3 namespace Drupal\Tests\workspaces\Functional;
5 use Drupal\Tests\BrowserTestBase;
6 use Drupal\workspaces\Entity\Workspace;
9 * Tests permission controls on workspaces.
13 class WorkspacePermissionsTest extends BrowserTestBase {
15 use WorkspaceTestUtilities;
20 public static $modules = ['workspaces'];
23 * Verifies that a user can create but not edit a workspace.
25 public function testCreateWorkspace() {
26 $editor = $this->drupalCreateUser([
27 'access administration pages',
28 'administer site configuration',
32 // Login as a limited-access user and create a workspace.
33 $this->drupalLogin($editor);
34 $this->createWorkspaceThroughUi('Bears', 'bears');
36 // Now edit that same workspace; We shouldn't be able to do so, since
37 // we don't have edit permissions.
38 /** @var \Drupal\Core\Entity\EntityTypeManagerInterface $etm */
39 $etm = \Drupal::service('entity_type.manager');
40 /** @var \Drupal\workspaces\WorkspaceInterface $bears */
41 $entity_list = $etm->getStorage('workspace')->loadByProperties(['label' => 'Bears']);
42 $bears = current($entity_list);
44 $this->drupalGet("/admin/config/workflow/workspaces/manage/{$bears->id()}/edit");
45 $this->assertSession()->statusCodeEquals(403);
49 * Verifies that a user can create and edit only their own workspace.
51 public function testEditOwnWorkspace() {
53 'access administration pages',
54 'administer site configuration',
59 $editor1 = $this->drupalCreateUser($permissions);
61 // Login as a limited-access user and create a workspace.
62 $this->drupalLogin($editor1);
63 $this->createWorkspaceThroughUi('Bears', 'bears');
65 // Now edit that same workspace; We should be able to do so.
66 $bears = Workspace::load('bears');
68 $this->drupalGet("/admin/config/workflow/workspaces/manage/{$bears->id()}/edit");
69 $this->assertSession()->statusCodeEquals(200);
71 $page = $this->getSession()->getPage();
72 $page->fillField('label', 'Bears again');
73 $page->fillField('id', 'bears');
74 $page->findButton('Save')->click();
75 $page->hasContent('Bears again (bears)');
77 // Now login as a different user and ensure they don't have edit access,
79 $editor2 = $this->drupalCreateUser($permissions);
81 $this->drupalLogin($editor2);
82 $this->createWorkspaceThroughUi('Packers', 'packers');
83 $packers = Workspace::load('packers');
85 $this->drupalGet("/admin/config/workflow/workspaces/manage/{$packers->id()}/edit");
86 $this->assertSession()->statusCodeEquals(200);
88 $this->drupalGet("/admin/config/workflow/workspaces/manage/{$bears->id()}/edit");
89 $this->assertSession()->statusCodeEquals(403);
93 * Verifies that a user can edit any workspace.
95 public function testEditAnyWorkspace() {
97 'access administration pages',
98 'administer site configuration',
100 'edit own workspace',
103 $editor1 = $this->drupalCreateUser($permissions);
105 // Login as a limited-access user and create a workspace.
106 $this->drupalLogin($editor1);
107 $this->createWorkspaceThroughUi('Bears', 'bears');
109 // Now edit that same workspace; We should be able to do so.
110 $bears = Workspace::load('bears');
112 $this->drupalGet("/admin/config/workflow/workspaces/manage/{$bears->id()}/edit");
113 $this->assertSession()->statusCodeEquals(200);
115 $page = $this->getSession()->getPage();
116 $page->fillField('label', 'Bears again');
117 $page->fillField('id', 'bears');
118 $page->findButton('Save')->click();
119 $page->hasContent('Bears again (bears)');
121 // Now login as a different user and ensure they don't have edit access,
123 $admin = $this->drupalCreateUser(array_merge($permissions, ['edit any workspace']));
125 $this->drupalLogin($admin);
126 $this->createWorkspaceThroughUi('Packers', 'packers');
127 $packers = Workspace::load('packers');
129 $this->drupalGet("/admin/config/workflow/workspaces/manage/{$packers->id()}/edit");
130 $this->assertSession()->statusCodeEquals(200);
132 $this->drupalGet("/admin/config/workflow/workspaces/manage/{$bears->id()}/edit");
133 $this->assertSession()->statusCodeEquals(200);
137 * Verifies that a user can create and delete only their own workspace.
139 public function testDeleteOwnWorkspace() {
141 'access administration pages',
142 'administer site configuration',
144 'delete own workspace',
146 $editor1 = $this->drupalCreateUser($permissions);
148 // Login as a limited-access user and create a workspace.
149 $this->drupalLogin($editor1);
150 $bears = $this->createWorkspaceThroughUi('Bears', 'bears');
152 // Now try to delete that same workspace; We should be able to do so.
153 $this->drupalGet("/admin/config/workflow/workspaces/manage/{$bears->id()}/delete");
154 $this->assertSession()->statusCodeEquals(200);
156 // Now login as a different user and ensure they don't have edit access,
158 $editor2 = $this->drupalCreateUser($permissions);
160 $this->drupalLogin($editor2);
161 $packers = $this->createWorkspaceThroughUi('Packers', 'packers');
163 $this->drupalGet("/admin/config/workflow/workspaces/manage/{$packers->id()}/delete");
164 $this->assertSession()->statusCodeEquals(200);
166 $this->drupalGet("/admin/config/workflow/workspaces/manage/{$bears->id()}/delete");
167 $this->assertSession()->statusCodeEquals(403);
171 * Verifies that a user can delete any workspace.
173 public function testDeleteAnyWorkspace() {
175 'access administration pages',
176 'administer site configuration',
178 'delete own workspace',
180 $editor1 = $this->drupalCreateUser($permissions);
182 // Login as a limited-access user and create a workspace.
183 $this->drupalLogin($editor1);
184 $bears = $this->createWorkspaceThroughUi('Bears', 'bears');
186 // Now edit that same workspace; We should be able to do so.
187 $this->drupalGet("/admin/config/workflow/workspaces/manage/{$bears->id()}/delete");
188 $this->assertSession()->statusCodeEquals(200);
190 // Now login as a different user and ensure they have delete access on both
192 $admin = $this->drupalCreateUser(array_merge($permissions, ['delete any workspace']));
194 $this->drupalLogin($admin);
195 $packers = $this->createWorkspaceThroughUi('Packers', 'packers');
197 $this->drupalGet("/admin/config/workflow/workspaces/manage/{$packers->id()}/delete");
198 $this->assertSession()->statusCodeEquals(200);
200 $this->drupalGet("/admin/config/workflow/workspaces/manage/{$bears->id()}/delete");
201 $this->assertSession()->statusCodeEquals(200);
203 // Check that the default workspace can not be deleted, even by a user with
204 // the "delete any workspace" permission.
205 $this->drupalGet("/admin/config/workflow/workspaces/manage/live/delete");
206 $this->assertSession()->statusCodeEquals(403);