return $untrusted_permissions;
}
}
/**
* {@inheritdoc}
*/
protected function setUp()
{
parent::setUp();
$admin_roles = $this->adminUser->getRoles();
$admin_role = Role::load(reset($admin_roles));
$this->grantPermissions($admin_role, ['administer site configuration']);
}
/**
* Tests user role migration.
*/
public function testUserRole()
{
/** @var \Drupal\migrate\entity\Migration $migration */
$id_map = Migration::load('d6_user_role')->getIdMap();
$rid = 'anonymous';
$anonymous = Role::load($rid);
$this->assertIdentical($rid, $anonymous->id());
$this->assertIdentical(array('migrate test anonymous permission', 'use text format filtered_html'), $anonymous->getPermissions());
$this->assertIdentical(array($rid), $id_map->lookupDestinationId(array(1)));
$rid = 'authenticated';
$authenticated = Role::load($rid);
$this->assertIdentical($rid, $authenticated->id());
$this->assertIdentical(array('migrate test authenticated permission', 'use text format filtered_html'), $authenticated->getPermissions());
$this->assertIdentical(array($rid), $id_map->lookupDestinationId(array(2)));
$rid = 'migrate_test_role_1';
$migrate_test_role_1 = Role::load($rid);
$this->assertIdentical($rid, $migrate_test_role_1->id());
$this->assertIdentical(array('migrate test role 1 test permission', 'use text format full_html', 'use text format php_code'), $migrate_test_role_1->getPermissions());
$this->assertIdentical(array($rid), $id_map->lookupDestinationId(array(3)));
$rid = 'migrate_test_role_2';
$migrate_test_role_2 = Role::load($rid);
$this->assertIdentical(array('migrate test role 2 test permission', 'use PHP for settings', 'administer contact forms', 'skip comment approval', 'edit own blog content', 'edit any blog content', 'delete own blog content', 'delete any blog content', 'create forum content', 'delete any forum content', 'delete own forum content', 'edit any forum content', 'edit own forum content', 'administer nodes', 'access content overview', 'use text format php_code'), $migrate_test_role_2->getPermissions());
$this->assertIdentical($rid, $migrate_test_role_2->id());
$this->assertIdentical(array($rid), $id_map->lookupDestinationId(array(4)));
$rid = 'migrate_test_role_3_that_is_long';
$migrate_test_role_3 = Role::load($rid);
$this->assertIdentical($rid, $migrate_test_role_3->id());
$this->assertIdentical(array($rid), $id_map->lookupDestinationId(array(5)));
}
/**
* {@inheritdoc}
*/
protected function setUp($import_test_views = TRUE)
{
parent::setUp($import_test_views);
$this->installEntitySchema('user');
$this->installEntitySchema('comment');
// Create the anonymous role.
$this->installConfig(['user']);
// Create an anonymous user.
$storage = \Drupal::entityManager()->getStorage('user');
// Insert a row for the anonymous user.
$storage->create(array('uid' => 0, 'name' => '', 'status' => 0))->save();
$admin_role = Role::create(['id' => 'admin', 'permissions' => ['administer comments', 'access user profiles']]);
$admin_role->save();
/* @var \Drupal\user\RoleInterface $anonymous_role */
$anonymous_role = Role::load(Role::ANONYMOUS_ID);
$anonymous_role->grantPermission('access comments');
$anonymous_role->save();
$this->adminUser = User::create(['name' => $this->randomMachineName(), 'roles' => [$admin_role->id()]]);
$this->adminUser->save();
// Create some comments.
$comment = Comment::create(['subject' => 'My comment title', 'uid' => $this->adminUser->id(), 'name' => $this->adminUser->label(), 'entity_type' => 'entity_test', 'comment_type' => 'entity_test', 'status' => 1]);
$comment->save();
$comment_anonymous = Comment::create(['subject' => 'Anonymous comment title', 'uid' => 0, 'name' => 'barry', 'mail' => '*****@*****.**', 'homepage' => 'https://example.com', 'entity_type' => 'entity_test', 'comment_type' => 'entity_test', 'created' => 123456, 'status' => 1]);
$comment_anonymous->save();
}
public function testRevisionView()
{
$entity = EnhancedEntity::create(['name' => 'rev 1', 'type' => 'default']);
$entity->save();
$revision = clone $entity;
$revision->name->value = 'rev 2';
$revision->setNewRevision(TRUE);
$revision->isDefaultRevision(FALSE);
$revision->save();
/** @var \Symfony\Component\HttpKernel\HttpKernelInterface $http_kernel */
$http_kernel = \Drupal::service('http_kernel');
$request = Request::create($revision->url('revision'));
$response = $http_kernel->handle($request);
$this->assertEquals(403, $response->getStatusCode());
$role = Role::create(['id' => 'test_role']);
$role->grantPermission('view all entity_test_enhanced revisions');
$role->grantPermission('administer entity_test_enhanced');
$role->save();
$user = User::create(['name' => 'Test user']);
$user->addRole($role->id());
\Drupal::service('account_switcher')->switchTo($user);
$request = Request::create($revision->url('revision'));
$response = $http_kernel->handle($request);
$this->assertEquals(200, $response->getStatusCode());
$this->assertNotContains('rev 1', $response->getContent());
$this->assertContains('rev 2', $response->getContent());
}
/**
* {@inheritdoc}
*/
protected function setUp()
{
parent::setUp();
// Give anonymous users permission to view test entities, so that we can
// verify the cache tags of cached versions of test entity pages.
$user_role = Role::load(RoleInterface::ANONYMOUS_ID);
$user_role->grantPermission('view test entity');
$user_role->save();
// Create an entity.
$this->entity = $this->createEntity();
// If this is an entity with field UI enabled, then add a configurable
// field. We will use this configurable field in later tests to ensure that
// field configuration invalidate render cache entries.
if ($this->entity->getEntityType()->get('field_ui_base_route')) {
// Add field, so we can modify the field storage and field entities to
// verify that changes to those indeed clear cache tags.
entity_create('field_storage_config', array('field_name' => 'configurable_field', 'entity_type' => $this->entity->getEntityTypeId(), 'type' => 'test_field', 'settings' => array()))->save();
entity_create('field_config', array('entity_type' => $this->entity->getEntityTypeId(), 'bundle' => $this->entity->bundle(), 'field_name' => 'configurable_field', 'label' => 'Configurable field', 'settings' => array()))->save();
// Reload the entity now that a new field has been added to it.
$storage = $this->container->get('entity.manager')->getStorage($this->entity->getEntityTypeId());
$storage->resetCache();
$this->entity = $storage->load($this->entity->id());
}
// Create a referencing and a non-referencing entity.
list($this->referencingEntity, $this->nonReferencingEntity, ) = $this->createReferenceTestEntities($this->entity);
}
/**
* {@inheritdoc}
*/
protected function setUp()
{
parent::setUp();
$this->installConfig(array('user', 'entity_test'));
// Give anonymous users permission to view test entities.
Role::load(RoleInterface::ANONYMOUS_ID)->grantPermission('view test entity')->save();
}
public function role_create($role_machine_name, $role_human_readable_name = '')
{
// In D6 and D7, when we create a new role, the role
// machine name is specified, and the numeric rid is
// auto-assigned (next available id); in D8, when we
// create a new role, we need to specify both the rid,
// which is now the role machine name, and also a human-readable
// role name. If the client did not provide a human-readable
// name, then we'll use the role machine name in its place.
if (empty($role_human_readable_name)) {
$role_human_readable_name = ucfirst($role_machine_name);
}
$role = new Role(array('id' => $role_machine_name, 'label' => $role_human_readable_name), 'user_role');
$role->save();
return $role;
}
/**
* Ensures that 'user.permissions' cache context is able to define cache tags.
*/
public function testUserPermissionCacheContextOptimization()
{
$user1 = $this->createUser();
$this->assertEqual($user1->id(), 1);
$authenticated_user = $this->createUser(['administer permissions']);
$role = $authenticated_user->getRoles()[1];
$test_element = ['#cache' => ['keys' => ['test'], 'contexts' => ['user', 'user.permissions']]];
\Drupal::service('account_switcher')->switchTo($authenticated_user);
$element = $test_element;
$element['#markup'] = 'content for authenticated users';
$output = \Drupal::service('renderer')->renderRoot($element);
$this->assertEqual($output, 'content for authenticated users');
// Verify that the render caching is working so that other tests can be
// trusted.
$element = $test_element;
$element['#markup'] = 'this should not be visible';
$output = \Drupal::service('renderer')->renderRoot($element);
$this->assertEqual($output, 'content for authenticated users');
// Even though the cache contexts have been optimized to only include 'user'
// cache context, the element should have been changed because
// 'user.permissions' cache context defined a cache tags for permission
// changes, which should have bubbled up for the element when it was
// optimized away.
Role::load($role)->revokePermission('administer permissions')->save();
$element = $test_element;
$element['#markup'] = 'this should be visible';
$output = \Drupal::service('renderer')->renderRoot($element);
$this->assertEqual($output, 'this should be visible');
}
/**
* {@inheritdoc}
*/
protected function setUp()
{
parent::setUp();
// Give anonymous users permission to view nodes, so that we can verify the
// cache tags of cached versions of node pages.
Role::load(RoleInterface::ANONYMOUS_ID)->grantPermission('access tour')->save();
}
/**
* Performs setup tasks before each individual test method is run.
*/
public function setUp()
{
parent::setUp('content_access');
// The parent method already installs most needed node and comment schemas,
// but here we also need the comment statistics.
$this->installSchema('comment', array('comment_entity_statistics'));
// Create a node type for testing.
$type = NodeType::create(array('type' => 'page', 'name' => 'page'));
$type->save();
// Create anonymous user role.
$role = Role::create(array('id' => 'anonymous', 'label' => 'anonymous'));
$role->save();
// Insert the anonymous user into the database, as the user table is inner
// joined by \Drupal\comment\CommentStorage.
User::create(array('uid' => 0, 'name' => ''))->save();
// Create a node with attached comment.
$this->nodes[0] = Node::create(array('status' => NODE_PUBLISHED, 'type' => 'page', 'title' => 'test title'));
$this->nodes[0]->save();
$comment_type = CommentType::create(array('id' => 'comment', 'target_entity_type_id' => 'node'));
$comment_type->save();
$this->installConfig(array('comment'));
$this->addDefaultCommentField('node', 'page');
$comment = Comment::create(array('entity_type' => 'node', 'entity_id' => $this->nodes[0]->id(), 'field_name' => 'comment', 'body' => 'test body', 'comment_type' => $comment_type->id()));
$comment->save();
$this->comments[] = $comment;
$this->nodes[1] = Node::create(array('status' => NODE_PUBLISHED, 'type' => 'page', 'title' => 'some title'));
$this->nodes[1]->save();
$this->nodes[2] = Node::create(array('status' => NODE_NOT_PUBLISHED, 'type' => 'page', 'title' => 'other title'));
$this->nodes[2]->save();
// Also index users, to verify that they are unaffected by the processor.
$this->index->set('datasources', array('entity:comment', 'entity:node', 'entity:user'));
$this->index->save();
$this->index = entity_load('search_api_index', $this->index->id(), TRUE);
}
/**
* {@inheritdoc}
*/
protected function setUp()
{
parent::setUp();
$this->installSchema('system', 'sequences');
$this->installEntitySchema('user');
$this->manager = $this->container->get('plugin.manager.condition');
// Set up the authenticated and anonymous roles.
Role::create(array('id' => RoleInterface::ANONYMOUS_ID, 'label' => 'Anonymous user'))->save();
Role::create(array('id' => RoleInterface::AUTHENTICATED_ID, 'label' => 'Authenticated user'))->save();
// Create new role.
$rid = strtolower($this->randomMachineName(8));
$label = $this->randomString(8);
$role = Role::create(array('id' => $rid, 'label' => $label));
$role->save();
$this->role = $role;
// Setup an anonymous user for our tests.
$this->anonymous = User::create(array('name' => '', 'uid' => 0));
$this->anonymous->save();
// Loading the anonymous user adds the correct role.
$this->anonymous = User::load($this->anonymous->id());
// Setup an authenticated user for our tests.
$this->authenticated = User::create(array('name' => $this->randomMachineName()));
$this->authenticated->save();
// Add the custom role.
$this->authenticated->addRole($this->role->id());
}
/**
* {@inheritdoc}
*/
protected function setUp()
{
parent::setUp();
$this->config = $this->config('rest.settings');
// Create an entity programmatically.
$this->entity = $this->entityCreate('entity_test');
$this->entity->save();
Role::load(AccountInterface::ANONYMOUS_ROLE)->grantPermission('view test entity')->save();
}
/**
* Tests that serialization_class is optional.
*/
public function testSerializationClassIsOptional()
{
$this->enableService('serialization_test', 'POST', 'json');
Role::load(RoleInterface::ANONYMOUS_ID)->grantPermission('restful post serialization_test')->save();
$serialized = $this->container->get('serializer')->serialize(['foo', 'bar'], 'json');
$this->httpRequest('serialization_test', 'POST', $serialized, 'application/json');
$this->assertResponse(200);
$this->assertResponseBody('["foo","bar"]');
}
/**
* {@inheritdoc}
*/
protected function setUp()
{
parent::setUp();
// Give anonymous users permission to view nodes, so that we can verify the
// cache tags of cached versions of node pages.
$user_role = Role::load(DRUPAL_ANONYMOUS_RID);
$user_role->grantPermission('acess content');
$user_role->save();
}
/**
* {@inheritdoc}
*/
protected function setUp()
{
parent::setUp();
// Give anonymous users permission to view user profiles, so that we can
// verify the cache tags of cached versions of user profile pages.
$user_role = Role::load(RoleInterface::ANONYMOUS_ID);
$user_role->grantPermission('access user profiles');
$user_role->save();
}
/**
* {@inheritdoc}
*/
public function setUp()
{
parent::setUp();
$this->addField('string', 'field_shared', 'user');
$this->addField('string', 'field_shared', 'simplenews_subscriber');
Role::load('anonymous')->grantPermission('subscribe to newsletters')->grantPermission('access user profiles')->save();
Role::load('authenticated')->grantPermission('subscribe to newsletters')->save();
$this->admin = $this->drupalCreateUser(array('administer users'));
}
/**
* {@inheritdoc}
*/
protected function setUp()
{
parent::setUp();
$this->role1 = Role::create(array('id' => strtolower($this->randomMachineName(8)), 'label' => $this->randomMachineName(8)));
$this->role1->save();
$this->role2 = Role::create(array('id' => strtolower($this->randomMachineName(8)), 'label' => $this->randomMachineName(8)));
$this->role2->save();
$this->createEntityReferenceField('user', 'user', 'user_reference', 'User reference', 'user');
}
/**
* {@inheritdoc}
*/
protected function setUp()
{
parent::setUp();
// Give anonymous users permission to access feeds, so that we can verify
// the cache tags of cached versions of feeds.
$user_role = Role::load(DRUPAL_ANONYMOUS_RID);
$user_role->grantPermission('access news feeds');
$user_role->save();
}
/**
* {@inheritdoc}
*/
protected function setUp()
{
parent::setUp();
$this->installEntitySchema('user');
$this->installSchema('system', 'sequences');
$devel_role = Role::create(['id' => 'admin', 'permissions' => ['access devel information']]);
$devel_role->save();
$this->develUser = User::create(['name' => $this->randomMachineName(), 'roles' => [$devel_role->id()]]);
$this->develUser->save();
}
/**
* Tests the plain formatter.
*/
public function testAllFormatters()
{
// Tests the plain formatter.
$this->assertFormatterRdfa(array('type' => 'taxonomy_term_reference_plain'), 'http://schema.org/about', array('value' => $this->term->getName(), 'type' => 'literal'));
// Grant the access content permission to the anonymous user.
Role::create(array('id' => DRUPAL_ANONYMOUS_RID))->grantPermission('access content')->save();
// Tests the link formatter.
$term_uri = $this->getAbsoluteUri($this->term);
$this->assertFormatterRdfa(array('type' => 'taxonomy_term_reference_link'), 'http://schema.org/about', array('value' => $term_uri, 'type' => 'uri'));
}
/**
* {@inheritdoc}
*/
protected function setUp()
{
parent::setUp();
// Give anonymous users permission to customize shortcut links, so that we
// can verify the cache tags of cached versions of shortcuts.
$user_role = Role::load(RoleInterface::ANONYMOUS_ID);
$user_role->grantPermission('customize shortcut links');
$user_role->grantPermission('access shortcuts');
$user_role->save();
}
/**
* {@inheritdoc}
*/
protected function setUp()
{
parent::setUp();
$this->installEntitySchema('user');
$this->installEntitySchema('entity_test_mul');
$this->installEntitySchema('entity_test_admin_routes');
/** @var \Drupal\user\RoleInterface $role */
$role = Role::create(['id' => RoleInterface::ANONYMOUS_ID]);
$role->grantPermission('administer entity_test content')->grantPermission('view test entity');
$role->save();
}
/**
* {@inheritdoc}
*/
protected function setUp()
{
parent::setUp();
// Remove the 'access content' permission from anonymous and auth users.
Role::load(RoleInterface::ANONYMOUS_ID)->revokePermission('access content')->save();
Role::load(RoleInterface::AUTHENTICATED_ID)->revokePermission('access content')->save();
$this->drupalCreateContentType(['type' => 'article', 'name' => 'Article']);
$this->drupalCreateContentType(['type' => 'page', 'name' => 'Page']);
$this->drupalPlaceBlock('page_title_block');
$this->page = Page::load('node_view');
}
/**
* Asserts aspects of a user role config entity.
*
* @param string $id
* The role ID.
* @param string $label
* The role's expected label.
* @param int|NULL $original_rid
* The original (integer) ID of the role, to check permissions.
*/
protected function assertEntity($id, $label, $original_rid)
{
/** @var \Drupal\user\RoleInterface $entity */
$entity = Role::load($id);
$this->assertTrue($entity instanceof RoleInterface);
$this->assertIdentical($label, $entity->label());
if (isset($original_rid)) {
$permissions = Database::getConnection('default', 'migrate')->select('role_permission', 'rp')->fields('rp', ['permission'])->condition('rid', $original_rid)->execute()->fetchCol();
$this->assertIdentical($permissions, $entity->getPermissions());
}
}
/**
* @return \Drupal\user\UserInterface
*/
protected function drupalCreateUser(array $permissions = [])
{
$role = Role::create(['id' => 'test_role__' . $this->randomMachineName()]);
foreach ($permissions as $permission) {
$role->grantPermission($permission);
}
$role->save();
$user = User::create(['name' => 'test name ' . $this->randomMachineName()]);
$user->addRole($role->id());
$user->save();
return $user;
}
/**
* {@inheritdoc}
*/
protected function setUp($import_test_views = TRUE)
{
parent::setUp($import_test_views);
$this->installEntitySchema('user');
$role_with_access = Role::create(['id' => 'with_access', 'permissions' => ['view test entity field']]);
$role_with_access->save();
$role_without_access = Role::create(['id' => 'without_access', 'permissions' => []]);
$role_without_access->save();
$this->userWithAccess = User::create(['name' => $this->randomMachineName(), 'roles' => [$role_with_access->id()]]);
$this->userWithAccess->save();
$this->userWithoutAccess = User::create(['name' => $this->randomMachineName(), 'roles' => [$role_without_access->id()]]);
$this->userWithoutAccess->save();
}
