diff --git a/tests/src/Functional/AccessTest.php b/tests/src/Functional/AccessTest.php deleted file mode 100644 index 1e5d1b93..00000000 --- a/tests/src/Functional/AccessTest.php +++ /dev/null @@ -1,246 +0,0 @@ -createMediaType('file', ['id' => 'document']); - $media = $this->createMediaEntity('document'); - $media_id = $media->id(); - - $users = [ - 'anonymous' => new AnonymousUserSession(), - 'authenticated' => $this->createUser(), - 'admin' => $this->createUser(admin: TRUE), - ]; - - // Build a report and assert the full result at once. - // This provides a very complete picture in case the assertion fails. - $this->assertPathsAccessByUsers( - [ - // Test the front page as an example that everybody can access. - '/' => ['anonymous', 'authenticated', 'admin'], - // Test an administration page that only admin can see. - '/admin/config' => ['admin'], - // Test the user route. - '/user/' . $users['authenticated']->id() => ['authenticated', 'admin'], - // Test the core media route for reference. - "/media/$media_id/edit" => ['admin'], - ], - $users, - ); - } - - /** - * Tests a scenario when only the administrator has access. - */ - public function testOnlyAdminHasAccess(): void { - $this->createMediaType('file', ['id' => 'document']); - $media = $this->createMediaEntity('document'); - - $users = [ - 'anonymous' => new AnonymousUserSession(), - 'authenticated' => $this->createUser(), - 'admin' => $this->createUser(admin: TRUE), - ]; - - // Both routes are only accessible for admin. - $this->assertPathsAccessByUsers( - [ - '/cool/view/' . $media->id() => ['admin'], - '/cool/edit/' . $media->id() => ['admin'], - ], - $users, - ); - } - - /** - * Tests a scenario where specific permissions are given to users. - */ - public function testCollaboraMediaPermissions(): void { - $this->createMediaType('file', ['id' => 'document']); - $this->createMediaType('file', ['id' => 'public_wiki']); - $this->createMediaType('file', ['id' => 'public_announcement']); - $this->createMediaType('file', ['id' => 'diary']); - $this->grantPermissions( - Role::load(RoleInterface::ANONYMOUS_ID), - [ - 'preview public_announcement in collabora', - 'preview public_wiki in collabora', - 'edit any public_wiki in collabora', - ], - ); - - $accounts = [ - 'anonymous' => new AnonymousUserSession(), - 'authenticated' => $this->createUser(), - 'reader' => $this->createUser([ - 'preview document in collabora', - ]), - 'editor' => $this->createUser([ - 'preview document in collabora', - 'edit any document in collabora', - ]), - // The 'writer' has write access, but no read access. - 'writer' => $this->createUser([ - 'edit any document in collabora', - ]), - 'diary keeper' => $this->createUser([ - // There is no 'preview own *' permission in this module. - 'preview diary in collabora', - 'edit own diary in collabora', - ]), - ]; - - $media_entities = [ - 'document' => $this->createMediaEntity('document'), - 'wiki' => $this->createMediaEntity('public_wiki'), - 'announcement' => $this->createMediaEntity('public_announcement'), - 'own diary' => $this->createMediaEntity('diary', [ - 'uid' => $accounts['diary keeper']->id(), - ]), - 'other diary' => $this->createMediaEntity('diary'), - ]; - - $paths = []; - foreach ($media_entities as $media_key => $media) { - $paths["/cool/view/<$media_key>"] = '/cool/view/' . $media->id(); - $paths["/cool/edit/<$media_key>"] = '/cool/edit/' . $media->id(); - } - - $this->assertPathsAccessByUsers( - [ - '/cool/view/' => ['reader', 'editor'], - '/cool/edit/' => ['editor', 'writer'], - '/cool/view/' => ['anonymous'], - '/cool/edit/' => ['anonymous'], - '/cool/view/' => ['anonymous'], - '/cool/edit/' => [], - '/cool/view/' => ['diary keeper'], - '/cool/edit/' => ['diary keeper'], - '/cool/view/' => ['diary keeper'], - '/cool/edit/' => [], - ], - $accounts, - $paths, - ); - } - - /** - * Builds a report about which users can access a given content. - * - * @param array> $expected - * Array indicating which url should be accessible by which user. - * The array keys are either paths or string keys from the $paths array. - * The array values are lists of keys from the $accounts array with access - * to that path. - * @param array $accounts - * Accounts to test access with, keyed by a distinguishable name. - * @param array|null $paths - * An array of paths, or NULL to just use the array keys from $expected. - * This parameter is useful if the paths all look very similar. - */ - protected function assertPathsAccessByUsers(array $expected, array $accounts, ?array $paths = NULL): void { - if ($paths === NULL) { - $paths = array_keys($expected); - $paths = array_combine($paths, $paths); - } - // Build a report and assert it all at once, to have a more complete - // overview on failure. - $actual = []; - foreach ($paths as $path_key => $path) { - $url = Url::fromUserInput($path); - // Filter the user list by access to the url. - $accounts_with_access = array_filter($accounts, $url->access(...)); - $actual[$path_key] = array_keys($accounts_with_access); - } - // Use yaml to avoid integer keys in list output. - $this->assertSame( - Yaml::encode($expected), - Yaml::encode($actual), - 'Users with access to given paths' - ); - } - - /** - * Creates a media entity with attached file. - * - * @param string $type - * Media type. - * @param array $values - * Values for the media entity. - * - * @return \Drupal\media\MediaInterface - * New media entity. - */ - protected function createMediaEntity(string $type, array $values = []): MediaInterface { - file_put_contents('public://test.txt', 'Hello test'); - $file = File::create([ - 'uri' => 'public://test.txt', - ]); - $file->save(); - $values += [ - 'bundle' => $type, - 'field_media_file' => $file->id(), - ]; - $media = Media::create($values); - $media->save(); - return $media; - } - -} diff --git a/tests/src/Functional/PermissionTest.php b/tests/src/Functional/PermissionTest.php deleted file mode 100644 index 2c1f2f29..00000000 --- a/tests/src/Functional/PermissionTest.php +++ /dev/null @@ -1,94 +0,0 @@ -createMediaType('file', [ - 'id' => 'public_wiki', - 'label' => 'Public wiki', - ]); - /** @var \Drupal\user\PermissionHandlerInterface $permission_handler */ - $permission_handler = \Drupal::service(PermissionHandlerInterface::class); - $permissions = $permission_handler->getPermissions(); - $permissions = array_filter( - $permissions, - fn (array $permission) => $permission['provider'] === 'collabora_online', - ); - // Remove noise that is hard to diff. - $permissions = array_map( - static function (array $permission) { - $permission['title'] = (string) $permission['title']; - if ($permission['description'] === NULL) { - unset($permission['description']); - } - if ($permission['provider'] === 'collabora_online') { - unset($permission['provider']); - } - return $permission; - }, - $permissions, - ); - ksort($permissions); - $this->assertSame([ - 'administer collabora instance' => [ - 'title' => 'Administer the Collabora instance', - 'restrict access' => TRUE, - ], - 'edit any public_wiki in collabora' => [ - 'title' => 'Public wiki: Edit any media file in Collabora', - 'dependencies' => ['config' => ['media.type.public_wiki']], - ], - 'edit own public_wiki in collabora' => [ - 'title' => 'Public wiki: Edit own media file in Collabora', - 'dependencies' => ['config' => ['media.type.public_wiki']], - ], - 'preview own unpublished public_wiki in collabora' => [ - 'title' => 'Public wiki: Preview own unpublished media file in Collabora', - 'dependencies' => ['config' => ['media.type.public_wiki']], - ], - 'preview public_wiki in collabora' => [ - 'title' => 'Public wiki: Preview published media file in Collabora', - 'dependencies' => ['config' => ['media.type.public_wiki']], - ], - ], $permissions); - } - -}