tux/drupal11-ddev
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial Drupal 11 with DDEV setup

Browse Source
This commit is contained in:
gluebox
2025-10-08 11:39:17 -04:00
commit 89ef74b305
25344 changed files with 2599172 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
web/core/modules/jsonapi/tests/modules/jsonapi_test_collection_count/jsonapi_test_collection_count.info.yml Normal file
View File

@ -0,0 +1,3 @@
name: 'JSON API test collection counts'
type: module
package: Testing

6
web/core/modules/jsonapi/tests/modules/jsonapi_test_collection_count/jsonapi_test_collection_count.services.yml Normal file
View File

@ -0,0 +1,6 @@
services:
count.jsonapi.resource_type.repository:
class: Drupal\jsonapi_test_collection_count\ResourceType\CountableResourceTypeRepository
public: false
decorates: jsonapi.resource_type.repository
parent: jsonapi.resource_type.repository

21
web/core/modules/jsonapi/tests/modules/jsonapi_test_collection_count/src/ResourceType/CountableResourceType.php Normal file
View File

@ -0,0 +1,21 @@
<?php
declare(strict_types=1);
namespace Drupal\jsonapi_test_collection_count\ResourceType;
use Drupal\jsonapi\ResourceType\ResourceType;
/**
* Subclass with overridden ::includeCount() for testing purposes.
*/
class CountableResourceType extends ResourceType {
/**
* {@inheritdoc}
*/
public function includeCount() {
return TRUE;
}
}

33
web/core/modules/jsonapi/tests/modules/jsonapi_test_collection_count/src/ResourceType/CountableResourceTypeRepository.php Normal file
View File

@ -0,0 +1,33 @@
<?php
declare(strict_types=1);
namespace Drupal\jsonapi_test_collection_count\ResourceType;
use Drupal\Core\Entity\EntityTypeInterface;
use Drupal\jsonapi\ResourceType\ResourceTypeRepository;
/**
* Provides a repository of JSON:API configurable resource types.
*/
class CountableResourceTypeRepository extends ResourceTypeRepository {
/**
* {@inheritdoc}
*/
protected function createResourceType(EntityTypeInterface $entity_type, $bundle) {
$resource_type = parent::createResourceType($entity_type, $bundle);
return new CountableResourceType(
$resource_type->getEntityTypeId(),
$resource_type->getBundle(),
$resource_type->getDeserializationTargetClass(),
$resource_type->isInternal(),
$resource_type->isLocatable(),
$resource_type->isMutable(),
$resource_type->isVersionable(),
$resource_type->getFields(),
$resource_type->getTypeName()
);
}
}

3
web/core/modules/jsonapi/tests/modules/jsonapi_test_data_type/jsonapi_test_data_type.info.yml Normal file
View File

@ -0,0 +1,3 @@
name: 'JSON API test format-agnostic @DataType normalizers'
type: module
package: Testing

10
web/core/modules/jsonapi/tests/modules/jsonapi_test_data_type/jsonapi_test_data_type.services.yml Normal file
View File

@ -0,0 +1,10 @@
services:
serializer.normalizer.string.jsonapi_test_data_type:
class: Drupal\jsonapi_test_data_type\Normalizer\StringNormalizer
tags:
# The priority must be higher than serializer.normalizer.primitive_data.
- { name: normalizer , priority: 1000 }
serializer.normalizer.traversable_object.jsonapi_test_data_type:
class: Drupal\jsonapi_test_data_type\Normalizer\TraversableObjectNormalizer
tags:
- { name: normalizer }

37
web/core/modules/jsonapi/tests/modules/jsonapi_test_data_type/src/Normalizer/StringNormalizer.php Normal file
View File

@ -0,0 +1,37 @@
<?php
declare(strict_types=1);
namespace Drupal\jsonapi_test_data_type\Normalizer;
use Drupal\Core\TypedData\Plugin\DataType\StringData;
use Drupal\serialization\Normalizer\NormalizerBase;
use Symfony\Component\Serializer\Normalizer\DenormalizerInterface;
/**
* Normalizes string data weirdly: replaces 'super' with 'NOT' and vice versa.
*/
class StringNormalizer extends NormalizerBase implements DenormalizerInterface {
/**
* {@inheritdoc}
*/
public function normalize($object, $format = NULL, array $context = []): array|string|int|float|bool|\ArrayObject|NULL {
return str_replace('super', 'NOT', $object->getValue());
}
/**
* {@inheritdoc}
*/
public function denormalize($data, $class, $format = NULL, array $context = []): mixed {
return str_replace('NOT', 'super', $data);
}
/**
* {@inheritdoc}
*/
public function getSupportedTypes(?string $format): array {
return [StringData::class => TRUE];
}
}

29
web/core/modules/jsonapi/tests/modules/jsonapi_test_data_type/src/Normalizer/TraversableObjectNormalizer.php Normal file
View File

@ -0,0 +1,29 @@
<?php
declare(strict_types=1);
namespace Drupal\jsonapi_test_data_type\Normalizer;
use Drupal\jsonapi_test_data_type\TraversableObject;
use Drupal\serialization\Normalizer\NormalizerBase;
/**
* Normalizes TraversableObject.
*/
class TraversableObjectNormalizer extends NormalizerBase {
/**
* {@inheritdoc}
*/
public function normalize($object, $format = NULL, array $context = []): array|string|int|float|bool|\ArrayObject|NULL {
return $object->property;
}
/**
* {@inheritdoc}
*/
public function getSupportedTypes(?string $format): array {
return [TraversableObject::class => TRUE];
}
}

26
web/core/modules/jsonapi/tests/modules/jsonapi_test_data_type/src/TraversableObject.php Normal file
View File

@ -0,0 +1,26 @@
<?php
declare(strict_types=1);
namespace Drupal\jsonapi_test_data_type;
/**
* An object which implements \IteratorAggregate.
*/
class TraversableObject implements \IteratorAggregate {
/**
* The test data.
*
* @var string
*/
public $property = "value";
/**
* {@inheritdoc}
*/
public function getIterator(): \ArrayIterator {
return new \ArrayIterator();
}
}

4
web/core/modules/jsonapi/tests/modules/jsonapi_test_field_access/jsonapi_test_field_access.info.yml Normal file
View File

@ -0,0 +1,4 @@
name: 'JSON API field access'
type: module
description: 'Provides a custom field access hook to test JSON API field access security.'
package: Testing

6
web/core/modules/jsonapi/tests/modules/jsonapi_test_field_access/jsonapi_test_field_access.permissions.yml Normal file
View File

@ -0,0 +1,6 @@
'field_jsonapi_test_entity_ref edit access':
title: 'Tests JSON:API field edit access'
'field_jsonapi_test_entity_ref update access':
title: 'Tests JSON:API field update access'
'field_jsonapi_test_entity_ref view access':
title: 'Tests JSON:API field view access'

34
web/core/modules/jsonapi/tests/modules/jsonapi_test_field_access/src/Hook/JsonapiTestFieldAccessHooks.php Normal file
View File

@ -0,0 +1,34 @@
<?php
declare(strict_types=1);
namespace Drupal\jsonapi_test_field_access\Hook;
use Drupal\Core\Access\AccessResultInterface;
use Drupal\Core\Access\AccessResult;
use Drupal\Core\Session\AccountInterface;
use Drupal\Core\Field\FieldDefinitionInterface;
use Drupal\Core\Hook\Attribute\Hook;
/**
* Hook implementations for jsonapi_test_field_access.
*/
class JsonapiTestFieldAccessHooks {
/**
* Implements hook_entity_field_access().
*/
#[Hook('entity_field_access')]
public function entityFieldAccess($operation, FieldDefinitionInterface $field_definition, AccountInterface $account): AccessResultInterface {
// @see \Drupal\Tests\jsonapi\Functional\ResourceTestBase::testRelationships().
if ($field_definition->getName() === 'field_jsonapi_test_entity_ref') {
// Forbid access in all cases.
$permission = "field_jsonapi_test_entity_ref {$operation} access";
$access_result = $account->hasPermission($permission) ? AccessResult::allowed() : AccessResult::forbidden("The '{$permission}' permission is required.");
return $access_result->addCacheContexts(['user.permissions']);
}
// No opinion.
return AccessResult::neutral();
}
}

3
web/core/modules/jsonapi/tests/modules/jsonapi_test_field_aliasing/jsonapi_test_field_aliasing.info.yml Normal file
View File

@ -0,0 +1,3 @@
name: 'JSON:API test field aliasing'
type: module
package: Testing

6
web/core/modules/jsonapi/tests/modules/jsonapi_test_field_aliasing/jsonapi_test_field_aliasing.services.yml Normal file
View File

@ -0,0 +1,6 @@
services:
jsonapi.resource_type.repository.jsonapi_test_field_aliasing:
class: Drupal\jsonapi_test_field_aliasing\ResourceType\AliasingResourceTypeRepository
public: false
decorates: jsonapi.resource_type.repository
parent: jsonapi.resource_type.repository

28
web/core/modules/jsonapi/tests/modules/jsonapi_test_field_aliasing/src/ResourceType/AliasingResourceTypeRepository.php Normal file
View File

@ -0,0 +1,28 @@
<?php
declare(strict_types=1);
namespace Drupal\jsonapi_test_field_aliasing\ResourceType;
use Drupal\Core\Entity\EntityTypeInterface;
use Drupal\jsonapi\ResourceType\ResourceTypeRepository;
/**
* Provides a repository of resource types with field names that can be aliased.
*/
class AliasingResourceTypeRepository extends ResourceTypeRepository {
/**
* {@inheritdoc}
*/
protected function getFields(array $field_names, EntityTypeInterface $entity_type, $bundle) {
$fields = parent::getFields($field_names, $entity_type, $bundle);
foreach ($fields as $field_name => $field) {
if (is_string($field_name) && str_starts_with($field_name, 'field_test_alias_')) {
$fields[$field_name] = $fields[$field_name]->withPublicName('field_test_alias');
}
}
return $fields;
}
}

4
web/core/modules/jsonapi/tests/modules/jsonapi_test_field_filter_access/jsonapi_test_field_filter_access.info.yml Normal file
View File

@ -0,0 +1,4 @@
name: 'JSON:API filter access'
type: module
description: 'Provides custom access related code to test JSON:API filter security.'
package: Testing

2
web/core/modules/jsonapi/tests/modules/jsonapi_test_field_filter_access/jsonapi_test_field_filter_access.permissions.yml Normal file
View File

@ -0,0 +1,2 @@
'filter by spotlight field':
title: 'Tests JSON:API filter access'

32
web/core/modules/jsonapi/tests/modules/jsonapi_test_field_filter_access/src/Hook/JsonTestFieldFilterAccessHooks.php Normal file
View File

@ -0,0 +1,32 @@
<?php
declare(strict_types=1);
namespace Drupal\jsonapi_test_field_filter_access\Hook;
use Drupal\Core\Access\AccessResult;
use Drupal\Core\Access\AccessResultInterface;
use Drupal\Core\Field\FieldDefinitionInterface;
use Drupal\Core\Hook\Attribute\Hook;
use Drupal\Core\Session\AccountInterface;
/**
* Hook implementations for jsonapi_test_field_filter_access.
*/
class JsonTestFieldFilterAccessHooks {
/**
* Implements hook_jsonapi_entity_field_filter_access().
*/
#[Hook('jsonapi_entity_field_filter_access')]
public function jsonapiEntityFieldFilterAccess(FieldDefinitionInterface $field_definition, AccountInterface $account): AccessResultInterface {
if ($field_definition->getName() === 'spotlight') {
return AccessResult::forbiddenIf(!$account->hasPermission('filter by spotlight field'))->cachePerPermissions();
}
if ($field_definition->getName() === 'field_test_text') {
return AccessResult::allowedIf($field_definition->getTargetEntityTypeId() === 'entity_test_with_bundle');
}
return AccessResult::neutral();
}
}

11
web/core/modules/jsonapi/tests/modules/jsonapi_test_field_type/config/schema/jsonapi_test_field_type.schema.yml Normal file
View File

@ -0,0 +1,11 @@
field.storage_settings.jsonapi_test_field_type_entity_reference_uuid:
type: field.storage_settings.entity_reference
label: 'Entity reference field storage settings'
field.field_settings.jsonapi_test_field_type_entity_reference_uuid:
type: field.field_settings.entity_reference
label: 'Entity reference field settings'
field.value.jsonapi_test_field_type_entity_reference_uuid:
type: field.value.entity_reference
label: 'Default value'

3
web/core/modules/jsonapi/tests/modules/jsonapi_test_field_type/jsonapi_test_field_type.info.yml Normal file
View File

@ -0,0 +1,3 @@
name: 'JSON API test format-agnostic @FieldType normalizers'
type: module
package: Testing

6
web/core/modules/jsonapi/tests/modules/jsonapi_test_field_type/jsonapi_test_field_type.services.yml Normal file
View File

@ -0,0 +1,6 @@
services:
serializer.normalizer.string.jsonapi_test_field_type:
class: Drupal\jsonapi_test_field_type\Normalizer\StringNormalizer
tags:
# The priority must be higher than serialization.normalizer.field_item.
- { name: normalizer , priority: 1000 }

41
web/core/modules/jsonapi/tests/modules/jsonapi_test_field_type/src/Normalizer/StringNormalizer.php Normal file
View File

@ -0,0 +1,41 @@
<?php
declare(strict_types=1);
namespace Drupal\jsonapi_test_field_type\Normalizer;
use Drupal\Core\Field\Plugin\Field\FieldType\StringItem;
use Drupal\serialization\Normalizer\FieldItemNormalizer;
use Symfony\Component\Serializer\Normalizer\DenormalizerInterface;
/**
* Normalizes string fields weirdly: replaces 'super' with 'NOT' and vice versa.
*/
class StringNormalizer extends FieldItemNormalizer implements DenormalizerInterface {
/**
* {@inheritdoc}
*/
public function normalize($object, $format = NULL, array $context = []): array|string|int|float|bool|\ArrayObject|NULL {
$data = parent::normalize($object, $format, $context);
$data['value'] = str_replace('super', 'NOT', $data['value']);
return $data;
}
/**
* {@inheritdoc}
*/
protected function constructValue($data, $context) {
$data = parent::constructValue($data, $context);
$data['value'] = str_replace('NOT', 'super', $data['value']);
return $data;
}
/**
* {@inheritdoc}
*/
public function getSupportedTypes(?string $format): array {
return [StringItem::class => TRUE];
}
}

241
web/core/modules/jsonapi/tests/modules/jsonapi_test_field_type/src/Plugin/Field/FieldType/EntityReferenceUuidItem.php Normal file
View File

@ -0,0 +1,241 @@
<?php
declare(strict_types=1);
namespace Drupal\jsonapi_test_field_type\Plugin\Field\FieldType;
use Drupal\Core\Entity\EntityInterface;
use Drupal\Core\Entity\TypedData\EntityDataDefinition;
use Drupal\Core\Field\Attribute\FieldType;
use Drupal\Core\Field\EntityReferenceFieldItemList;
use Drupal\Core\Field\FieldDefinitionInterface;
use Drupal\Core\Field\FieldStorageDefinitionInterface;
use Drupal\Core\Field\Plugin\Field\FieldType\EntityReferenceItem;
use Drupal\Core\StringTranslation\TranslatableMarkup;
use Drupal\Core\TypedData\DataReferenceDefinition;
use Drupal\Core\TypedData\DataReferenceTargetDefinition;
/**
* Defines the 'entity_reference_uuid' entity field type.
*
* Supported settings (below the definition's 'settings' key) are:
* - target_type: The entity type to reference. Required.
*
* @property string $target_uuid
*/
#[FieldType(
id: 'jsonapi_test_field_type_entity_reference_uuid',
label: new TranslatableMarkup('Entity reference UUID'),
description: new TranslatableMarkup('An entity field containing an entity reference by UUID.'),
category: 'reference',
default_widget: 'entity_reference_autocomplete',
default_formatter: 'entity_reference_label',
list_class: EntityReferenceFieldItemList::class,
)]
class EntityReferenceUuidItem extends EntityReferenceItem {
/**
* {@inheritdoc}
*/
public static function propertyDefinitions(FieldStorageDefinitionInterface $field_definition) {
$settings = $field_definition->getSettings();
$target_type_info = \Drupal::entityTypeManager()->getDefinition($settings['target_type']);
$properties = parent::propertyDefinitions($field_definition);
$target_uuid_definition = DataReferenceTargetDefinition::create('string')
->setLabel(new TranslatableMarkup('@label UUID', ['@label' => $target_type_info->getLabel()]));
$target_uuid_definition->setRequired(TRUE);
$properties['target_uuid'] = $target_uuid_definition;
$properties['entity'] = DataReferenceDefinition::create('entity')
->setLabel($target_type_info->getLabel())
->setDescription(new TranslatableMarkup('The referenced entity by UUID'))
// The entity object is computed out of the entity ID.
->setComputed(TRUE)
->setReadOnly(FALSE)
->setTargetDefinition(EntityDataDefinition::create($settings['target_type']))
// We can add a constraint for the target entity type. The list of
// referenceable bundles is a field setting, so the corresponding
// constraint is added dynamically in ::getConstraints().
->addConstraint('EntityType', $settings['target_type']);
return $properties;
}
/**
* {@inheritdoc}
*/
public static function mainPropertyName() {
return 'target_uuid';
}
/**
* {@inheritdoc}
*/
public static function schema(FieldStorageDefinitionInterface $field_definition) {
$columns = [
'target_uuid' => [
'description' => 'The UUID of the target entity.',
'type' => 'varchar_ascii',
'length' => 128,
],
];
return [
'columns' => $columns,
'indexes' => [
'target_uuid' => ['target_uuid'],
],
];
}
/**
* {@inheritdoc}
*/
public function setValue($values, $notify = TRUE): void {
if (isset($values) && !is_array($values)) {
// If either a scalar or an object was passed as the value for the item,
// assign it to the 'entity' or 'target_uuid' depending on values type.
if (is_object($values)) {
$this->set('entity', $values, $notify);
}
else {
$this->set('target_uuid', $values, $notify);
}
}
else {
parent::setValue($values, FALSE);
// Support setting the field item with only one property, but make sure
// values stay in sync if only property is passed.
// NULL is a valid value, so we use array_key_exists().
if (is_array($values) && array_key_exists('target_uuid', $values) && !isset($values['entity'])) {
$this->onChange('target_uuid', FALSE);
}
elseif (is_array($values) && !array_key_exists('target_uuid', $values) && isset($values['entity'])) {
$this->onChange('entity', FALSE);
}
elseif (is_array($values) && array_key_exists('target_uuid', $values) && isset($values['entity'])) {
// If both properties are passed, verify the passed values match. The
// only exception we allow is when we have a new entity: in this case
// its actual id and target_uuid will be different, due to the new
// entity marker.
$entity_uuid = $this->get('entity')->get('uuid');
// If the entity has been saved and we're trying to set both the
// target_uuid and the entity values with a non-null target UUID, then
// the value for target_uuid should match the UUID of the entity value.
if (!$this->entity->isNew() && $values['target_uuid'] !== NULL && ($entity_uuid !== $values['target_uuid'])) {
throw new \InvalidArgumentException('The target UUID and entity passed to the entity reference item do not match.');
}
}
// Notify the parent if necessary.
if ($notify && $this->parent) {
$this->parent->onChange($this->getName());
}
}
}
/**
* {@inheritdoc}
*/
public function onChange($property_name, $notify = TRUE): void {
// Make sure that the target UUID and the target property stay in sync.
if ($property_name === 'entity') {
$property = $this->get('entity');
if ($target_uuid = $property->isTargetNew() ? NULL : $property->getValue()->uuid()) {
$this->writePropertyValue('target_uuid', $target_uuid);
}
}
elseif ($property_name === 'target_uuid') {
$property = $this->get('entity');
$entity_type = $property->getDataDefinition()->getConstraint('EntityType');
$entities = \Drupal::entityTypeManager()->getStorage($entity_type)->loadByProperties(['uuid' => $this->get('target_uuid')->getValue()]);
if ($entity = array_shift($entities)) {
assert($entity instanceof EntityInterface);
$this->writePropertyValue('target_uuid', $entity->uuid());
$this->writePropertyValue('entity', $entity);
}
}
parent::onChange($property_name, $notify);
}
/**
* {@inheritdoc}
*/
public function isEmpty() {
// Avoid loading the entity by first checking the 'target_uuid'.
if ($this->target_uuid !== NULL) {
return FALSE;
}
if ($this->entity && $this->entity instanceof EntityInterface) {
return FALSE;
}
return TRUE;
}
/**
* {@inheritdoc}
*/
public function preSave(): void {
if ($this->hasNewEntity()) {
// Save the entity if it has not already been saved by some other code.
if ($this->entity->isNew()) {
$this->entity->save();
}
// Make sure the parent knows we are updating this property so it can
// react properly.
$this->target_uuid = $this->entity->uuid();
}
if (!$this->isEmpty() && $this->target_uuid === NULL) {
$this->target_uuid = $this->entity->uuid();
}
}
/**
* {@inheritdoc}
*/
public static function generateSampleValue(FieldDefinitionInterface $field_definition): array {
$manager = \Drupal::service('plugin.manager.entity_reference_selection');
// Instead of calling $manager->getSelectionHandler($field_definition)
// replicate the behavior to be able to override the sorting settings.
$options = [
'target_type' => $field_definition->getFieldStorageDefinition()->getSetting('target_type'),
'handler' => $field_definition->getSetting('handler'),
'handler_settings' => $field_definition->getSetting('handler_settings') ?: [],
'entity' => NULL,
];
$entity_type = \Drupal::entityTypeManager()->getDefinition($options['target_type']);
$options['handler_settings']['sort'] = [
'field' => $entity_type->getKey('uuid'),
'direction' => 'DESC',
];
$selection_handler = $manager->getInstance($options);
// Select a random number of references between the last 50 referenceable
// entities created.
if ($referenceable = $selection_handler->getReferenceableEntities(NULL, 'CONTAINS', 50)) {
$group = array_rand($referenceable);
return ['target_uuid' => array_rand($referenceable[$group])];
}
return [];
}
/**
* Determines whether the item holds an unsaved entity.
*
* This is notably used for "autocreate" widgets, and more generally to
* support referencing freshly created entities (they will get saved
* automatically as the hosting entity gets saved).
*
* @return bool
* TRUE if the item holds an unsaved entity.
*/
public function hasNewEntity() {
return !$this->isEmpty() && $this->target_uuid === NULL && $this->entity->isNew();
}
}

3
web/core/modules/jsonapi/tests/modules/jsonapi_test_meta_events/jsonapi_test_meta_events.info.yml Normal file
View File

@ -0,0 +1,3 @@
name: 'JSON API test adding meta data through events'
type: module
package: Testing

5
web/core/modules/jsonapi/tests/modules/jsonapi_test_meta_events/jsonapi_test_meta_events.services.yml Normal file
View File

@ -0,0 +1,5 @@
services:
jsonapi_test_meta_events.meta_subscriber:
class: Drupal\jsonapi_test_meta_events\EventSubscriber\MetaEventSubscriber
tags:
- { name: event_subscriber }

154
web/core/modules/jsonapi/tests/modules/jsonapi_test_meta_events/src/EventSubscriber/MetaEventSubscriber.php Normal file
View File

@ -0,0 +1,154 @@
<?php
declare(strict_types=1);
namespace Drupal\jsonapi_test_meta_events\EventSubscriber;
use Drupal\Core\Field\EntityReferenceFieldItemListInterface;
use Drupal\jsonapi\Events\CollectRelationshipMetaEvent;
use Drupal\jsonapi\Events\CollectResourceObjectMetaEvent;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
/**
* Event subscriber which tests adding metadata to ResourceObjects and relationships.
*
* @internal
*/
class MetaEventSubscriber implements EventSubscriberInterface {
/**
* {@inheritdoc}
*/
public static function getSubscribedEvents(): array {
return [
CollectResourceObjectMetaEvent::class => 'addResourceObjectMeta',
CollectRelationshipMetaEvent::class => 'addRelationshipMeta',
];
}
/**
* @param \Drupal\jsonapi\Events\CollectResourceObjectMetaEvent $event
* Event to be processed.
*/
public function addResourceObjectMeta(CollectResourceObjectMetaEvent $event): void {
$config = \Drupal::state()->get('jsonapi_test_meta_events.object_meta', [
'enabled_type' => FALSE,
'enabled_id' => FALSE,
'fields' => FALSE,
'user_is_admin_context' => FALSE,
]);
// Only continue if the recourse type is enabled.
if ($config['enabled_type'] === FALSE || $config['enabled_type'] !== $event->getResourceObject()->getTypeName()) {
return;
}
// Only apply on the referenced ID of the resource.
if ($config['enabled_id'] !== FALSE && $config['enabled_id'] !== $event->getResourceObject()->getId()) {
return;
}
if ($config['fields'] === FALSE) {
return;
}
if ($config['user_is_admin_context']) {
$event->addCacheContexts(['user.roles']);
$event->setMetaValue('resource_meta_user_has_admin_role', $this->currentUserHasAdminRole());
$event->setMetaValue('resource_meta_user_id', \Drupal::currentUser()->id());
}
// Add the metadata for each field. The field configuration must be an array
// of field values keyed by the field name.
foreach ($config['fields'] as $field_name) {
$event->setMetaValue('resource_meta_' . $field_name, $event->getResourceObject()->getField($field_name)->value);
}
$event->addCacheTags(['jsonapi_test_meta_events.object_meta']);
}
/**
* @param \Drupal\jsonapi\Events\CollectRelationshipMetaEvent $event
* Event to be processed.
*/
public function addRelationshipMeta(CollectRelationshipMetaEvent $event): void {
$config = \Drupal::state()->get('jsonapi_test_meta_events.relationship_meta', [
'enabled_type' => FALSE,
'enabled_id' => FALSE,
'enabled_relation' => FALSE,
'fields' => FALSE,
'user_is_admin_context' => FALSE,
]);
// Only continue if the resource type is enabled.
if ($config['enabled_type'] === FALSE || $config['enabled_type'] !== $event->getResourceObject()->getTypeName()) {
return;
}
// Only apply on the referenced ID of the resource.
if ($config['enabled_id'] !== FALSE && $config['enabled_id'] !== $event->getResourceObject()->getId()) {
return;
}
// Only continue if this is the correct relation.
if ($config['enabled_relation'] === FALSE || $config['enabled_relation'] !== $event->getRelationshipFieldName()) {
return;
}
$relationshipFieldName = $event->getRelationshipFieldName();
$field = $event->getResourceObject()->getField($relationshipFieldName);
$referencedEntities = [];
if ($field instanceof EntityReferenceFieldItemListInterface) {
$referencedEntities = $field->referencedEntities();
$event->addCacheTags(['jsonapi_test_meta_events.relationship_meta']);
}
if ($config['user_is_admin_context'] ?? FALSE) {
$event->addCacheContexts(['user.roles']);
$event->setMetaValue('resource_meta_user_has_admin_role', $this->currentUserHasAdminRole());
}
// If no fields are specified just add a list of UUIDs to the relations.
if ($config['fields'] === FALSE) {
$referencedEntityIds = [];
foreach ($referencedEntities as $entity) {
$referencedEntityIds[] = $entity->uuid();
}
$event->setMetaValue('relationship_meta_' . $event->getRelationshipFieldName(), $referencedEntityIds);
return;
}
// Add the metadata for each field. The field configuration must be an array
// of field values keyed by the field name.
foreach ($config['fields'] as $field_name) {
$fieldValues = [];
foreach ($referencedEntities as $entity) {
$fieldValues[] = $entity->get($field_name)->value;
}
$event->setMetaValue('relationship_meta_' . $field_name, $fieldValues);
}
}
/**
* @return string
* The value 'yes' if the current user has an admin role, 'no' otherwise.
*
* @throws \Drupal\Component\Plugin\Exception\InvalidPluginDefinitionException
* @throws \Drupal\Component\Plugin\Exception\PluginNotFoundException
*/
protected function currentUserHasAdminRole(): string {
$admin_roles = \Drupal::entityTypeManager()
->getStorage('user_role')
->loadByProperties(['is_admin' => TRUE]);
$has_admin_role = 'yes';
if (count(array_intersect(\Drupal::currentUser()->getRoles(), array_keys($admin_roles))) === 0) {
$has_admin_role = 'no';
}
return $has_admin_role;
}
}

3
web/core/modules/jsonapi/tests/modules/jsonapi_test_non_cacheable_methods/jsonapi_test_non_cacheable_methods.info.yml Normal file
View File

@ -0,0 +1,3 @@
name: 'JSON API test non-cacheable methods'
type: module
package: Testing

32
web/core/modules/jsonapi/tests/modules/jsonapi_test_non_cacheable_methods/src/Hook/JsonapiTestNonCacheableMethodsHooks.php Normal file
View File

@ -0,0 +1,32 @@
<?php
declare(strict_types=1);
namespace Drupal\jsonapi_test_non_cacheable_methods\Hook;
use Drupal\Core\Url;
use Drupal\Core\Entity\EntityInterface;
use Drupal\Core\Hook\Attribute\Hook;
/**
* Hook implementations for jsonapi_test_non_cacheable_methods.
*/
class JsonapiTestNonCacheableMethodsHooks {
/**
* Implements hook_entity_presave().
*/
#[Hook('entity_presave')]
public function entityPresave(EntityInterface $entity): void {
Url::fromRoute('<front>')->toString();
}
/**
* Implements hook_entity_predelete().
*/
#[Hook('entity_predelete')]
public function entityPredelete(EntityInterface $entity): void {
Url::fromRoute('<front>')->toString();
}
}

3
web/core/modules/jsonapi/tests/modules/jsonapi_test_normalizers_kernel/jsonapi_test_normalizers_kernel.info.yml Normal file
View File

@ -0,0 +1,3 @@
name: 'JSON API test: normalizers kernel tests, public aliases for select JSON API normalizers'
type: module
package: Testing

4
web/core/modules/jsonapi/tests/modules/jsonapi_test_normalizers_kernel/jsonapi_test_normalizers_kernel.services.yml Normal file
View File

@ -0,0 +1,4 @@
services:
jsonapi_test_normalizers_kernel.jsonapi_document_toplevel:
alias: serializer.normalizer.jsonapi_document_toplevel.jsonapi
public: true

3
web/core/modules/jsonapi/tests/modules/jsonapi_test_resource_type_building/jsonapi_test_resource_type_building.info.yml Normal file
View File

@ -0,0 +1,3 @@
name: 'JSON:API test resource type building API'
type: module
package: Testing

11
web/core/modules/jsonapi/tests/modules/jsonapi_test_resource_type_building/jsonapi_test_resource_type_building.services.yml Normal file
View File

@ -0,0 +1,11 @@
services:
_defaults:
autoconfigure: true
jsonapi_test_resource_type_building.build_subscriber:
class: Drupal\jsonapi_test_resource_type_building\EventSubscriber\ResourceTypeBuildEventSubscriber
tags:
- { name: event_subscriber, priority: 1000 }
jsonapi_test_resource_type_building.late_build_subscriber:
class: Drupal\jsonapi_test_resource_type_building\EventSubscriber\LateResourceTypeBuildEventSubscriber
tags:
- { name: event_subscriber, priority: 999 }

47
web/core/modules/jsonapi/tests/modules/jsonapi_test_resource_type_building/src/EventSubscriber/LateResourceTypeBuildEventSubscriber.php Normal file
View File

@ -0,0 +1,47 @@
<?php
declare(strict_types=1);
namespace Drupal\jsonapi_test_resource_type_building\EventSubscriber;
use Drupal\jsonapi\ResourceType\ResourceTypeBuildEvents;
use Drupal\jsonapi\ResourceType\ResourceTypeBuildEvent;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
/**
* Event subscriber which tests enabling disabled resource type fields.
*
* @internal
*/
class LateResourceTypeBuildEventSubscriber implements EventSubscriberInterface {
/**
* {@inheritdoc}
*/
public static function getSubscribedEvents(): array {
return [
ResourceTypeBuildEvents::BUILD => [
['enableResourceTypeFields'],
],
];
}
/**
* Disables any resource type fields that have been aliased by a test.
*
* @param \Drupal\jsonapi\ResourceType\ResourceTypeBuildEvent $event
* The build event.
*/
public function enableResourceTypeFields(ResourceTypeBuildEvent $event): void {
$aliases = \Drupal::state()->get('jsonapi_test_resource_type_builder.enabled_resource_type_fields', []);
$resource_type_name = $event->getResourceTypeName();
if (in_array($resource_type_name, array_keys($aliases), TRUE)) {
foreach ($event->getFields() as $field) {
if (isset($aliases[$resource_type_name][$field->getInternalName()]) && $aliases[$resource_type_name][$field->getInternalName()] === TRUE) {
$event->enableField($field);
}
}
}
}
}

95
web/core/modules/jsonapi/tests/modules/jsonapi_test_resource_type_building/src/EventSubscriber/ResourceTypeBuildEventSubscriber.php Normal file
View File

@ -0,0 +1,95 @@
<?php
declare(strict_types=1);
namespace Drupal\jsonapi_test_resource_type_building\EventSubscriber;
use Drupal\jsonapi\ResourceType\ResourceTypeBuildEvents;
use Drupal\jsonapi\ResourceType\ResourceTypeBuildEvent;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
/**
* Event subscriber which tests disabling resource types.
*
* @internal
*/
class ResourceTypeBuildEventSubscriber implements EventSubscriberInterface {
/**
* {@inheritdoc}
*/
public static function getSubscribedEvents(): array {
return [
ResourceTypeBuildEvents::BUILD => [
['disableResourceType'],
['aliasResourceTypeFields'],
['disableResourceTypeFields'],
['renameResourceType'],
],
];
}
/**
* Disables any resource types that have been disabled by a test.
*
* @param \Drupal\jsonapi\ResourceType\ResourceTypeBuildEvent $event
* The build event.
*/
public function disableResourceType(ResourceTypeBuildEvent $event) {
$disabled_resource_types = \Drupal::state()->get('jsonapi_test_resource_type_builder.disabled_resource_types', []);
if (in_array($event->getResourceTypeName(), $disabled_resource_types, TRUE)) {
$event->disableResourceType();
}
}
/**
* Aliases any resource type fields that have been aliased by a test.
*
* @param \Drupal\jsonapi\ResourceType\ResourceTypeBuildEvent $event
* The build event.
*/
public function aliasResourceTypeFields(ResourceTypeBuildEvent $event) {
$aliases = \Drupal::state()->get('jsonapi_test_resource_type_builder.resource_type_field_aliases', []);
$resource_type_name = $event->getResourceTypeName();
if (in_array($resource_type_name, array_keys($aliases), TRUE)) {
foreach ($event->getFields() as $field) {
if (isset($aliases[$resource_type_name][$field->getInternalName()])) {
$event->setPublicFieldName($field, $aliases[$resource_type_name][$field->getInternalName()]);
}
}
}
}
/**
* Disables any resource type fields that have been aliased by a test.
*
* @param \Drupal\jsonapi\ResourceType\ResourceTypeBuildEvent $event
* The build event.
*/
public function disableResourceTypeFields(ResourceTypeBuildEvent $event) {
$aliases = \Drupal::state()->get('jsonapi_test_resource_type_builder.disabled_resource_type_fields', []);
$resource_type_name = $event->getResourceTypeName();
if (in_array($resource_type_name, array_keys($aliases), TRUE)) {
foreach ($event->getFields() as $field) {
if (isset($aliases[$resource_type_name][$field->getInternalName()]) && $aliases[$resource_type_name][$field->getInternalName()] === TRUE) {
$event->disableField($field);
}
}
}
}
/**
* Renames any resource types that have been renamed by a test.
*
* @param \Drupal\jsonapi\ResourceType\ResourceTypeBuildEvent $event
* The build event.
*/
public function renameResourceType(ResourceTypeBuildEvent $event) {
$names = \Drupal::state()->get('jsonapi_test_resource_type_builder.renamed_resource_types', []);
$resource_type_name = $event->getResourceTypeName();
if (isset($names[$resource_type_name])) {
$event->setResourceTypeName($names[$resource_type_name]);
}
}
}

3
web/core/modules/jsonapi/tests/modules/jsonapi_test_user/jsonapi_test_user.info.yml Normal file
View File

@ -0,0 +1,3 @@
name: 'JSON:API user tests'
type: module
package: Testing

25
web/core/modules/jsonapi/tests/modules/jsonapi_test_user/src/Hook/JsonapiTestUserHooks.php Normal file
View File

@ -0,0 +1,25 @@
<?php
declare(strict_types=1);
namespace Drupal\jsonapi_test_user\Hook;
use Drupal\Core\Session\AccountInterface;
use Drupal\Core\Hook\Attribute\Hook;
/**
* Hook implementations for jsonapi_test_user.
*/
class JsonapiTestUserHooks {
/**
* Implements hook_user_format_name_alter().
*/
#[Hook('user_format_name_alter')]
public function userFormatNameAlter(&$name, AccountInterface $account): void {
if ($account->isAnonymous()) {
$name = 'User ' . $account->id();
}
}
}

121
web/core/modules/jsonapi/tests/src/Functional/ActionTest.php Normal file
View File

@ -0,0 +1,121 @@
<?php
declare(strict_types=1);
namespace Drupal\Tests\jsonapi\Functional;
use Drupal\jsonapi\JsonApiSpec;
use Drupal\Core\Url;
use Drupal\system\Entity\Action;
use Drupal\user\RoleInterface;
/**
* JSON:API integration test for the "Action" config entity type.
*
* @group Action
*/
class ActionTest extends ConfigEntityResourceTestBase {
/**
* {@inheritdoc}
*/
protected static $modules = [];
/**
* {@inheritdoc}
*/
protected static $entityTypeId = 'action';
/**
* {@inheritdoc}
*/
protected static $resourceTypeName = 'action--action';
/**
* {@inheritdoc}
*
* @var \Drupal\system\ActionConfigEntityInterface
*/
protected $entity;
/**
* {@inheritdoc}
*/
protected $defaultTheme = 'stark';
/**
* {@inheritdoc}
*/
protected function setUpAuthorization($method): void {
$this->grantPermissionsToTestedRole(['administer actions']);
}
/**
* {@inheritdoc}
*/
protected function createEntity() {
$action = Action::create([
'id' => 'user_add_role_action.' . RoleInterface::ANONYMOUS_ID,
'type' => 'user',
'label' => 'Add the anonymous role to the selected users',
'configuration' => [
'rid' => RoleInterface::ANONYMOUS_ID,
],
'plugin' => 'user_add_role_action',
]);
$action->save();
return $action;
}
/**
* {@inheritdoc}
*/
protected function getExpectedDocument(): array {
$self_url = Url::fromUri('base:/jsonapi/action/action/' . $this->entity->uuid())->setAbsolute()->toString(TRUE)->getGeneratedUrl();
return [
'jsonapi' => [
'meta' => [
'links' => [
'self' => ['href' => JsonApiSpec::SUPPORTED_SPECIFICATION_PERMALINK],
],
],
'version' => JsonApiSpec::SUPPORTED_SPECIFICATION_VERSION,
],
'links' => [
'self' => ['href' => $self_url],
],
'data' => [
'id' => $this->entity->uuid(),
'type' => 'action--action',
'links' => [
'self' => ['href' => $self_url],
],
'attributes' => [
'configuration' => [
'rid' => 'anonymous',
],
'dependencies' => [
'config' => ['user.role.anonymous'],
'module' => ['user'],
],
'label' => 'Add the anonymous role to the selected users',
'langcode' => 'en',
'plugin' => 'user_add_role_action',
'status' => TRUE,
'action_type' => 'user',
'drupal_internal__id' => 'user_add_role_action.anonymous',
],
],
];
}
/**
* {@inheritdoc}
*/
protected function getPostDocument(): array {
// @todo Update in https://www.drupal.org/node/2300677.
return [];
}
}

154
web/core/modules/jsonapi/tests/src/Functional/BaseFieldOverrideTest.php Normal file
View File

@ -0,0 +1,154 @@
<?php
declare(strict_types=1);
namespace Drupal\Tests\jsonapi\Functional;
use Drupal\jsonapi\JsonApiSpec;
use Drupal\Core\Field\Entity\BaseFieldOverride;
use Drupal\Core\Url;
use Drupal\node\Entity\NodeType;
/**
* JSON:API integration test for the "BaseFieldOverride" config entity type.
*
* @group jsonapi
*/
class BaseFieldOverrideTest extends ConfigEntityResourceTestBase {
/**
* {@inheritdoc}
*/
protected static $modules = ['field', 'node', 'field_ui'];
/**
* {@inheritdoc}
*/
protected static $entityTypeId = 'base_field_override';
/**
* {@inheritdoc}
*/
protected static $resourceTypeName = 'base_field_override--base_field_override';
/**
* {@inheritdoc}
*
* @var \Drupal\Core\Field\Entity\BaseFieldOverride
*/
protected $entity;
/**
* {@inheritdoc}
*/
protected $defaultTheme = 'stark';
/**
* {@inheritdoc}
*/
protected function setUpAuthorization($method): void {
$this->grantPermissionsToTestedRole(['administer node fields']);
}
/**
* {@inheritdoc}
*/
protected function createEntity() {
$camelids = NodeType::create([
'name' => 'Camelids',
'type' => 'camelids',
]);
$camelids->save();
$entity = BaseFieldOverride::create([
'field_name' => 'promote',
'entity_type' => 'node',
'bundle' => 'camelids',
'label' => 'Promote to front page',
]);
$entity->save();
return $entity;
}
/**
* {@inheritdoc}
*/
protected function getExpectedDocument(): array {
$self_url = Url::fromUri('base:/jsonapi/base_field_override/base_field_override/' . $this->entity->uuid())->setAbsolute()->toString(TRUE)->getGeneratedUrl();
return [
'jsonapi' => [
'meta' => [
'links' => [
'self' => ['href' => JsonApiSpec::SUPPORTED_SPECIFICATION_PERMALINK],
],
],
'version' => JsonApiSpec::SUPPORTED_SPECIFICATION_VERSION,
],
'links' => [
'self' => ['href' => $self_url],
],
'data' => [
'id' => $this->entity->uuid(),
'type' => 'base_field_override--base_field_override',
'links' => [
'self' => ['href' => $self_url],
],
'attributes' => [
'bundle' => 'camelids',
'default_value' => [],
'default_value_callback' => '',
'dependencies' => [
'config' => [
'node.type.camelids',
],
],
'description' => '',
'entity_type' => 'node',
'field_name' => 'promote',
'field_type' => 'boolean',
'label' => 'Promote to front page',
'langcode' => 'en',
'required' => FALSE,
'settings' => [
'on_label' => 'On',
'off_label' => 'Off',
],
'status' => TRUE,
'translatable' => TRUE,
'drupal_internal__id' => 'node.camelids.promote',
],
],
];
}
/**
* {@inheritdoc}
*/
protected function getPostDocument(): array {
// @todo Update in https://www.drupal.org/node/2300677.
return [];
}
/**
* {@inheritdoc}
*/
protected function getExpectedUnauthorizedAccessMessage($method): string {
return "The 'administer node fields' permission is required.";
}
/**
* {@inheritdoc}
*/
protected function createAnotherEntity($key) {
$entity = BaseFieldOverride::create([
'field_name' => 'status',
'entity_type' => 'node',
'bundle' => 'camelids',
'label' => 'Published',
]);
$entity->save();
return $entity;
}
}

268
web/core/modules/jsonapi/tests/src/Functional/BlockContentTest.php Normal file
View File

@ -0,0 +1,268 @@
<?php
declare(strict_types=1);
namespace Drupal\Tests\jsonapi\Functional;
use Drupal\jsonapi\JsonApiSpec;
use Drupal\block_content\Entity\BlockContent;
use Drupal\block_content\Entity\BlockContentType;
use Drupal\Core\Cache\Cache;
use Drupal\Core\Url;
use Drupal\Tests\jsonapi\Traits\CommonCollectionFilterAccessTestPatternsTrait;
/**
* JSON:API integration test for the "BlockContent" content entity type.
*
* @group jsonapi
*/
class BlockContentTest extends ResourceTestBase {
use CommonCollectionFilterAccessTestPatternsTrait;
/**
* {@inheritdoc}
*/
protected static $modules = ['block_content'];
/**
* {@inheritdoc}
*/
protected static $entityTypeId = 'block_content';
/**
* {@inheritdoc}
*/
protected static $resourceTypeName = 'block_content--basic';
/**
* {@inheritdoc}
*/
protected static $resourceTypeIsVersionable = TRUE;
/**
* {@inheritdoc}
*/
protected static $newRevisionsShouldBeAutomatic = TRUE;
/**
* {@inheritdoc}
*
* @var \Drupal\block_content\BlockContentInterface
*/
protected $entity;
/**
* {@inheritdoc}
*/
protected $defaultTheme = 'stark';
/**
* {@inheritdoc}
*/
protected static $patchProtectedFieldNames = [
'changed' => NULL,
];
/**
* {@inheritdoc}
*/
protected function setUpAuthorization($method): void {
switch ($method) {
case 'GET':
$this->grantPermissionsToTestedRole([
'access block library',
]);
break;
case 'PATCH':
$this->grantPermissionsToTestedRole([
'administer block types',
'administer block content',
]);
break;
case 'POST':
$this->grantPermissionsToTestedRole(['create basic block content']);
break;
case 'DELETE':
$this->grantPermissionsToTestedRole(['delete any basic block content']);
break;
}
}
/**
* {@inheritdoc}
*/
protected function setUpRevisionAuthorization($method): void {
parent::setUpRevisionAuthorization($method);
$this->grantPermissionsToTestedRole(['view any basic block content history']);
}
/**
* {@inheritdoc}
*/
public function createEntity() {
if (!BlockContentType::load('basic')) {
$block_content_type = BlockContentType::create([
'id' => 'basic',
'label' => 'basic',
'revision' => TRUE,
]);
$block_content_type->save();
block_content_add_body_field($block_content_type->id());
}
// Create a "Llama" content block.
$block_content = BlockContent::create([
'info' => 'Llama',
'type' => 'basic',
'body' => [
'value' => 'The name "llama" was adopted by European settlers from native Peruvians.',
'format' => 'plain_text',
],
])
->setUnpublished();
$block_content->save();
return $block_content;
}
/**
* {@inheritdoc}
*/
protected function getExpectedDocument(): array {
$base_url = Url::fromUri('base:/jsonapi/block_content/basic/' . $this->entity->uuid())->setAbsolute();
$self_url = clone $base_url;
$version_identifier = 'id:' . $this->entity->getRevisionId();
$self_url = $self_url->setOption('query', ['resourceVersion' => $version_identifier]);
$version_query_string = '?resourceVersion=' . urlencode($version_identifier);
return [
'jsonapi' => [
'meta' => [
'links' => [
'self' => ['href' => JsonApiSpec::SUPPORTED_SPECIFICATION_PERMALINK],
],
],
'version' => JsonApiSpec::SUPPORTED_SPECIFICATION_VERSION,
],
'links' => [
'self' => ['href' => $base_url->toString()],
],
'data' => [
'id' => $this->entity->uuid(),
'type' => 'block_content--basic',
'links' => [
'self' => ['href' => $self_url->toString()],
],
'attributes' => [
'body' => [
'value' => 'The name "llama" was adopted by European settlers from native Peruvians.',
'format' => 'plain_text',
'summary' => NULL,
'processed' => "<p>The name &quot;llama&quot; was adopted by European settlers from native Peruvians.</p>\n",
],
'changed' => (new \DateTime())->setTimestamp($this->entity->getChangedTime())->setTimezone(new \DateTimeZone('UTC'))->format(\DateTime::RFC3339),
'info' => 'Llama',
'revision_created' => (new \DateTime())->setTimestamp((int) $this->entity->getRevisionCreationTime())->setTimezone(new \DateTimeZone('UTC'))->format(\DateTime::RFC3339),
'revision_translation_affected' => TRUE,
'status' => FALSE,
'langcode' => 'en',
'default_langcode' => TRUE,
'drupal_internal__id' => 1,
'drupal_internal__revision_id' => 1,
'reusable' => TRUE,
],
'relationships' => [
'block_content_type' => [
'data' => [
'id' => BlockContentType::load('basic')->uuid(),
'meta' => [
'drupal_internal__target_id' => 'basic',
],
'type' => 'block_content_type--block_content_type',
],
'links' => [
'related' => ['href' => $base_url->toString() . '/block_content_type' . $version_query_string],
'self' => ['href' => $base_url->toString() . '/relationships/block_content_type' . $version_query_string],
],
],
'revision_user' => [
'data' => NULL,
'links' => [
'related' => ['href' => $base_url->toString() . '/revision_user' . $version_query_string],
'self' => ['href' => $base_url->toString() . '/relationships/revision_user' . $version_query_string],
],
],
],
],
];
}
/**
* {@inheritdoc}
*/
protected function getPostDocument(): array {
return [
'data' => [
'type' => 'block_content--basic',
'attributes' => [
'info' => 'Drama llama',
],
],
];
}
/**
* {@inheritdoc}
*/
protected function getExpectedUnauthorizedAccessMessage($method) {
return match ($method) {
'GET' => "The 'access block library' permission is required.",
'PATCH' => "The 'edit any basic block content' permission is required.",
'POST' => "The following permissions are required: 'create basic block content' OR 'administer block content'.",
'DELETE' => "The 'delete any basic block content' permission is required.",
default => parent::getExpectedUnauthorizedAccessMessage($method),
};
}
/**
* {@inheritdoc}
*/
protected function getExpectedUnauthorizedAccessCacheability() {
// @see \Drupal\block_content\BlockContentAccessControlHandler()
return parent::getExpectedUnauthorizedAccessCacheability()
->addCacheTags(['block_content:1']);
}
/**
* {@inheritdoc}
*/
protected function getExpectedCacheTags(?array $sparse_fieldset = NULL) {
$tags = parent::getExpectedCacheTags($sparse_fieldset);
if ($sparse_fieldset === NULL || in_array('body', $sparse_fieldset)) {
$tags = Cache::mergeTags($tags, ['config:filter.format.plain_text']);
}
return $tags;
}
/**
* {@inheritdoc}
*/
protected function getExpectedCacheContexts(?array $sparse_fieldset = NULL) {
$contexts = parent::getExpectedCacheContexts($sparse_fieldset);
if ($sparse_fieldset === NULL || in_array('body', $sparse_fieldset)) {
$contexts = Cache::mergeContexts($contexts, ['languages:language_interface', 'theme']);
}
return $contexts;
}
/**
* {@inheritdoc}
*/
public function testCollectionFilterAccess(): void {
$this->entity->setPublished()->save();
$this->doTestCollectionFilterAccessForPublishableEntities('info', NULL, 'administer block content');
}
}

112
web/core/modules/jsonapi/tests/src/Functional/BlockContentTypeTest.php Normal file
View File

@ -0,0 +1,112 @@
<?php
declare(strict_types=1);
namespace Drupal\Tests\jsonapi\Functional;
use Drupal\jsonapi\JsonApiSpec;
use Drupal\block_content\Entity\BlockContentType;
use Drupal\Core\Url;
/**
* JSON:API integration test for the "BlockContentType" config entity type.
*
* @group jsonapi
*/
class BlockContentTypeTest extends ConfigEntityResourceTestBase {
/**
* {@inheritdoc}
*/
protected static $modules = ['block_content'];
/**
* {@inheritdoc}
*/
protected static $entityTypeId = 'block_content_type';
/**
* {@inheritdoc}
*/
protected static $resourceTypeName = 'block_content_type--block_content_type';
/**
* {@inheritdoc}
*
* @var \Drupal\block_content\BlockContentTypeInterface
*/
protected $entity;
/**
* {@inheritdoc}
*/
protected $defaultTheme = 'stark';
/**
* {@inheritdoc}
*/
protected function setUpAuthorization($method): void {
$this->grantPermissionsToTestedRole(['administer block types']);
}
/**
* {@inheritdoc}
*/
protected function createEntity() {
$block_content_type = BlockContentType::create([
'id' => 'pascal',
'label' => 'Pascal',
'revision' => FALSE,
'description' => 'Provides a competitive alternative to the "basic" type',
]);
$block_content_type->save();
return $block_content_type;
}
/**
* {@inheritdoc}
*/
protected function getExpectedDocument(): array {
$self_url = Url::fromUri('base:/jsonapi/block_content_type/block_content_type/' . $this->entity->uuid())->setAbsolute()->toString(TRUE)->getGeneratedUrl();
return [
'jsonapi' => [
'meta' => [
'links' => [
'self' => ['href' => JsonApiSpec::SUPPORTED_SPECIFICATION_PERMALINK],
],
],
'version' => JsonApiSpec::SUPPORTED_SPECIFICATION_VERSION,
],
'links' => [
'self' => ['href' => $self_url],
],
'data' => [
'id' => $this->entity->uuid(),
'type' => 'block_content_type--block_content_type',
'links' => [
'self' => ['href' => $self_url],
],
'attributes' => [
'dependencies' => [],
'description' => 'Provides a competitive alternative to the "basic" type',
'label' => 'Pascal',
'langcode' => 'en',
'revision' => FALSE,
'status' => TRUE,
'drupal_internal__id' => 'pascal',
],
],
];
}
/**
* {@inheritdoc}
*/
protected function getPostDocument(): array {
// @todo Update in https://www.drupal.org/node/2300677.
return [];
}
}

199
web/core/modules/jsonapi/tests/src/Functional/BlockTest.php Normal file
View File

@ -0,0 +1,199 @@
<?php
declare(strict_types=1);
namespace Drupal\Tests\jsonapi\Functional;
use Drupal\jsonapi\JsonApiSpec;
use Drupal\block\Entity\Block;
use Drupal\Core\Session\AccountInterface;
use Drupal\Core\Url;
/**
* JSON:API integration test for the "Block" config entity type.
*
* @group jsonapi
*/
class BlockTest extends ConfigEntityResourceTestBase {
/**
* {@inheritdoc}
*/
protected static $modules = ['block'];
/**
* {@inheritdoc}
*/
protected static $entityTypeId = 'block';
/**
* {@inheritdoc}
*/
protected static $resourceTypeName = 'block--block';
/**
* {@inheritdoc}
*
* @var \Drupal\block\BlockInterface
*/
protected $entity;
/**
* {@inheritdoc}
*/
protected $defaultTheme = 'stark';
/**
* {@inheritdoc}
*/
protected function setUpAuthorization($method): void {
switch ($method) {
case 'GET':
$this->entity->setVisibilityConfig('user_role', [])->save();
break;
}
}
/**
* {@inheritdoc}
*/
protected function createEntity() {
$block = Block::create([
'plugin' => 'llama_block',
'region' => 'header',
'id' => 'llama',
'theme' => 'stark',
]);
// All blocks can be viewed by the anonymous user by default. An interesting
// side effect of this is that any anonymous user is also able to read the
// corresponding block config entity via REST, even if an authentication
// provider is configured for the block config entity REST resource! In
// other words: Block entities do not distinguish between 'view' as in
// "render on a page" and 'view' as in "read the configuration".
// This prevents that.
// @todo Fix this in https://www.drupal.org/node/2820315.
$block->setVisibilityConfig('user_role', [
'id' => 'user_role',
'roles' => ['non-existing-role' => 'non-existing-role'],
'negate' => FALSE,
'context_mapping' => [
'user' => '@user.current_user_context:current_user',
],
]);
$block->save();
return $block;
}
/**
* {@inheritdoc}
*/
protected function getExpectedDocument(): array {
$self_url = Url::fromUri('base:/jsonapi/block/block/' . $this->entity->uuid())->setAbsolute()->toString(TRUE)->getGeneratedUrl();
return [
'jsonapi' => [
'meta' => [
'links' => [
'self' => ['href' => JsonApiSpec::SUPPORTED_SPECIFICATION_PERMALINK],
],
],
'version' => JsonApiSpec::SUPPORTED_SPECIFICATION_VERSION,
],
'links' => [
'self' => ['href' => $self_url],
],
'data' => [
'id' => $this->entity->uuid(),
'type' => 'block--block',
'links' => [
'self' => ['href' => $self_url],
],
'attributes' => [
'weight' => 0,
'langcode' => 'en',
'status' => TRUE,
'dependencies' => [
'theme' => [
'stark',
],
],
'theme' => 'stark',
'region' => 'header',
'provider' => NULL,
'plugin' => 'llama_block',
'settings' => [
'id' => 'broken',
'label' => '',
'provider' => 'core',
'label_display' => 'visible',
],
'visibility' => [],
'drupal_internal__id' => 'llama',
],
],
];
}
/**
* {@inheritdoc}
*/
protected function getPostDocument(): array {
// @todo Update once https://www.drupal.org/node/2300677 is fixed.
return [];
}
/**
* {@inheritdoc}
*/
protected function getExpectedCacheContexts(?array $sparse_fieldset = NULL): array {
// @see ::createEntity()
return array_values(array_diff(parent::getExpectedCacheContexts(), ['user.permissions']));
}
/**
* {@inheritdoc}
*/
protected function getExpectedCacheTags(?array $sparse_fieldset = NULL): array {
// Because the 'user.permissions' cache context is missing, the cache tag
// for the anonymous user role is never added automatically.
return array_values(array_diff(parent::getExpectedCacheTags(), ['config:user.role.anonymous']));
}
/**
* {@inheritdoc}
*/
protected function getExpectedUnauthorizedAccessMessage($method) {
switch ($method) {
case 'GET':
return "The block visibility condition 'user_role' denied access.";
default:
return parent::getExpectedUnauthorizedAccessMessage($method);
}
}
/**
* {@inheritdoc}
*/
protected function getExpectedUnauthorizedAccessCacheability() {
// @see \Drupal\block\BlockAccessControlHandler::checkAccess()
return parent::getExpectedUnauthorizedAccessCacheability()
->setCacheTags([
'4xx-response',
'config:block.block.llama',
'http_response',
'user:2',
])
->setCacheContexts(['url.query_args', 'url.site', 'user.roles']);
}
/**
* {@inheritdoc}
*/
protected static function getExpectedCollectionCacheability(AccountInterface $account, array $collection, ?array $sparse_fieldset = NULL, $filtered = FALSE) {
return parent::getExpectedCollectionCacheability($account, $collection, $sparse_fieldset, $filtered)
->addCacheTags(['user:2'])
->addCacheContexts(['user.roles']);
}
}

115
web/core/modules/jsonapi/tests/src/Functional/CommentExtrasTest.php Normal file
View File

@ -0,0 +1,115 @@
<?php
declare(strict_types=1);
namespace Drupal\Tests\jsonapi\Functional;
use Drupal\Core\Url;
use Drupal\Component\Utility\NestedArray;
use Drupal\Component\Serialization\Json;
use GuzzleHttp\RequestOptions;
/**
* JSON:API integration test for the "Comment" content entity type.
*
* @group jsonapi
*/
class CommentExtrasTest extends CommentTest {
/**
* {@inheritdoc}
*/
public function setUp(): void {
// Don't run any test methods from CommentTest because those will get run
// for CommentTest itself.
if (method_exists(parent::class, $this->name())) {
$this->markTestSkipped();
}
parent::setUp();
}
/**
* Tests POSTing a comment without critical base fields.
*
* Note that testPostIndividual() is testing with the most minimal
* normalization possible: the one returned by ::getNormalizedPostEntity().
*
* But Comment entities have some very special edge cases:
* - base fields that are not marked as required in
* \Drupal\comment\Entity\Comment::baseFieldDefinitions() yet in fact are
* required.
* - base fields that are marked as required, but yet can still result in
* validation errors other than "missing required field".
*/
public function testPostIndividualDxWithoutCriticalBaseFields(): void {
$this->setUpAuthorization('POST');
$this->config('jsonapi.settings')->set('read_only', FALSE)->save(TRUE);
$url = Url::fromRoute(sprintf('jsonapi.%s.collection.post', static::$resourceTypeName));
$request_options = [];
$request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
$request_options[RequestOptions::HEADERS]['Content-Type'] = 'application/vnd.api+json';
$request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions());
$remove_field = function (array $normalization, $type, $attribute_name) {
unset($normalization['data'][$type][$attribute_name]);
return $normalization;
};
// DX: 422 when missing 'entity_type' field.
$request_options[RequestOptions::BODY] = Json::encode($remove_field($this->getPostDocument(), 'attributes', 'entity_type'));
$response = $this->request('POST', $url, $request_options);
$this->assertResourceErrorResponse(422, 'entity_type: This value should not be null.', NULL, $response, '/data/attributes/entity_type');
// DX: 422 when missing 'entity_id' field.
$request_options[RequestOptions::BODY] = Json::encode($remove_field($this->getPostDocument(), 'relationships', 'entity_id'));
// @todo Remove the try/catch in https://www.drupal.org/node/2820364.
try {
$response = $this->request('POST', $url, $request_options);
$this->assertResourceErrorResponse(422, 'entity_id: This value should not be null.', NULL, $response, '/data/attributes/entity_id');
}
catch (\Exception $e) {
$this->assertSame("Error: Call to a member function get() on null\nDrupal\\comment\\Plugin\\Validation\\Constraint\\CommentNameConstraintValidator->getAnonymousContactDetailsSetting()() (Line: 96)\n", $e->getMessage());
}
// DX: 422 when missing 'field_name' field.
$request_options[RequestOptions::BODY] = Json::encode($remove_field($this->getPostDocument(), 'attributes', 'field_name'));
$response = $this->request('POST', $url, $request_options);
$this->assertResourceErrorResponse(422, 'field_name: This value should not be null.', NULL, $response, '/data/attributes/field_name');
}
/**
* Tests POSTing a comment with and without 'skip comment approval'.
*/
public function testPostIndividualSkipCommentApproval(): void {
$this->setUpAuthorization('POST');
$this->config('jsonapi.settings')->set('read_only', FALSE)->save(TRUE);
// Create request.
$request_options = [];
$request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
$request_options[RequestOptions::HEADERS]['Content-Type'] = 'application/vnd.api+json';
$request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions());
$request_options[RequestOptions::BODY] = Json::encode($this->getPostDocument());
$url = Url::fromRoute('jsonapi.comment--comment.collection.post');
// Status should be FALSE when posting as anonymous.
$response = $this->request('POST', $url, $request_options);
$document = $this->getDocumentFromResponse($response);
$this->assertResourceResponse(201, FALSE, $response);
$this->assertFalse($document['data']['attributes']['status']);
$this->assertFalse($this->entityStorage->loadUnchanged(2)->isPublished());
// Grant anonymous permission to skip comment approval.
$this->grantPermissionsToTestedRole(['skip comment approval']);
// Status must be TRUE when posting as anonymous and skip comment approval.
$response = $this->request('POST', $url, $request_options);
$document = $this->getDocumentFromResponse($response);
$this->assertResourceResponse(201, FALSE, $response);
$this->assertTrue($document['data']['attributes']['status']);
$this->assertTrue($this->entityStorage->loadUnchanged(3)->isPublished());
}
}

398
web/core/modules/jsonapi/tests/src/Functional/CommentTest.php Normal file
View File

@ -0,0 +1,398 @@
<?php
declare(strict_types=1);
namespace Drupal\Tests\jsonapi\Functional;
use Drupal\entity_test\EntityTestHelper;
use Drupal\jsonapi\JsonApiSpec;
use Drupal\comment\Entity\Comment;
use Drupal\comment\Entity\CommentType;
use Drupal\comment\Plugin\Field\FieldType\CommentItemInterface;
use Drupal\comment\Tests\CommentTestTrait;
use Drupal\Component\Utility\NestedArray;
use Drupal\Core\Cache\Cache;
use Drupal\Core\Entity\EntityInterface;
use Drupal\Core\Session\AccountInterface;
use Drupal\Core\Url;
use Drupal\entity_test\Entity\EntityTest;
use Drupal\Tests\jsonapi\Traits\CommonCollectionFilterAccessTestPatternsTrait;
use Drupal\user\Entity\User;
use GuzzleHttp\RequestOptions;
/**
* JSON:API integration test for the "Comment" content entity type.
*
* @group jsonapi
*/
class CommentTest extends ResourceTestBase {
use CommentTestTrait;
use CommonCollectionFilterAccessTestPatternsTrait;
/**
* {@inheritdoc}
*/
protected static $modules = ['comment', 'entity_test'];
/**
* {@inheritdoc}
*/
protected static $entityTypeId = 'comment';
/**
* {@inheritdoc}
*/
protected static $resourceTypeName = 'comment--comment';
/**
* {@inheritdoc}
*/
protected $defaultTheme = 'stark';
/**
* {@inheritdoc}
*/
protected static $patchProtectedFieldNames = [
'status' => "The 'administer comments' permission is required.",
'name' => "The 'administer comments' permission is required.",
'homepage' => "The 'administer comments' permission is required.",
'created' => "The 'administer comments' permission is required.",
'changed' => NULL,
'thread' => NULL,
'entity_type' => NULL,
'field_name' => NULL,
// @todo Uncomment this after https://www.drupal.org/project/drupal/issues/1847608 lands. Until then, it's impossible to test this.
// 'pid' => NULL,
'uid' => "The 'administer comments' permission is required.",
'entity_id' => NULL,
];
/**
* {@inheritdoc}
*
* @var \Drupal\comment\CommentInterface
*/
protected $entity;
/**
* @var \Drupal\entity_test\Entity\EntityTest
*/
private $commentedEntity;
/**
* {@inheritdoc}
*/
protected function setUpAuthorization($method): void {
switch ($method) {
case 'GET':
$this->grantPermissionsToTestedRole(['access comments', 'view test entity']);
break;
case 'POST':
$this->grantPermissionsToTestedRole(['post comments']);
break;
case 'PATCH':
$this->grantPermissionsToTestedRole(['edit own comments']);
break;
case 'DELETE':
$this->grantPermissionsToTestedRole(['administer comments']);
break;
}
}
/**
* {@inheritdoc}
*/
protected function createEntity() {
// Create a "bar" bundle for the "entity_test" entity type and create.
$bundle = 'bar';
EntityTestHelper::createBundle($bundle, NULL, 'entity_test');
// Create a comment field on this bundle.
$this->addDefaultCommentField('entity_test', 'bar', 'comment');
// Create a "Camelids" test entity that the comment will be assigned to.
$this->commentedEntity = EntityTest::create([
'name' => 'Camelids',
'type' => 'bar',
'comment' => CommentItemInterface::OPEN,
]);
$this->commentedEntity->save();
// Create a "Llama" comment.
$comment = Comment::create([
'comment_body' => [
'value' => 'The name "llama" was adopted by European settlers from native Peruvians.',
'format' => 'plain_text',
],
'entity_id' => $this->commentedEntity->id(),
'entity_type' => 'entity_test',
'field_name' => 'comment',
]);
$comment->setSubject('Llama')
->setOwnerId($this->account->id())
->setPublished()
->setCreatedTime(123456789)
->setChangedTime(123456789);
$comment->save();
return $comment;
}
/**
* {@inheritdoc}
*/
protected function getExpectedDocument(): array {
$self_url = Url::fromUri('base:/jsonapi/comment/comment/' . $this->entity->uuid())->setAbsolute()->toString(TRUE)->getGeneratedUrl();
$author = User::load($this->entity->getOwnerId());
return [
'jsonapi' => [
'meta' => [
'links' => [
'self' => ['href' => JsonApiSpec::SUPPORTED_SPECIFICATION_PERMALINK],
],
],
'version' => JsonApiSpec::SUPPORTED_SPECIFICATION_VERSION,
],
'links' => [
'self' => ['href' => $self_url],
],
'data' => [
'id' => $this->entity->uuid(),
'type' => 'comment--comment',
'links' => [
'self' => ['href' => $self_url],
],
'attributes' => [
'created' => '1973-11-29T21:33:09+00:00',
'changed' => (new \DateTime())->setTimestamp($this->entity->getChangedTime())->setTimezone(new \DateTimeZone('UTC'))->format(\DateTime::RFC3339),
'comment_body' => [
'value' => 'The name "llama" was adopted by European settlers from native Peruvians.',
'format' => 'plain_text',
'processed' => "<p>The name &quot;llama&quot; was adopted by European settlers from native Peruvians.</p>\n",
],
'default_langcode' => TRUE,
'entity_type' => 'entity_test',
'field_name' => 'comment',
'homepage' => NULL,
'langcode' => 'en',
'name' => NULL,
'status' => TRUE,
'subject' => 'Llama',
'thread' => '01/',
'drupal_internal__cid' => (int) $this->entity->id(),
],
'relationships' => [
'uid' => [
'data' => [
'id' => $author->uuid(),
'meta' => [
'drupal_internal__target_id' => (int) $author->id(),
],
'type' => 'user--user',
],
'links' => [
'related' => ['href' => $self_url . '/uid'],
'self' => ['href' => $self_url . '/relationships/uid'],
],
],
'comment_type' => [
'data' => [
'id' => CommentType::load('comment')->uuid(),
'meta' => [
'drupal_internal__target_id' => 'comment',
],
'type' => 'comment_type--comment_type',
],
'links' => [
'related' => ['href' => $self_url . '/comment_type'],
'self' => ['href' => $self_url . '/relationships/comment_type'],
],
],
'entity_id' => [
'data' => [
'id' => $this->commentedEntity->uuid(),
'meta' => [
'drupal_internal__target_id' => (int) $this->commentedEntity->id(),
],
'type' => 'entity_test--bar',
],
'links' => [
'related' => ['href' => $self_url . '/entity_id'],
'self' => ['href' => $self_url . '/relationships/entity_id'],
],
],
'pid' => [
'data' => NULL,
'links' => [
'related' => ['href' => $self_url . '/pid'],
'self' => ['href' => $self_url . '/relationships/pid'],
],
],
],
],
];
}
/**
* {@inheritdoc}
*/
protected function getPostDocument(): array {
return [
'data' => [
'type' => 'comment--comment',
'attributes' => [
'entity_type' => 'entity_test',
'field_name' => 'comment',
'subject' => 'Drama llama',
'comment_body' => [
'value' => 'Llamas are awesome.',
'format' => 'plain_text',
],
],
'relationships' => [
'entity_id' => [
'data' => [
'type' => 'entity_test--bar',
'meta' => [
'drupal_internal__target_id' => 1,
],
'id' => EntityTest::load(1)->uuid(),
],
],
],
],
];
}
/**
* {@inheritdoc}
*/
protected function getExpectedCacheTags(?array $sparse_fieldset = NULL) {
$tags = parent::getExpectedCacheTags($sparse_fieldset);
if ($sparse_fieldset === NULL || in_array('comment_body', $sparse_fieldset)) {
$tags = Cache::mergeTags($tags, ['config:filter.format.plain_text']);
}
return $tags;
}
/**
* {@inheritdoc}
*/
protected function getExpectedCacheContexts(?array $sparse_fieldset = NULL) {
$contexts = parent::getExpectedCacheContexts($sparse_fieldset);
if ($sparse_fieldset === NULL || in_array('comment_body', $sparse_fieldset)) {
$contexts = Cache::mergeContexts($contexts, ['languages:language_interface', 'theme']);
}
return $contexts;
}
/**
* {@inheritdoc}
*/
protected function getExpectedUnauthorizedAccessMessage($method) {
switch ($method) {
case 'GET':
return "The 'access comments' permission is required and the comment must be published.";
case 'POST':
return "The 'post comments' permission is required.";
case 'PATCH':
return "The 'edit own comments' permission is required, the user must be the comment author, and the comment must be published.";
default:
return parent::getExpectedUnauthorizedAccessMessage($method);
}
}
/**
* {@inheritdoc}
*/
protected function getExpectedUnauthorizedAccessCacheability() {
// @see \Drupal\comment\CommentAccessControlHandler::checkAccess()
return parent::getExpectedUnauthorizedAccessCacheability()
->addCacheTags(['comment:1']);
}
/**
* {@inheritdoc}
*/
protected static function entityAccess(EntityInterface $entity, $operation, AccountInterface $account) {
// Also reset the 'entity_test' entity access control handler because
// comment access also depends on access to the commented entity type.
\Drupal::entityTypeManager()->getAccessControlHandler('entity_test')->resetCache();
return parent::entityAccess($entity, $operation, $account);
}
/**
* {@inheritdoc}
*/
protected static function getIncludePermissions(): array {
return [
'type' => ['administer comment types'],
'uid' => ['access user profiles'],
];
}
/**
* {@inheritdoc}
*/
public function testCollectionFilterAccess(): void {
// Verify the expected behavior in the common case.
$this->doTestCollectionFilterAccessForPublishableEntities('subject', 'access comments', 'administer comments');
$collection_url = Url::fromRoute('jsonapi.entity_test--bar.collection');
$request_options = [];
$request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
$request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions());
// Go back to a simpler scenario: revoke the admin permission, publish the
// comment and uninstall the query access test module.
$this->revokePermissionsFromTestedRole(['administer comments']);
$this->entity->setPublished()->save();
$this->assertTrue($this->container->get('module_installer')->uninstall(['jsonapi_test_field_filter_access'], TRUE), 'Uninstalled modules.');
// ?filter[spotlight.LABEL]: 1 result. Just as already tested above in
// ::doTestCollectionFilterAccessForPublishableEntities().
$collection_filter_url = $collection_url->setOption('query', ["filter[spotlight.subject]" => $this->entity->label()]);
$response = $this->request('GET', $collection_filter_url, $request_options);
$doc = $this->getDocumentFromResponse($response);
$this->assertCount(1, $doc['data']);
// Mark the commented entity as inaccessible.
\Drupal::state()->set('jsonapi__entity_test_filter_access_deny_list', [$this->entity->getCommentedEntityId()]);
Cache::invalidateTags(['state:jsonapi__entity_test_filter_access_deny_list']);
// ?filter[spotlight.LABEL]: 0 results.
$response = $this->request('GET', $collection_filter_url, $request_options);
$doc = $this->getDocumentFromResponse($response);
$this->assertCount(0, $doc['data']);
}
/**
* {@inheritdoc}
*/
protected static function getExpectedCollectionCacheability(AccountInterface $account, array $collection, ?array $sparse_fieldset = NULL, $filtered = FALSE) {
$cacheability = parent::getExpectedCollectionCacheability($account, $collection, $sparse_fieldset, $filtered);
if ($filtered) {
$cacheability->addCacheTags(['state:jsonapi__entity_test_filter_access_deny_list']);
}
return $cacheability;
}
/**
* {@inheritdoc}
*/
protected function doTestPatchIndividual(): void {
// Ensure ::getModifiedEntityForPatchTesting() can pick an alternative value
// for the 'entity_id' field.
EntityTest::create([
'name' => $this->randomString(),
'type' => 'bar',
])->save();
parent::doTestPatchIndividual();
}
}

113
web/core/modules/jsonapi/tests/src/Functional/CommentTypeTest.php Normal file
View File

@ -0,0 +1,113 @@
<?php
declare(strict_types=1);
namespace Drupal\Tests\jsonapi\Functional;
use Drupal\jsonapi\JsonApiSpec;
use Drupal\comment\Entity\CommentType;
use Drupal\Core\Url;
/**
* JSON:API integration test for the "CommentType" config entity type.
*
* @group jsonapi
*/
class CommentTypeTest extends ConfigEntityResourceTestBase {
/**
* {@inheritdoc}
*/
protected static $modules = ['node', 'comment'];
/**
* {@inheritdoc}
*/
protected static $entityTypeId = 'comment_type';
/**
* {@inheritdoc}
*/
protected static $resourceTypeName = 'comment_type--comment_type';
/**
* {@inheritdoc}
*
* @var \Drupal\comment\CommentTypeInterface
*/
protected $entity;
/**
* {@inheritdoc}
*/
protected $defaultTheme = 'stark';
/**
* {@inheritdoc}
*/
protected function setUpAuthorization($method): void {
$this->grantPermissionsToTestedRole(['administer comment types']);
}
/**
* {@inheritdoc}
*/
protected function createEntity() {
// Create a "Camelids" comment type.
$camelids = CommentType::create([
'id' => 'camelids',
'label' => 'Camelids',
'description' => 'Camelids are large, strictly herbivorous animals with slender necks and long legs.',
'target_entity_type_id' => 'node',
]);
$camelids->save();
return $camelids;
}
/**
* {@inheritdoc}
*/
protected function getExpectedDocument(): array {
$self_url = Url::fromUri('base:/jsonapi/comment_type/comment_type/' . $this->entity->uuid())->setAbsolute()->toString(TRUE)->getGeneratedUrl();
return [
'jsonapi' => [
'meta' => [
'links' => [
'self' => ['href' => JsonApiSpec::SUPPORTED_SPECIFICATION_PERMALINK],
],
],
'version' => JsonApiSpec::SUPPORTED_SPECIFICATION_VERSION,
],
'links' => [
'self' => ['href' => $self_url],
],
'data' => [
'id' => $this->entity->uuid(),
'type' => 'comment_type--comment_type',
'links' => [
'self' => ['href' => $self_url],
],
'attributes' => [
'dependencies' => [],
'description' => 'Camelids are large, strictly herbivorous animals with slender necks and long legs.',
'label' => 'Camelids',
'langcode' => 'en',
'status' => TRUE,
'target_entity_type_id' => 'node',
'drupal_internal__id' => 'camelids',
],
],
];
}
/**
* {@inheritdoc}
*/
protected function getPostDocument(): array {
// @todo Update in https://www.drupal.org/node/2300677.
return [];
}
}

39
web/core/modules/jsonapi/tests/src/Functional/ConfigEntityResourceTestBase.php Normal file
View File

@ -0,0 +1,39 @@
<?php
declare(strict_types=1);
namespace Drupal\Tests\jsonapi\Functional;
/**
* Resource test base class for config entities.
*
* @todo Remove this in https://www.drupal.org/node/2300677.
*/
abstract class ConfigEntityResourceTestBase extends ResourceTestBase {
/**
* A list of test methods to skip.
*
* @var array
*/
const SKIP_METHODS = [
'testRelated',
'testRelationships',
'testPostIndividual',
'testPatchIndividual',
'testDeleteIndividual',
'testRevisions',
];
/**
* {@inheritdoc}
*/
public function setUp(): void {
if (in_array($this->name(), static::SKIP_METHODS, TRUE)) {
// Skip before installing Drupal to prevent unnecessary use of resources.
$this->markTestSkipped("Not yet supported for config entities.");
}
parent::setUp();
}
}

125
web/core/modules/jsonapi/tests/src/Functional/ConfigTestTest.php Normal file
View File

@ -0,0 +1,125 @@
<?php
declare(strict_types=1);
namespace Drupal\Tests\jsonapi\Functional;
use Drupal\jsonapi\JsonApiSpec;
use Drupal\config_test\Entity\ConfigTest;
use Drupal\Core\Url;
/**
* JSON:API integration test for the "ConfigTest" config entity type.
*
* @group jsonapi
*/
class ConfigTestTest extends ConfigEntityResourceTestBase {
/**
* {@inheritdoc}
*/
protected static $modules = ['config_test', 'config_test_rest'];
/**
* {@inheritdoc}
*/
protected static $entityTypeId = 'config_test';
/**
* {@inheritdoc}
*/
protected static $resourceTypeName = 'config_test--config_test';
/**
* {@inheritdoc}
*
* @var \Drupal\config_test\ConfigTestInterface
*/
protected $entity;
/**
* {@inheritdoc}
*/
protected $defaultTheme = 'stark';
/**
* {@inheritdoc}
*/
protected function setUpAuthorization($method): void {
$this->grantPermissionsToTestedRole(['view config_test']);
}
/**
* {@inheritdoc}
*/
protected function getExpectedUnauthorizedAccessMessage($method) {
switch ($method) {
case 'GET':
return "The 'view config_test' permission is required.";
default:
return parent::getExpectedUnauthorizedAccessMessage($method);
}
}
/**
* {@inheritdoc}
*/
protected function createEntity() {
$config_test = ConfigTest::create([
'id' => 'llama',
'label' => 'Llama',
]);
$config_test->save();
return $config_test;
}
/**
* {@inheritdoc}
*/
protected function getExpectedDocument(): array {
$self_url = Url::fromUri('base:/jsonapi/config_test/config_test/' . $this->entity->uuid())->setAbsolute()->toString(TRUE)->getGeneratedUrl();
return [
'jsonapi' => [
'meta' => [
'links' => [
'self' => ['href' => JsonApiSpec::SUPPORTED_SPECIFICATION_PERMALINK],
],
],
'version' => JsonApiSpec::SUPPORTED_SPECIFICATION_VERSION,
],
'links' => [
'self' => ['href' => $self_url],
],
'data' => [
'id' => $this->entity->uuid(),
'type' => 'config_test--config_test',
'links' => [
'self' => ['href' => $self_url],
],
'attributes' => [
'weight' => 0,
'langcode' => 'en',
'status' => TRUE,
'dependencies' => [],
'label' => 'Llama',
'style' => NULL,
'size' => NULL,
'size_value' => NULL,
'protected_property' => NULL,
'drupal_internal__id' => 'llama',
],
],
];
}
/**
* {@inheritdoc}
*/
protected function getPostDocument(): array {
// @todo Update in https://www.drupal.org/node/2300677.
return [];
}
}

140
web/core/modules/jsonapi/tests/src/Functional/ConfigurableLanguageTest.php Normal file
View File

@ -0,0 +1,140 @@
<?php
declare(strict_types=1);
namespace Drupal\Tests\jsonapi\Functional;
use Drupal\jsonapi\JsonApiSpec;
use Drupal\Component\Utility\NestedArray;
use Drupal\Core\Cache\Cache;
use Drupal\Core\Url;
use Drupal\language\Entity\ConfigurableLanguage;
use GuzzleHttp\RequestOptions;
/**
* JSON:API integration test for the "ConfigurableLanguage" config entity type.
*
* @group jsonapi
*/
class ConfigurableLanguageTest extends ConfigEntityResourceTestBase {
/**
* {@inheritdoc}
*/
protected static $modules = ['language'];
/**
* {@inheritdoc}
*/
protected static $entityTypeId = 'configurable_language';
/**
* {@inheritdoc}
*/
protected static $resourceTypeName = 'configurable_language--configurable_language';
/**
* {@inheritdoc}
*
* @var \Drupal\Core\Field\Entity\BaseFieldOverride
*/
protected $entity;
/**
* {@inheritdoc}
*/
protected $defaultTheme = 'stark';
/**
* {@inheritdoc}
*/
protected function setUpAuthorization($method): void {
$this->grantPermissionsToTestedRole(['administer languages']);
}
/**
* {@inheritdoc}
*/
protected function createEntity() {
$configurable_language = ConfigurableLanguage::create([
'id' => 'll',
'label' => 'Llama Language',
]);
$configurable_language->save();
return $configurable_language;
}
/**
* {@inheritdoc}
*/
protected function getExpectedDocument(): array {
$self_url = Url::fromUri('base:/jsonapi/configurable_language/configurable_language/' . $this->entity->uuid())->setAbsolute()->toString(TRUE)->getGeneratedUrl();
return [
'jsonapi' => [
'meta' => [
'links' => [
'self' => ['href' => JsonApiSpec::SUPPORTED_SPECIFICATION_PERMALINK],
],
],
'version' => JsonApiSpec::SUPPORTED_SPECIFICATION_VERSION,
],
'links' => [
'self' => ['href' => $self_url],
],
'data' => [
'id' => $this->entity->uuid(),
'type' => 'configurable_language--configurable_language',
'links' => [
'self' => ['href' => $self_url],
],
'attributes' => [
'dependencies' => [],
'direction' => 'ltr',
'label' => 'Llama Language',
'langcode' => 'en',
'locked' => FALSE,
'status' => TRUE,
'weight' => 0,
'drupal_internal__id' => 'll',
],
],
];
}
/**
* {@inheritdoc}
*/
protected function getPostDocument(): array {
// @todo Update in https://www.drupal.org/node/2300677.
return [];
}
/**
* {@inheritdoc}
*/
protected function getExpectedCacheContexts(?array $sparse_fieldset = NULL) {
return Cache::mergeContexts(parent::getExpectedCacheContexts(), ['languages:language_interface']);
}
/**
* Tests a GET request for a default config entity, which has a _core key.
*
* @see https://www.drupal.org/project/drupal/issues/2915539
*/
public function testGetIndividualDefaultConfig(): void {
// @todo Remove line below in favor of commented line in https://www.drupal.org/project/drupal/issues/2878463.
$url = Url::fromRoute('jsonapi.configurable_language--configurable_language.individual', ['entity' => ConfigurableLanguage::load('en')->uuid()]);
/* $url = ConfigurableLanguage::load('en')->toUrl('jsonapi'); */
$request_options = [];
$request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
$request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions());
$this->setUpAuthorization('GET');
$response = $this->request('GET', $url, $request_options);
$normalization = $this->getDocumentFromResponse($response);
$this->assertArrayNotHasKey('_core', $normalization['data']['attributes']);
}
}

162
web/core/modules/jsonapi/tests/src/Functional/ContentLanguageSettingsTest.php Normal file
View File

@ -0,0 +1,162 @@
<?php
declare(strict_types=1);
namespace Drupal\Tests\jsonapi\Functional;
use Drupal\jsonapi\JsonApiSpec;
use Drupal\Core\Cache\Cache;
use Drupal\Core\Session\AccountInterface;
use Drupal\Core\Url;
use Drupal\language\Entity\ContentLanguageSettings;
use Drupal\node\Entity\NodeType;
/**
* JSON:API integration test for "ContentLanguageSettings" config entity type.
*
* @group jsonapi
*/
class ContentLanguageSettingsTest extends ConfigEntityResourceTestBase {
/**
* {@inheritdoc}
*/
protected static $modules = ['language', 'node'];
/**
* {@inheritdoc}
*/
protected static $entityTypeId = 'language_content_settings';
/**
* {@inheritdoc}
*/
protected static $resourceTypeName = 'language_content_settings--language_content_settings';
/**
* {@inheritdoc}
*
* @var \Drupal\language\ContentLanguageSettingsInterface
*/
protected $entity;
/**
* {@inheritdoc}
*/
protected $defaultTheme = 'stark';
/**
* {@inheritdoc}
*/
protected function setUpAuthorization($method): void {
$this->grantPermissionsToTestedRole(['administer languages']);
}
/**
* {@inheritdoc}
*/
protected function createEntity() {
// Create a "Camelids" node type.
$camelids = NodeType::create([
'name' => 'Camelids',
'type' => 'camelids',
]);
$camelids->save();
$entity = ContentLanguageSettings::create([
'target_entity_type_id' => 'node',
'target_bundle' => 'camelids',
]);
$entity->setDefaultLangcode('site_default')
->save();
return $entity;
}
/**
* {@inheritdoc}
*/
protected function getExpectedDocument(): array {
$self_url = Url::fromUri('base:/jsonapi/language_content_settings/language_content_settings/' . $this->entity->uuid())->setAbsolute()->toString(TRUE)->getGeneratedUrl();
return [
'jsonapi' => [
'meta' => [
'links' => [
'self' => ['href' => JsonApiSpec::SUPPORTED_SPECIFICATION_PERMALINK],
],
],
'version' => JsonApiSpec::SUPPORTED_SPECIFICATION_VERSION,
],
'links' => [
'self' => ['href' => $self_url],
],
'data' => [
'id' => $this->entity->uuid(),
'type' => 'language_content_settings--language_content_settings',
'links' => [
'self' => ['href' => $self_url],
],
'attributes' => [
'default_langcode' => 'site_default',
'dependencies' => [
'config' => [
'node.type.camelids',
],
],
'langcode' => 'en',
'language_alterable' => FALSE,
'status' => TRUE,
'target_bundle' => 'camelids',
'target_entity_type_id' => 'node',
'drupal_internal__id' => 'node.camelids',
],
],
];
}
/**
* {@inheritdoc}
*/
protected function getPostDocument(): array {
// @todo Update in https://www.drupal.org/node/2300677.
return [];
}
/**
* {@inheritdoc}
*/
protected function getExpectedCacheContexts(?array $sparse_fieldset = NULL) {
return Cache::mergeContexts(parent::getExpectedCacheContexts(), ['languages:language_interface']);
}
/**
* {@inheritdoc}
*/
protected function createAnotherEntity($key) {
NodeType::create([
'name' => 'Llamaids',
'type' => 'llamaids',
])->save();
$entity = ContentLanguageSettings::create([
'target_entity_type_id' => 'node',
'target_bundle' => 'llamaids',
]);
$entity->setDefaultLangcode('site_default');
$entity->save();
return $entity;
}
/**
* {@inheritdoc}
*/
protected static function getExpectedCollectionCacheability(AccountInterface $account, array $collection, ?array $sparse_fieldset = NULL, $filtered = FALSE) {
$cacheability = parent::getExpectedCollectionCacheability($account, $collection, $sparse_fieldset, $filtered);
if (static::entityAccess(reset($collection), 'view', $account)->isAllowed()) {
$cacheability->addCacheContexts(['languages:language_interface']);
}
return $cacheability;
}
}

117
web/core/modules/jsonapi/tests/src/Functional/DateFormatTest.php Normal file
View File

@ -0,0 +1,117 @@
<?php
declare(strict_types=1);
namespace Drupal\Tests\jsonapi\Functional;
use Drupal\jsonapi\JsonApiSpec;
use Drupal\Core\Datetime\Entity\DateFormat;
use Drupal\Core\Url;
/**
* JSON:API integration test for the "DateFormat" config entity type.
*
* @group jsonapi
*/
class DateFormatTest extends ConfigEntityResourceTestBase {
/**
* {@inheritdoc}
*/
protected static $modules = [];
/**
* {@inheritdoc}
*/
protected static $entityTypeId = 'date_format';
/**
* {@inheritdoc}
*/
protected static $resourceTypeName = 'date_format--date_format';
/**
* {@inheritdoc}
*/
protected static $anonymousUsersCanViewLabels = TRUE;
/**
* {@inheritdoc}
*
* @var \Drupal\Core\Datetime\DateFormatInterface
*/
protected $entity;
/**
* {@inheritdoc}
*/
protected $defaultTheme = 'stark';
/**
* {@inheritdoc}
*/
protected function setUpAuthorization($method): void {
$this->grantPermissionsToTestedRole(['administer site configuration']);
}
/**
* {@inheritdoc}
*/
protected function createEntity() {
// Create a date format.
$date_format = DateFormat::create([
'id' => 'llama',
'label' => 'Llama',
'pattern' => 'F d, Y',
]);
$date_format->save();
return $date_format;
}
/**
* {@inheritdoc}
*/
protected function getExpectedDocument(): array {
$self_url = Url::fromUri('base:/jsonapi/date_format/date_format/' . $this->entity->uuid())->setAbsolute()->toString(TRUE)->getGeneratedUrl();
return [
'jsonapi' => [
'meta' => [
'links' => [
'self' => ['href' => JsonApiSpec::SUPPORTED_SPECIFICATION_PERMALINK],
],
],
'version' => JsonApiSpec::SUPPORTED_SPECIFICATION_VERSION,
],
'links' => [
'self' => ['href' => $self_url],
],
'data' => [
'id' => $this->entity->uuid(),
'type' => 'date_format--date_format',
'links' => [
'self' => ['href' => $self_url],
],
'attributes' => [
'dependencies' => [],
'label' => 'Llama',
'langcode' => 'en',
'locked' => FALSE,
'pattern' => 'F d, Y',
'status' => TRUE,
'drupal_internal__id' => 'llama',
],
],
];
}
/**
* {@inheritdoc}
*/
protected function getPostDocument(): array {
// @todo Update in https://www.drupal.org/node/2300677.
return [];
}
}

225
web/core/modules/jsonapi/tests/src/Functional/EditorTest.php Normal file
View File

@ -0,0 +1,225 @@
<?php
declare(strict_types=1);
namespace Drupal\Tests\jsonapi\Functional;
use Drupal\jsonapi\JsonApiSpec;
use Drupal\ckeditor5\Plugin\CKEditor5Plugin\Heading;
use Drupal\Core\Entity\EntityInterface;
use Drupal\Core\Session\AccountInterface;
use Drupal\Core\Url;
use Drupal\editor\Entity\Editor;
use Drupal\filter\Entity\FilterFormat;
/**
* JSON:API integration test for the "Editor" config entity type.
*
* @group jsonapi
*/
class EditorTest extends ConfigEntityResourceTestBase {
/**
* {@inheritdoc}
*/
protected static $modules = ['filter', 'editor', 'ckeditor5'];
/**
* {@inheritdoc}
*/
protected static $entityTypeId = 'editor';
/**
* {@inheritdoc}
*/
protected static $resourceTypeName = 'editor--editor';
/**
* {@inheritdoc}
*
* @var \Drupal\editor\EditorInterface
*/
protected $entity;
/**
* {@inheritdoc}
*/
protected $defaultTheme = 'stark';
/**
* {@inheritdoc}
*/
protected function setUpAuthorization($method): void {
$this->grantPermissionsToTestedRole(['administer filters']);
}
/**
* {@inheritdoc}
*/
protected function createEntity() {
// Create a "Llama" filter format.
$llama_format = FilterFormat::create([
'name' => 'Llama',
'format' => 'llama',
'langcode' => 'es',
'filters' => [
'filter_html' => [
'status' => TRUE,
'settings' => [
'allowed_html' => '<p> <a> <b> <lo>',
],
],
],
]);
$llama_format->save();
// Create a "Camelids" editor.
$camelids = Editor::create([
'format' => 'llama',
'editor' => 'ckeditor5',
'image_upload' => [
'status' => FALSE,
],
]);
$camelids
->setImageUploadSettings([
'status' => TRUE,
'scheme' => 'public',
'directory' => 'inline-images',
'max_size' => NULL,
'max_dimensions' => [
'width' => NULL,
'height' => NULL,
],
])
->save();
return $camelids;
}
/**
* {@inheritdoc}
*/
protected function getExpectedDocument(): array {
$self_url = Url::fromUri('base:/jsonapi/editor/editor/' . $this->entity->uuid())->setAbsolute()->toString(TRUE)->getGeneratedUrl();
return [
'jsonapi' => [
'meta' => [
'links' => [
'self' => ['href' => JsonApiSpec::SUPPORTED_SPECIFICATION_PERMALINK],
],
],
'version' => JsonApiSpec::SUPPORTED_SPECIFICATION_VERSION,
],
'links' => [
'self' => ['href' => $self_url],
],
'data' => [
'id' => $this->entity->uuid(),
'type' => 'editor--editor',
'links' => [
'self' => ['href' => $self_url],
],
'attributes' => [
'dependencies' => [
'config' => [
'filter.format.llama',
],
'module' => [
'ckeditor5',
],
],
'editor' => 'ckeditor5',
'image_upload' => [
'status' => TRUE,
'scheme' => 'public',
'directory' => 'inline-images',
'max_size' => NULL,
'max_dimensions' => [
'width' => NULL,
'height' => NULL,
],
],
'langcode' => 'en',
'settings' => [
'toolbar' => [
'items' => ['heading', 'bold', 'italic'],
],
'plugins' => [
'ckeditor5_heading' => Heading::DEFAULT_CONFIGURATION,
],
],
'status' => TRUE,
'drupal_internal__format' => 'llama',
],
],
];
}
/**
* {@inheritdoc}
*/
protected function getPostDocument(): array {
// @todo Update in https://www.drupal.org/node/2300677.
return [];
}
/**
* {@inheritdoc}
*/
protected function getExpectedUnauthorizedAccessMessage($method): string {
return "The 'administer filters' permission is required.";
}
/**
* {@inheritdoc}
*/
protected function createAnotherEntity($key) {
FilterFormat::create([
'name' => 'Pachyderm',
'format' => 'pachyderm',
'langcode' => 'fr',
'filters' => [
'filter_html' => [
'status' => TRUE,
'settings' => [
'allowed_html' => '<p> <a> <b> <lo>',
],
],
],
])->save();
$entity = Editor::create([
'format' => 'pachyderm',
'editor' => 'ckeditor5',
'image_upload' => [
'status' => FALSE,
],
]);
$entity->setImageUploadSettings([
'status' => TRUE,
'scheme' => 'public',
'directory' => 'inline-images',
'max_size' => NULL,
'max_dimensions' => [
'width' => NULL,
'height' => NULL,
],
])->save();
return $entity;
}
/**
* {@inheritdoc}
*/
protected static function entityAccess(EntityInterface $entity, $operation, AccountInterface $account) {
// Also reset the 'filter_format' entity access control handler because
// editor access also depends on access to the configured filter format.
\Drupal::entityTypeManager()->getAccessControlHandler('filter_format')->resetCache();
return parent::entityAccess($entity, $operation, $account);
}
}

208
web/core/modules/jsonapi/tests/src/Functional/EntityFormDisplayTest.php Normal file
View File

@ -0,0 +1,208 @@
<?php
declare(strict_types=1);
namespace Drupal\Tests\jsonapi\Functional;
use Drupal\jsonapi\JsonApiSpec;
use Drupal\Core\Entity\Entity\EntityFormDisplay;
use Drupal\Core\Url;
use Drupal\node\Entity\NodeType;
/**
* JSON:API integration test for the "EntityFormDisplay" config entity type.
*
* @group jsonapi
*/
class EntityFormDisplayTest extends ConfigEntityResourceTestBase {
/**
* {@inheritdoc}
*/
protected static $modules = ['node', 'field_ui'];
/**
* {@inheritdoc}
*/
protected static $entityTypeId = 'entity_form_display';
/**
* {@inheritdoc}
*/
protected static $resourceTypeName = 'entity_form_display--entity_form_display';
/**
* {@inheritdoc}
*
* @var \Drupal\Core\Entity\Display\EntityFormDisplayInterface
*/
protected $entity;
/**
* {@inheritdoc}
*/
protected $defaultTheme = 'stark';
/**
* {@inheritdoc}
*/
protected function setUpAuthorization($method): void {
$this->grantPermissionsToTestedRole(['administer node form display']);
}
/**
* {@inheritdoc}
*/
protected function createEntity() {
// Create a "Camelids" node type.
$camelids = NodeType::create([
'name' => 'Camelids',
'type' => 'camelids',
]);
$camelids->save();
// Create a form display.
$form_display = EntityFormDisplay::create([
'targetEntityType' => 'node',
'bundle' => 'camelids',
'mode' => 'default',
]);
$form_display->save();
return $form_display;
}
/**
* {@inheritdoc}
*/
protected function getExpectedDocument(): array {
$self_url = Url::fromUri('base:/jsonapi/entity_form_display/entity_form_display/' . $this->entity->uuid())->setAbsolute()->toString(TRUE)->getGeneratedUrl();
return [
'jsonapi' => [
'meta' => [
'links' => [
'self' => ['href' => JsonApiSpec::SUPPORTED_SPECIFICATION_PERMALINK],
],
],
'version' => JsonApiSpec::SUPPORTED_SPECIFICATION_VERSION,
],
'links' => [
'self' => ['href' => $self_url],
],
'data' => [
'id' => $this->entity->uuid(),
'type' => 'entity_form_display--entity_form_display',
'links' => [
'self' => ['href' => $self_url],
],
'attributes' => [
'bundle' => 'camelids',
'content' => [
'created' => [
'type' => 'datetime_timestamp',
'weight' => 10,
'region' => 'content',
'settings' => [],
'third_party_settings' => [],
],
'promote' => [
'type' => 'boolean_checkbox',
'settings' => [
'display_label' => TRUE,
],
'weight' => 15,
'region' => 'content',
'third_party_settings' => [],
],
'status' => [
'type' => 'boolean_checkbox',
'weight' => 120,
'region' => 'content',
'settings' => [
'display_label' => TRUE,
],
'third_party_settings' => [],
],
'sticky' => [
'type' => 'boolean_checkbox',
'settings' => [
'display_label' => TRUE,
],
'weight' => 16,
'region' => 'content',
'third_party_settings' => [],
],
'title' => [
'type' => 'string_textfield',
'weight' => -5,
'region' => 'content',
'settings' => [
'size' => 60,
'placeholder' => '',
],
'third_party_settings' => [],
],
'uid' => [
'type' => 'entity_reference_autocomplete',
'weight' => 5,
'settings' => [
'match_operator' => 'CONTAINS',
'match_limit' => 10,
'size' => 60,
'placeholder' => '',
],
'region' => 'content',
'third_party_settings' => [],
],
],
'dependencies' => [
'config' => [
'node.type.camelids',
],
],
'hidden' => [],
'langcode' => 'en',
'mode' => 'default',
'status' => NULL,
'targetEntityType' => 'node',
'drupal_internal__id' => 'node.camelids.default',
],
],
];
}
/**
* {@inheritdoc}
*/
protected function getPostDocument(): array {
// @todo Update in https://www.drupal.org/node/2300677.
return [];
}
/**
* {@inheritdoc}
*/
protected function getExpectedUnauthorizedAccessMessage($method): string {
return "The 'administer node form display' permission is required.";
}
/**
* {@inheritdoc}
*/
protected function createAnotherEntity($key) {
NodeType::create([
'name' => 'Llamaids',
'type' => 'llamaids',
])->save();
$entity = EntityFormDisplay::create([
'targetEntityType' => 'node',
'bundle' => 'llamaids',
'mode' => 'default',
]);
$entity->save();
return $entity;
}
}

117
web/core/modules/jsonapi/tests/src/Functional/EntityFormModeTest.php Normal file
View File

@ -0,0 +1,117 @@
<?php
declare(strict_types=1);
namespace Drupal\Tests\jsonapi\Functional;
use Drupal\jsonapi\JsonApiSpec;
use Drupal\Core\Entity\Entity\EntityFormMode;
use Drupal\Core\Url;
/**
* JSON:API integration test for the "EntityFormMode" config entity type.
*
* @group jsonapi
*/
class EntityFormModeTest extends ConfigEntityResourceTestBase {
/**
* {@inheritdoc}
*
* @todo Remove 'field_ui' when https://www.drupal.org/node/2867266.
*/
protected static $modules = ['user', 'field_ui'];
/**
* {@inheritdoc}
*/
protected static $entityTypeId = 'entity_form_mode';
/**
* {@inheritdoc}
*/
protected static $resourceTypeName = 'entity_form_mode--entity_form_mode';
/**
* {@inheritdoc}
*
* @var \Drupal\Core\Entity\EntityFormModeInterface
*/
protected $entity;
/**
* {@inheritdoc}
*/
protected $defaultTheme = 'stark';
/**
* {@inheritdoc}
*/
protected function setUpAuthorization($method): void {
$this->grantPermissionsToTestedRole(['administer display modes']);
}
/**
* {@inheritdoc}
*/
protected function createEntity() {
$entity_form_mode = EntityFormMode::create([
'id' => 'user.test',
'label' => 'Test',
'description' => NULL,
'targetEntityType' => 'user',
]);
$entity_form_mode->save();
return $entity_form_mode;
}
/**
* {@inheritdoc}
*/
protected function getExpectedDocument(): array {
$self_url = Url::fromUri('base:/jsonapi/entity_form_mode/entity_form_mode/' . $this->entity->uuid())->setAbsolute()->toString(TRUE)->getGeneratedUrl();
return [
'jsonapi' => [
'meta' => [
'links' => [
'self' => ['href' => JsonApiSpec::SUPPORTED_SPECIFICATION_PERMALINK],
],
],
'version' => JsonApiSpec::SUPPORTED_SPECIFICATION_VERSION,
],
'links' => [
'self' => ['href' => $self_url],
],
'data' => [
'id' => $this->entity->uuid(),
'type' => 'entity_form_mode--entity_form_mode',
'links' => [
'self' => ['href' => $self_url],
],
'attributes' => [
'cache' => TRUE,
'dependencies' => [
'module' => [
'user',
],
],
'description' => '',
'label' => 'Test',
'langcode' => 'en',
'status' => TRUE,
'targetEntityType' => 'user',
'drupal_internal__id' => 'user.test',
],
],
];
}
/**
* {@inheritdoc}
*/
protected function getPostDocument(): array {
// @todo Update in https://www.drupal.org/node/2300677.
return [];
}
}

197
web/core/modules/jsonapi/tests/src/Functional/EntityTestComputedFieldTest.php Normal file
View File

@ -0,0 +1,197 @@
<?php
declare(strict_types=1);
namespace Drupal\Tests\jsonapi\Functional;
use Drupal\jsonapi\JsonApiSpec;
use Drupal\Core\Cache\Cache;
use Drupal\Core\Url;
use Drupal\entity_test\Entity\EntityTestComputedField;
use Drupal\user\Entity\User;
/**
* JSON:API integration test for the "EntityTestComputedField" content entity type.
*
* @group jsonapi
*/
class EntityTestComputedFieldTest extends ResourceTestBase {
/**
* {@inheritdoc}
*/
protected static $modules = ['entity_test'];
/**
* {@inheritdoc}
*/
protected $defaultTheme = 'stark';
/**
* {@inheritdoc}
*/
protected static $entityTypeId = 'entity_test_computed_field';
/**
* {@inheritdoc}
*/
protected static $resourceTypeName = 'entity_test_computed_field--entity_test_computed_field';
/**
* {@inheritdoc}
*/
protected static $patchProtectedFieldNames = [];
/**
* {@inheritdoc}
*
* @var \Drupal\entity_test\Entity\EntityTestComputedField
*/
protected $entity;
/**
* {@inheritdoc}
*/
protected function setUpAuthorization($method): void {
$this->grantPermissionsToTestedRole(['administer entity_test content']);
switch ($method) {
case 'GET':
$this->grantPermissionsToTestedRole(['view test entity']);
break;
case 'POST':
$this->grantPermissionsToTestedRole(['create entity_test entity_test_with_bundle entities']);
break;
case 'PATCH':
case 'DELETE':
$this->grantPermissionsToTestedRole(['administer entity_test content']);
break;
}
}
/**
* {@inheritdoc}
*/
protected function createEntity() {
$entity_test = EntityTestComputedField::create([
'name' => 'Llama',
'type' => 'entity_test_computed_field',
]);
$entity_test->setOwnerId(0);
$entity_test->save();
return $entity_test;
}
/**
* {@inheritdoc}
*/
protected function getExpectedDocument(): array {
$self_url = Url::fromUri('base:/jsonapi/entity_test_computed_field/entity_test_computed_field/' . $this->entity->uuid())->setAbsolute()->toString(TRUE)->getGeneratedUrl();
$author = User::load(0);
return [
'jsonapi' => [
'meta' => [
'links' => [
'self' => ['href' => JsonApiSpec::SUPPORTED_SPECIFICATION_PERMALINK],
],
],
'version' => JsonApiSpec::SUPPORTED_SPECIFICATION_VERSION,
],
'links' => [
'self' => ['href' => $self_url],
],
'data' => [
'id' => $this->entity->uuid(),
'type' => 'entity_test_computed_field--entity_test_computed_field',
'links' => [
'self' => ['href' => $self_url],
],
'attributes' => [
'created' => (new \DateTime())->setTimestamp((int) $this->entity->get('created')->value)->setTimezone(new \DateTimeZone('UTC'))->format(\DateTime::RFC3339),
'name' => 'Llama',
'drupal_internal__id' => 1,
'computed_string_field' => NULL,
'computed_test_cacheable_string_field' => 'computed test cacheable string field',
'computed_test_cacheable_integer_field' => 0,
],
'relationships' => [
'computed_reference_field' => [
'data' => NULL,
'links' => [
'related' => ['href' => $self_url . '/computed_reference_field'],
'self' => ['href' => $self_url . '/relationships/computed_reference_field'],
],
],
'user_id' => [
'data' => [
'id' => $author->uuid(),
'meta' => [
'drupal_internal__target_id' => (int) $author->id(),
],
'type' => 'user--user',
],
'links' => [
'related' => ['href' => $self_url . '/user_id'],
'self' => ['href' => $self_url . '/relationships/user_id'],
],
],
],
],
];
}
/**
* {@inheritdoc}
*/
protected function getPostDocument(): array {
return [
'data' => [
'type' => 'entity_test_computed_field--entity_test_computed_field',
'attributes' => [
'name' => 'Drama llama',
],
],
];
}
/**
* {@inheritdoc}
*/
protected function getSparseFieldSets(): array {
// EntityTest's owner field name is `user_id`, not `uid`, which breaks
// nested sparse fieldset tests.
return array_diff_key(parent::getSparseFieldSets(), array_flip([
'nested_empty_fieldset',
'nested_fieldset_with_owner_fieldset',
]));
}
/**
* Retrieves the expected cache contexts for the response.
*/
protected function getExpectedCacheContexts(?array $sparse_fieldset = NULL) {
$cache_contexts = parent::getExpectedCacheContexts($sparse_fieldset);
if ($sparse_fieldset === NULL || in_array('computed_test_cacheable_string_field', $sparse_fieldset)) {
$cache_contexts = Cache::mergeContexts($cache_contexts, ['url.query_args']);
}
return $cache_contexts;
}
/**
* Retrieves the expected cache tags for the response.
*/
protected function getExpectedCacheTags(?array $sparse_fieldset = NULL) {
$expected_cache_tags = parent::getExpectedCacheTags($sparse_fieldset);
if ($sparse_fieldset === NULL || in_array('computed_test_cacheable_string_field', $sparse_fieldset)) {
$expected_cache_tags = Cache::mergeTags($expected_cache_tags, ['field:computed_test_cacheable_string_field']);
}
return $expected_cache_tags;
}
}

174
web/core/modules/jsonapi/tests/src/Functional/EntityTestMapFieldTest.php Normal file
View File

@ -0,0 +1,174 @@
<?php
declare(strict_types=1);
namespace Drupal\Tests\jsonapi\Functional;
use Drupal\jsonapi\JsonApiSpec;
use Drupal\Core\Url;
use Drupal\entity_test\Entity\EntityTestMapField;
use Drupal\user\Entity\User;
/**
* JSON:API integration test for the "EntityTestMapField" content entity type.
*
* @group jsonapi
*/
class EntityTestMapFieldTest extends ResourceTestBase {
/**
* {@inheritdoc}
*/
protected static $modules = ['entity_test'];
/**
* {@inheritdoc}
*/
protected static $entityTypeId = 'entity_test_map_field';
/**
* {@inheritdoc}
*/
protected static $resourceTypeName = 'entity_test_map_field--entity_test_map_field';
/**
* {@inheritdoc}
*/
protected static $patchProtectedFieldNames = [];
/**
* {@inheritdoc}
*
* @var \Drupal\entity_test\Entity\EntityTestMapField
*/
protected $entity;
/**
* The complex nested value to assign to a @FieldType=map field.
*
* @var array
*/
protected static $mapValue = [
'key1' => 'value',
'key2' => 'no, val you',
'π' => 3.14159,
TRUE => 42,
'nested' => [
'bird' => 'robin',
'doll' => 'Russian',
],
];
/**
* {@inheritdoc}
*/
protected $defaultTheme = 'stark';
/**
* {@inheritdoc}
*/
protected function setUpAuthorization($method): void {
$this->grantPermissionsToTestedRole(['administer entity_test content']);
}
/**
* {@inheritdoc}
*/
protected function createEntity() {
$entity = EntityTestMapField::create([
'name' => 'Llama',
'type' => 'entity_test_map_field',
'data' => [
static::$mapValue,
],
]);
$entity->setOwnerId(0);
$entity->save();
return $entity;
}
/**
* {@inheritdoc}
*/
protected function getExpectedDocument(): array {
$self_url = Url::fromUri('base:/jsonapi/entity_test_map_field/entity_test_map_field/' . $this->entity->uuid())->setAbsolute()->toString(TRUE)->getGeneratedUrl();
$author = User::load(0);
return [
'jsonapi' => [
'meta' => [
'links' => [
'self' => ['href' => JsonApiSpec::SUPPORTED_SPECIFICATION_PERMALINK],
],
],
'version' => JsonApiSpec::SUPPORTED_SPECIFICATION_VERSION,
],
'links' => [
'self' => ['href' => $self_url],
],
'data' => [
'id' => $this->entity->uuid(),
'type' => 'entity_test_map_field--entity_test_map_field',
'links' => [
'self' => ['href' => $self_url],
],
'attributes' => [
'created' => (new \DateTime())->setTimestamp((int) $this->entity->get('created')->value)->setTimezone(new \DateTimeZone('UTC'))->format(\DateTime::RFC3339),
'langcode' => 'en',
'name' => 'Llama',
'data' => static::$mapValue,
'drupal_internal__id' => 1,
],
'relationships' => [
'user_id' => [
'data' => [
'id' => $author->uuid(),
'meta' => [
'drupal_internal__target_id' => (int) $author->id(),
],
'type' => 'user--user',
],
'links' => [
'related' => ['href' => $self_url . '/user_id'],
'self' => ['href' => $self_url . '/relationships/user_id'],
],
],
],
],
];
}
/**
* {@inheritdoc}
*/
protected function getPostDocument(): array {
return [
'data' => [
'type' => 'entity_test_map_field--entity_test_map_field',
'attributes' => [
'name' => 'Drama llama',
'data' => static::$mapValue,
],
],
];
}
/**
* {@inheritdoc}
*/
protected function getExpectedUnauthorizedAccessMessage($method): string {
return "The 'administer entity_test content' permission is required.";
}
/**
* {@inheritdoc}
*/
protected function getSparseFieldSets(): array {
// EntityTestMapField's owner field name is `user_id`, not `uid`, which
// breaks nested sparse fieldset tests.
return array_diff_key(parent::getSparseFieldSets(), array_flip([
'nested_empty_fieldset',
'nested_fieldset_with_owner_fieldset',
]));
}
}

205
web/core/modules/jsonapi/tests/src/Functional/EntityTestTest.php Normal file
View File

@ -0,0 +1,205 @@
<?php
declare(strict_types=1);
namespace Drupal\Tests\jsonapi\Functional;
use Drupal\jsonapi\JsonApiSpec;
use Drupal\Core\Field\BaseFieldDefinition;
use Drupal\Core\Session\AccountInterface;
use Drupal\Core\Url;
use Drupal\entity_test\Entity\EntityTest;
use Drupal\user\Entity\User;
/**
* JSON:API integration test for the "EntityTest" content entity type.
*
* @group jsonapi
*/
class EntityTestTest extends ResourceTestBase {
/**
* {@inheritdoc}
*/
protected static $modules = ['entity_test'];
/**
* {@inheritdoc}
*/
protected $defaultTheme = 'stark';
/**
* {@inheritdoc}
*/
protected static $entityTypeId = 'entity_test';
/**
* {@inheritdoc}
*/
protected static $resourceTypeName = 'entity_test--entity_test';
/**
* {@inheritdoc}
*/
protected static $patchProtectedFieldNames = [];
/**
* {@inheritdoc}
*
* @var \Drupal\entity_test\Entity\EntityTest
*/
protected $entity;
/**
* {@inheritdoc}
*/
protected function setUpAuthorization($method): void {
switch ($method) {
case 'GET':
$this->grantPermissionsToTestedRole(['view test entity']);
break;
case 'POST':
$this->grantPermissionsToTestedRole(['create entity_test entity_test_with_bundle entities']);
break;
case 'PATCH':
case 'DELETE':
$this->grantPermissionsToTestedRole(['administer entity_test content']);
break;
}
}
/**
* {@inheritdoc}
*/
protected function createEntity() {
// Set flag so that internal field 'internal_string_field' is created.
// @see entity_test_entity_base_field_info()
$this->container->get('state')->set('entity_test.internal_field', TRUE);
$field_storage_definition = BaseFieldDefinition::create('string')
->setLabel('Internal field')
->setInternal(TRUE);
\Drupal::entityDefinitionUpdateManager()->installFieldStorageDefinition('internal_string_field', 'entity_test', 'entity_test', $field_storage_definition);
$entity_test = EntityTest::create([
'name' => 'Llama',
'type' => 'entity_test',
// Set a value for the internal field to confirm that it will not be
// returned in normalization.
// @see entity_test_entity_base_field_info().
'internal_string_field' => [
'value' => 'This value shall not be internal!',
],
]);
$entity_test->setOwnerId(0);
$entity_test->save();
return $entity_test;
}
/**
* {@inheritdoc}
*/
protected function getExpectedDocument(): array {
$self_url = Url::fromUri('base:/jsonapi/entity_test/entity_test/' . $this->entity->uuid())->setAbsolute()->toString(TRUE)->getGeneratedUrl();
$author = User::load(0);
return [
'jsonapi' => [
'meta' => [
'links' => [
'self' => ['href' => JsonApiSpec::SUPPORTED_SPECIFICATION_PERMALINK],
],
],
'version' => JsonApiSpec::SUPPORTED_SPECIFICATION_VERSION,
],
'links' => [
'self' => ['href' => $self_url],
],
'data' => [
'id' => $this->entity->uuid(),
'type' => 'entity_test--entity_test',
'links' => [
'self' => ['href' => $self_url],
],
'attributes' => [
'created' => (new \DateTime())->setTimestamp((int) $this->entity->get('created')->value)->setTimezone(new \DateTimeZone('UTC'))->format(\DateTime::RFC3339),
'field_test_text' => NULL,
'langcode' => 'en',
'name' => 'Llama',
'entity_test_type' => 'entity_test',
'drupal_internal__id' => 1,
],
'relationships' => [
'user_id' => [
'data' => [
'id' => $author->uuid(),
'meta' => [
'drupal_internal__target_id' => (int) $author->id(),
],
'type' => 'user--user',
],
'links' => [
'related' => ['href' => $self_url . '/user_id'],
'self' => ['href' => $self_url . '/relationships/user_id'],
],
],
],
],
];
}
/**
* {@inheritdoc}
*/
protected function getPostDocument(): array {
return [
'data' => [
'type' => 'entity_test--entity_test',
'attributes' => [
'name' => 'Drama llama',
],
],
];
}
/**
* {@inheritdoc}
*/
protected function getExpectedUnauthorizedAccessMessage($method) {
switch ($method) {
case 'GET':
return "The 'view test entity' permission is required.";
case 'POST':
return "The following permissions are required: 'administer entity_test content' OR 'administer entity_test_with_bundle content' OR 'create entity_test entity_test_with_bundle entities'.";
default:
return parent::getExpectedUnauthorizedAccessMessage($method);
}
}
/**
* {@inheritdoc}
*/
protected function getSparseFieldSets(): array {
// EntityTest's owner field name is `user_id`, not `uid`, which breaks
// nested sparse fieldset tests.
return array_diff_key(parent::getSparseFieldSets(), array_flip([
'nested_empty_fieldset',
'nested_fieldset_with_owner_fieldset',
]));
}
/**
* {@inheritdoc}
*/
protected static function getExpectedCollectionCacheability(AccountInterface $account, array $collection, ?array $sparse_fieldset = NULL, $filtered = FALSE) {
$cacheability = parent::getExpectedCollectionCacheability($account, $collection, $sparse_fieldset, $filtered);
if ($filtered) {
$cacheability->addCacheTags(['state:jsonapi__entity_test_filter_access_deny_list']);
}
return $cacheability;
}
}

163
web/core/modules/jsonapi/tests/src/Functional/EntityViewDisplayTest.php Normal file
View File

@ -0,0 +1,163 @@
<?php
declare(strict_types=1);
namespace Drupal\Tests\jsonapi\Functional;
use Drupal\jsonapi\JsonApiSpec;
use Drupal\Core\Entity\Entity\EntityViewDisplay;
use Drupal\Core\Url;
use Drupal\node\Entity\NodeType;
/**
* JSON:API integration test for the "EntityViewDisplay" config entity type.
*
* @group jsonapi
*/
class EntityViewDisplayTest extends ConfigEntityResourceTestBase {
/**
* {@inheritdoc}
*/
protected static $modules = ['node', 'field_ui'];
/**
* {@inheritdoc}
*/
protected $defaultTheme = 'stark';
/**
* {@inheritdoc}
*/
protected static $entityTypeId = 'entity_view_display';
/**
* {@inheritdoc}
*/
protected static $resourceTypeName = 'entity_view_display--entity_view_display';
/**
* {@inheritdoc}
*
* @var \Drupal\Core\Entity\Display\EntityViewDisplayInterface
*/
protected $entity;
/**
* {@inheritdoc}
*/
protected function setUpAuthorization($method): void {
$this->grantPermissionsToTestedRole(['administer node display']);
}
/**
* {@inheritdoc}
*/
protected function createEntity() {
// Create a "Camelids" node type.
$camelids = NodeType::create([
'name' => 'Camelids',
'type' => 'camelids',
]);
$camelids->save();
// Create a view display.
$view_display = EntityViewDisplay::create([
'targetEntityType' => 'node',
'bundle' => 'camelids',
'mode' => 'default',
'status' => TRUE,
]);
$view_display->save();
return $view_display;
}
/**
* {@inheritdoc}
*/
protected function getExpectedDocument(): array {
$self_url = Url::fromUri('base:/jsonapi/entity_view_display/entity_view_display/' . $this->entity->uuid())->setAbsolute()->toString(TRUE)->getGeneratedUrl();
return [
'jsonapi' => [
'meta' => [
'links' => [
'self' => ['href' => JsonApiSpec::SUPPORTED_SPECIFICATION_PERMALINK],
],
],
'version' => JsonApiSpec::SUPPORTED_SPECIFICATION_VERSION,
],
'links' => [
'self' => ['href' => $self_url],
],
'data' => [
'id' => $this->entity->uuid(),
'type' => 'entity_view_display--entity_view_display',
'links' => [
'self' => ['href' => $self_url],
],
'attributes' => [
'bundle' => 'camelids',
'content' => [
'links' => [
'region' => 'content',
'weight' => 100,
'settings' => [],
'third_party_settings' => [],
],
],
'dependencies' => [
'config' => [
'node.type.camelids',
],
'module' => [
'user',
],
],
'hidden' => [],
'langcode' => 'en',
'mode' => 'default',
'status' => TRUE,
'targetEntityType' => 'node',
'drupal_internal__id' => 'node.camelids.default',
],
],
];
}
/**
* {@inheritdoc}
*/
protected function getPostDocument(): array {
// @todo Update in https://www.drupal.org/node/2300677.
return [];
}
/**
* {@inheritdoc}
*/
protected function getExpectedUnauthorizedAccessMessage($method): string {
return "The 'administer node display' permission is required.";
}
/**
* {@inheritdoc}
*/
protected function createAnotherEntity($key) {
NodeType::create([
'name' => 'Pachyderms',
'type' => 'pachyderms',
])->save();
$entity = EntityViewDisplay::create([
'targetEntityType' => 'node',
'bundle' => 'pachyderms',
'mode' => 'default',
'status' => TRUE,
]);
$entity->save();
return $entity;
}
}

117
web/core/modules/jsonapi/tests/src/Functional/EntityViewModeTest.php Normal file
View File

@ -0,0 +1,117 @@
<?php
declare(strict_types=1);
namespace Drupal\Tests\jsonapi\Functional;
use Drupal\jsonapi\JsonApiSpec;
use Drupal\Core\Entity\Entity\EntityViewMode;
use Drupal\Core\Url;
/**
* JSON:API integration test for the "EntityViewMode" config entity type.
*
* @group jsonapi
*/
class EntityViewModeTest extends ConfigEntityResourceTestBase {
/**
* {@inheritdoc}
*
* @todo Remove 'field_ui' when https://www.drupal.org/node/2867266.
*/
protected static $modules = ['user', 'field_ui'];
/**
* {@inheritdoc}
*/
protected $defaultTheme = 'stark';
/**
* {@inheritdoc}
*/
protected static $entityTypeId = 'entity_view_mode';
/**
* {@inheritdoc}
*/
protected static $resourceTypeName = 'entity_view_mode--entity_view_mode';
/**
* {@inheritdoc}
*
* @var \Drupal\Core\Entity\EntityViewModeInterface
*/
protected $entity;
/**
* {@inheritdoc}
*/
protected function setUpAuthorization($method): void {
$this->grantPermissionsToTestedRole(['administer display modes']);
}
/**
* {@inheritdoc}
*/
protected function createEntity() {
$entity_view_mode = EntityViewMode::create([
'id' => 'user.test',
'label' => 'Test',
'description' => '',
'targetEntityType' => 'user',
]);
$entity_view_mode->save();
return $entity_view_mode;
}
/**
* {@inheritdoc}
*/
protected function getExpectedDocument(): array {
$self_url = Url::fromUri('base:/jsonapi/entity_view_mode/entity_view_mode/' . $this->entity->uuid())->setAbsolute()->toString(TRUE)->getGeneratedUrl();
return [
'jsonapi' => [
'meta' => [
'links' => [
'self' => ['href' => JsonApiSpec::SUPPORTED_SPECIFICATION_PERMALINK],
],
],
'version' => JsonApiSpec::SUPPORTED_SPECIFICATION_VERSION,
],
'links' => [
'self' => ['href' => $self_url],
],
'data' => [
'id' => $this->entity->uuid(),
'type' => 'entity_view_mode--entity_view_mode',
'links' => [
'self' => ['href' => $self_url],
],
'attributes' => [
'cache' => TRUE,
'dependencies' => [
'module' => [
'user',
],
],
'label' => 'Test',
'langcode' => 'en',
'description' => '',
'status' => TRUE,
'targetEntityType' => 'user',
'drupal_internal__id' => 'user.test',
],
],
];
}
/**
* {@inheritdoc}
*/
protected function getPostDocument(): array {
// @todo Update in https://www.drupal.org/node/2300677.
return [];
}
}

71
web/core/modules/jsonapi/tests/src/Functional/EntryPointTest.php Normal file
View File

@ -0,0 +1,71 @@
<?php
declare(strict_types=1);
namespace Drupal\Tests\jsonapi\Functional;
use Drupal\Core\Url;
use Drupal\Tests\BrowserTestBase;
use Drupal\Tests\jsonapi\Traits\GetDocumentFromResponseTrait;
use Drupal\Tests\user\Traits\UserCreationTrait;
use GuzzleHttp\RequestOptions;
/**
* Makes assertions about the JSON:API behavior for internal entities.
*
* @group jsonapi
*
* @internal
*/
class EntryPointTest extends BrowserTestBase {
use GetDocumentFromResponseTrait;
use JsonApiRequestTestTrait;
use UserCreationTrait;
/**
* {@inheritdoc}
*/
protected static $modules = [
'node',
'jsonapi',
'basic_auth',
];
/**
* {@inheritdoc}
*/
protected $defaultTheme = 'stark';
/**
* Test GET to the entry point.
*/
public function testEntryPoint(): void {
$request_options = [];
$request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
$response = $this->request('GET', Url::fromUri('base://jsonapi'), $request_options);
$document = $this->getDocumentFromResponse($response);
$expected_cache_contexts = [
'url.query_args',
'url.site',
'user.roles:authenticated',
];
$this->assertTrue($response->hasHeader('X-Drupal-Cache-Contexts'));
$optimized_expected_cache_contexts = \Drupal::service('cache_contexts_manager')->optimizeTokens($expected_cache_contexts);
$this->assertSame($optimized_expected_cache_contexts, explode(' ', $response->getHeader('X-Drupal-Cache-Contexts')[0]));
$links = $document['links'];
$this->assertMatchesRegularExpression('/.*\/jsonapi/', $links['self']['href']);
$this->assertMatchesRegularExpression('/.*\/jsonapi\/user\/user/', $links['user--user']['href']);
$this->assertMatchesRegularExpression('/.*\/jsonapi\/node_type\/node_type/', $links['node_type--node_type']['href']);
$this->assertArrayNotHasKey('meta', $document);
// A `me` link must be present for authenticated users.
$user = $this->createUser();
$request_options[RequestOptions::HEADERS]['Authorization'] = 'Basic ' . base64_encode($user->name->value . ':' . $user->passRaw);
$response = $this->request('GET', Url::fromUri('base://jsonapi'), $request_options);
$document = $this->getDocumentFromResponse($response);
$this->assertArrayHasKey('meta', $document);
$this->assertStringEndsWith('/jsonapi/user/user/' . $user->uuid(), $document['meta']['links']['me']['href']);
}
}

209
web/core/modules/jsonapi/tests/src/Functional/ExternalNormalizersTest.php Normal file
View File

@ -0,0 +1,209 @@
<?php
declare(strict_types=1);
namespace Drupal\Tests\jsonapi\Functional;
use Drupal\Component\Serialization\Json;
use Drupal\Core\Url;
use Drupal\entity_test\Entity\EntityTest;
use Drupal\field\Entity\FieldConfig;
use Drupal\field\Entity\FieldStorageConfig;
use Drupal\Tests\BrowserTestBase;
use Drupal\Tests\jsonapi\Traits\GetDocumentFromResponseTrait;
use Drupal\user\Entity\Role;
use Drupal\user\RoleInterface;
use GuzzleHttp\RequestOptions;
/**
* Asserts external normalizers are handled as expected by the JSON:API module.
*
* @see jsonapi.normalizers
*
* @group jsonapi
*/
class ExternalNormalizersTest extends BrowserTestBase {
use GetDocumentFromResponseTrait;
/**
* {@inheritdoc}
*/
protected $defaultTheme = 'stark';
/**
* The original value for the test field.
*
* @var string
*/
const VALUE_ORIGINAL = 'Llamas are super awesome!';
/**
* The expected overridden value for the test field.
*
* @see \Drupal\jsonapi_test_field_type\Normalizer\StringNormalizer
* @see \Drupal\jsonapi_test_data_type\Normalizer\StringNormalizer
*/
const VALUE_OVERRIDDEN = 'Llamas are NOT awesome!';
/**
* {@inheritdoc}
*/
protected static $modules = [
'jsonapi',
'entity_test',
];
/**
* The test entity.
*
* @var \Drupal\entity_test\Entity\EntityTest
*/
protected $entity;
/**
* {@inheritdoc}
*/
protected function setUp(): void {
parent::setUp();
// This test is not about access control at all, so allow anonymous users to
// view and create the test entities.
Role::load(RoleInterface::ANONYMOUS_ID)
->grantPermission('view test entity')
->grantPermission('create entity_test entity_test_with_bundle entities')
->save();
$this->config('jsonapi.settings')->set('read_only', FALSE)->save(TRUE);
FieldStorageConfig::create([
'field_name' => 'field_test',
'type' => 'string',
'entity_type' => 'entity_test',
])
->save();
FieldConfig::create([
'field_name' => 'field_test',
'entity_type' => 'entity_test',
'bundle' => 'entity_test',
])
->save();
$this->entity = EntityTest::create([
'name' => 'Llama',
'type' => 'entity_test',
'field_test' => static::VALUE_ORIGINAL,
]);
$this->entity->save();
}
/**
* Tests a format-agnostic normalizer.
*
* @param string $test_module
* The test module to install, which comes with a high-priority normalizer.
* @param string $expected_value_jsonapi_normalization
* The expected JSON:API normalization of the tested field. Must be either
* - static::VALUE_ORIGINAL (normalizer IS NOT expected to override)
* - static::VALUE_OVERRIDDEN (normalizer IS expected to override)
* @param string $expected_value_jsonapi_denormalization
* The expected JSON:API denormalization of the tested field. Must be either
* - static::VALUE_OVERRIDDEN (denormalizer IS NOT expected to override)
* - static::VALUE_ORIGINAL (denormalizer IS expected to override)
*
* @dataProvider providerTestFormatAgnosticNormalizers
*/
public function testFormatAgnosticNormalizers($test_module, $expected_value_jsonapi_normalization, $expected_value_jsonapi_denormalization): void {
assert(in_array($expected_value_jsonapi_normalization, [static::VALUE_ORIGINAL, static::VALUE_OVERRIDDEN], TRUE));
assert(in_array($expected_value_jsonapi_denormalization, [static::VALUE_ORIGINAL, static::VALUE_OVERRIDDEN], TRUE));
// Asserts the entity contains the value we set.
$this->assertSame(static::VALUE_ORIGINAL, $this->entity->field_test->value);
// Asserts normalizing the entity using core's 'serializer' service DOES
// yield the value we set.
$core_normalization = $this->container->get('serializer')->normalize($this->entity);
$this->assertSame(static::VALUE_ORIGINAL, $core_normalization['field_test'][0]['value']);
// Asserts denormalizing the entity using core's 'serializer' service DOES
// yield the value we set.
$core_normalization['field_test'][0]['value'] = static::VALUE_OVERRIDDEN;
$denormalized_entity = $this->container->get('serializer')->denormalize($core_normalization, EntityTest::class, 'json', []);
$this->assertInstanceOf(EntityTest::class, $denormalized_entity);
$this->assertSame(static::VALUE_OVERRIDDEN, $denormalized_entity->field_test->value);
// Install test module that contains a high-priority alternative normalizer.
$this->container->get('module_installer')->install([$test_module]);
$this->rebuildContainer();
// Asserts normalizing the entity using core's 'serializer' service DOES NOT
// ANYMORE yield the value we set.
$core_normalization = $this->container->get('serializer')->normalize($this->entity);
$this->assertSame(static::VALUE_OVERRIDDEN, $core_normalization['field_test'][0]['value']);
// Asserts denormalizing the entity using core's 'serializer' service DOES
// NOT ANYMORE yield the value we set.
$core_normalization = $this->container->get('serializer')->normalize($this->entity);
$core_normalization['field_test'][0]['value'] = static::VALUE_OVERRIDDEN;
$denormalized_entity = $this->container->get('serializer')->denormalize($core_normalization, EntityTest::class, 'json', []);
$this->assertInstanceOf(EntityTest::class, $denormalized_entity);
$this->assertSame(static::VALUE_ORIGINAL, $denormalized_entity->field_test->value);
// Asserts the expected JSON:API normalization.
// @todo Remove line below in favor of commented line in https://www.drupal.org/project/drupal/issues/2878463.
$url = Url::fromRoute('jsonapi.entity_test--entity_test.individual', ['entity' => $this->entity->uuid()]);
// $url = $this->entity->toUrl('jsonapi');
$client = $this->getSession()->getDriver()->getClient()->getClient();
$response = $client->request('GET', $url->setAbsolute(TRUE)->toString());
$document = $this->getDocumentFromResponse($response);
$this->assertSame($expected_value_jsonapi_normalization, $document['data']['attributes']['field_test']);
// Asserts the expected JSON:API denormalization.
$request_options = [];
$request_options[RequestOptions::BODY] = Json::encode([
'data' => [
'type' => 'entity_test--entity_test',
'attributes' => [
'field_test' => static::VALUE_OVERRIDDEN,
],
],
]);
$request_options[RequestOptions::HEADERS]['Content-Type'] = 'application/vnd.api+json';
$response = $client->request('POST', Url::fromRoute('jsonapi.entity_test--entity_test.collection.post')->setAbsolute(TRUE)->toString(), $request_options);
$document = $this->getDocumentFromResponse($response);
$this->assertSame(static::VALUE_OVERRIDDEN, $document['data']['attributes']['field_test']);
$entity_type_manager = $this->container->get('entity_type.manager');
$uuid_key = $entity_type_manager->getDefinition('entity_test')->getKey('uuid');
$entities = $entity_type_manager
->getStorage('entity_test')
->loadByProperties([$uuid_key => $document['data']['id']]);
$created_entity = reset($entities);
$this->assertSame($expected_value_jsonapi_denormalization, $created_entity->field_test->value);
}
/**
* Data provider.
*
* @return array
* Test cases.
*/
public static function providerTestFormatAgnosticNormalizers() {
return [
'Format-agnostic @FieldType-level normalizers SHOULD NOT be able to affect the JSON:API normalization' => [
'jsonapi_test_field_type',
// \Drupal\jsonapi_test_field_type\Normalizer\StringNormalizer::normalize()
static::VALUE_ORIGINAL,
// \Drupal\jsonapi_test_field_type\Normalizer\StringNormalizer::denormalize()
static::VALUE_OVERRIDDEN,
],
'Format-agnostic @DataType-level normalizers SHOULD be able to affect the JSON:API normalization' => [
'jsonapi_test_data_type',
// \Drupal\jsonapi_test_data_type\Normalizer\StringNormalizer::normalize()
static::VALUE_OVERRIDDEN,
// \Drupal\jsonapi_test_data_type\Normalizer\StringNormalizer::denormalize()
static::VALUE_ORIGINAL,
],
];
}
}

185
web/core/modules/jsonapi/tests/src/Functional/FieldConfigTest.php Normal file
View File

@ -0,0 +1,185 @@
<?php
declare(strict_types=1);
namespace Drupal\Tests\jsonapi\Functional;
use Drupal\jsonapi\JsonApiSpec;
use Drupal\Core\Entity\EntityInterface;
use Drupal\Core\Session\AccountInterface;
use Drupal\Core\Url;
use Drupal\field\Entity\FieldConfig;
use Drupal\field\Entity\FieldStorageConfig;
use Drupal\node\Entity\NodeType;
/**
* JSON:API integration test for the "FieldConfig" config entity type.
*
* @group jsonapi
*/
class FieldConfigTest extends ConfigEntityResourceTestBase {
/**
* {@inheritdoc}
*/
protected static $modules = ['field', 'node', 'field_ui'];
/**
* {@inheritdoc}
*/
protected $defaultTheme = 'stark';
/**
* {@inheritdoc}
*/
protected static $entityTypeId = 'field_config';
/**
* {@inheritdoc}
*/
protected static $resourceTypeName = 'field_config--field_config';
/**
* {@inheritdoc}
*
* @var \Drupal\field\FieldConfigInterface
*/
protected $entity;
/**
* {@inheritdoc}
*/
protected function setUpAuthorization($method): void {
$this->grantPermissionsToTestedRole(['administer node fields']);
}
/**
* {@inheritdoc}
*/
protected function createEntity() {
$camelids = NodeType::create([
'name' => 'Camelids',
'type' => 'camelids',
]);
$camelids->save();
$field_storage = FieldStorageConfig::create([
'field_name' => 'field_llama',
'entity_type' => 'node',
'type' => 'text',
]);
$field_storage->save();
$entity = FieldConfig::create([
'field_storage' => $field_storage,
'bundle' => 'camelids',
]);
$entity->save();
return $entity;
}
/**
* {@inheritdoc}
*/
protected function getExpectedDocument(): array {
$self_url = Url::fromUri('base:/jsonapi/field_config/field_config/' . $this->entity->uuid())->setAbsolute()->toString(TRUE)->getGeneratedUrl();
return [
'jsonapi' => [
'meta' => [
'links' => [
'self' => ['href' => JsonApiSpec::SUPPORTED_SPECIFICATION_PERMALINK],
],
],
'version' => JsonApiSpec::SUPPORTED_SPECIFICATION_VERSION,
],
'links' => [
'self' => ['href' => $self_url],
],
'data' => [
'id' => $this->entity->uuid(),
'type' => 'field_config--field_config',
'links' => [
'self' => ['href' => $self_url],
],
'attributes' => [
'bundle' => 'camelids',
'default_value' => [],
'default_value_callback' => '',
'dependencies' => [
'config' => [
'field.storage.node.field_llama',
'node.type.camelids',
],
'module' => [
'text',
],
],
'description' => '',
'entity_type' => 'node',
'field_name' => 'field_llama',
'field_type' => 'text',
'label' => 'field_llama',
'langcode' => 'en',
'required' => FALSE,
'settings' => ['allowed_formats' => []],
'status' => TRUE,
'translatable' => TRUE,
'drupal_internal__id' => 'node.camelids.field_llama',
],
],
];
}
/**
* {@inheritdoc}
*/
protected function getPostDocument(): array {
// @todo Update in https://www.drupal.org/node/2300677.
return [];
}
/**
* {@inheritdoc}
*/
protected function getExpectedUnauthorizedAccessMessage($method): string {
return "The 'administer node fields' permission is required.";
}
/**
* {@inheritdoc}
*/
protected function createAnotherEntity($key) {
NodeType::create([
'name' => 'Pachyderms',
'type' => 'pachyderms',
])->save();
$field_storage = FieldStorageConfig::create([
'field_name' => 'field_pachyderm',
'entity_type' => 'node',
'type' => 'text',
]);
$field_storage->save();
$entity = FieldConfig::create([
'field_storage' => $field_storage,
'bundle' => 'pachyderms',
]);
$entity->save();
return $entity;
}
/**
* {@inheritdoc}
*/
protected static function entityAccess(EntityInterface $entity, $operation, AccountInterface $account) {
// Also clear the 'field_storage_config' entity access handler cache because
// the 'field_config' access handler delegates access to it.
// @see \Drupal\field\FieldConfigAccessControlHandler::checkAccess()
\Drupal::entityTypeManager()->getAccessControlHandler('field_storage_config')->resetCache();
return parent::entityAccess($entity, $operation, $account);
}
}

128
web/core/modules/jsonapi/tests/src/Functional/FieldStorageConfigTest.php Normal file
View File

@ -0,0 +1,128 @@
<?php
declare(strict_types=1);
namespace Drupal\Tests\jsonapi\Functional;
use Drupal\jsonapi\JsonApiSpec;
use Drupal\Core\Url;
use Drupal\field\Entity\FieldStorageConfig;
/**
* JSON:API integration test for the "FieldStorageConfig" config entity type.
*
* @group jsonapi
*/
class FieldStorageConfigTest extends ConfigEntityResourceTestBase {
/**
* {@inheritdoc}
*/
protected static $modules = ['node', 'field_ui'];
/**
* {@inheritdoc}
*/
protected $defaultTheme = 'stark';
/**
* {@inheritdoc}
*/
protected static $entityTypeId = 'field_storage_config';
/**
* {@inheritdoc}
*/
protected static $resourceTypeName = 'field_storage_config--field_storage_config';
/**
* {@inheritdoc}
*
* @var \Drupal\field\FieldConfigStorage
*/
protected $entity;
/**
* {@inheritdoc}
*/
protected function setUpAuthorization($method): void {
$this->grantPermissionsToTestedRole(['administer node fields']);
}
/**
* {@inheritdoc}
*/
protected function createEntity() {
$field_storage = FieldStorageConfig::create([
'field_name' => 'true_llama',
'entity_type' => 'node',
'type' => 'boolean',
]);
$field_storage->save();
return $field_storage;
}
/**
* {@inheritdoc}
*/
protected function getExpectedDocument(): array {
$self_url = Url::fromUri('base:/jsonapi/field_storage_config/field_storage_config/' . $this->entity->uuid())->setAbsolute()->toString(TRUE)->getGeneratedUrl();
return [
'jsonapi' => [
'meta' => [
'links' => [
'self' => ['href' => JsonApiSpec::SUPPORTED_SPECIFICATION_PERMALINK],
],
],
'version' => JsonApiSpec::SUPPORTED_SPECIFICATION_VERSION,
],
'links' => [
'self' => ['href' => $self_url],
],
'data' => [
'id' => $this->entity->uuid(),
'type' => 'field_storage_config--field_storage_config',
'links' => [
'self' => ['href' => $self_url],
],
'attributes' => [
'cardinality' => 1,
'custom_storage' => FALSE,
'dependencies' => [
'module' => [
'node',
],
],
'entity_type' => 'node',
'field_name' => 'true_llama',
'indexes' => [],
'langcode' => 'en',
'locked' => FALSE,
'module' => 'core',
'persist_with_no_fields' => FALSE,
'settings' => [],
'status' => TRUE,
'translatable' => TRUE,
'field_storage_config_type' => 'boolean',
'drupal_internal__id' => 'node.true_llama',
],
],
];
}
/**
* {@inheritdoc}
*/
protected function getPostDocument(): array {
// @todo Update in https://www.drupal.org/node/2300677.
return [];
}
/**
* {@inheritdoc}
*/
protected function getExpectedUnauthorizedAccessMessage($method): string {
return "The 'administer node fields' permission is required.";
}
}

260
web/core/modules/jsonapi/tests/src/Functional/FileTest.php Normal file
View File

@ -0,0 +1,260 @@
<?php
declare(strict_types=1);
namespace Drupal\Tests\jsonapi\Functional;
use Drupal\jsonapi\JsonApiSpec;
use Drupal\Component\Utility\NestedArray;
use Drupal\Core\Url;
use Drupal\file\Entity\File;
use Drupal\file\FileInterface;
use Drupal\Tests\jsonapi\Traits\CommonCollectionFilterAccessTestPatternsTrait;
use Drupal\user\Entity\User;
use GuzzleHttp\RequestOptions;
/**
* JSON:API integration test for the "File" content entity type.
*
* @group jsonapi
*/
class FileTest extends ResourceTestBase {
use CommonCollectionFilterAccessTestPatternsTrait;
/**
* {@inheritdoc}
*/
protected static $modules = ['file', 'user'];
/**
* {@inheritdoc}
*/
protected $defaultTheme = 'stark';
/**
* {@inheritdoc}
*/
protected static $entityTypeId = 'file';
/**
* {@inheritdoc}
*/
protected static $resourceTypeName = 'file--file';
/**
* {@inheritdoc}
*
* @var \Drupal\file\FileInterface
*/
protected $entity;
/**
* {@inheritdoc}
*/
protected static $patchProtectedFieldNames = [
'uri' => NULL,
'filemime' => NULL,
'filesize' => NULL,
'status' => NULL,
'changed' => NULL,
];
/**
* The file author.
*
* @var \Drupal\user\UserInterface
*/
protected $author;
/**
* {@inheritdoc}
*/
protected function setUpAuthorization($method): void {
switch ($method) {
case 'GET':
$this->grantPermissionsToTestedRole(['access content']);
break;
case 'PATCH':
// \Drupal\file\FileAccessControlHandler::checkAccess() grants 'update'
// access only to the user that owns the file. So there is no permission
// to grant: instead, the file owner must be changed from its default
// (user 1) to the current user.
$this->makeCurrentUserFileOwner();
return;
case 'DELETE':
$this->grantPermissionsToTestedRole(['delete any file']);
break;
}
}
/**
* Makes the current user the file owner.
*/
protected function makeCurrentUserFileOwner(): void {
$account = User::load(2);
$this->entity->setOwnerId($account->id());
$this->entity->setOwner($account);
$this->entity->save();
}
/**
* {@inheritdoc}
*/
protected function createEntity() {
$this->author = User::load(1);
$file = File::create();
$file->setOwnerId($this->author->id());
$file->setFilename('drupal.txt');
$file->setMimeType('text/plain');
$file->setFileUri('public://drupal.txt');
$file->set('status', FileInterface::STATUS_PERMANENT);
$file->save();
file_put_contents($file->getFileUri(), 'Drupal');
return $file;
}
/**
* {@inheritdoc}
*/
protected function createAnotherEntity($key) {
/** @var \Drupal\file\FileInterface $duplicate */
$duplicate = parent::createAnotherEntity($key);
$duplicate->setFileUri("public://$key.txt");
$duplicate->save();
return $duplicate;
}
/**
* {@inheritdoc}
*/
protected function getExpectedDocument(): array {
$self_url = Url::fromUri('base:/jsonapi/file/file/' . $this->entity->uuid())->setAbsolute()->toString(TRUE)->getGeneratedUrl();
return [
'jsonapi' => [
'meta' => [
'links' => [
'self' => ['href' => JsonApiSpec::SUPPORTED_SPECIFICATION_PERMALINK],
],
],
'version' => JsonApiSpec::SUPPORTED_SPECIFICATION_VERSION,
],
'links' => [
'self' => ['href' => $self_url],
],
'data' => [
'id' => $this->entity->uuid(),
'type' => 'file--file',
'links' => [
'self' => ['href' => $self_url],
],
'attributes' => [
'created' => (new \DateTime())->setTimestamp($this->entity->getCreatedTime())->setTimezone(new \DateTimeZone('UTC'))->format(\DateTime::RFC3339),
'changed' => (new \DateTime())->setTimestamp($this->entity->getChangedTime())->setTimezone(new \DateTimeZone('UTC'))->format(\DateTime::RFC3339),
'filemime' => 'text/plain',
'filename' => 'drupal.txt',
'filesize' => (int) $this->entity->getSize(),
'langcode' => 'en',
'status' => TRUE,
'uri' => [
'url' => base_path() . $this->siteDirectory . '/files/drupal.txt',
'value' => 'public://drupal.txt',
],
'drupal_internal__fid' => 1,
],
'relationships' => [
'uid' => [
'data' => [
'id' => $this->author->uuid(),
'meta' => [
'drupal_internal__target_id' => (int) $this->author->id(),
],
'type' => 'user--user',
],
'links' => [
'related' => ['href' => $self_url . '/uid'],
'self' => ['href' => $self_url . '/relationships/uid'],
],
],
],
],
];
}
/**
* {@inheritdoc}
*/
protected function getPostDocument(): array {
return [
'data' => [
'type' => 'file--file',
'attributes' => [
'filename' => 'drupal.txt',
],
],
];
}
/**
* Tests POST/PATCH/DELETE for an individual resource.
*/
public function testIndividual(): void {
// @todo https://www.drupal.org/node/1927648
// Add doTestPostIndividual().
$this->doTestPatchIndividual();
$this->entity = $this->resaveEntity($this->entity, $this->account);
$this->revokePermissions();
$this->config('jsonapi.settings')->set('read_only', TRUE)->save(TRUE);
$this->doTestDeleteIndividual();
}
/**
* {@inheritdoc}
*/
protected function getExpectedUnauthorizedAccessMessage($method) {
return match($method) {
'GET' => "The 'access content' permission is required.",
'PATCH' => "Only the file owner can update the file entity.",
'DELETE' => "The 'delete any file' permission is required.",
default => parent::getExpectedUnauthorizedAccessMessage($method),
};
}
/**
* {@inheritdoc}
*/
public function testCollectionFilterAccess(): void {
$label_field_name = 'filename';
// Verify the expected behavior in the common case: when the file is public.
$this->doTestCollectionFilterAccessBasedOnPermissions($label_field_name, 'access content');
$collection_url = Url::fromRoute('jsonapi.entity_test--bar.collection');
$collection_filter_url = $collection_url->setOption('query', ["filter[spotlight.$label_field_name]" => $this->entity->label()]);
$request_options = [];
$request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
$request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions());
// 1 result because the current user is the file owner, even though the file
// is private.
$this->entity->setFileUri('private://drupal.txt');
$this->entity->setOwner($this->account);
$this->entity->save();
$response = $this->request('GET', $collection_filter_url, $request_options);
$doc = $this->getDocumentFromResponse($response);
$this->assertCount(1, $doc['data']);
// 0 results because the current user is no longer the file owner and the
// file is private.
$this->entity->setOwner(User::load(0));
$this->entity->save();
$response = $this->request('GET', $collection_filter_url, $request_options);
$doc = $this->getDocumentFromResponse($response);
$this->assertCount(0, $doc['data']);
}
}

893
web/core/modules/jsonapi/tests/src/Functional/FileUploadTest.php Normal file
View File

@ -0,0 +1,893 @@
<?php
declare(strict_types=1);
namespace Drupal\Tests\jsonapi\Functional;
use Drupal\jsonapi\JsonApiSpec;
use Drupal\Component\Render\PlainTextOutput;
use Drupal\Component\Serialization\Json;
use Drupal\Component\Utility\NestedArray;
use Drupal\Core\Cache\CacheableMetadata;
use Drupal\Core\Field\FieldStorageDefinitionInterface;
use Drupal\Core\Url;
use Drupal\entity_test\Entity\EntityTest;
use Drupal\field\Entity\FieldConfig;
use Drupal\field\Entity\FieldStorageConfig;
use Drupal\file\Entity\File;
use Drupal\user\Entity\User;
use GuzzleHttp\RequestOptions;
use Psr\Http\Message\ResponseInterface;
// cspell:ignore èxample msword
/**
* Tests binary data file upload route.
*
* @group jsonapi
*/
class FileUploadTest extends ResourceTestBase {
/**
* {@inheritdoc}
*/
protected static $modules = ['entity_test', 'file'];
/**
* {@inheritdoc}
*/
protected $defaultTheme = 'stark';
/**
* {@inheritdoc}
*
* @see $entity
*/
protected static $entityTypeId = 'entity_test';
/**
* {@inheritdoc}
*
* @see $entity
*/
protected static $resourceTypeName = 'entity_test--entity_test';
/**
* The POST URI.
*
* @var string
*/
protected static $postUri = '/jsonapi/entity_test/entity_test/field_rest_file_test';
/**
* Test file data.
*
* @var string
*/
protected $testFileData = 'Hares sit on chairs, and mules sit on stools.';
/**
* The test field storage config.
*
* @var \Drupal\field\Entity\FieldStorageConfig
*/
protected $fieldStorage;
/**
* The field config.
*
* @var \Drupal\field\Entity\FieldConfig
*/
protected $field;
/**
* The parent entity.
*
* @var \Drupal\Core\Entity\EntityInterface
*/
protected $entity;
/**
* Created file entity.
*
* @var \Drupal\file\Entity\File
*/
protected $file;
/**
* An authenticated user.
*
* @var \Drupal\user\UserInterface
*/
protected $user;
/**
* The entity storage for the 'file' entity type.
*
* @var \Drupal\Core\Entity\EntityStorageInterface
*/
protected $fileStorage;
/**
* A list of test methods to skip.
*
* @var array
*/
const SKIP_METHODS = ['testGetIndividual', 'testIndividual', 'testCollection', 'testRelationships'];
/**
* {@inheritdoc}
*/
protected function setUp(): void {
if (in_array($this->name(), static::SKIP_METHODS, TRUE)) {
$this->markTestSkipped('Irrelevant for this test');
}
parent::setUp();
$this->fileStorage = $this->container->get('entity_type.manager')
->getStorage('file');
// Add a file field.
$this->fieldStorage = FieldStorageConfig::create([
'entity_type' => 'entity_test',
'field_name' => 'field_rest_file_test',
'type' => 'file',
'settings' => [
'uri_scheme' => 'public',
],
])
->setCardinality(FieldStorageDefinitionInterface::CARDINALITY_UNLIMITED);
$this->fieldStorage->save();
$this->field = FieldConfig::create([
'entity_type' => 'entity_test',
'field_name' => 'field_rest_file_test',
'bundle' => 'entity_test',
'settings' => [
'file_directory' => 'foobar',
'file_extensions' => 'txt',
'max_filesize' => '',
],
])
->setLabel('Test file field')
->setTranslatable(FALSE);
$this->field->save();
// Reload entity so that it has the new field.
$this->entity = $this->entityStorage->loadUnchanged($this->entity->id());
}
/**
* {@inheritdoc}
*/
protected function createEntity() {
// Create an entity that a file can be attached to.
$entity_test = EntityTest::create([
'name' => 'Llama',
'type' => 'entity_test',
]);
$entity_test->setOwnerId($this->account->id());
$entity_test->save();
return $entity_test;
}
/**
* {@inheritdoc}
*/
public function testRelated(): void {
\Drupal::service('router.builder')->rebuild();
parent::testRelated();
}
/**
* Tests using the file upload POST route; needs second request to "use" file.
*/
public function testPostFileUpload(): void {
\Drupal::service('router.builder')->rebuild();
$uri = Url::fromUri('base:' . static::$postUri);
// DX: 405 when read-only mode is enabled.
$response = $this->fileRequest($uri, $this->testFileData);
$this->assertResourceErrorResponse(405, sprintf("JSON:API is configured to accept only read operations. Site administrators can configure this at %s.", Url::fromUri('base:/admin/config/services/jsonapi')->setAbsolute()->toString(TRUE)->getGeneratedUrl()), $uri, $response);
$this->assertSame(['GET'], $response->getHeader('Allow'));
$this->config('jsonapi.settings')->set('read_only', FALSE)->save(TRUE);
// DX: 403 when unauthorized.
$response = $this->fileRequest($uri, $this->testFileData);
$this->assertResourceErrorResponse(403, $this->getExpectedUnauthorizedAccessMessage('POST'), $uri, $response);
$this->setUpAuthorization('POST');
// 404 when the field name is invalid.
$invalid_uri = Url::fromUri('base:' . static::$postUri . '_invalid');
$response = $this->fileRequest($invalid_uri, $this->testFileData);
$this->assertResourceErrorResponse(404, 'Field "field_rest_file_test_invalid" does not exist.', $invalid_uri, $response);
// This request will have the default 'application/octet-stream' content
// type header.
$response = $this->fileRequest($uri, $this->testFileData);
$this->assertSame(201, $response->getStatusCode());
$expected = $this->getExpectedDocument();
$this->assertResponseData($expected, $response);
// Check the actual file data.
$this->assertSame($this->testFileData, file_get_contents('public://foobar/example.txt'));
// Test the file again but using 'filename' in the Content-Disposition
// header with no 'file' prefix.
$response = $this->fileRequest($uri, $this->testFileData, ['Content-Disposition' => 'filename="example.txt"']);
$this->assertSame(201, $response->getStatusCode());
$expected = $this->getExpectedDocument(2, 'example_0.txt', TRUE);
$this->assertResponseData($expected, $response);
// Check the actual file data.
$this->assertSame($this->testFileData, file_get_contents('public://foobar/example_0.txt'));
$this->assertTrue($this->fileStorage->loadUnchanged(1)->isTemporary());
// Verify that we can create an entity that references the uploaded file.
$entity_test_post_url = Url::fromRoute('jsonapi.entity_test--entity_test.collection.post');
$request_options = [];
$request_options[RequestOptions::HEADERS]['Content-Type'] = 'application/vnd.api+json';
$request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions());
$request_options[RequestOptions::BODY] = Json::encode($this->getPostDocument());
$response = $this->request('POST', $entity_test_post_url, $request_options);
$this->assertResourceResponse(201, FALSE, $response);
$this->assertTrue($this->fileStorage->loadUnchanged(1)->isPermanent());
$this->assertSame([
[
'target_id' => '1',
'display' => NULL,
'description' => "The most fascinating file ever!",
],
], EntityTest::load(2)->get('field_rest_file_test')->getValue());
}
/**
* Tests using the 'file upload and "use" file in single request" POST route.
*/
public function testPostFileUploadAndUseInSingleRequest(): void {
\Drupal::service('router.builder')->rebuild();
// Update the test entity so it already has a file. This allows verifying
// that this route appends files, and does not replace them.
mkdir('public://foobar');
file_put_contents('public://foobar/existing.txt', $this->testFileData);
$existing_file = File::create([
'uri' => 'public://foobar/existing.txt',
]);
$existing_file->setOwnerId($this->account->id());
$existing_file->setPermanent();
$existing_file->save();
$this->entity
->set('field_rest_file_test', ['target_id' => $existing_file->id()])
->save();
$uri = Url::fromUri('base:/jsonapi/entity_test/entity_test/' . $this->entity->uuid() . '/field_rest_file_test');
// DX: 405 when read-only mode is enabled.
$response = $this->fileRequest($uri, $this->testFileData);
$this->assertResourceErrorResponse(405, sprintf("JSON:API is configured to accept only read operations. Site administrators can configure this at %s.", Url::fromUri('base:/admin/config/services/jsonapi')->setAbsolute()->toString(TRUE)->getGeneratedUrl()), $uri, $response);
$this->assertSame(['GET'], $response->getHeader('Allow'));
$this->config('jsonapi.settings')->set('read_only', FALSE)->save(TRUE);
// DX: 403 when unauthorized.
$response = $this->fileRequest($uri, $this->testFileData);
$this->assertResourceErrorResponse(403, $this->getExpectedUnauthorizedAccessMessage('PATCH'), $uri, $response);
$this->setUpAuthorization('PATCH');
// 404 when the field name is invalid.
$invalid_uri = Url::fromUri($uri->getUri() . '_invalid');
$response = $this->fileRequest($invalid_uri, $this->testFileData);
$this->assertResourceErrorResponse(404, 'Field "field_rest_file_test_invalid" does not exist.', $invalid_uri, $response);
// This request fails despite the upload succeeding, because we're not
// allowed to view the entity we're uploading to.
$response = $this->fileRequest($uri, $this->testFileData);
$this->assertResourceErrorResponse(403, $this->getExpectedUnauthorizedAccessMessage('GET'), $uri, $response, FALSE, ['4xx-response', 'http_response'], ['url.query_args', 'url.site', 'user.permissions']);
$this->setUpAuthorization('GET');
// Re-uploading the same file will result in the file being uploaded twice
// and referenced twice.
$response = $this->fileRequest($uri, $this->testFileData);
$this->assertSame(200, $response->getStatusCode());
$expected = [
'jsonapi' => [
'meta' => [
'links' => [
'self' => ['href' => JsonApiSpec::SUPPORTED_SPECIFICATION_PERMALINK],
],
],
'version' => JsonApiSpec::SUPPORTED_SPECIFICATION_VERSION,
],
'links' => [
'self' => ['href' => Url::fromUri('base:/jsonapi/entity_test/entity_test/' . $this->entity->uuid() . '/field_rest_file_test')->setAbsolute(TRUE)->toString()],
],
'data' => [
0 => $this->getExpectedDocument(1, 'existing.txt', TRUE, TRUE)['data'],
1 => $this->getExpectedDocument(2, 'example.txt', TRUE, TRUE)['data'],
2 => $this->getExpectedDocument(3, 'example_0.txt', TRUE, TRUE)['data'],
],
];
$this->assertResponseData($expected, $response);
// The response document received for the POST request is identical to the
// response document received by GETting the same URL.
$request_options = [];
$request_options[RequestOptions::HEADERS]['Content-Type'] = 'application/vnd.api+json';
$request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions());
$response = $this->request('GET', $uri, $request_options);
$this->assertSame(200, $response->getStatusCode());
$this->assertResponseData($expected, $response);
// Check the actual file data.
$this->assertSame($this->testFileData, file_get_contents('public://foobar/example.txt'));
$this->assertSame($this->testFileData, file_get_contents('public://foobar/example_0.txt'));
}
/**
* Returns the JSON:API POST document referencing the uploaded file.
*
* @return array
* A JSON:API request document.
*
* @see ::testPostFileUpload()
* @see \Drupal\Tests\jsonapi\Functional\EntityTestTest::getPostDocument()
*/
protected function getPostDocument(): array {
return [
'data' => [
'type' => 'entity_test--entity_test',
'attributes' => [
'name' => 'Drama llama',
],
'relationships' => [
'field_rest_file_test' => [
'data' => [
'id' => File::load(1)->uuid(),
'meta' => [
'description' => 'The most fascinating file ever!',
],
'type' => 'file--file',
],
],
],
],
];
}
/**
* Tests using the file upload POST route with invalid headers.
*/
protected function testPostFileUploadInvalidHeaders(): void {
$uri = Url::fromUri('base:' . static::$postUri);
// The wrong content type header should return a 415 code.
$response = $this->fileRequest($uri, $this->testFileData, ['Content-Type' => 'application/vnd.api+json']);
$this->assertSame(415, $response->getStatusCode());
// An empty Content-Disposition header should return a 400.
$response = $this->fileRequest($uri, $this->testFileData, ['Content-Disposition' => FALSE]);
$this->assertResourceErrorResponse(400, '"Content-Disposition" header is required. A file name in the format "filename=FILENAME" must be provided.', $uri, $response);
// An empty filename with a context in the Content-Disposition header should
// return a 400.
$response = $this->fileRequest($uri, $this->testFileData, ['Content-Disposition' => 'file; filename=""']);
$this->assertResourceErrorResponse(400, 'No filename found in "Content-Disposition" header. A file name in the format "filename=FILENAME" must be provided.', $uri, $response);
// An empty filename without a context in the Content-Disposition header
// should return a 400.
$response = $this->fileRequest($uri, $this->testFileData, ['Content-Disposition' => 'filename=""']);
$this->assertResourceErrorResponse(400, 'No filename found in "Content-Disposition" header. A file name in the format "filename=FILENAME" must be provided.', $uri, $response);
// An invalid key-value pair in the Content-Disposition header should return
// a 400.
$response = $this->fileRequest($uri, $this->testFileData, ['Content-Disposition' => 'not_a_filename="example.txt"']);
$this->assertResourceErrorResponse(400, 'No filename found in "Content-Disposition" header. A file name in the format "filename=FILENAME" must be provided.', $uri, $response);
// Using filename* extended format is not currently supported.
$response = $this->fileRequest($uri, $this->testFileData, ['Content-Disposition' => 'filename*="UTF-8 \' \' example.txt"']);
$this->assertResourceErrorResponse(400, 'The extended "filename*" format is currently not supported in the "Content-Disposition" header.', $uri, $response);
}
/**
* Tests using the file upload POST route with a duplicate file name.
*
* A new file should be created with a suffixed name.
*/
public function testPostFileUploadDuplicateFile(): void {
\Drupal::service('router.builder')->rebuild();
$this->setUpAuthorization('POST');
$this->config('jsonapi.settings')->set('read_only', FALSE)->save(TRUE);
$uri = Url::fromUri('base:' . static::$postUri);
// This request will have the default 'application/octet-stream' content
// type header.
$response = $this->fileRequest($uri, $this->testFileData);
$this->assertSame(201, $response->getStatusCode());
// Make the same request again. The file should be saved as a new file
// entity that has the same file name but a suffixed file URI.
$response = $this->fileRequest($uri, $this->testFileData);
$this->assertSame(201, $response->getStatusCode());
// Loading expected normalized data for file 2, the duplicate file.
$expected = $this->getExpectedDocument(2, 'example_0.txt', TRUE);
$this->assertResponseData($expected, $response);
// Check the actual file data.
$this->assertSame($this->testFileData, file_get_contents('public://foobar/example_0.txt'));
// Simulate a race condition where two files are uploaded at almost the same
// time, by removing the first uploaded file from disk (leaving the entry in
// the file_managed table) before trying to upload another file with the
// same name.
unlink(\Drupal::service('file_system')->realpath('public://foobar/example.txt'));
// Make the same request again. The upload should fail validation.
$response = $this->fileRequest($uri, $this->testFileData);
$this->assertResourceErrorResponse(422, PlainTextOutput::renderFromHtml("Unprocessable Entity: file validation failed.\nThe file public://foobar/example.txt already exists. Enter a unique file URI."), $uri, $response);
}
/**
* Tests using the file upload route with any path prefixes being stripped.
*
* @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Disposition#Directives
*/
public function testFileUploadStrippedFilePath(): void {
\Drupal::service('router.builder')->rebuild();
$this->setUpAuthorization('POST');
$this->config('jsonapi.settings')->set('read_only', FALSE)->save(TRUE);
$uri = Url::fromUri('base:' . static::$postUri);
$response = $this->fileRequest($uri, $this->testFileData, ['Content-Disposition' => 'file; filename="directory/example.txt"']);
$this->assertSame(201, $response->getStatusCode());
$expected = $this->getExpectedDocument();
$this->assertResponseData($expected, $response);
// Check the actual file data. It should have been written to the configured
// directory, not /foobar/directory/example.txt.
$this->assertSame($this->testFileData, file_get_contents('public://foobar/example.txt'));
$response = $this->fileRequest($uri, $this->testFileData, ['Content-Disposition' => 'file; filename="../../example_2.txt"']);
$this->assertSame(201, $response->getStatusCode());
$expected = $this->getExpectedDocument(2, 'example_2.txt', TRUE);
$this->assertResponseData($expected, $response);
// Check the actual file data. It should have been written to the configured
// directory, not /foobar/directory/example.txt.
$this->assertSame($this->testFileData, file_get_contents('public://foobar/example_2.txt'));
$this->assertFileDoesNotExist('../../example_2.txt');
// Check a path from the root. Extensions have to be empty to allow a file
// with no extension to pass validation.
$this->field->setSetting('file_extensions', '')
->save();
\Drupal::service('router.builder')->rebuild();
$response = $this->fileRequest($uri, $this->testFileData, ['Content-Disposition' => 'file; filename="/etc/passwd"']);
$this->assertSame(201, $response->getStatusCode());
$expected = $this->getExpectedDocument(3, 'passwd', TRUE);
// This mime will be guessed as there is no extension.
$expected['data']['attributes']['filemime'] = 'application/octet-stream';
$this->assertResponseData($expected, $response);
// Check the actual file data. It should have been written to the configured
// directory, not /foobar/directory/example.txt.
$this->assertSame($this->testFileData, file_get_contents('public://foobar/passwd'));
}
/**
* Tests invalid file uploads.
*/
public function testInvalidFileUploads(): void {
\Drupal::service('router.builder')->rebuild();
$this->setUpAuthorization('POST');
$this->config('jsonapi.settings')->set('read_only', FALSE)->save(TRUE);
$this->testFileUploadInvalidFileType();
$this->testPostFileUploadInvalidHeaders();
$this->testFileUploadLargerFileSize();
$this->testFileUploadMaliciousExtension();
}
/**
* Tests using the file upload route with a unicode file name.
*/
public function testFileUploadUnicodeFilename(): void {
\Drupal::service('router.builder')->rebuild();
$this->setUpAuthorization('POST');
$this->config('jsonapi.settings')->set('read_only', FALSE)->save(TRUE);
$uri = Url::fromUri('base:' . static::$postUri);
// It is important that the filename starts with a unicode character. See
// https://bugs.php.net/bug.php?id=77239.
$response = $this->fileRequest($uri, $this->testFileData, ['Content-Disposition' => 'file; filename="Èxample-✓.txt"']);
$this->assertSame(201, $response->getStatusCode());
$expected = $this->getExpectedDocument(1, 'Èxample-✓.txt', TRUE);
$this->assertResponseData($expected, $response);
$this->assertSame($this->testFileData, file_get_contents('public://foobar/Èxample-✓.txt'));
}
/**
* Tests using the file upload route with a zero byte file.
*/
public function testFileUploadZeroByteFile(): void {
\Drupal::service('router.builder')->rebuild();
$this->setUpAuthorization('POST');
$this->config('jsonapi.settings')->set('read_only', FALSE)->save(TRUE);
$uri = Url::fromUri('base:' . static::$postUri);
// Test with a zero byte file.
$response = $this->fileRequest($uri, NULL);
$this->assertSame(201, $response->getStatusCode());
$expected = $this->getExpectedDocument();
// Modify the default expected data to account for the 0 byte file.
$expected['data']['attributes']['filesize'] = 0;
$this->assertResponseData($expected, $response);
// Check the actual file data.
$this->assertSame('', file_get_contents('public://foobar/example.txt'));
}
/**
* Tests using the file upload route with an invalid file type.
*/
protected function testFileUploadInvalidFileType(): void {
$uri = Url::fromUri('base:' . static::$postUri);
// Test with a JSON file.
$response = $this->fileRequest($uri, '{"test":123}', ['Content-Disposition' => 'filename="example.json"']);
$this->assertResourceErrorResponse(422, PlainTextOutput::renderFromHtml("Unprocessable Entity: file validation failed.\nOnly files with the following extensions are allowed: <em class=\"placeholder\">txt</em>."), $uri, $response);
// Make sure that no file was saved.
$this->assertEmpty(File::load(1));
$this->assertFileDoesNotExist('public://foobar/example.txt');
}
/**
* Tests using the file upload route with a file size larger than allowed.
*/
protected function testFileUploadLargerFileSize(): void {
// Set a limit of 50 bytes.
$this->field->setSetting('max_filesize', 50)
->save();
\Drupal::service('router.builder')->rebuild();
$uri = Url::fromUri('base:' . static::$postUri);
// Generate a string larger than the 50 byte limit set.
$response = $this->fileRequest($uri, $this->randomString(100));
$this->assertResourceErrorResponse(422, PlainTextOutput::renderFromHtml("Unprocessable Entity: file validation failed.\nThe file is <em class=\"placeholder\">100 bytes</em> exceeding the maximum file size of <em class=\"placeholder\">50 bytes</em>."), $uri, $response);
// Make sure that no file was saved.
$this->assertEmpty(File::load(1));
$this->assertFileDoesNotExist('public://foobar/example.txt');
}
/**
* Tests using the file upload POST route with malicious extensions.
*/
protected function testFileUploadMaliciousExtension(): void {
// Allow all file uploads but system.file::allow_insecure_uploads is set to
// FALSE.
$this->field->setSetting('file_extensions', '')->save();
$uri = Url::fromUri('base:' . static::$postUri);
$php_string = '<?php print "Drupal"; ?>';
// Test using a masked exploit file.
$response = $this->fileRequest($uri, $php_string, ['Content-Disposition' => 'filename="example.php"']);
// The filename is not munged because .txt is added and it is a known
// extension to apache.
$expected = $this->getExpectedDocument(1, 'example.php_.txt', TRUE);
// Override the expected filesize.
$expected['data']['attributes']['filesize'] = strlen($php_string);
$this->assertResponseData($expected, $response);
$this->assertFileExists('public://foobar/example.php_.txt');
// Add .php and .txt as allowed extensions. Since 'allow_insecure_uploads'
// is FALSE, .php files should be renamed to have a .txt extension.
$this->field->setSetting('file_extensions', 'php txt')->save();
$response = $this->fileRequest($uri, $php_string, ['Content-Disposition' => 'filename="example_2.php"']);
$expected = $this->getExpectedDocument(2, 'example_2.php_.txt', TRUE);
// Override the expected filesize.
$expected['data']['attributes']['filesize'] = strlen($php_string);
$this->assertResponseData($expected, $response);
$this->assertFileExists('public://foobar/example_2.php_.txt');
$this->assertFileDoesNotExist('public://foobar/example_2.php');
// Allow .doc file uploads and ensure even a mis-configured apache will not
// fallback to php because the filename will be munged.
$this->field->setSetting('file_extensions', 'doc')->save();
// Test using a masked exploit file.
$response = $this->fileRequest($uri, $php_string, ['Content-Disposition' => 'filename="example_3.php.doc"']);
// The filename is munged.
$expected = $this->getExpectedDocument(3, 'example_3.php_.doc', TRUE);
// Override the expected filesize.
$expected['data']['attributes']['filesize'] = strlen($php_string);
// The file mime should be 'application/msword'.
$expected['data']['attributes']['filemime'] = 'application/msword';
$this->assertResponseData($expected, $response);
$this->assertFileExists('public://foobar/example_3.php_.doc');
$this->assertFileDoesNotExist('public://foobar/example_3.php.doc');
// Test that a dangerous extension such as .php is munged even if it is in
// the list of allowed extensions.
$this->field->setSetting('file_extensions', 'doc php')->save();
// Test using a masked exploit file.
$response = $this->fileRequest($uri, $php_string, ['Content-Disposition' => 'filename="example_4.php.doc"']);
// The filename is munged.
$expected = $this->getExpectedDocument(4, 'example_4.php_.doc', TRUE);
// Override the expected filesize.
$expected['data']['attributes']['filesize'] = strlen($php_string);
// The file mime should be 'application/msword'.
$expected['data']['attributes']['filemime'] = 'application/msword';
$this->assertResponseData($expected, $response);
$this->assertFileExists('public://foobar/example_4.php_.doc');
$this->assertFileDoesNotExist('public://foobar/example_4.php.doc');
// Dangerous extensions are munged even when all extensions are allowed.
$this->field->setSetting('file_extensions', '')->save();
$response = $this->fileRequest($uri, $php_string, ['Content-Disposition' => 'filename="example_5.php.png"']);
$expected = $this->getExpectedDocument(5, 'example_5.php_.png', TRUE);
// Override the expected filesize.
$expected['data']['attributes']['filesize'] = strlen($php_string);
// The file mime should still see this as a PNG image.
$expected['data']['attributes']['filemime'] = 'image/png';
$this->assertResponseData($expected, $response);
$this->assertFileExists('public://foobar/example_5.php_.png');
// Dangerous extensions are munged if is renamed to end in .txt.
$response = $this->fileRequest($uri, $php_string, ['Content-Disposition' => 'filename="example_6.cgi.png.txt"']);
$expected = $this->getExpectedDocument(6, 'example_6.cgi_.png_.txt', TRUE);
// Override the expected filesize.
$expected['data']['attributes']['filesize'] = strlen($php_string);
// The file mime should also now be text.
$expected['data']['attributes']['filemime'] = 'text/plain';
$this->assertResponseData($expected, $response);
$this->assertFileExists('public://foobar/example_6.cgi_.png_.txt');
// Add .php as an allowed extension without .txt. Since insecure uploads are
// are not allowed, .php files will be rejected.
$this->field->setSetting('file_extensions', 'php')->save();
$response = $this->fileRequest($uri, $php_string, ['Content-Disposition' => 'filename="example_7.php"']);
$this->assertResourceErrorResponse(422, "Unprocessable Entity: file validation failed.\nFor security reasons, your upload has been rejected.", $uri, $response);
// Make sure that no file was saved.
$this->assertFileDoesNotExist('public://foobar/example_7.php');
$this->assertFileDoesNotExist('public://foobar/example_7.php.txt');
// Now allow insecure uploads.
\Drupal::configFactory()
->getEditable('system.file')
->set('allow_insecure_uploads', TRUE)
->save();
// Allow all file uploads. This is very insecure.
$this->field->setSetting('file_extensions', '')->save();
\Drupal::service('router.builder')->rebuild();
$response = $this->fileRequest($uri, $php_string, ['Content-Disposition' => 'filename="example_7.php"']);
$expected = $this->getExpectedDocument(7, 'example_7.php', TRUE);
// Override the expected filesize.
$expected['data']['attributes']['filesize'] = strlen($php_string);
// The file mime should also now be PHP.
$expected['data']['attributes']['filemime'] = 'application/x-httpd-php';
$this->assertResponseData($expected, $response);
$this->assertFileExists('public://foobar/example_7.php');
}
/**
* Tests using the file upload POST route no configuration.
*/
public function testFileUploadNoConfiguration(): void {
$this->setUpAuthorization('POST');
$this->config('jsonapi.settings')->set('read_only', FALSE)->save(TRUE);
$uri = Url::fromUri('base:' . static::$postUri);
$this->field->setSetting('file_extensions', '')
->save();
\Drupal::service('router.builder')->rebuild();
$response = $this->fileRequest($uri, $this->testFileData, ['Content-Disposition' => 'filename="example.txt"']);
$expected = $this->getExpectedDocument(1, 'example.txt', TRUE);
$this->assertResponseData($expected, $response);
$this->assertFileExists('public://foobar/example.txt');
$this->field->setSetting('file_directory', '')
->save();
$response = $this->fileRequest($uri, $this->testFileData, ['Content-Disposition' => 'filename="example.txt"']);
$expected = $this->getExpectedDocument(2, 'example.txt', TRUE);
$expected['data']['attributes']['uri']['value'] = 'public://example.txt';
$expected['data']['attributes']['uri']['url'] = base_path() . $this->siteDirectory . '/files/example.txt';
$this->assertResponseData($expected, $response);
$this->assertFileExists('public://example.txt');
}
/**
* {@inheritdoc}
*/
protected function getExpectedUnauthorizedAccessMessage($method): string {
switch ($method) {
case 'GET':
return "The current user is not allowed to view this relationship. The 'view test entity' permission is required.";
case 'POST':
return "The current user is not permitted to upload a file for this field. The following permissions are required: 'administer entity_test content' OR 'administer entity_test_with_bundle content' OR 'create entity_test entity_test_with_bundle entities'.";
case 'PATCH':
return "The current user is not permitted to upload a file for this field. The 'administer entity_test content' permission is required.";
}
return '';
}
/**
* Returns the expected JSON:API document for the expected file entity.
*
* @param int $fid
* The file ID to load and create a JSON:API document for.
* @param string $expected_filename
* The expected filename for the stored file.
* @param bool $expected_as_filename
* Whether the expected filename should be the filename property too.
* @param bool $expected_status
* The expected file status. Defaults to FALSE.
*
* @return array
* A JSON:API response document.
*/
protected function getExpectedDocument($fid = 1, $expected_filename = 'example.txt', $expected_as_filename = FALSE, $expected_status = FALSE): array {
$author = User::load($this->account->id());
$file = File::load($fid);
$this->assertInstanceOf(File::class, $file);
$self_url = Url::fromUri('base:/jsonapi/file/file/' . $file->uuid())->setAbsolute()->toString(TRUE)->getGeneratedUrl();
return [
'jsonapi' => [
'meta' => [
'links' => [
'self' => ['href' => JsonApiSpec::SUPPORTED_SPECIFICATION_PERMALINK],
],
],
'version' => JsonApiSpec::SUPPORTED_SPECIFICATION_VERSION,
],
'links' => [
'self' => ['href' => $self_url],
],
'data' => [
'id' => $file->uuid(),
'type' => 'file--file',
'links' => [
'self' => ['href' => $self_url],
],
'attributes' => [
'created' => (new \DateTime())->setTimestamp($file->getCreatedTime())->setTimezone(new \DateTimeZone('UTC'))->format(\DateTime::RFC3339),
'changed' => (new \DateTime())->setTimestamp($file->getChangedTime())->setTimezone(new \DateTimeZone('UTC'))->format(\DateTime::RFC3339),
'filemime' => 'text/plain',
'filename' => $expected_as_filename ? $expected_filename : 'example.txt',
'filesize' => strlen($this->testFileData),
'langcode' => 'en',
'status' => $expected_status,
'uri' => [
'value' => 'public://foobar/' . $expected_filename,
'url' => base_path() . $this->siteDirectory . '/files/foobar/' . rawurlencode($expected_filename),
],
'drupal_internal__fid' => (int) $file->id(),
],
'relationships' => [
'uid' => [
'data' => [
'id' => $author->uuid(),
'meta' => [
'drupal_internal__target_id' => (int) $author->id(),
],
'type' => 'user--user',
],
'links' => [
'related' => ['href' => $self_url . '/uid'],
'self' => ['href' => $self_url . '/relationships/uid'],
],
],
],
],
];
}
/**
* Performs a file upload request. Wraps the Guzzle HTTP client.
*
* @param \Drupal\Core\Url $url
* URL to request.
* @param string $file_contents
* The file contents to send as the request body.
* @param array $headers
* Additional headers to send with the request. Defaults will be added for
* Content-Type and Content-Disposition. In order to remove the defaults set
* the header value to FALSE.
*
* @return \Psr\Http\Message\ResponseInterface
* The received response.
*
* @see \GuzzleHttp\ClientInterface::request()
*/
protected function fileRequest(Url $url, $file_contents, array $headers = []): ResponseInterface {
$request_options = [];
$headers = $headers + [
// Set the required (and only accepted) content type for the request.
'Content-Type' => 'application/octet-stream',
// Set the required Content-Disposition header for the file name.
'Content-Disposition' => 'file; filename="example.txt"',
// Set the required JSON:API Accept header.
'Accept' => 'application/vnd.api+json',
];
$request_options[RequestOptions::HEADERS] = array_filter($headers, function ($value) {
return $value !== FALSE;
});
$request_options[RequestOptions::BODY] = $file_contents;
$request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions());
return $this->request('POST', $url, $request_options);
}
/**
* {@inheritdoc}
*/
protected function setUpAuthorization($method): void {
switch ($method) {
case 'GET':
$this->grantPermissionsToTestedRole(['view test entity']);
break;
case 'POST':
$this->grantPermissionsToTestedRole(['create entity_test entity_test_with_bundle entities', 'access content']);
break;
case 'PATCH':
$this->grantPermissionsToTestedRole(['administer entity_test content', 'access content']);
break;
}
}
/**
* Asserts expected normalized data matches response data.
*
* @param array $expected
* The expected data.
* @param \Psr\Http\Message\ResponseInterface $response
* The file upload response.
*
* @internal
*/
protected function assertResponseData(array $expected, ResponseInterface $response): void {
static::recursiveKsort($expected);
$actual = $this->getDocumentFromResponse($response);
static::recursiveKsort($actual);
$this->assertSame($expected, $actual);
}
/**
* {@inheritdoc}
*/
protected function getExpectedUnauthorizedAccessCacheability() {
// There is cacheability metadata to check as file uploads only allows POST
// requests, which will not return cacheable responses.
return new CacheableMetadata();
}
}

129
web/core/modules/jsonapi/tests/src/Functional/FilterFormatTest.php Normal file
View File

@ -0,0 +1,129 @@
<?php
declare(strict_types=1);
namespace Drupal\Tests\jsonapi\Functional;
use Drupal\jsonapi\JsonApiSpec;
use Drupal\Core\Url;
use Drupal\filter\Entity\FilterFormat;
/**
* JSON:API integration test for the "FilterFormat" config entity type.
*
* @group jsonapi
*/
class FilterFormatTest extends ConfigEntityResourceTestBase {
/**
* {@inheritdoc}
*/
protected static $modules = ['filter'];
/**
* {@inheritdoc}
*/
protected $defaultTheme = 'stark';
/**
* {@inheritdoc}
*/
protected static $entityTypeId = 'filter_format';
/**
* {@inheritdoc}
*/
protected static $resourceTypeName = 'filter_format--filter_format';
/**
* {@inheritdoc}
*
* @var \Drupal\filter\FilterFormatInterface
*/
protected $entity;
/**
* {@inheritdoc}
*/
protected function setUpAuthorization($method): void {
$this->grantPermissionsToTestedRole(['administer filters']);
}
/**
* {@inheritdoc}
*/
protected function createEntity() {
$pablo_format = FilterFormat::create([
'name' => 'Pablo Picasso',
'format' => 'pablo',
'langcode' => 'es',
'filters' => [
'filter_html' => [
'status' => TRUE,
'settings' => [
'allowed_html' => '<p> <a> <b> <lo>',
],
],
],
]);
$pablo_format->save();
return $pablo_format;
}
/**
* {@inheritdoc}
*/
protected function getExpectedDocument(): array {
$self_url = Url::fromUri('base:/jsonapi/filter_format/filter_format/' . $this->entity->uuid())->setAbsolute()->toString(TRUE)->getGeneratedUrl();
return [
'jsonapi' => [
'meta' => [
'links' => [
'self' => ['href' => JsonApiSpec::SUPPORTED_SPECIFICATION_PERMALINK],
],
],
'version' => JsonApiSpec::SUPPORTED_SPECIFICATION_VERSION,
],
'links' => [
'self' => ['href' => $self_url],
],
'data' => [
'id' => $this->entity->uuid(),
'type' => 'filter_format--filter_format',
'links' => [
'self' => ['href' => $self_url],
],
'attributes' => [
'dependencies' => [],
'filters' => [
'filter_html' => [
'id' => 'filter_html',
'provider' => 'filter',
'status' => TRUE,
'weight' => -10,
'settings' => [
'allowed_html' => '<p> <a> <b> <lo>',
'filter_html_help' => TRUE,
'filter_html_nofollow' => FALSE,
],
],
],
'langcode' => 'es',
'name' => 'Pablo Picasso',
'status' => TRUE,
'weight' => 0,
'drupal_internal__format' => 'pablo',
],
],
];
}
/**
* {@inheritdoc}
*/
protected function getPostDocument(): array {
// @todo Update in https://www.drupal.org/node/2300677.
return [];
}
}

14
web/core/modules/jsonapi/tests/src/Functional/GenericTest.php Normal file
View File

@ -0,0 +1,14 @@
<?php
declare(strict_types=1);
namespace Drupal\Tests\jsonapi\Functional;
use Drupal\Tests\system\Functional\Module\GenericModuleTestBase;
/**
* Generic module test for jsonapi.
*
* @group jsonapi
*/
class GenericTest extends GenericModuleTestBase {}

139
web/core/modules/jsonapi/tests/src/Functional/ImageStyleTest.php Normal file
View File

@ -0,0 +1,139 @@
<?php
declare(strict_types=1);
namespace Drupal\Tests\jsonapi\Functional;
use Drupal\jsonapi\JsonApiSpec;
use Drupal\Core\Url;
use Drupal\image\Entity\ImageStyle;
/**
* JSON:API integration test for the "ImageStyle" config entity type.
*
* @group jsonapi
*/
class ImageStyleTest extends ConfigEntityResourceTestBase {
/**
* {@inheritdoc}
*/
protected static $modules = ['image'];
/**
* {@inheritdoc}
*/
protected $defaultTheme = 'stark';
/**
* {@inheritdoc}
*/
protected static $entityTypeId = 'image_style';
/**
* {@inheritdoc}
*/
protected static $resourceTypeName = 'image_style--image_style';
/**
* {@inheritdoc}
*
* @var \Drupal\image\ImageStyleInterface
*/
protected $entity;
/**
* The effect UUID.
*
* @var string
*/
protected $effectUuid;
/**
* {@inheritdoc}
*/
protected function setUpAuthorization($method): void {
$this->grantPermissionsToTestedRole(['administer image styles']);
}
/**
* {@inheritdoc}
*/
protected function createEntity() {
// Create a "Camelids" image style.
$camelids = ImageStyle::create([
'name' => 'camelids',
'label' => 'Camelids',
]);
// Add an image effect.
$effect = [
'id' => 'image_scale_and_crop',
'data' => [
'width' => 120,
'height' => 121,
],
'weight' => 0,
];
$this->effectUuid = $camelids->addImageEffect($effect);
$camelids->save();
return $camelids;
}
/**
* {@inheritdoc}
*/
protected function getExpectedDocument(): array {
$self_url = Url::fromUri('base:/jsonapi/image_style/image_style/' . $this->entity->uuid())->setAbsolute()->toString(TRUE)->getGeneratedUrl();
return [
'jsonapi' => [
'meta' => [
'links' => [
'self' => ['href' => JsonApiSpec::SUPPORTED_SPECIFICATION_PERMALINK],
],
],
'version' => JsonApiSpec::SUPPORTED_SPECIFICATION_VERSION,
],
'links' => [
'self' => ['href' => $self_url],
],
'data' => [
'id' => $this->entity->uuid(),
'type' => 'image_style--image_style',
'links' => [
'self' => ['href' => $self_url],
],
'attributes' => [
'dependencies' => [],
'effects' => [
$this->effectUuid => [
'uuid' => $this->effectUuid,
'id' => 'image_scale_and_crop',
'weight' => 0,
'data' => [
'anchor' => 'center-center',
'width' => 120,
'height' => 121,
],
],
],
'label' => 'Camelids',
'langcode' => 'en',
'status' => TRUE,
'drupal_internal__name' => 'camelids',
],
],
];
}
/**
* {@inheritdoc}
*/
protected function getPostDocument(): array {
// @todo Update in https://www.drupal.org/node/2300677.
return [];
}
}

194
web/core/modules/jsonapi/tests/src/Functional/InternalEntitiesTest.php Normal file
View File

@ -0,0 +1,194 @@
<?php
declare(strict_types=1);
namespace Drupal\Tests\jsonapi\Functional;
use Drupal\Component\Serialization\Json;
use Drupal\Core\Entity\EntityInterface;
use Drupal\entity_test\Entity\EntityTestBundle;
use Drupal\entity_test\Entity\EntityTestNoLabel;
use Drupal\entity_test\Entity\EntityTestWithBundle;
use Drupal\Tests\BrowserTestBase;
use Drupal\Tests\field\Traits\EntityReferenceFieldCreationTrait;
/**
* Makes assertions about the JSON:API behavior for internal entities.
*
* @group jsonapi
*
* @internal
*/
class InternalEntitiesTest extends BrowserTestBase {
use EntityReferenceFieldCreationTrait;
/**
* {@inheritdoc}
*/
protected static $modules = [
'jsonapi',
'entity_test',
'serialization',
];
/**
* {@inheritdoc}
*/
protected $defaultTheme = 'stark';
/**
* A test user.
*
* @var \Drupal\user\UserInterface
*/
protected $testUser;
/**
* An entity of an internal entity type.
*
* @var \Drupal\Core\Entity\EntityInterface
*/
protected $internalEntity;
/**
* An entity referencing an internal entity.
*
* @var \Drupal\Core\Entity\EntityInterface
*/
protected $referencingEntity;
/**
* {@inheritdoc}
*/
protected function setUp(): void {
parent::setUp();
$this->testUser = $this->drupalCreateUser([
'view test entity',
'administer entity_test_with_bundle content',
], $this->randomString(), TRUE);
EntityTestBundle::create([
'id' => 'internal_referencer',
'label' => 'Entity Test Internal Referencer',
])->save();
$this->createEntityReferenceField(
'entity_test_with_bundle',
'internal_referencer',
'field_internal',
'Internal Entities',
'entity_test_no_label'
);
$this->internalEntity = EntityTestNoLabel::create([]);
$this->internalEntity->save();
$this->referencingEntity = EntityTestWithBundle::create([
'type' => 'internal_referencer',
'field_internal' => $this->internalEntity->id(),
]);
$this->referencingEntity->save();
\Drupal::service('router.builder')->rebuild();
}
/**
* Ensures that internal resources types aren't present in the entry point.
*/
public function testEntryPoint(): void {
$document = $this->jsonapiGet('/jsonapi');
$this->assertArrayNotHasKey(
"{$this->internalEntity->getEntityTypeId()}--{$this->internalEntity->bundle()}",
$document['links'],
'The entry point should not contain links to internal resource type routes.'
);
}
/**
* Ensures that internal resources types aren't present in the routes.
*/
public function testRoutes(): void {
// This cannot be in a data provider because it needs values created by the
// setUp method.
$paths = [
'individual' => "/jsonapi/entity_test_no_label/entity_test_no_label/{$this->internalEntity->uuid()}",
'collection' => "/jsonapi/entity_test_no_label/entity_test_no_label",
'related' => "/jsonapi/entity_test_no_label/entity_test_no_label/{$this->internalEntity->uuid()}/field_internal",
];
$this->drupalLogin($this->testUser);
foreach ($paths as $path) {
$this->drupalGet($path, ['Accept' => 'application/vnd.api+json']);
$this->assertSame(404, $this->getSession()->getStatusCode());
}
}
/**
* Asserts that internal entities are not included in compound documents.
*/
public function testIncludes(): void {
$document = $this->getIndividual($this->referencingEntity, [
'query' => ['include' => 'field_internal'],
]);
$this->assertArrayNotHasKey(
'included',
$document,
'Internal entities should not be included in compound documents.'
);
}
/**
* Asserts that links to internal relationships aren't generated.
*/
public function testLinks(): void {
$document = $this->getIndividual($this->referencingEntity);
$this->assertArrayNotHasKey(
'related',
$document['data']['relationships']['field_internal']['links'],
'Links to internal-only related routes should not be in the document.'
);
}
/**
* Returns the decoded JSON:API document for the for the given entity.
*
* @param \Drupal\Core\Entity\EntityInterface $entity
* The entity to request.
* @param array $options
* URL options.
*
* @return array
* The decoded response document.
*/
protected function getIndividual(EntityInterface $entity, array $options = []) {
$entity_type_id = $entity->getEntityTypeId();
$bundle = $entity->bundle();
$path = "/jsonapi/{$entity_type_id}/{$bundle}/{$entity->uuid()}";
return $this->jsonapiGet($path, $options);
}
/**
* Performs an authenticated request and returns the decoded document.
*
* @param \Drupal\Core\Entity\EntityInterface $entity
* The entity to request.
* @param string $relationship
* The field name of the relationship to request.
* @param array $options
* URL options.
*
* @return array
* The decoded response document.
*/
protected function getRelated(EntityInterface $entity, $relationship, array $options = []) {
$entity_type_id = $entity->getEntityTypeId();
$bundle = $entity->bundle();
$path = "/jsonapi/{$entity_type_id}/{$bundle}/{$entity->uuid()}/{$relationship}";
return $this->jsonapiGet($path, $options);
}
/**
* Performs an authenticated request and returns the decoded document.
*/
protected function jsonapiGet($path, array $options = []) {
$this->drupalLogin($this->testUser);
$response = $this->drupalGet($path, $options, ['Accept' => 'application/vnd.api+json']);
return Json::decode($response);
}
}

241
web/core/modules/jsonapi/tests/src/Functional/JsonApiFilterRegressionTest.php Normal file
View File

@ -0,0 +1,241 @@
<?php
declare(strict_types=1);
namespace Drupal\Tests\jsonapi\Functional;
use Drupal\comment\Entity\Comment;
use Drupal\comment\Plugin\Field\FieldType\CommentItemInterface;
use Drupal\comment\Tests\CommentTestTrait;
use Drupal\Core\Field\FieldStorageDefinitionInterface;
use Drupal\Core\Url;
use Drupal\node\Entity\Node;
use Drupal\shortcut\Entity\Shortcut;
use Drupal\taxonomy\Entity\Term;
use GuzzleHttp\RequestOptions;
// cspell:ignore llamalovers catcuddlers Cuddlers
/**
* JSON:API regression tests.
*
* @group jsonapi
*
* @internal
*/
class JsonApiFilterRegressionTest extends JsonApiFunctionalTestBase {
use CommentTestTrait;
/**
* {@inheritdoc}
*/
protected static $modules = [
'basic_auth',
];
/**
* {@inheritdoc}
*/
protected $defaultTheme = 'stark';
/**
* Ensure filtering on relationships works with bundle-specific target types.
*
* @see https://www.drupal.org/project/drupal/issues/2953207
*/
public function testBundleSpecificTargetEntityTypeFromIssue2953207(): void {
// Set up data model.
$this->assertTrue($this->container->get('module_installer')->install(['comment'], TRUE), 'Installed modules.');
$this->addDefaultCommentField('taxonomy_term', 'tags', 'comment', CommentItemInterface::OPEN, 'test_comment_type');
$this->rebuildAll();
// Create data.
Term::create([
'name' => 'foobar',
'vid' => 'tags',
])->save();
Comment::create([
'subject' => 'Llama',
'entity_id' => 1,
'entity_type' => 'taxonomy_term',
'field_name' => 'comment',
])->save();
// Test.
$user = $this->drupalCreateUser([
'access comments',
]);
$response = $this->request('GET', Url::fromUri('internal:/jsonapi/comment/test_comment_type?include=entity_id&filter[entity_id.name]=foobar'), [
RequestOptions::AUTH => [
$user->getAccountName(),
$user->pass_raw,
],
]);
$this->assertSame(200, $response->getStatusCode());
}
/**
* Ensures that filtering by a sequential internal ID named 'id' is possible.
*
* @see https://www.drupal.org/project/drupal/issues/3015759
*/
public function testFilterByIdFromIssue3015759(): void {
// Set up data model.
$this->assertTrue($this->container->get('module_installer')->install(['shortcut'], TRUE), 'Installed modules.');
$this->rebuildAll();
// Create data.
$shortcut = Shortcut::create([
'shortcut_set' => 'default',
'title' => $this->randomMachineName(),
'weight' => -20,
'link' => [
'uri' => 'internal:/user/logout',
],
]);
$shortcut->save();
// Test.
$user = $this->drupalCreateUser([
'access shortcuts',
'customize shortcut links',
]);
$response = $this->request('GET', Url::fromUri('internal:/jsonapi/shortcut/default?filter[drupal_internal__id]=' . $shortcut->id()), [
RequestOptions::AUTH => [
$user->getAccountName(),
$user->pass_raw,
],
]);
$doc = $this->getDocumentFromResponse($response);
$this->assertSame(200, $response->getStatusCode());
$this->assertNotEmpty($doc['data']);
$this->assertSame($doc['data'][0]['id'], $shortcut->uuid());
$this->assertSame($doc['data'][0]['attributes']['drupal_internal__id'], (int) $shortcut->id());
$this->assertSame($doc['data'][0]['attributes']['title'], $shortcut->label());
}
/**
* Ensure filtering for entities with empty entity reference fields works.
*
* @see https://www.drupal.org/project/jsonapi/issues/3025372
*/
public function testEmptyRelationshipFilteringFromIssue3025372(): void {
// Set up data model.
$this->drupalCreateContentType(['type' => 'folder']);
$this->createEntityReferenceField(
'node',
'folder',
'field_parent_folder',
NULL,
'node',
'default',
[
'target_bundles' => ['folder'],
],
FieldStorageDefinitionInterface::CARDINALITY_UNLIMITED
);
$this->rebuildAll();
// Create data.
$node = Node::create([
'title' => 'root folder',
'type' => 'folder',
]);
$node->save();
// Test.
$user = $this->drupalCreateUser(['access content']);
$url = Url::fromRoute('jsonapi.node--folder.collection');
$request_options = [
RequestOptions::HEADERS => [
'Content-Type' => 'application/vnd.api+json',
'Accept' => 'application/vnd.api+json',
],
RequestOptions::AUTH => [$user->getAccountName(), $user->pass_raw],
];
$response = $this->request('GET', $url, $request_options);
$document = $this->getDocumentFromResponse($response);
$this->assertSame(200, $response->getStatusCode(), (string) $response->getBody());
$this->assertSame($node->uuid(), $document['data'][0]['id']);
$response = $this->request('GET', $url->setOption('query', [
'filter[test][condition][path]' => 'field_parent_folder',
'filter[test][condition][operator]' => 'IS NULL',
]), $request_options);
$document = $this->getDocumentFromResponse($response);
$this->assertSame(200, $response->getStatusCode(), (string) $response->getBody());
$this->assertSame($node->uuid(), $document['data'][0]['id']);
$response = $this->request('GET', $url->setOption('query', [
'filter[test][condition][path]' => 'field_parent_folder',
'filter[test][condition][operator]' => 'IS NOT NULL',
]), $request_options);
$document = $this->getDocumentFromResponse($response);
$this->assertSame(200, $response->getStatusCode(), (string) $response->getBody());
$this->assertEmpty($document['data']);
}
/**
* Tests that collections can be filtered by an entity reference target_id.
*
* @see https://www.drupal.org/project/drupal/issues/3036593
*/
public function testFilteringEntitiesByEntityReferenceTargetId(): void {
// Create two config entities to be the config targets of an entity
// reference. In this case, the `roles` field.
$role_llamalovers = $this->drupalCreateRole([], 'llamalovers', 'Llama Lovers');
$role_catcuddlers = $this->drupalCreateRole([], 'catcuddlers', 'Cat Cuddlers');
/** @var \Drupal\user\UserInterface[] $users */
for ($i = 0; $i < 3; $i++) {
// Create 3 users, one with the first role and two with the second role.
$users[$i] = $this->drupalCreateUser();
$users[$i]->addRole($i === 0 ? $role_llamalovers : $role_catcuddlers)
->save();
// For each user, create a node that is owned by that user. The node's
// `uid` field will be used to test filtering by a content entity ID.
Node::create([
'type' => 'article',
'uid' => $users[$i]->id(),
'title' => 'Article created by ' . $users[$i]->uuid(),
])->save();
}
// Create a user that will be used to execute the test HTTP requests.
$account = $this->drupalCreateUser([
'administer users',
'bypass node access',
]);
$request_options = [
RequestOptions::AUTH => [
$account->getAccountName(),
$account->pass_raw,
],
];
// Ensure that an entity can be filtered by a target machine name.
$response = $this->request('GET', Url::fromUri('internal:/jsonapi/user/user?filter[roles.meta.drupal_internal__target_id]=llamalovers'), $request_options);
$document = $this->getDocumentFromResponse($response);
$this->assertSame(200, $response->getStatusCode(), var_export($document, TRUE));
// Only one user should have the first role.
$this->assertCount(1, $document['data']);
$this->assertSame($users[0]->uuid(), $document['data'][0]['id']);
$response = $this->request('GET', Url::fromUri('internal:/jsonapi/user/user?sort=drupal_internal__uid&filter[roles.meta.drupal_internal__target_id]=catcuddlers'), $request_options);
$document = $this->getDocumentFromResponse($response);
$this->assertSame(200, $response->getStatusCode(), var_export($document, TRUE));
// Two users should have the second role. A sort is used on this request to
// ensure a consistent ordering with different databases.
$this->assertCount(2, $document['data']);
$this->assertSame($users[1]->uuid(), $document['data'][0]['id']);
$this->assertSame($users[2]->uuid(), $document['data'][1]['id']);
// Ensure that an entity can be filtered by an target entity integer ID.
$response = $this->request('GET', Url::fromUri('internal:/jsonapi/node/article?filter[uid.meta.drupal_internal__target_id]=' . $users[1]->id()), $request_options);
$document = $this->getDocumentFromResponse($response);
$this->assertSame(200, $response->getStatusCode(), var_export($document, TRUE));
// Only the node authored by the filtered user should be returned.
$this->assertCount(1, $document['data']);
$this->assertSame('Article created by ' . $users[1]->uuid(), $document['data'][0]['attributes']['title']);
}
}

184
web/core/modules/jsonapi/tests/src/Functional/JsonApiFunctionalDateFieldTest.php Normal file
View File

@ -0,0 +1,184 @@
<?php
declare(strict_types=1);
namespace Drupal\Tests\jsonapi\Functional;
use Drupal\Component\Serialization\Json;
use Drupal\datetime\Plugin\Field\FieldType\DateTimeItemInterface;
use Drupal\field\Entity\FieldConfig;
use Drupal\field\Entity\FieldStorageConfig;
use Drupal\node\NodeInterface;
/**
* JSON:API integration test for the "Date" field.
*
* @group jsonapi
*/
class JsonApiFunctionalDateFieldTest extends JsonApiFunctionalTestBase {
/**
* {@inheritdoc}
*/
protected static $modules = [
'basic_auth',
'datetime',
];
/**
* {@inheritdoc}
*/
protected function setUp(): void {
parent::setUp();
FieldStorageConfig::create([
'field_name' => 'field_datetime',
'entity_type' => 'node',
'type' => 'datetime',
'settings' => [
'datetime_type' => 'datetime',
],
'cardinality' => 1,
])->save();
FieldConfig::create([
'field_name' => 'field_datetime',
'label' => 'Date and time',
'entity_type' => 'node',
'bundle' => 'article',
'required' => FALSE,
'settings' => [],
'description' => '',
])->save();
}
/**
* Tests the GET method.
*/
public function testRead(): void {
/** @var \Drupal\Core\Datetime\DateFormatterInterface $date_formatter */
$date_formatter = $this->container->get('date.formatter');
$timestamp_1 = 5000000;
$timestamp_2 = 6000000;
$timestamp_3 = 7000000;
// Expected: node 1.
$timestamp_smaller_than_value = $timestamp_2;
// Expected: node 1 and node 2.
$timestamp_smaller_than_or_equal_value = $timestamp_2;
// Expected: node 3.
$timestamp_greater_than_value = $timestamp_2;
// Expected: node 2 and node 3.
$timestamp_greater_than_or_equal_value = $timestamp_2;
$node_1 = $this->createNode([
'type' => 'article',
'uuid' => 'es_test_1',
'status' => NodeInterface::PUBLISHED,
'field_datetime' => $date_formatter->format($timestamp_1, 'custom', DateTimeItemInterface::DATETIME_STORAGE_FORMAT),
]);
$node_2 = $this->createNode([
'type' => 'article',
'uuid' => 'es_test_2',
'status' => NodeInterface::PUBLISHED,
'field_datetime' => $date_formatter->format($timestamp_2, 'custom', DateTimeItemInterface::DATETIME_STORAGE_FORMAT),
]);
$node_3 = $this->createNode([
'type' => 'article',
'uuid' => 'es_test_3',
'status' => NodeInterface::PUBLISHED,
'field_datetime' => $date_formatter->format($timestamp_3, 'custom', DateTimeItemInterface::DATETIME_STORAGE_FORMAT),
]);
// Checks whether the date is greater than the given timestamp.
$filter = [
'filter_datetime' => [
'condition' => [
'path' => 'field_datetime',
'operator' => '>',
'value' => date(DateTimeItemInterface::DATETIME_STORAGE_FORMAT, $timestamp_greater_than_value),
],
],
];
$output = Json::decode($this->drupalGet('/jsonapi/node/article', [
'query' => ['filter' => $filter],
]));
$this->assertSession()->statusCodeEquals(200);
$output_uuids = array_map(function ($result) {
return $result['id'];
}, $output['data']);
$this->assertCount(1, $output_uuids);
$this->assertSame([
$node_3->uuid(),
], $output_uuids);
// Checks whether the date is greater than or equal to the given timestamp.
$filter = [
'filter_datetime' => [
'condition' => [
'path' => 'field_datetime',
'operator' => '>=',
'value' => date(DateTimeItemInterface::DATETIME_STORAGE_FORMAT, $timestamp_greater_than_or_equal_value),
],
],
];
$output = Json::decode($this->drupalGet('/jsonapi/node/article', [
'query' => ['filter' => $filter],
]));
$this->assertSession()->statusCodeEquals(200);
$output_uuids = array_map(function ($result) {
return $result['id'];
}, $output['data']);
$this->assertCount(2, $output_uuids);
$this->assertSame([
$node_2->uuid(),
$node_3->uuid(),
], $output_uuids);
// Checks whether the date is less than the given timestamp.
$filter = [
'filter_datetime' => [
'condition' => [
'path' => 'field_datetime',
'operator' => '<',
'value' => date(DateTimeItemInterface::DATETIME_STORAGE_FORMAT, $timestamp_smaller_than_value),
],
],
];
$output = Json::decode($this->drupalGet('/jsonapi/node/article', [
'query' => ['filter' => $filter],
]));
$this->assertSession()->statusCodeEquals(200);
$output_uuids = array_map(function ($result) {
return $result['id'];
}, $output['data']);
$this->assertCount(1, $output_uuids);
$this->assertSame([
$node_1->uuid(),
], $output_uuids);
// Checks whether the date is less than or equal to the given timestamp.
$filter = [
'filter_datetime' => [
'condition' => [
'path' => 'field_datetime',
'operator' => '<=',
'value' => date(DateTimeItemInterface::DATETIME_STORAGE_FORMAT, $timestamp_smaller_than_or_equal_value),
],
],
];
$output = Json::decode($this->drupalGet('/jsonapi/node/article', [
'query' => ['filter' => $filter],
]));
$this->assertSession()->statusCodeEquals(200);
$output_uuids = array_map(function ($result) {
return $result['id'];
}, $output['data']);
$this->assertCount(2, $output_uuids);
$this->assertSame([
$node_1->uuid(),
$node_2->uuid(),
], $output_uuids);
}
}

327
web/core/modules/jsonapi/tests/src/Functional/JsonApiFunctionalMultilingualTest.php Normal file
View File

@ -0,0 +1,327 @@
<?php
declare(strict_types=1);
namespace Drupal\Tests\jsonapi\Functional;
use Drupal\Component\Serialization\Json;
use Drupal\Core\Url;
use Drupal\language\Entity\ConfigurableLanguage;
use Drupal\language\Entity\ContentLanguageSettings;
use Drupal\node\Entity\Node;
use Drupal\user\Entity\Role;
use Drupal\user\RoleInterface;
use GuzzleHttp\RequestOptions;
/**
* Tests JSON:API multilingual support.
*
* @group jsonapi
*
* @internal
*/
class JsonApiFunctionalMultilingualTest extends JsonApiFunctionalTestBase {
/**
* {@inheritdoc}
*/
protected static $modules = [
'language',
'content_translation',
];
/**
* {@inheritdoc}
*/
protected $defaultTheme = 'stark';
/**
* {@inheritdoc}
*/
protected function setUp(): void {
parent::setUp();
$language = ConfigurableLanguage::createFromLangcode('ca');
$language->save();
ConfigurableLanguage::createFromLangcode('ca-fr')->save();
// In order to reflect the changes for a multilingual site in the container
// we have to rebuild it.
$this->rebuildContainer();
\Drupal::configFactory()->getEditable('language.negotiation')
->set('url.prefixes.ca', 'ca')
->set('url.prefixes.ca-fr', 'ca-fr')
->save();
ContentLanguageSettings::create([
'target_entity_type_id' => 'node',
'target_bundle' => 'article',
])
->setThirdPartySetting('content_translation', 'enabled', TRUE)
->save();
$this->createDefaultContent(5, 5, TRUE, TRUE, static::IS_MULTILINGUAL, FALSE);
}
/**
* Tests reading multilingual content.
*/
public function testReadMultilingual(): void {
// Different databases have different sort orders, so a sort is required so
// test expectations do not need to vary per database.
$default_sort = ['sort' => 'drupal_internal__nid'];
// Test reading an individual entity translation.
$output = Json::decode($this->drupalGet('/ca/jsonapi/node/article/' . $this->nodes[0]->uuid(), ['query' => ['include' => 'field_tags,field_image'] + $default_sort]));
$this->assertEquals($this->nodes[0]->getTranslation('ca')->getTitle(), $output['data']['attributes']['title']);
$this->assertSame('ca', $output['data']['attributes']['langcode']);
$included_tags = array_filter($output['included'], function ($entry) {
return $entry['type'] === 'taxonomy_term--tags';
});
$tag_name = $this->nodes[0]->get('field_tags')->entity
->getTranslation('ca')->getName();
$this->assertEquals($tag_name, reset($included_tags)['attributes']['name']);
$alt = $this->nodes[0]->getTranslation('ca')->get('field_image')->alt;
$this->assertSame($alt, $output['data']['relationships']['field_image']['data']['meta']['alt']);
// Test reading an individual entity fallback.
$output = Json::decode($this->drupalGet('/ca-fr/jsonapi/node/article/' . $this->nodes[0]->uuid()));
$this->assertEquals($this->nodes[0]->getTranslation('ca')->getTitle(), $output['data']['attributes']['title']);
$output = Json::decode($this->drupalGet('/ca/jsonapi/node/article/' . $this->nodes[0]->uuid(), ['query' => $default_sort]));
$this->assertEquals($this->nodes[0]->getTranslation('ca')->getTitle(), $output['data']['attributes']['title']);
// Test reading a collection of entities.
$output = Json::decode($this->drupalGet('/ca/jsonapi/node/article', ['query' => $default_sort]));
$this->assertEquals($this->nodes[0]->getTranslation('ca')->getTitle(), $output['data'][0]['attributes']['title']);
}
/**
* Tests updating a translation.
*/
public function testPatchTranslation(): void {
$this->config('jsonapi.settings')->set('read_only', FALSE)->save(TRUE);
$node = $this->nodes[0];
$uuid = $node->uuid();
// Assert the precondition: the 'ca' translation has a different title.
$document = Json::decode($this->drupalGet('/jsonapi/node/article/' . $uuid));
$document_ca = Json::decode($this->drupalGet('/ca/jsonapi/node/article/' . $uuid));
$this->assertSame('en', $document['data']['attributes']['langcode']);
$this->assertSame('ca', $document_ca['data']['attributes']['langcode']);
$this->assertSame($node->getTitle(), $document['data']['attributes']['title']);
$this->assertSame($node->getTitle() . ' (ca)', $document_ca['data']['attributes']['title']);
// PATCH the 'ca' translation.
$this->grantPermissions(Role::load(RoleInterface::ANONYMOUS_ID), [
'bypass node access',
]);
$request_options = [];
$request_options[RequestOptions::HEADERS]['Content-Type'] = 'application/vnd.api+json';
$request_options[RequestOptions::BODY] = Json::encode([
'data' => [
'type' => 'node--article',
'id' => $uuid,
'attributes' => [
'title' => $document_ca['data']['attributes']['title'] . ' UPDATED',
],
],
]);
$response = $this->request('PATCH', Url::fromUri('base:/ca/jsonapi/node/article/' . $this->nodes[0]->uuid()), $request_options);
$this->assertSame(200, $response->getStatusCode());
// Assert the postcondition: only the 'ca' translation has an updated title.
$document_updated = Json::decode($this->drupalGet('/jsonapi/node/article/' . $uuid));
$document_ca_updated = Json::decode($this->drupalGet('/ca/jsonapi/node/article/' . $uuid));
$this->assertSame('en', $document_updated['data']['attributes']['langcode']);
$this->assertSame('ca', $document_ca_updated['data']['attributes']['langcode']);
$this->assertSame($node->getTitle(), $document_updated['data']['attributes']['title']);
$this->assertSame($node->getTitle() . ' (ca) UPDATED', $document_ca_updated['data']['attributes']['title']);
// Specifying a langcode is not allowed by default.
$request_options[RequestOptions::BODY] = Json::encode([
'data' => [
'type' => 'node--article',
'id' => $uuid,
'attributes' => [
'langcode' => 'ca-fr',
],
],
]);
$response = $this->request('PATCH', Url::fromUri('base:/ca/jsonapi/node/article/' . $this->nodes[0]->uuid()), $request_options);
$this->assertSame(403, $response->getStatusCode());
// Specifying a langcode is allowed once configured to be alterable. But
// modifying the language of a non-default translation is still not allowed.
ContentLanguageSettings::loadByEntityTypeBundle('node', 'article')
->setLanguageAlterable(TRUE)
->save();
$response = $this->request('PATCH', Url::fromUri('base:/ca/jsonapi/node/article/' . $this->nodes[0]->uuid()), $request_options);
$this->assertSame(500, $response->getStatusCode());
$document = $this->getDocumentFromResponse($response, FALSE);
$this->assertSame('The translation language cannot be changed (ca).', $document['errors'][0]['detail']);
// Changing the langcode of the default ('en') translation is possible:
// first verify that it currently is 'en', then change it to 'ca-fr', and
// verify that the title is unchanged, but the langcode is updated.
$response = $this->request('GET', Url::fromUri('base:/jsonapi/node/article/' . $this->nodes[0]->uuid()), $request_options);
$document = $this->getDocumentFromResponse($response);
$this->assertSame(200, $response->getStatusCode());
$this->assertSame($node->getTitle(), $document['data']['attributes']['title']);
$this->assertSame('en', $document['data']['attributes']['langcode']);
$response = $this->request('PATCH', Url::fromUri('base:/jsonapi/node/article/' . $this->nodes[0]->uuid()), $request_options);
$document = $this->getDocumentFromResponse($response);
$this->assertSame(200, $response->getStatusCode());
$this->assertSame($node->getTitle(), $document['data']['attributes']['title']);
$this->assertSame('ca-fr', $document['data']['attributes']['langcode']);
// Finally: assert the postcondition of all installed languages.
// - When GETting the 'en' translation, we get 'ca-fr', since the 'en'
// translation doesn't exist anymore.
$response = $this->request('GET', Url::fromUri('base:/jsonapi/node/article/' . $this->nodes[0]->uuid()), $request_options);
$document = $this->getDocumentFromResponse($response);
$this->assertSame('ca-fr', $document['data']['attributes']['langcode']);
$this->assertSame($node->getTitle(), $document['data']['attributes']['title']);
// - When GETting the 'ca' translation, we still get the 'ca' one.
$response = $this->request('GET', Url::fromUri('base:/ca/jsonapi/node/article/' . $this->nodes[0]->uuid()), $request_options);
$document = $this->getDocumentFromResponse($response);
$this->assertSame('ca', $document['data']['attributes']['langcode']);
$this->assertSame($node->getTitle() . ' (ca) UPDATED', $document['data']['attributes']['title']);
// - When GETting the 'ca-fr' translation, we now get the default
// translation.
$response = $this->request('GET', Url::fromUri('base:/ca-fr/jsonapi/node/article/' . $this->nodes[0]->uuid()), $request_options);
$document = $this->getDocumentFromResponse($response);
$this->assertSame('ca-fr', $document['data']['attributes']['langcode']);
$this->assertSame($node->getTitle(), $document['data']['attributes']['title']);
}
/**
* Tests updating a translation fallback.
*/
public function testPatchTranslationFallback(): void {
$this->config('jsonapi.settings')->set('read_only', FALSE)->save(TRUE);
$node = $this->nodes[0];
$uuid = $node->uuid();
// Assert the precondition: 'ca-fr' falls back to the 'ca' translation which
// has a different title.
$document = Json::decode($this->drupalGet('/jsonapi/node/article/' . $uuid));
$document_ca = Json::decode($this->drupalGet('/ca/jsonapi/node/article/' . $uuid));
$document_ca_fr = Json::decode($this->drupalGet('/ca-fr/jsonapi/node/article/' . $uuid));
$this->assertSame('en', $document['data']['attributes']['langcode']);
$this->assertSame('ca', $document_ca['data']['attributes']['langcode']);
$this->assertSame('ca', $document_ca_fr['data']['attributes']['langcode']);
$this->assertSame($node->getTitle(), $document['data']['attributes']['title']);
$this->assertSame($node->getTitle() . ' (ca)', $document_ca['data']['attributes']['title']);
$this->assertSame($node->getTitle() . ' (ca)', $document_ca_fr['data']['attributes']['title']);
// PATCH the 'ca-fr' translation.
$this->grantPermissions(Role::load(RoleInterface::ANONYMOUS_ID), [
'bypass node access',
]);
$request_options = [];
$request_options[RequestOptions::HEADERS]['Content-Type'] = 'application/vnd.api+json';
$request_options[RequestOptions::BODY] = Json::encode([
'data' => [
'type' => 'node--article',
'id' => $uuid,
'attributes' => [
'title' => $document_ca_fr['data']['attributes']['title'] . ' UPDATED',
],
],
]);
$response = $this->request('PATCH', Url::fromUri('base:/ca-fr/jsonapi/node/article/' . $this->nodes[0]->uuid()), $request_options);
$this->assertSame(405, $response->getStatusCode());
$document = $this->getDocumentFromResponse($response, FALSE);
$this->assertSame('The requested translation of the resource object does not exist, instead modify one of the translations that do exist: ca, en.', $document['errors'][0]['detail']);
}
/**
* Tests creating a translation.
*/
public function testPostTranslation(): void {
$this->config('jsonapi.settings')->set('read_only', FALSE)->save(TRUE);
$this->grantPermissions(Role::load(RoleInterface::ANONYMOUS_ID), [
'bypass node access',
]);
$title = 'Llamas FTW (ca)';
$request_document = [
'data' => [
'type' => 'node--article',
'attributes' => [
'title' => $title,
'langcode' => 'ca',
],
],
];
$request_options = [];
$request_options[RequestOptions::HEADERS]['Content-Type'] = 'application/vnd.api+json';
// Specifying a langcode is forbidden by language_entity_field_access().
$request_options[RequestOptions::BODY] = Json::encode($request_document);
$response = $this->request('POST', Url::fromUri('base:/ca/jsonapi/node/article/'), $request_options);
$this->assertSame(403, $response->getStatusCode());
$document = $this->getDocumentFromResponse($response, FALSE);
$this->assertSame('The current user is not allowed to POST the selected field (langcode).', $document['errors'][0]['detail']);
// Omitting a langcode results in an entity in 'en': the default language of
// the site.
unset($request_document['data']['attributes']['langcode']);
$request_options[RequestOptions::BODY] = Json::encode($request_document);
$response = $this->request('POST', Url::fromUri('base:/ca/jsonapi/node/article/'), $request_options);
$document = $this->getDocumentFromResponse($response);
$this->assertSame(201, $response->getStatusCode());
$this->assertSame($title, $document['data']['attributes']['title']);
$this->assertSame('en', $document['data']['attributes']['langcode']);
$this->assertSame(['en'], array_keys(Node::load($document['data']['attributes']['drupal_internal__nid'])->getTranslationLanguages()));
// Specifying a langcode is allowed once configured to be alterable. Now an
// entity can be created with the specified langcode.
ContentLanguageSettings::loadByEntityTypeBundle('node', 'article')
->setLanguageAlterable(TRUE)
->save();
$request_document['data']['attributes']['langcode'] = 'ca';
$request_options[RequestOptions::BODY] = Json::encode($request_document);
$response = $this->request('POST', Url::fromUri('base:/ca/jsonapi/node/article/'), $request_options);
$document = $this->getDocumentFromResponse($response);
$this->assertSame(201, $response->getStatusCode());
$this->assertSame($title, $document['data']['attributes']['title']);
$this->assertSame('ca', $document['data']['attributes']['langcode']);
$this->assertSame(['ca'], array_keys(Node::load($document['data']['attributes']['drupal_internal__nid'])->getTranslationLanguages()));
// Same request, but sent to the URL without the language prefix.
$response = $this->request('POST', Url::fromUri('base:/jsonapi/node/article/'), $request_options);
$document = $this->getDocumentFromResponse($response);
$this->assertSame(201, $response->getStatusCode());
$this->assertSame($title, $document['data']['attributes']['title']);
$this->assertSame('ca', $document['data']['attributes']['langcode']);
$this->assertSame(['ca'], array_keys(Node::load($document['data']['attributes']['drupal_internal__nid'])->getTranslationLanguages()));
}
/**
* Tests deleting multilingual content.
*/
public function testDeleteMultilingual(): void {
$this->config('jsonapi.settings')->set('read_only', FALSE)->save(TRUE);
$this->grantPermissions(Role::load(RoleInterface::ANONYMOUS_ID), [
'bypass node access',
]);
$response = $this->request('DELETE', Url::fromUri('base:/ca/jsonapi/node/article/' . $this->nodes[0]->uuid()), []);
$this->assertSame(405, $response->getStatusCode());
$document = $this->getDocumentFromResponse($response, FALSE);
$this->assertSame('Deleting a resource object translation is not yet supported. See https://www.drupal.org/docs/8/modules/jsonapi/translations.', $document['errors'][0]['detail']);
$response = $this->request('DELETE', Url::fromUri('base:/ca-fr/jsonapi/node/article/' . $this->nodes[0]->uuid()), []);
$this->assertSame(405, $response->getStatusCode());
$document = $this->getDocumentFromResponse($response, FALSE);
$this->assertSame('Deleting a resource object translation is not yet supported. See https://www.drupal.org/docs/8/modules/jsonapi/translations.', $document['errors'][0]['detail']);
$response = $this->request('DELETE', Url::fromUri('base:/jsonapi/node/article/' . $this->nodes[0]->uuid()), []);
$this->assertSame(204, $response->getStatusCode());
$this->assertNull(Node::load($this->nodes[0]->id()));
}
}

1089
web/core/modules/jsonapi/tests/src/Functional/JsonApiFunctionalTest.php Normal file
View File

File diff suppressed because it is too large Load Diff

356
web/core/modules/jsonapi/tests/src/Functional/JsonApiFunctionalTestBase.php Normal file
View File

@ -0,0 +1,356 @@
<?php
declare(strict_types=1);
namespace Drupal\Tests\jsonapi\Functional;
use Drupal\Core\Field\FieldStorageDefinitionInterface;
use Drupal\Core\Url;
use Drupal\field\Entity\FieldConfig;
use Drupal\field\Entity\FieldStorageConfig;
use Drupal\file\Entity\File;
use Drupal\taxonomy\Entity\Term;
use Drupal\taxonomy\Entity\Vocabulary;
use Drupal\Tests\BrowserTestBase;
use Drupal\Tests\field\Traits\EntityReferenceFieldCreationTrait;
use Drupal\Tests\image\Kernel\ImageFieldCreationTrait;
use Drupal\Tests\jsonapi\Traits\GetDocumentFromResponseTrait;
use Drupal\user\Entity\Role;
use Drupal\user\RoleInterface;
use GuzzleHttp\Exception\ClientException;
use GuzzleHttp\Exception\ServerException;
use Psr\Http\Message\ResponseInterface;
/**
* Provides helper methods for the JSON:API module's functional tests.
*
* @internal
*/
abstract class JsonApiFunctionalTestBase extends BrowserTestBase {
use EntityReferenceFieldCreationTrait;
use GetDocumentFromResponseTrait;
use ImageFieldCreationTrait;
const IS_MULTILINGUAL = TRUE;
const IS_NOT_MULTILINGUAL = FALSE;
/**
* {@inheritdoc}
*/
protected static $modules = [
'jsonapi',
'serialization',
'node',
'image',
'taxonomy',
'link',
];
/**
* {@inheritdoc}
*/
protected $defaultTheme = 'stark';
/**
* Test user.
*
* @var \Drupal\user\Entity\User
*/
protected $user;
/**
* Test admin user.
*
* @var \Drupal\user\Entity\User
*/
protected $adminUser;
/**
* Test user with access to view profiles.
*
* @var \Drupal\user\Entity\User
*/
protected $userCanViewProfiles;
/**
* Test nodes.
*
* @var \Drupal\node\Entity\Node[]
*/
protected $nodes = [];
/**
* Test taxonomy terms.
*
* @var \Drupal\taxonomy\Entity\Term[]
*/
protected $tags = [];
/**
* Test files.
*
* @var \Drupal\file\Entity\File[]
*/
protected $files = [];
/**
* The HTTP client.
*
* @var \GuzzleHttp\ClientInterface
*/
protected $httpClient;
/**
* {@inheritdoc}
*/
protected function setUp(): void {
parent::setUp();
// Set up a HTTP client that accepts relative URLs.
$this->httpClient = $this->container->get('http_client_factory')
->fromOptions(['base_uri' => $this->baseUrl]);
// Create Basic page and Article node types.
if ($this->profile != 'standard') {
$this->drupalCreateContentType([
'type' => 'article',
'name' => 'Article',
]);
// Setup vocabulary.
Vocabulary::create([
'vid' => 'tags',
'name' => 'Tags',
])->save();
// Add tags and field_image to the article.
$this->createEntityReferenceField(
'node',
'article',
'field_tags',
'Tags',
'taxonomy_term',
'default',
[
'target_bundles' => [
'tags' => 'tags',
],
'auto_create' => TRUE,
],
FieldStorageDefinitionInterface::CARDINALITY_UNLIMITED
);
$this->createImageField('field_image', 'node', 'article');
$this->createImageField('field_no_hero', 'node', 'article');
}
FieldStorageConfig::create([
'field_name' => 'field_link',
'entity_type' => 'node',
'type' => 'link',
'settings' => [],
'cardinality' => 1,
])->save();
$field_config = FieldConfig::create([
'field_name' => 'field_link',
'label' => 'Link',
'entity_type' => 'node',
'bundle' => 'article',
'required' => FALSE,
'settings' => [],
'description' => '',
]);
$field_config->save();
// Field for testing sorting.
FieldStorageConfig::create([
'field_name' => 'field_sort1',
'entity_type' => 'node',
'type' => 'integer',
])->save();
FieldConfig::create([
'field_name' => 'field_sort1',
'entity_type' => 'node',
'bundle' => 'article',
])->save();
// Another field for testing sorting.
FieldStorageConfig::create([
'field_name' => 'field_sort2',
'entity_type' => 'node',
'type' => 'integer',
])->save();
FieldConfig::create([
'field_name' => 'field_sort2',
'entity_type' => 'node',
'bundle' => 'article',
])->save();
$this->user = $this->drupalCreateUser([
'create article content',
'edit any article content',
'delete any article content',
]);
$this->adminUser = $this->drupalCreateUser([
'create article content',
'edit any article content',
'delete any article content',
],
'jsonapi_admin_user',
TRUE,
);
// Create a user that can.
$this->userCanViewProfiles = $this->drupalCreateUser([
'access user profiles',
]);
$this->grantPermissions(Role::load(RoleInterface::ANONYMOUS_ID), [
'access user profiles',
'administer taxonomy',
]);
\Drupal::service('router.builder')->rebuild();
}
/**
* Performs a HTTP request. Wraps the Guzzle HTTP client.
*
* Why wrap the Guzzle HTTP client? Because any error response is returned via
* an exception, which would make the tests unnecessarily complex to read.
*
* @param string $method
* HTTP method.
* @param \Drupal\Core\Url $url
* URL to request.
* @param array $request_options
* Request options to apply.
*
* @return \Psr\Http\Message\ResponseInterface
* The request response.
*
* @throws \Psr\Http\Client\ClientExceptionInterface
*
* @see \GuzzleHttp\ClientInterface::request
*/
protected function request($method, Url $url, array $request_options): ResponseInterface {
try {
$response = $this->httpClient->request($method, $url->toString(), $request_options);
}
catch (ClientException $e) {
$response = $e->getResponse();
}
catch (ServerException $e) {
$response = $e->getResponse();
}
return $response;
}
/**
* Creates default content to test the API.
*
* @param int $num_articles
* Number of articles to create.
* @param int $num_tags
* Number of tags to create.
* @param bool $article_has_image
* Set to TRUE if you want to add an image to the generated articles.
* @param bool $article_has_link
* Set to TRUE if you want to add a link to the generated articles.
* @param bool $is_multilingual
* (optional) Set to TRUE if you want to enable multilingual content.
* @param bool $referencing_twice
* (optional) Set to TRUE if you want articles to reference the same tag
* twice.
*/
protected function createDefaultContent($num_articles, $num_tags, $article_has_image, $article_has_link, $is_multilingual, $referencing_twice = FALSE) {
$random = $this->getRandomGenerator();
for ($created_tags = 0; $created_tags < $num_tags; $created_tags++) {
$term = Term::create([
'vid' => 'tags',
'name' => $random->name(),
]);
if ($is_multilingual) {
$term->addTranslation('ca', ['name' => $term->getName() . ' (ca)']);
}
$term->save();
$this->tags[] = $term;
}
for ($created_nodes = 0; $created_nodes < $num_articles; $created_nodes++) {
$values = [
'uid' => ['target_id' => $this->user->id()],
'type' => 'article',
];
if ($referencing_twice) {
$values['field_tags'] = [
['target_id' => 1],
['target_id' => 1],
];
}
else {
// Get N random tags.
$selected_tags = mt_rand(1, $num_tags);
$tags = [];
while (count($tags) < $selected_tags) {
$tags[] = mt_rand(1, $num_tags);
$tags = array_unique($tags);
}
$values['field_tags'] = array_map(function ($tag) {
return ['target_id' => $tag];
}, $tags);
}
if ($article_has_image) {
$file = File::create([
'uri' => 'public://' . $random->name() . '.png',
]);
$file->setPermanent();
$file->save();
$this->files[] = $file;
$values['field_image'] = ['target_id' => $file->id(), 'alt' => 'alt text'];
}
if ($article_has_link) {
$values['field_link'] = [
'title' => $this->getRandomGenerator()->name(),
'uri' => sprintf(
'%s://%s.%s',
'http' . (mt_rand(0, 2) > 1 ? '' : 's'),
$this->getRandomGenerator()->name(),
'org'
),
];
}
// Create values for the sort fields, to allow for testing complex
// sorting:
// - field_sort1 increments every 5 articles, starting at zero
// - field_sort2 decreases every article, ending at zero.
$values['field_sort1'] = ['value' => floor($created_nodes / 5)];
$values['field_sort2'] = ['value' => $num_articles - $created_nodes];
$node = $this->createNode($values);
if ($is_multilingual === static::IS_MULTILINGUAL) {
$values['title'] = $node->getTitle() . ' (ca)';
$values['field_image']['alt'] = 'alt text (ca)';
$node->addTranslation('ca', $values);
}
$node->save();
$this->nodes[] = $node;
}
if ($article_has_link) {
// Make sure that there is at least 1 https link for ::testRead() #19.
$this->nodes[0]->field_link = [
'title' => 'Drupal',
'uri' => 'https://example.com',
];
$this->nodes[0]->save();
}
}
}

491
web/core/modules/jsonapi/tests/src/Functional/JsonApiPatchRegressionTest.php Normal file
View File

@ -0,0 +1,491 @@
<?php
declare(strict_types=1);
namespace Drupal\Tests\jsonapi\Functional;
use Drupal\comment\Entity\Comment;
use Drupal\comment\Plugin\Field\FieldType\CommentItemInterface;
use Drupal\comment\Tests\CommentTestTrait;
use Drupal\Core\Entity\TranslatableInterface;
use Drupal\Core\Field\FieldStorageDefinitionInterface;
use Drupal\Core\Language\LanguageInterface;
use Drupal\Core\Url;
use Drupal\datetime\Plugin\Field\FieldType\DateTimeItem;
use Drupal\entity_test\Entity\EntityTest;
use Drupal\field\Entity\FieldConfig;
use Drupal\field\Entity\FieldStorageConfig;
use Drupal\node\Entity\Node;
use Drupal\taxonomy\Entity\Term;
use GuzzleHttp\RequestOptions;
/**
* JSON:API regression tests.
*
* @group jsonapi
*
* @internal
*/
class JsonApiPatchRegressionTest extends JsonApiFunctionalTestBase {
use CommentTestTrait;
/**
* {@inheritdoc}
*/
protected static $modules = [
'basic_auth',
];
/**
* {@inheritdoc}
*/
protected $defaultTheme = 'stark';
/**
* Ensure filtering on relationships works with bundle-specific target types.
*
* @see https://www.drupal.org/project/drupal/issues/2953207
*/
public function testBundleSpecificTargetEntityTypeFromIssue2953207(): void {
// Set up data model.
$this->assertTrue($this->container->get('module_installer')->install(['comment'], TRUE), 'Installed modules.');
$this->addDefaultCommentField('taxonomy_term', 'tags', 'comment', CommentItemInterface::OPEN, 'test_comment_type');
$this->rebuildAll();
// Create data.
Term::create([
'name' => 'foobar',
'vid' => 'tags',
])->save();
Comment::create([
'subject' => 'Llama',
'entity_id' => 1,
'entity_type' => 'taxonomy_term',
'field_name' => 'comment',
])->save();
// Test.
$user = $this->drupalCreateUser([
'access comments',
]);
$response = $this->request('GET', Url::fromUri('internal:/jsonapi/comment/test_comment_type?include=entity_id&filter[entity_id.name]=foobar'), [
RequestOptions::AUTH => [
$user->getAccountName(),
$user->pass_raw,
],
]);
$this->assertSame(200, $response->getStatusCode());
}
/**
* Ensure POST and PATCH works for bundle-less relationship routes.
*
* @see https://www.drupal.org/project/drupal/issues/2976371
*/
public function testBundlelessRelationshipMutationFromIssue2973681(): void {
$this->config('jsonapi.settings')->set('read_only', FALSE)->save(TRUE);
// Set up data model.
$this->drupalCreateContentType(['type' => 'page']);
$this->createEntityReferenceField(
'node',
'page',
'field_test',
NULL,
'user',
'default',
[
'target_bundles' => NULL,
],
FieldStorageDefinitionInterface::CARDINALITY_UNLIMITED
);
$this->rebuildAll();
// Create data.
$node = Node::create([
'title' => 'test article',
'type' => 'page',
]);
$node->save();
$target = $this->createUser();
// Test.
$user = $this->drupalCreateUser(['bypass node access']);
$url = Url::fromRoute('jsonapi.node--page.field_test.relationship.post', ['entity' => $node->uuid()]);
$request_options = [
RequestOptions::HEADERS => [
'Content-Type' => 'application/vnd.api+json',
'Accept' => 'application/vnd.api+json',
],
RequestOptions::AUTH => [$user->getAccountName(), $user->pass_raw],
RequestOptions::JSON => [
'data' => [
['type' => 'user--user', 'id' => $target->uuid()],
],
],
];
$response = $this->request('POST', $url, $request_options);
$this->assertSame(204, $response->getStatusCode(), (string) $response->getBody());
}
/**
* Cannot PATCH an entity with dangling references in an ER field.
*
* @see https://www.drupal.org/project/drupal/issues/2968972
*/
public function testDanglingReferencesInAnEntityReferenceFieldFromIssue2968972(): void {
$this->config('jsonapi.settings')->set('read_only', FALSE)->save(TRUE);
// Set up data model.
$this->drupalCreateContentType(['type' => 'journal_issue']);
$this->drupalCreateContentType(['type' => 'journal_article']);
$this->createEntityReferenceField(
'node',
'journal_article',
'field_issue',
NULL,
'node',
'default',
[
'target_bundles' => [
'journal_issue' => 'journal_issue',
],
],
FieldStorageDefinitionInterface::CARDINALITY_UNLIMITED
);
$this->rebuildAll();
// Create data.
$issue_node = Node::create([
'title' => 'Test Journal Issue',
'type' => 'journal_issue',
]);
$issue_node->save();
$user = $this->drupalCreateUser([
'access content',
'edit own journal_article content',
]);
$article_node = Node::create([
'title' => 'Test Journal Article',
'type' => 'journal_article',
'field_issue' => [
'target_id' => $issue_node->id(),
],
]);
$article_node->setOwner($user);
$article_node->save();
// Test.
$url = Url::fromUri(sprintf('internal:/jsonapi/node/journal_article/%s', $article_node->uuid()));
$request_options = [
RequestOptions::HEADERS => [
'Content-Type' => 'application/vnd.api+json',
'Accept' => 'application/vnd.api+json',
],
RequestOptions::AUTH => [$user->getAccountName(), $user->pass_raw],
RequestOptions::JSON => [
'data' => [
'type' => 'node--journal_article',
'id' => $article_node->uuid(),
'attributes' => [
'title' => 'My New Article Title',
],
],
],
];
$issue_node->delete();
$response = $this->request('PATCH', $url, $request_options);
$this->assertSame(200, $response->getStatusCode(), (string) $response->getBody());
}
/**
* Ensures PATCHing datetime (both date-only & date+time) fields is possible.
*
* @see https://www.drupal.org/project/drupal/issues/3021194
*/
public function testPatchingDateTimeFieldsFromIssue3021194(): void {
$this->config('jsonapi.settings')->set('read_only', FALSE)->save(TRUE);
// Set up data model.
$this->assertTrue($this->container->get('module_installer')->install(['datetime'], TRUE), 'Installed modules.');
$this->drupalCreateContentType(['type' => 'page']);
$this->rebuildAll();
FieldStorageConfig::create([
'field_name' => 'when',
'type' => 'datetime',
'entity_type' => 'node',
'settings' => ['datetime_type' => DateTimeItem::DATETIME_TYPE_DATE],
])
->save();
FieldConfig::create([
'field_name' => 'when',
'entity_type' => 'node',
'bundle' => 'page',
])
->save();
FieldStorageConfig::create([
'field_name' => 'when_exactly',
'type' => 'datetime',
'entity_type' => 'node',
'settings' => ['datetime_type' => DateTimeItem::DATETIME_TYPE_DATETIME],
])
->save();
FieldConfig::create([
'field_name' => 'when_exactly',
'entity_type' => 'node',
'bundle' => 'page',
])
->save();
// Create data.
$page = Node::create([
'title' => 'Stegosaurus',
'type' => 'page',
'when' => [
'value' => '2018-12-19',
],
'when_exactly' => [
'value' => '2018-12-19T17:00:00',
],
]);
$page->save();
// Test.
$user = $this->drupalCreateUser([
'access content',
'edit any page content',
]);
$request_options = [
RequestOptions::AUTH => [
$user->getAccountName(),
$user->pass_raw,
],
RequestOptions::HEADERS => [
'Content-Type' => 'application/vnd.api+json',
'Accept' => 'application/vnd.api+json',
],
];
$node_url = Url::fromUri('internal:/jsonapi/node/page/' . $page->uuid());
$response = $this->request('GET', $node_url, $request_options);
$document = $this->getDocumentFromResponse($response);
$this->assertSame(200, $response->getStatusCode());
$this->assertSame('2018-12-19', $document['data']['attributes']['when']);
$this->assertSame('2018-12-20T04:00:00+11:00', $document['data']['attributes']['when_exactly']);
$document['data']['attributes']['when'] = '2018-12-20';
$document['data']['attributes']['when_exactly'] = '2018-12-19T19:00:00+01:00';
$request_options = $request_options + [RequestOptions::JSON => $document];
$response = $this->request('PATCH', $node_url, $request_options);
$document = $this->getDocumentFromResponse($response);
$this->assertSame(200, $response->getStatusCode());
$this->assertSame('2018-12-20', $document['data']['attributes']['when']);
$this->assertSame('2018-12-20T05:00:00+11:00', $document['data']['attributes']['when_exactly']);
}
/**
* Ensure includes are respected even when PATCHing.
*
* @see https://www.drupal.org/project/drupal/issues/3026030
*/
public function testPatchToIncludeUrlDoesNotReturnIncludeFromIssue3026030(): void {
$this->config('jsonapi.settings')->set('read_only', FALSE)->save(TRUE);
// Set up data model.
$this->drupalCreateContentType(['type' => 'page']);
$this->rebuildAll();
// Create data.
$user = $this->drupalCreateUser(['bypass node access']);
$page = Node::create([
'title' => 'original',
'type' => 'page',
'uid' => $user->id(),
]);
$page->save();
// Test.
$url = Url::fromUri(sprintf('internal:/jsonapi/node/page/%s/?include=uid', $page->uuid()));
$request_options = [
RequestOptions::HEADERS => [
'Content-Type' => 'application/vnd.api+json',
'Accept' => 'application/vnd.api+json',
],
RequestOptions::AUTH => [$user->getAccountName(), $user->pass_raw],
RequestOptions::JSON => [
'data' => [
'type' => 'node--page',
'id' => $page->uuid(),
'attributes' => [
'title' => 'modified',
],
],
],
];
$response = $this->request('PATCH', $url, $request_options);
$document = $this->getDocumentFromResponse($response);
$this->assertSame(200, $response->getStatusCode());
$this->assertArrayHasKey('included', $document);
$this->assertSame($user->label(), $document['included'][0]['attributes']['name']);
}
/**
* Ensure non-translatable entities can be PATCHed with an alternate language.
*
* @see https://www.drupal.org/project/drupal/issues/3043168
*/
public function testNonTranslatableEntityUpdatesFromIssue3043168(): void {
// Enable write-mode.
$this->config('jsonapi.settings')->set('read_only', FALSE)->save(TRUE);
// Set the site language to Russian.
$this->config('system.site')->set('langcode', 'ru')->set('default_langcode', 'ru')->save(TRUE);
// Install a "custom" entity type that is not translatable.
$this->assertTrue($this->container->get('module_installer')->install(['entity_test'], TRUE), 'Installed modules.');
// Clear and rebuild caches and routes.
$this->rebuildAll();
// Create a test entity.
// @see \Drupal\language\DefaultLanguageItem
$entity = EntityTest::create([
'name' => 'Alexander',
'langcode' => LanguageInterface::LANGCODE_NOT_SPECIFIED,
]);
$entity->save();
// Ensure it is an instance of TranslatableInterface and that it is *not*
// translatable.
$this->assertInstanceOf(TranslatableInterface::class, $entity);
$this->assertFalse($entity->isTranslatable());
// Set up a test user with permission to view and update the test entity.
$user = $this->drupalCreateUser([
'view test entity',
'administer entity_test content',
]);
$request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
$request_options[RequestOptions::AUTH] = [
$user->getAccountName(),
$user->pass_raw,
];
// GET the test entity via JSON:API.
$entity_url = Url::fromUri('internal:/jsonapi/entity_test/entity_test/' . $entity->uuid());
$response = $this->request('GET', $entity_url, $request_options);
$response_document = $this->getDocumentFromResponse($response);
$this->assertSame(200, $response->getStatusCode());
// Ensure that the entity's langcode attribute is 'und'.
$this->assertSame(LanguageInterface::LANGCODE_NOT_SPECIFIED, $response_document['data']['attributes']['langcode']);
// Prepare to PATCH the entity via JSON:API.
$request_options[RequestOptions::HEADERS]['Content-Type'] = 'application/vnd.api+json';
$request_options[RequestOptions::JSON] = [
'data' => [
'type' => 'entity_test--entity_test',
'id' => $entity->uuid(),
'attributes' => [
'name' => 'Constantine',
],
],
];
// Issue the PATCH request and verify that the test entity was successfully
// updated.
$response = $this->request('PATCH', $entity_url, $request_options);
$response_document = $this->getDocumentFromResponse($response);
$this->assertSame(200, $response->getStatusCode(), (string) $response->getBody());
// Ensure that the entity's langcode attribute is still 'und' and the name
// was successfully updated.
$this->assertSame(LanguageInterface::LANGCODE_NOT_SPECIFIED, $response_document['data']['attributes']['langcode']);
$this->assertSame('Constantine', $response_document['data']['attributes']['name']);
}
/**
* Ensure PATCHing a non-existing field property results in a helpful error.
*
* @see https://www.drupal.org/project/drupal/issues/3127883
*/
public function testPatchInvalidFieldPropertyFromIssue3127883(): void {
$this->config('jsonapi.settings')->set('read_only', FALSE)->save(TRUE);
// Set up data model.
$this->drupalCreateContentType(['type' => 'page']);
$this->rebuildAll();
// Create data.
$node = Node::create([
'title' => 'foo',
'type' => 'page',
'body' => [
'format' => 'plain_text',
'value' => 'Hello World',
],
]);
$node->save();
// Test.
$user = $this->drupalCreateUser(['bypass node access']);
$url = Url::fromUri('internal:/jsonapi/node/page/' . $node->uuid());
$request_options = [
RequestOptions::HEADERS => [
'Content-Type' => 'application/vnd.api+json',
'Accept' => 'application/vnd.api+json',
],
RequestOptions::AUTH => [$user->getAccountName(), $user->pass_raw],
RequestOptions::JSON => [
'data' => [
'type' => 'node--page',
'id' => $node->uuid(),
'attributes' => [
'title' => 'Updated title',
'body' => [
'value' => 'Hello World … still.',
// Intentional typo in the property name!
'form' => 'plain_text',
// Another intentional typo.
// cSpell:disable-next-line
'sumary' => 'Boring old "Hello World".',
// And finally, one that is completely absurd.
'foobar' => '<script>alert("HI!");</script>',
],
],
],
],
];
$response = $this->request('PATCH', $url, $request_options);
// Assert a helpful error response is present.
$data = $this->getDocumentFromResponse($response, FALSE);
$this->assertSame(422, $response->getStatusCode());
$this->assertNotNull($data);
// cSpell:disable-next-line
$this->assertSame("The properties 'form', 'sumary', 'foobar' do not exist on the 'body' field of type 'text_with_summary'. Writable properties are: 'value', 'format', 'summary'.", $data['errors'][0]['detail']);
$request_options = [
RequestOptions::HEADERS => [
'Content-Type' => 'application/vnd.api+json',
'Accept' => 'application/vnd.api+json',
],
RequestOptions::AUTH => [$user->getAccountName(), $user->pass_raw],
RequestOptions::JSON => [
'data' => [
'type' => 'node--page',
'id' => $node->uuid(),
'attributes' => [
'title' => 'Updated title',
'body' => [
'value' => 'Hello World … still.',
// Intentional typo in the property name!
'form' => 'plain_text',
// Another intentional typo.
// cSpell:disable-next-line
'sumary' => 'Boring old "Hello World".',
],
],
],
],
];
$response = $this->request('PATCH', $url, $request_options);
// Assert a helpful error response is present.
$data = $this->getDocumentFromResponse($response, FALSE);
$this->assertSame(422, $response->getStatusCode());
$this->assertNotNull($data);
// cSpell:disable-next-line
$this->assertSame("The properties 'form', 'sumary' do not exist on the 'body' field of type 'text_with_summary'. Did you mean 'format', 'summary'?", $data['errors'][0]['detail']);
}
}

898
web/core/modules/jsonapi/tests/src/Functional/JsonApiRegressionTest.php Normal file
View File

@ -0,0 +1,898 @@
<?php
declare(strict_types=1);
namespace Drupal\Tests\jsonapi\Functional;
use Drupal\comment\Entity\Comment;
use Drupal\comment\Plugin\Field\FieldType\CommentItemInterface;
use Drupal\comment\Tests\CommentTestTrait;
use Drupal\Component\Serialization\Json;
use Drupal\Core\Field\FieldStorageDefinitionInterface;
use Drupal\Core\Url;
use Drupal\datetime\Plugin\Field\FieldType\DateTimeItem;
use Drupal\entity_test\Entity\EntityTestMapField;
use Drupal\field\Entity\FieldConfig;
use Drupal\field\Entity\FieldStorageConfig;
use Drupal\node\Entity\Node;
use Drupal\node\Entity\NodeType;
use Drupal\taxonomy\Entity\Term;
use Drupal\taxonomy\Entity\Vocabulary;
use Drupal\user\Entity\Role;
use Drupal\user\Entity\User;
use Drupal\user\RoleInterface;
use GuzzleHttp\RequestOptions;
/**
* JSON:API regression tests.
*
* @group jsonapi
*
* @internal
*/
class JsonApiRegressionTest extends JsonApiFunctionalTestBase {
use CommentTestTrait;
/**
* {@inheritdoc}
*/
protected static $modules = [
'basic_auth',
];
/**
* {@inheritdoc}
*/
protected $defaultTheme = 'stark';
/**
* Ensure deep nested include works on multi target entity type field.
*
* @see https://www.drupal.org/project/drupal/issues/2973681
*/
public function testDeepNestedIncludeMultiTargetEntityTypeFieldFromIssue2973681(): void {
// Set up data model.
$this->assertTrue($this->container->get('module_installer')->install(['comment'], TRUE), 'Installed modules.');
$this->addDefaultCommentField('node', 'article');
$this->addDefaultCommentField('taxonomy_term', 'tags', 'comment', CommentItemInterface::OPEN, 'test_comment_type');
$this->drupalCreateContentType(['type' => 'page']);
$this->createEntityReferenceField(
'node',
'page',
'field_comment',
NULL,
'comment',
'default',
[
'target_bundles' => [
'comment' => 'comment',
'test_comment_type' => 'test_comment_type',
],
],
FieldStorageDefinitionInterface::CARDINALITY_UNLIMITED
);
$this->rebuildAll();
// Create data.
$node = Node::create([
'title' => 'test article',
'type' => 'article',
]);
$node->save();
$comment = Comment::create([
'subject' => 'Llama',
'entity_id' => 1,
'entity_type' => 'node',
'field_name' => 'comment',
]);
$comment->save();
$page = Node::create([
'title' => 'test node',
'type' => 'page',
'field_comment' => [
'entity' => $comment,
],
]);
$page->save();
// Test.
$user = $this->drupalCreateUser([
'access content',
'access comments',
]);
$response = $this->request('GET', Url::fromUri('internal:/jsonapi/node/page?include=field_comment,field_comment.entity_id,field_comment.entity_id.uid'), [
RequestOptions::AUTH => [
$user->getAccountName(),
$user->pass_raw,
],
]);
$this->assertSame(200, $response->getStatusCode());
}
/**
* Ensures GETting terms works when multiple vocabularies exist.
*
* @see https://www.drupal.org/project/drupal/issues/2977879
*/
public function testGetTermWhenMultipleVocabulariesExistFromIssue2977879(): void {
// Set up data model.
$this->assertTrue($this->container->get('module_installer')->install(['taxonomy'], TRUE), 'Installed modules.');
Vocabulary::create([
'name' => 'one',
'vid' => 'one',
])->save();
Vocabulary::create([
'name' => 'two',
'vid' => 'two',
])->save();
$this->rebuildAll();
// Create data.
Term::create(['vid' => 'one'])
->setName('Test')
->save();
// Test.
$user = $this->drupalCreateUser([
'access content',
]);
$response = $this->request('GET', Url::fromUri('internal:/jsonapi/taxonomy_term/one'), [
RequestOptions::AUTH => [
$user->getAccountName(),
$user->pass_raw,
],
]);
$this->assertSame(200, $response->getStatusCode());
}
/**
* Ensures GETting node collection + hook_node_grants() implementations works.
*
* @see https://www.drupal.org/project/drupal/issues/2984964
*/
public function testGetNodeCollectionWithHookNodeGrantsImplementationsFromIssue2984964(): void {
// Set up data model.
$this->assertTrue($this->container->get('module_installer')->install(['node_access_test'], TRUE), 'Installed modules.');
node_access_rebuild();
$this->rebuildAll();
// Create data.
Node::create([
'title' => 'test article',
'type' => 'article',
])->save();
// Test.
$user = $this->drupalCreateUser([
'access content',
]);
$response = $this->request('GET', Url::fromUri('internal:/jsonapi/node/article'), [
RequestOptions::AUTH => [
$user->getAccountName(),
$user->pass_raw,
],
]);
$this->assertSame(200, $response->getStatusCode());
$this->assertContains('user.node_grants:view', explode(' ', $response->getHeader('X-Drupal-Cache-Contexts')[0]));
}
/**
* Cannot GET an entity with dangling references in an ER field.
*
* @see https://www.drupal.org/project/drupal/issues/2984647
*/
public function testDanglingReferencesInAnEntityReferenceFieldFromIssue2984647(): void {
// Set up data model.
$this->drupalCreateContentType(['type' => 'journal_issue']);
$this->drupalCreateContentType(['type' => 'journal_conference']);
$this->drupalCreateContentType(['type' => 'journal_article']);
$this->createEntityReferenceField(
'node',
'journal_article',
'field_issue',
NULL,
'node',
'default',
[
'target_bundles' => [
'journal_issue' => 'journal_issue',
],
],
FieldStorageDefinitionInterface::CARDINALITY_UNLIMITED
);
$this->createEntityReferenceField(
'node',
'journal_article',
'field_mentioned_in',
NULL,
'node',
'default',
[
'target_bundles' => [
'journal_issue' => 'journal_issue',
'journal_conference' => 'journal_conference',
],
],
FieldStorageDefinitionInterface::CARDINALITY_UNLIMITED
);
$this->rebuildAll();
// Create data.
$issue_node = Node::create([
'title' => 'Test Journal Issue',
'type' => 'journal_issue',
]);
$issue_node->save();
$conference_node = Node::create([
'title' => 'First Journal Conference!',
'type' => 'journal_conference',
]);
$conference_node->save();
$user = $this->drupalCreateUser([
'access content',
'edit own journal_article content',
]);
$article_node = Node::create([
'title' => 'Test Journal Article',
'type' => 'journal_article',
'field_issue' => [
['target_id' => $issue_node->id()],
],
'field_mentioned_in' => [
['target_id' => $issue_node->id()],
['target_id' => $conference_node->id()],
],
]);
$article_node->setOwner($user);
$article_node->save();
// Test.
$url = Url::fromUri(sprintf('internal:/jsonapi/node/journal_article/%s', $article_node->uuid()));
$request_options = [
RequestOptions::HEADERS => [
'Content-Type' => 'application/vnd.api+json',
'Accept' => 'application/vnd.api+json',
],
RequestOptions::AUTH => [$user->getAccountName(), $user->pass_raw],
];
$issue_node->delete();
$response = $this->request('GET', $url, $request_options);
$document = $this->getDocumentFromResponse($response);
$this->assertSame(200, $response->getStatusCode());
// Entity reference field allowing a single bundle: dangling reference's
// resource type is deduced.
$this->assertSame([
[
'type' => 'node--journal_issue',
'id' => 'missing',
'meta' => [
'links' => [
'help' => [
'href' => 'https://www.drupal.org/docs/8/modules/json-api/core-concepts#missing',
'meta' => [
'about' => "Usage and meaning of the 'missing' resource identifier.",
],
],
],
],
],
], $document['data']['relationships']['field_issue']['data']);
// Entity reference field allowing multiple bundles: dangling reference's
// resource type is NOT deduced.
$this->assertSame([
[
'type' => 'unknown',
'id' => 'missing',
'meta' => [
'links' => [
'help' => [
'href' => 'https://www.drupal.org/docs/8/modules/json-api/core-concepts#missing',
'meta' => [
'about' => "Usage and meaning of the 'missing' resource identifier.",
],
],
],
],
],
[
'type' => 'node--journal_conference',
'id' => $conference_node->uuid(),
'meta' => [
'drupal_internal__target_id' => (int) $conference_node->id(),
],
],
], $document['data']['relationships']['field_mentioned_in']['data']);
}
/**
* Ensures that JSON:API routes are caches are dynamically rebuilt.
*
* Adding a new relationship field should cause new routes to be immediately
* regenerated. The site builder should not need to manually rebuild caches.
*
* @see https://www.drupal.org/project/drupal/issues/2984886
*/
public function testThatRoutesAreRebuiltAfterDataModelChangesFromIssue2984886(): void {
$user = $this->drupalCreateUser(['access content']);
$request_options = [
RequestOptions::AUTH => [
$user->getAccountName(),
$user->pass_raw,
],
];
$response = $this->request('GET', Url::fromUri('internal:/jsonapi/node/dog'), $request_options);
$this->assertSame(404, $response->getStatusCode());
$node_type_dog = NodeType::create([
'type' => 'dog',
'name' => 'Dog',
]);
$node_type_dog->save();
NodeType::create([
'type' => 'cat',
'name' => 'Cat',
])->save();
\Drupal::service('router.builder')->rebuildIfNeeded();
$response = $this->request('GET', Url::fromUri('internal:/jsonapi/node/dog'), $request_options);
$this->assertSame(200, $response->getStatusCode());
$this->createEntityReferenceField('node', 'dog', 'field_test', '', 'node');
\Drupal::service('router.builder')->rebuildIfNeeded();
$dog = Node::create(['type' => 'dog', 'title' => 'retriever']);
$dog->save();
$response = $this->request('GET', Url::fromUri('internal:/jsonapi/node/dog/' . $dog->uuid() . '/field_test'), $request_options);
$this->assertSame(200, $response->getStatusCode());
$this->createEntityReferenceField('node', 'cat', 'field_test', '', 'node');
\Drupal::service('router.builder')->rebuildIfNeeded();
$cat = Node::create(['type' => 'cat', 'title' => 'E. Napoleon']);
$cat->save();
$response = $this->request('GET', Url::fromUri('internal:/jsonapi/node/cat/' . $cat->uuid() . '/field_test'), $request_options);
$this->assertSame(200, $response->getStatusCode());
FieldConfig::loadByName('node', 'cat', 'field_test')->delete();
\Drupal::service('router.builder')->rebuildIfNeeded();
$response = $this->request('GET', Url::fromUri('internal:/jsonapi/node/cat/' . $cat->uuid() . '/field_test'), $request_options);
$this->assertSame(404, $response->getStatusCode());
$node_type_dog->delete();
\Drupal::service('router.builder')->rebuildIfNeeded();
$response = $this->request('GET', Url::fromUri('internal:/jsonapi/node/dog'), $request_options);
$this->assertSame(404, $response->getStatusCode());
}
/**
* Ensures denormalizing relationships with aliased field names works.
*
* @see https://www.drupal.org/project/drupal/issues/3007113
* @see https://www.drupal.org/project/jsonapi_extras/issues/3004582#comment-12817261
*/
public function testDenormalizeAliasedRelationshipFromIssue2953207(): void {
$this->config('jsonapi.settings')->set('read_only', FALSE)->save(TRUE);
// Since the JSON:API module does not have an explicit mechanism to set up
// field aliases, create a strange data model so that automatic aliasing
// allows us to test aliased relationships.
// @see \Drupal\jsonapi\ResourceType\ResourceTypeRepository::getFieldMapping()
$internal_relationship_field_name = 'type';
$public_relationship_field_name = 'taxonomy_term_' . $internal_relationship_field_name;
// Set up data model.
$this->createEntityReferenceField(
'taxonomy_term',
'tags',
$internal_relationship_field_name,
NULL,
'user'
);
$this->rebuildAll();
// Create data.
Term::create([
'name' => 'foobar',
'vid' => 'tags',
'type' => ['target_id' => 1],
])->save();
// Test.
$user = $this->drupalCreateUser([
'edit terms in tags',
]);
$body = [
'data' => [
'type' => 'user--user',
'id' => User::load(0)->uuid(),
],
];
// Test.
$response = $this->request('PATCH', Url::fromUri(sprintf('internal:/jsonapi/taxonomy_term/tags/%s/relationships/%s', Term::load(1)->uuid(), $public_relationship_field_name)), [
RequestOptions::AUTH => [
$user->getAccountName(),
$user->pass_raw,
],
RequestOptions::HEADERS => [
'Content-Type' => 'application/vnd.api+json',
],
RequestOptions::BODY => Json::encode($body),
]);
$this->assertSame(204, $response->getStatusCode());
}
/**
* Ensures that Drupal's page cache is effective.
*
* @see https://www.drupal.org/project/drupal/issues/3009596
*/
public function testPageCacheFromIssue3009596(): void {
$anonymous_role = Role::load(RoleInterface::ANONYMOUS_ID);
$anonymous_role->grantPermission('access content');
$anonymous_role->trustData()->save();
NodeType::create([
'type' => 'emu_fact',
'name' => 'Emu Fact',
])->save();
\Drupal::service('router.builder')->rebuildIfNeeded();
$node = Node::create([
'type' => 'emu_fact',
'title' => "Emus don't say moo!",
]);
$node->save();
$request_options = [
RequestOptions::HEADERS => ['Accept' => 'application/vnd.api+json'],
];
$node_url = Url::fromUri('internal:/jsonapi/node/emu_fact/' . $node->uuid());
// The first request should be a cache MISS.
$response = $this->request('GET', $node_url, $request_options);
$this->assertSame(200, $response->getStatusCode());
$this->assertSame('MISS', $response->getHeader('X-Drupal-Cache')[0]);
// The second request should be a cache HIT.
$response = $this->request('GET', $node_url, $request_options);
$this->assertSame(200, $response->getStatusCode());
$this->assertSame('HIT', $response->getHeader('X-Drupal-Cache')[0]);
}
/**
* Ensures datetime fields are normalized using the correct timezone.
*
* @see https://www.drupal.org/project/drupal/issues/2999438
*/
public function testPatchingDateTimeNormalizedWrongTimeZoneIssue3021194(): void {
// Set up data model.
$this->assertTrue($this->container->get('module_installer')->install(['datetime'], TRUE), 'Installed modules.');
$this->drupalCreateContentType(['type' => 'page']);
$this->rebuildAll();
FieldStorageConfig::create([
'field_name' => 'when',
'type' => 'datetime',
'entity_type' => 'node',
'settings' => ['datetime_type' => DateTimeItem::DATETIME_TYPE_DATETIME],
])
->save();
FieldConfig::create([
'field_name' => 'when',
'entity_type' => 'node',
'bundle' => 'page',
])
->save();
// Create data.
$page = Node::create([
'title' => 'Stegosaurus',
'type' => 'page',
'when' => [
'value' => '2018-09-16T12:00:00',
],
]);
$page->save();
// Test.
$user = $this->drupalCreateUser([
'access content',
]);
$response = $this->request('GET', Url::fromUri('internal:/jsonapi/node/page/' . $page->uuid()), [
RequestOptions::AUTH => [
$user->getAccountName(),
$user->pass_raw,
],
]);
$doc = $this->getDocumentFromResponse($response);
$this->assertSame(200, $response->getStatusCode());
$this->assertSame('2018-09-16T22:00:00+10:00', $doc['data']['attributes']['when']);
}
/**
* Ensure includes are respected even when POSTing.
*
* @see https://www.drupal.org/project/drupal/issues/3026030
*/
public function testPostToIncludeUrlDoesNotReturnIncludeFromIssue3026030(): void {
$this->config('jsonapi.settings')->set('read_only', FALSE)->save(TRUE);
// Set up data model.
$this->drupalCreateContentType(['type' => 'page']);
$this->rebuildAll();
// Test.
$user = $this->drupalCreateUser(['bypass node access']);
$url = Url::fromUri('internal:/jsonapi/node/page?include=uid');
$request_options = [
RequestOptions::HEADERS => [
'Content-Type' => 'application/vnd.api+json',
'Accept' => 'application/vnd.api+json',
],
RequestOptions::AUTH => [$user->getAccountName(), $user->pass_raw],
RequestOptions::JSON => [
'data' => [
'type' => 'node--page',
'attributes' => [
'title' => 'test',
],
],
],
];
$response = $this->request('POST', $url, $request_options);
$doc = $this->getDocumentFromResponse($response);
$this->assertSame(201, $response->getStatusCode());
$this->assertArrayHasKey('included', $doc);
$this->assertSame($user->label(), $doc['included'][0]['attributes']['name']);
}
/**
* Ensure `@FieldType=map` fields are normalized correctly.
*
* @see https://www.drupal.org/project/drupal/issues/3040590
*/
public function testMapFieldTypeNormalizationFromIssue3040590(): void {
$this->assertTrue($this->container->get('module_installer')->install(['entity_test'], TRUE), 'Installed modules.');
// Create data.
$entity_a = EntityTestMapField::create([
'name' => 'A',
'data' => [
'foo' => 'bar',
'baz' => 'qux',
],
]);
$entity_a->save();
$entity_b = EntityTestMapField::create([
'name' => 'B',
]);
$entity_b->save();
$user = $this->drupalCreateUser([
'administer entity_test content',
]);
// Test.
$url = Url::fromUri('internal:/jsonapi/entity_test_map_field/entity_test_map_field?sort=drupal_internal__id');
$request_options = [
RequestOptions::AUTH => [$user->getAccountName(), $user->pass_raw],
];
$response = $this->request('GET', $url, $request_options);
$data = $this->getDocumentFromResponse($response);
$this->assertSame(200, $response->getStatusCode());
$this->assertSame([
'foo' => 'bar',
'baz' => 'qux',
], $data['data'][0]['attributes']['data']);
$this->assertNull($data['data'][1]['attributes']['data']);
$entity_a->set('data', [
'foo' => 'bar',
])->save();
$response = $this->request('GET', $url, $request_options);
$data = $this->getDocumentFromResponse($response);
$this->assertSame(200, $response->getStatusCode());
$this->assertSame(['foo' => 'bar'], $data['data'][0]['attributes']['data']);
}
/**
* Tests that the response still has meaningful error messages.
*/
public function testRecursionDetectedWhenResponseContainsViolationsFrom3042124(): void {
$this->config('jsonapi.settings')->set('read_only', FALSE)->save(TRUE);
// Set up default request.
$url = Url::fromUri('internal:/jsonapi/node/article');
$request_options = [
RequestOptions::HEADERS => [
'Content-Type' => 'application/vnd.api+json',
'Accept' => 'application/vnd.api+json',
],
RequestOptions::JSON => [
'data' => [
'type' => 'node--article',
'attributes' => [],
],
],
];
// Set up test users.
$user = $this->drupalCreateUser(['bypass node access'], 'Sam');
$admin = $this->drupalCreateUser([], 'Gandalf', TRUE);
// Make request as regular user.
$request_options[RequestOptions::AUTH] = [$user->getAccountName(), $user->pass_raw];
$this->request('POST', $url, $request_options);
$response = $this->request('POST', $url, $request_options);
// Assert that the response has a body.
$data = $this->getDocumentFromResponse($response, FALSE);
$this->assertSame(422, $response->getStatusCode());
$this->assertNotNull($data);
$this->assertSame(sprintf('title: This value should not be null.'), $data['errors'][0]['detail']);
// Make request as regular user.
$request_options[RequestOptions::AUTH] = [$admin->getAccountName(), $admin->pass_raw];
$this->request('POST', $url, $request_options);
$response = $this->request('POST', $url, $request_options);
// Assert that the response has a body.
$data = $this->getDocumentFromResponse($response, FALSE);
$this->assertSame(422, $response->getStatusCode());
$this->assertNotNull($data);
$this->assertSame(sprintf('title: This value should not be null.'), $data['errors'][0]['detail']);
}
/**
* Ensure POSTing invalid data results in a 422 response, not a PHP error.
*
* @see https://www.drupal.org/project/drupal/issues/3052954
*/
public function testInvalidDataTriggersUnprocessableEntityErrorFromIssue3052954(): void {
$this->config('jsonapi.settings')->set('read_only', FALSE)->save(TRUE);
// Set up data model.
$user = $this->drupalCreateUser(['bypass node access']);
// Test.
$request_options = [
RequestOptions::HEADERS => [
'Content-Type' => 'application/vnd.api+json',
'Accept' => 'application/vnd.api+json',
],
RequestOptions::JSON => [
'data' => [
'type' => 'article',
'attributes' => [
'title' => 'foobar',
'created' => 'not_a_date',
],
],
],
RequestOptions::AUTH => [$user->getAccountName(), $user->pass_raw],
];
$response = $this->request('POST', Url::fromUri('internal:/jsonapi/node/article'), $request_options);
$this->assertSame(422, $response->getStatusCode());
}
/**
* Ensure optional `@FieldType=map` fields are denormalized correctly.
*/
public function testEmptyMapFieldTypeDenormalization(): void {
$this->config('jsonapi.settings')->set('read_only', FALSE)->save(TRUE);
// Set up data model.
$this->assertTrue($this->container->get('module_installer')->install(['entity_test'], TRUE), 'Installed modules.');
// Create data.
$entity = EntityTestMapField::create([
'name' => 'foo',
]);
$entity->save();
$user = $this->drupalCreateUser([
'administer entity_test content',
]);
// Test.
$url = Url::fromUri(sprintf('internal:/jsonapi/entity_test_map_field/entity_test_map_field/%s', $entity->uuid()));
$request_options = [
RequestOptions::AUTH => [$user->getAccountName(), $user->pass_raw],
];
// Retrieve the current representation of the entity.
$response = $this->request('GET', $url, $request_options);
$doc = $this->getDocumentFromResponse($response);
$this->assertSame(200, $response->getStatusCode());
// Modify the title. The @FieldType=map normalization is not changed. (The
// name of this field is confusingly also 'data'.)
$doc['data']['attributes']['name'] = 'bar';
$request_options[RequestOptions::HEADERS] = [
'Content-Type' => 'application/vnd.api+json',
'Accept' => 'application/vnd.api+json',
];
$request_options[RequestOptions::BODY] = Json::encode($doc);
$response = $this->request('PATCH', $url, $request_options);
$patched_document = $this->getDocumentFromResponse($response);
$this->assertSame(200, $response->getStatusCode());
$this->assertSame($doc['data']['attributes']['data'], $patched_document['data']['attributes']['data']);
}
/**
* Ensure EntityAccessDeniedHttpException cacheability is taken into account.
*/
public function testLeakCacheMetadataInOmitted(): void {
$term = Term::create([
'name' => 'Llama term',
'vid' => 'tags',
]);
$term->setUnpublished();
$term->save();
$node = Node::create([
'type' => 'article',
'title' => 'Llama node',
'field_tags' => ['target_id' => $term->id()],
]);
$node->save();
$user = $this->drupalCreateUser([
'access content',
]);
$request_options = [
RequestOptions::AUTH => [
$user->getAccountName(),
$user->pass_raw,
],
];
// Request with unpublished term. At this point it would include the term
// into "omitted" part of the response. The point here is that we
// purposefully warm up the cache where it is excluded from response and
// on the next run we will assure merely publishing term is enough to make
// it visible, i.e. that the 1st response was invalidated in Drupal cache.
$url = Url::fromUri('internal:/jsonapi/' . $node->getEntityTypeId() . '/' . $node->bundle(), [
'query' => ['include' => 'field_tags'],
]);
$response = $this->request('GET', $url, $request_options);
$document = $this->getDocumentFromResponse($response);
$this->assertSame(200, $response->getStatusCode());
$this->assertArrayNotHasKey('included', $document, 'JSON API response does not contain "included" taxonomy term as the latter is not published, i.e not accessible.');
$omitted = $document['meta']['omitted']['links'];
unset($omitted['help']);
$omitted = reset($omitted);
$expected_url = Url::fromUri('internal:/jsonapi/' . $term->getEntityTypeId() . '/' . $term->bundle() . '/' . $term->uuid());
$expected_url->setAbsolute();
$this->assertSame($expected_url->toString(), $omitted['href'], 'Entity that is excluded due to access constraints is correctly reported in the "Omitted" section of the JSON API response.');
$term->setPublished();
$term->save();
$response = $this->request('GET', $url, $request_options);
$document = $this->getDocumentFromResponse($response);
$this->assertSame(200, $response->getStatusCode());
$this->assertEquals($term->uuid(), $document['included'][0]['id'], 'JSON API response contains "included" taxonomy term as it became published, i.e accessible.');
}
/**
* Tests that "virtual/missing" resources can exist for renamed fields.
*
* @see https://www.drupal.org/project/drupal/issues/3034786
* @see https://www.drupal.org/project/drupal/issues/3035544
*/
public function testAliasedFieldsWithVirtualRelationships(): void {
// Set up the data model.
$this->assertTrue($this->container->get('module_installer')->install([
'taxonomy',
'jsonapi_test_resource_type_building',
], TRUE), 'Installed modules.');
\Drupal::state()->set('jsonapi_test_resource_type_builder.resource_type_field_aliases', [
'node--article' => [
'field_tags' => 'field_aliased',
],
]);
$this->rebuildAll();
$tag_term = Term::create([
'vid' => 'tags',
'name' => 'test_tag',
]);
$tag_term->save();
$article_node = Node::create([
'type' => 'article',
'title' => 'test_article',
'field_tags' => ['target_id' => $tag_term->id()],
]);
$article_node->save();
// Make a broken reference.
$tag_term->delete();
// Make sure that accessing a node that references a deleted term does not
// cause an error.
$user = $this->drupalCreateUser(['bypass node access']);
$request_options = [
RequestOptions::AUTH => [
$user->getAccountName(),
$user->pass_raw,
],
];
$response = $this->request('GET', Url::fromUri('internal:/jsonapi/node/article/' . $article_node->uuid()), $request_options);
$this->assertSame(200, $response->getStatusCode());
}
/**
* Tests that caching isn't happening for non-cacheable methods.
*
* @see https://www.drupal.org/project/drupal/issues/3072076
*/
public function testNonCacheableMethods(): void {
$this->container->get('module_installer')->install([
'jsonapi_test_non_cacheable_methods',
], TRUE);
$this->config('jsonapi.settings')->set('read_only', FALSE)->save(TRUE);
$node = Node::create([
'type' => 'article',
'title' => 'Llama non-cacheable',
]);
$node->save();
$user = $this->drupalCreateUser([
'access content',
'create article content',
'edit any article content',
'delete any article content',
]);
$base_request_options = [
RequestOptions::HEADERS => [
'Content-Type' => 'application/vnd.api+json',
'Accept' => 'application/vnd.api+json',
],
RequestOptions::AUTH => [$user->getAccountName(), $user->pass_raw],
];
$methods = [
'HEAD',
'GET',
];
foreach ($methods as $method) {
$response = $this->request($method, Url::fromUri('internal:/jsonapi/node/article/' . $node->uuid()), $base_request_options);
$this->assertSame(200, $response->getStatusCode());
}
$patch_request_options = $base_request_options + [
RequestOptions::JSON => [
'data' => [
'type' => 'node--article',
'id' => $node->uuid(),
],
],
];
$response = $this->request('PATCH', Url::fromUri('internal:/jsonapi/node/article/' . $node->uuid()), $patch_request_options);
$this->assertSame(200, $response->getStatusCode());
$response = $this->request('DELETE', Url::fromUri('internal:/jsonapi/node/article/' . $node->uuid()), $base_request_options);
$this->assertSame(204, $response->getStatusCode());
$post_request_options = $base_request_options + [
RequestOptions::JSON => [
'data' => [
'type' => 'node--article',
'attributes' => [
'title' => 'Llama non-cacheable',
],
],
],
];
$response = $this->request('POST', Url::fromUri('internal:/jsonapi/node/article'), $post_request_options);
$this->assertSame(201, $response->getStatusCode());
}
}

157
web/core/modules/jsonapi/tests/src/Functional/JsonApiRelationshipTest.php Normal file
View File

@ -0,0 +1,157 @@
<?php
declare(strict_types=1);
namespace Drupal\Tests\jsonapi\Functional;
use Drupal\Core\Url;
use Drupal\entity_test\EntityTestHelper;
use Drupal\field\Entity\FieldConfig;
use Drupal\field\Entity\FieldStorageConfig;
use GuzzleHttp\RequestOptions;
/**
* JSON:API resource tests.
*
* @group jsonapi
*
* @internal
*/
class JsonApiRelationshipTest extends JsonApiFunctionalTestBase {
/**
* {@inheritdoc}
*/
protected static $modules = [
'basic_auth',
'entity_test',
'jsonapi_test_field_type',
];
/**
* The entity type ID.
*/
protected string $entityTypeId = 'entity_test';
/**
* The entity bundle.
*/
protected string $bundle = 'entity_test';
/**
* The field name.
*/
protected string $fieldName = 'field_child';
/**
* {@inheritdoc}
*/
protected function setUp(): void {
parent::setUp();
EntityTestHelper::createBundle($this->bundle, 'Parent', $this->entityTypeId);
FieldStorageConfig::create([
'field_name' => $this->fieldName,
'type' => 'jsonapi_test_field_type_entity_reference_uuid',
'entity_type' => $this->entityTypeId,
'cardinality' => 1,
'settings' => [
'target_type' => $this->entityTypeId,
],
])->save();
FieldConfig::create([
'field_name' => $this->fieldName,
'entity_type' => $this->entityTypeId,
'bundle' => $this->bundle,
'label' => $this->randomString(),
'settings' => [
'handler' => 'default',
'handler_settings' => [],
],
])->save();
\Drupal::service('router.builder')->rebuild();
}
/**
* Test relationships without target_id as main property.
*
* @see https://www.drupal.org/project/drupal/issues/3476224
*/
public function testPatchHandleUUIDPropertyReferenceFieldIssue3127883(): void {
$this->config('jsonapi.settings')->set('read_only', FALSE)->save(TRUE);
$user = $this->drupalCreateUser([
'administer entity_test content',
'view test entity',
]);
// Create parent and child entities.
$storage = $this->container->get('entity_type.manager')
->getStorage($this->entityTypeId);
$parentEntity = $storage
->create([
'type' => $this->bundle,
]);
$parentEntity->save();
$childUuid = $this->container->get('uuid')->generate();
$childEntity = $storage
->create([
'type' => $this->bundle,
'uuid' => $childUuid,
]);
$childEntity->save();
$uuid = $childEntity->uuid();
$this->assertEquals($childUuid, $uuid);
// 1. Successful PATCH to the related endpoint.
$url = Url::fromUri(sprintf('internal:/jsonapi/%s/%s/%s/relationships/%s', $this->entityTypeId, $this->bundle, $parentEntity->uuid(), $this->fieldName));
$request_options = [
RequestOptions::HEADERS => [
'Content-Type' => 'application/vnd.api+json',
'Accept' => 'application/vnd.api+json',
],
RequestOptions::AUTH => [$user->getAccountName(), $user->pass_raw],
RequestOptions::JSON => [
'data' => [
'id' => $childUuid,
'type' => sprintf('%s--%s', $this->entityTypeId, $this->bundle),
],
],
];
$response = $this->request('PATCH', $url, $request_options);
$this->assertSame(204, $response->getStatusCode(), (string) $response->getBody());
$parentEntity = $storage->loadUnchanged($parentEntity->id());
$this->assertEquals($childEntity->uuid(), $parentEntity->get($this->fieldName)->target_uuid);
// Reset the relationship.
$parentEntity->set($this->fieldName, NULL)
->save();
$parentEntity = $storage->loadUnchanged($parentEntity->id());
$this->assertTrue($parentEntity->get($this->fieldName)->isEmpty());
// 2. Successful PATCH to individual endpoint.
$url = Url::fromUri(sprintf('internal:/jsonapi/%s/%s/%s', $this->entityTypeId, $this->bundle, $parentEntity->uuid()));
$request_options[RequestOptions::JSON] = [
'data' => [
'id' => $parentEntity->uuid(),
'type' => sprintf('%s--%s', $this->entityTypeId, $this->bundle),
'relationships' => [
$this->fieldName => [
'data' => [
[
'id' => $childUuid,
'type' => sprintf('%s--%s', $this->entityTypeId, $this->bundle),
],
],
],
],
],
];
$response = $this->request('PATCH', $url, $request_options);
$this->assertSame(200, $response->getStatusCode(), (string) $response->getBody());
$parentEntity = $storage->loadUnchanged($parentEntity->id());
$this->assertEquals($childEntity->uuid(), $parentEntity->get($this->fieldName)->target_uuid);
}
}

19
web/core/modules/jsonapi/tests/src/Functional/JsonApiRequestTestTrait.php Normal file
View File

@ -0,0 +1,19 @@
<?php
declare(strict_types=1);
namespace Drupal\Tests\jsonapi\Functional;
use Drupal\Tests\ApiRequestTrait;
/**
* Boilerplate for JSON:API Functional tests' HTTP requests.
*
* @internal
*/
trait JsonApiRequestTestTrait {
use ApiRequestTrait {
makeApiRequest as request;
}
}

413
web/core/modules/jsonapi/tests/src/Functional/MediaTest.php Normal file
View File

@ -0,0 +1,413 @@
<?php
declare(strict_types=1);
namespace Drupal\Tests\jsonapi\Functional;
use Drupal\jsonapi\JsonApiSpec;
use Drupal\Core\Entity\EntityInterface;
use Drupal\Core\Url;
use Drupal\file\Entity\File;
use Drupal\media\Entity\Media;
use Drupal\media\Entity\MediaType;
use Drupal\Tests\jsonapi\Traits\CommonCollectionFilterAccessTestPatternsTrait;
use Drupal\user\Entity\User;
/**
* JSON:API integration test for the "Media" content entity type.
*
* @group jsonapi
*/
class MediaTest extends ResourceTestBase {
use CommonCollectionFilterAccessTestPatternsTrait;
/**
* {@inheritdoc}
*/
protected static $modules = ['media'];
/**
* {@inheritdoc}
*/
protected $defaultTheme = 'stark';
/**
* {@inheritdoc}
*/
protected static $entityTypeId = 'media';
/**
* {@inheritdoc}
*/
protected static $resourceTypeName = 'media--camelids';
/**
* {@inheritdoc}
*/
protected static $resourceTypeIsVersionable = TRUE;
/**
* {@inheritdoc}
*
* @var \Drupal\media\MediaInterface
*/
protected $entity;
/**
* {@inheritdoc}
*/
protected static $patchProtectedFieldNames = [
'changed' => NULL,
];
/**
* {@inheritdoc}
*/
protected function setUpAuthorization($method): void {
switch ($method) {
case 'GET':
$this->grantPermissionsToTestedRole(['view media', 'view any camelids media revisions']);
break;
case 'POST':
$this->grantPermissionsToTestedRole(['create camelids media', 'access content']);
break;
case 'PATCH':
$this->grantPermissionsToTestedRole(['edit any camelids media']);
// @todo Remove this in https://www.drupal.org/node/2824851.
$this->grantPermissionsToTestedRole(['access content']);
break;
case 'DELETE':
$this->grantPermissionsToTestedRole(['delete any camelids media']);
break;
}
}
/**
* {@inheritdoc}
*/
protected function setUpRevisionAuthorization($method): void {
parent::setUpRevisionAuthorization($method);
$this->grantPermissionsToTestedRole(['view all media revisions']);
}
/**
* {@inheritdoc}
*/
protected function createEntity() {
if (!MediaType::load('camelids')) {
// Create a "Camelids" media type.
$media_type = MediaType::create([
'label' => 'Camelids',
'id' => 'camelids',
'description' => 'Camelids are large, strictly herbivorous animals with slender necks and long legs.',
'source' => 'file',
]);
$media_type->save();
// Create the source field.
$source_field = $media_type->getSource()->createSourceField($media_type);
$source_field->getFieldStorageDefinition()->save();
$source_field->save();
$media_type
->set('source_configuration', [
'source_field' => $source_field->getName(),
])
->save();
}
// Create a file to upload.
$file = File::create([
'uri' => 'public://llama.txt',
]);
$file->setPermanent();
$file->save();
// @see \Drupal\Tests\jsonapi\Functional\MediaTest::testPostIndividual()
$post_file = File::create([
'uri' => 'public://llama2.txt',
]);
$post_file->setPermanent();
$post_file->save();
// Create a "Llama" media item.
$media = Media::create([
'bundle' => 'camelids',
'field_media_file' => [
'target_id' => $file->id(),
],
]);
$media
->setName('Llama')
->setPublished()
->setCreatedTime(123456789)
->setOwnerId($this->account->id())
->setRevisionUserId($this->account->id())
->save();
return $media;
}
/**
* {@inheritdoc}
*/
protected function getExpectedDocument(): array {
$file = File::load(1);
$thumbnail = File::load(3);
$author = User::load($this->entity->getOwnerId());
$base_url = Url::fromUri('base:/jsonapi/media/camelids/' . $this->entity->uuid())->setAbsolute();
$self_url = clone $base_url;
$version_identifier = 'id:' . $this->entity->getRevisionId();
$self_url = $self_url->setOption('query', ['resourceVersion' => $version_identifier]);
$version_query_string = '?resourceVersion=' . urlencode($version_identifier);
return [
'jsonapi' => [
'meta' => [
'links' => [
'self' => ['href' => JsonApiSpec::SUPPORTED_SPECIFICATION_PERMALINK],
],
],
'version' => JsonApiSpec::SUPPORTED_SPECIFICATION_VERSION,
],
'links' => [
'self' => ['href' => $base_url->toString()],
],
'data' => [
'id' => $this->entity->uuid(),
'type' => 'media--camelids',
'links' => [
'self' => ['href' => $self_url->toString()],
],
'attributes' => [
'langcode' => 'en',
'name' => 'Llama',
'status' => TRUE,
'created' => '1973-11-29T21:33:09+00:00',
'changed' => (new \DateTime())->setTimestamp($this->entity->getChangedTime())->setTimezone(new \DateTimeZone('UTC'))->format(\DateTime::RFC3339),
'revision_created' => (new \DateTime())->setTimestamp((int) $this->entity->getRevisionCreationTime())->setTimezone(new \DateTimeZone('UTC'))->format(\DateTime::RFC3339),
'default_langcode' => TRUE,
'revision_log_message' => NULL,
// @todo Attempt to remove this in https://www.drupal.org/project/drupal/issues/2933518.
'revision_translation_affected' => TRUE,
'drupal_internal__mid' => 1,
'drupal_internal__vid' => 1,
],
'relationships' => [
'field_media_file' => [
'data' => [
'id' => $file->uuid(),
'meta' => [
'description' => NULL,
'display' => NULL,
'drupal_internal__target_id' => (int) $file->id(),
],
'type' => 'file--file',
],
'links' => [
'related' => [
'href' => $base_url->toString() . '/field_media_file' . $version_query_string,
],
'self' => [
'href' => $base_url->toString() . '/relationships/field_media_file' . $version_query_string,
],
],
],
'thumbnail' => [
'data' => [
'id' => $thumbnail->uuid(),
'meta' => [
'alt' => '',
'drupal_internal__target_id' => (int) $thumbnail->id(),
'width' => 180,
'height' => 180,
'title' => NULL,
],
'type' => 'file--file',
],
'links' => [
'related' => [
'href' => $base_url->toString() . '/thumbnail' . $version_query_string,
],
'self' => [
'href' => $base_url->toString() . '/relationships/thumbnail' . $version_query_string,
],
],
],
'bundle' => [
'data' => [
'id' => MediaType::load('camelids')->uuid(),
'meta' => [
'drupal_internal__target_id' => 'camelids',
],
'type' => 'media_type--media_type',
],
'links' => [
'related' => [
'href' => $base_url->toString() . '/bundle' . $version_query_string,
],
'self' => [
'href' => $base_url->toString() . '/relationships/bundle' . $version_query_string,
],
],
],
'uid' => [
'data' => [
'id' => $author->uuid(),
'type' => 'user--user',
'meta' => [
'drupal_internal__target_id' => (int) $author->id(),
],
],
'links' => [
'related' => [
'href' => $base_url->toString() . '/uid' . $version_query_string,
],
'self' => [
'href' => $base_url->toString() . '/relationships/uid' . $version_query_string,
],
],
],
'revision_user' => [
'data' => [
'id' => $author->uuid(),
'meta' => [
'drupal_internal__target_id' => (int) $author->id(),
],
'type' => 'user--user',
],
'links' => [
'related' => [
'href' => $base_url->toString() . '/revision_user' . $version_query_string,
],
'self' => [
'href' => $base_url->toString() . '/relationships/revision_user' . $version_query_string,
],
],
],
],
],
];
}
/**
* {@inheritdoc}
*/
protected function getPostDocument(): array {
$file = File::load(2);
return [
'data' => [
'type' => 'media--camelids',
'attributes' => [
'name' => 'Drama llama',
],
'relationships' => [
'field_media_file' => [
'data' => [
'id' => $file->uuid(),
'meta' => [
'description' => 'This file is better!',
'display' => NULL,
'drupal_internal__target_id' => (int) $file->id(),
],
'type' => 'file--file',
],
],
],
],
];
}
/**
* {@inheritdoc}
*/
protected function getExpectedUnauthorizedAccessMessage($method) {
switch ($method) {
case 'GET':
return "The 'view media' permission is required when the media item is published.";
case 'POST':
return "The following permissions are required: 'administer media' OR 'create media' OR 'create camelids media'.";
case 'PATCH':
return "The following permissions are required: 'update any media' OR 'update own media' OR 'camelids: edit any media' OR 'camelids: edit own media'.";
case 'DELETE':
return "The following permissions are required: 'delete any media' OR 'delete own media' OR 'camelids: delete any media' OR 'camelids: delete own media'.";
default:
return '';
}
}
/**
* {@inheritdoc}
*/
protected function getEditorialPermissions(): array {
return array_merge(parent::getEditorialPermissions(), ['view any unpublished content']);
}
/**
* {@inheritdoc}
*/
protected function getExpectedUnauthorizedAccessCacheability() {
// @see \Drupal\media\MediaAccessControlHandler::checkAccess()
return parent::getExpectedUnauthorizedAccessCacheability()
->addCacheTags(['media:1']);
}
/**
* {@inheritdoc}
*/
protected function doTestPostIndividual(): void {
// @todo Mimic \Drupal\Tests\rest\Functional\EntityResource\Media\MediaResourceTestBase::testPost()
// @todo Later, use https://www.drupal.org/project/drupal/issues/2958554 to upload files rather than the REST module.
parent::doTestPostIndividual();
}
/**
* {@inheritdoc}
*/
protected function getExpectedGetRelationshipDocumentData($relationship_field_name, ?EntityInterface $entity = NULL) {
$data = parent::getExpectedGetRelationshipDocumentData($relationship_field_name, $entity);
switch ($relationship_field_name) {
case 'thumbnail':
$data['meta'] = [
'alt' => '',
'width' => 180,
'height' => 180,
'title' => NULL,
] + $data['meta'];
return $data;
case 'field_media_file':
$data['meta'] = [
'description' => NULL,
'display' => NULL,
] + $data['meta'];
return $data;
default:
return $data;
}
}
/**
* {@inheritdoc}
*
* @todo Remove this in https://www.drupal.org/node/2824851.
*/
protected function doTestRelationshipMutation(array $request_options): void {
$this->grantPermissionsToTestedRole(['access content']);
parent::doTestRelationshipMutation($request_options);
}
/**
* {@inheritdoc}
*/
public function testCollectionFilterAccess(): void {
$this->doTestCollectionFilterAccessForPublishableEntities('name', 'view media', 'administer media');
}
}

119
web/core/modules/jsonapi/tests/src/Functional/MediaTypeTest.php Normal file
View File

@ -0,0 +1,119 @@
<?php
declare(strict_types=1);
namespace Drupal\Tests\jsonapi\Functional;
use Drupal\jsonapi\JsonApiSpec;
use Drupal\Core\Url;
use Drupal\media\Entity\MediaType;
/**
* JSON:API integration test for the "MediaType" config entity type.
*
* @group jsonapi
*/
class MediaTypeTest extends ConfigEntityResourceTestBase {
/**
* {@inheritdoc}
*/
protected static $modules = ['media'];
/**
* {@inheritdoc}
*/
protected $defaultTheme = 'stark';
/**
* {@inheritdoc}
*/
protected static $entityTypeId = 'media_type';
/**
* {@inheritdoc}
*/
protected static $resourceTypeName = 'media_type--media_type';
/**
* {@inheritdoc}
*
* @var \Drupal\media\MediaTypeInterface
*/
protected $entity;
/**
* {@inheritdoc}
*/
protected function setUpAuthorization($method): void {
$this->grantPermissionsToTestedRole(['administer media types']);
}
/**
* {@inheritdoc}
*/
protected function createEntity() {
// Create a "Camelids" media type.
$camelids = MediaType::create([
'label' => 'Camelids',
'id' => 'camelids',
'description' => 'Camelids are large, strictly herbivorous animals with slender necks and long legs.',
'source' => 'file',
]);
$camelids->save();
return $camelids;
}
/**
* {@inheritdoc}
*/
protected function getExpectedDocument(): array {
$self_url = Url::fromUri('base:/jsonapi/media_type/media_type/' . $this->entity->uuid())->setAbsolute()->toString(TRUE)->getGeneratedUrl();
return [
'jsonapi' => [
'meta' => [
'links' => [
'self' => ['href' => JsonApiSpec::SUPPORTED_SPECIFICATION_PERMALINK],
],
],
'version' => JsonApiSpec::SUPPORTED_SPECIFICATION_VERSION,
],
'links' => [
'self' => ['href' => $self_url],
],
'data' => [
'id' => $this->entity->uuid(),
'type' => 'media_type--media_type',
'links' => [
'self' => ['href' => $self_url],
],
'attributes' => [
'dependencies' => [],
'description' => 'Camelids are large, strictly herbivorous animals with slender necks and long legs.',
'field_map' => [],
'label' => 'Camelids',
'langcode' => 'en',
'new_revision' => FALSE,
'queue_thumbnail_downloads' => FALSE,
'source' => 'file',
'source_configuration' => [
'source_field' => '',
],
'status' => TRUE,
'drupal_internal__id' => 'camelids',
],
],
];
}
/**
* {@inheritdoc}
*/
protected function getPostDocument(): array {
// @todo Update in https://www.drupal.org/node/2300677.
return [];
}
}

246
web/core/modules/jsonapi/tests/src/Functional/MenuLinkContentTest.php Normal file
View File

@ -0,0 +1,246 @@
<?php
declare(strict_types=1);
namespace Drupal\Tests\jsonapi\Functional;
use Drupal\jsonapi\JsonApiSpec;
use Drupal\Component\Serialization\Json;
use Drupal\Component\Utility\NestedArray;
use Drupal\Core\Url;
use Drupal\menu_link_content\Entity\MenuLinkContent;
use Drupal\Tests\jsonapi\Traits\CommonCollectionFilterAccessTestPatternsTrait;
use GuzzleHttp\RequestOptions;
/**
* JSON:API integration test for the "MenuLinkContent" content entity type.
*
* @group jsonapi
*/
class MenuLinkContentTest extends ResourceTestBase {
use CommonCollectionFilterAccessTestPatternsTrait;
/**
* {@inheritdoc}
*/
protected $defaultTheme = 'stark';
/**
* {@inheritdoc}
*/
protected static $modules = ['menu_link_content'];
/**
* {@inheritdoc}
*/
protected static $entityTypeId = 'menu_link_content';
/**
* {@inheritdoc}
*/
protected static $resourceTypeName = 'menu_link_content--menu_link_content';
/**
* {@inheritdoc}
*/
protected static $resourceTypeIsVersionable = TRUE;
/**
* {@inheritdoc}
*
* @var \Drupal\menu_link_content\MenuLinkContentInterface
*/
protected $entity;
/**
* {@inheritdoc}
*/
protected static $patchProtectedFieldNames = [
'changed' => NULL,
];
/**
* {@inheritdoc}
*/
protected function setUpAuthorization($method): void {
$this->grantPermissionsToTestedRole(['administer menu']);
}
/**
* {@inheritdoc}
*/
protected function createEntity() {
$menu_link = MenuLinkContent::create([
'id' => 'llama',
'title' => 'Llama Gabilondo',
'description' => 'Llama Gabilondo',
'link' => 'https://nl.wikipedia.org/wiki/Llama',
'weight' => 0,
'menu_name' => 'main',
]);
$menu_link->save();
return $menu_link;
}
/**
* {@inheritdoc}
*/
protected function getExpectedDocument(): array {
$base_url = Url::fromUri('base:/jsonapi/menu_link_content/menu_link_content/' . $this->entity->uuid())->setAbsolute();
$self_url = clone $base_url;
$version_identifier = 'id:' . $this->entity->getRevisionId();
$self_url = $self_url->setOption('query', ['resourceVersion' => $version_identifier]);
$version_query_string = '?resourceVersion=' . urlencode($version_identifier);
return [
'jsonapi' => [
'meta' => [
'links' => [
'self' => ['href' => JsonApiSpec::SUPPORTED_SPECIFICATION_PERMALINK],
],
],
'version' => JsonApiSpec::SUPPORTED_SPECIFICATION_VERSION,
],
'links' => [
'self' => ['href' => $base_url->toString()],
],
'data' => [
'id' => $this->entity->uuid(),
'type' => 'menu_link_content--menu_link_content',
'links' => [
'self' => ['href' => $self_url->toString()],
],
'attributes' => [
'bundle' => 'menu_link_content',
'link' => [
'uri' => 'https://nl.wikipedia.org/wiki/Llama',
'title' => NULL,
'options' => [],
],
'changed' => (new \DateTime())->setTimestamp($this->entity->getChangedTime())->setTimezone(new \DateTimeZone('UTC'))->format(\DateTime::RFC3339),
'default_langcode' => TRUE,
'description' => 'Llama Gabilondo',
'enabled' => TRUE,
'expanded' => FALSE,
'external' => FALSE,
'langcode' => 'en',
'menu_name' => 'main',
'parent' => NULL,
'rediscover' => FALSE,
'title' => 'Llama Gabilondo',
'weight' => 0,
'drupal_internal__id' => 1,
'drupal_internal__revision_id' => 1,
'revision_created' => (new \DateTime())->setTimestamp((int) $this->entity->getRevisionCreationTime())->setTimezone(new \DateTimeZone('UTC'))->format(\DateTime::RFC3339),
'revision_log_message' => NULL,
// @todo Attempt to remove this in https://www.drupal.org/project/drupal/issues/2933518.
'revision_translation_affected' => TRUE,
],
'relationships' => [
'revision_user' => [
'data' => NULL,
'links' => [
'related' => [
'href' => $base_url->toString() . '/revision_user' . $version_query_string,
],
'self' => [
'href' => $base_url->toString() . '/relationships/revision_user' . $version_query_string,
],
],
],
],
],
];
}
/**
* {@inheritdoc}
*/
protected function getPostDocument(): array {
return [
'data' => [
'type' => 'menu_link_content--menu_link_content',
'attributes' => [
'title' => 'Drama llama',
'link' => [
'uri' => 'http://www.urbandictionary.com/define.php?term=drama%20llama',
],
],
],
];
}
/**
* {@inheritdoc}
*/
protected function getExpectedUnauthorizedAccessMessage($method) {
switch ($method) {
case 'DELETE':
return "The 'administer menu' permission is required.";
default:
return parent::getExpectedUnauthorizedAccessMessage($method);
}
}
/**
* {@inheritdoc}
*/
public function testCollectionFilterAccess(): void {
$this->doTestCollectionFilterAccessBasedOnPermissions('title', 'administer menu');
}
/**
* Tests requests using a serialized field item property.
*
* @see https://security.drupal.org/node/161923
*/
public function testLinkOptionsSerialization(): void {
$this->config('jsonapi.settings')->set('read_only', FALSE)->save(TRUE);
$document = $this->getPostDocument();
$document['data']['attributes']['link']['options'] = "O:44:\"Symfony\\Component\\Process\\Pipes\\WindowsPipes\":8:{s:51:\"\\Symfony\\Component\\Process\\Pipes\\WindowsPipes\0files\";a:1:{i:0;s:3:\"foo\";}s:57:\"\0Symfony\\Component\\Process\\Pipes\\WindowsPipes\0fileHandles\";a:0:{}s:55:\"\0Symfony\\Component\\Process\\Pipes\\WindowsPipes\0readBytes\";a:2:{i:1;i:0;i:2;i:0;}s:59:\"\0Symfony\\Component\\Process\\Pipes\\WindowsPipes\0disableOutput\";b:0;s:5:\"pipes\";a:0:{}s:58:\"\0Symfony\\Component\\Process\\Pipes\\AbstractPipes\0inputBuffer\";s:0:\"\";s:52:\"\0Symfony\\Component\\Process\\Pipes\\AbstractPipes\0input\";N;s:54:\"\0Symfony\\Component\\Process\\Pipes\\AbstractPipes\0blocked\";b:1;}";
$url = Url::fromRoute(sprintf('jsonapi.%s.collection.post', static::$resourceTypeName));
$request_options = [];
$request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
$request_options[RequestOptions::HEADERS]['Content-Type'] = 'application/vnd.api+json';
$request_options[RequestOptions::BODY] = Json::encode($document);
$request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions());
// Ensure 403 when unauthorized.
$response = $this->request('POST', $url, $request_options);
$reason = $this->getExpectedUnauthorizedAccessMessage('POST');
$this->assertResourceErrorResponse(403, (string) $reason, $url, $response);
$this->setUpAuthorization('POST');
// Ensure that an exception is thrown.
$response = $this->request('POST', $url, $request_options);
$this->assertResourceErrorResponse(500, (string) 'The generic FieldItemNormalizer cannot denormalize string values for "options" properties of the "link" field (field item class: Drupal\link\Plugin\Field\FieldType\LinkItem).', $url, $response);
// Create a menu link content entity without the serialized property.
unset($document['data']['attributes']['link']['options']);
$request_options[RequestOptions::BODY] = Json::encode($document);
$response = $this->request('POST', $url, $request_options);
$document = $this->getDocumentFromResponse($response);
$internal_id = $document['data']['attributes']['drupal_internal__id'];
// Load the created menu item and add link options to it.
$menu_link = MenuLinkContent::load($internal_id);
$menu_link->get('link')->first()->set('options', ['fragment' => 'test']);
$menu_link->save();
// Fetch the link.
unset($request_options[RequestOptions::BODY]);
$url = Url::fromRoute(sprintf('jsonapi.%s.individual', static::$resourceTypeName), ['entity' => $document['data']['id']]);
$response = $this->request('GET', $url, $request_options);
$response_body = (string) $response->getBody();
// Ensure that the entity can be updated using a response document.
$request_options[RequestOptions::BODY] = $response_body;
$response = $this->request('PATCH', $url, $request_options);
$this->assertResourceResponse(200, Json::decode($response_body), $response);
}
}

115
web/core/modules/jsonapi/tests/src/Functional/MenuTest.php Normal file
View File

@ -0,0 +1,115 @@
<?php
declare(strict_types=1);
namespace Drupal\Tests\jsonapi\Functional;
use Drupal\jsonapi\JsonApiSpec;
use Drupal\Core\Url;
use Drupal\system\Entity\Menu;
/**
* JSON:API integration test for the "Menu" config entity type.
*
* @group jsonapi
*/
class MenuTest extends ConfigEntityResourceTestBase {
/**
* {@inheritdoc}
*/
protected static $modules = [];
/**
* {@inheritdoc}
*/
protected $defaultTheme = 'stark';
/**
* {@inheritdoc}
*/
protected static $entityTypeId = 'menu';
/**
* {@inheritdoc}
*/
protected static $resourceTypeName = 'menu--menu';
/**
* {@inheritdoc}
*/
protected static $anonymousUsersCanViewLabels = TRUE;
/**
* {@inheritdoc}
*
* @var \Drupal\system\MenuInterface
*/
protected $entity;
/**
* {@inheritdoc}
*/
protected function setUpAuthorization($method): void {
$this->grantPermissionsToTestedRole(['administer menu']);
}
/**
* {@inheritdoc}
*/
protected function createEntity() {
$menu = Menu::create([
'id' => 'menu',
'label' => 'Menu',
'description' => 'Menu',
]);
$menu->save();
return $menu;
}
/**
* {@inheritdoc}
*/
protected function getExpectedDocument(): array {
$self_url = Url::fromUri('base:/jsonapi/menu/menu/' . $this->entity->uuid())->setAbsolute()->toString(TRUE)->getGeneratedUrl();
return [
'jsonapi' => [
'meta' => [
'links' => [
'self' => ['href' => JsonApiSpec::SUPPORTED_SPECIFICATION_PERMALINK],
],
],
'version' => JsonApiSpec::SUPPORTED_SPECIFICATION_VERSION,
],
'links' => [
'self' => ['href' => $self_url],
],
'data' => [
'id' => $this->entity->uuid(),
'type' => 'menu--menu',
'links' => [
'self' => ['href' => $self_url],
],
'attributes' => [
'dependencies' => [],
'description' => 'Menu',
'label' => 'Menu',
'langcode' => 'en',
'locked' => FALSE,
'status' => TRUE,
'drupal_internal__id' => 'menu',
],
],
];
}
/**
* {@inheritdoc}
*/
protected function getPostDocument(): array {
// @todo Update in https://www.drupal.org/node/2300677.
return [];
}
}

537
web/core/modules/jsonapi/tests/src/Functional/NodeTest.php Normal file
View File

@ -0,0 +1,537 @@
<?php
declare(strict_types=1);
namespace Drupal\Tests\jsonapi\Functional;
use Drupal\jsonapi\JsonApiSpec;
use Drupal\Component\Serialization\Json;
use Drupal\Component\Utility\NestedArray;
use Drupal\Core\Cache\Cache;
use Drupal\Core\Cache\CacheableMetadata;
use Drupal\Core\Url;
use Drupal\jsonapi\Normalizer\HttpExceptionNormalizer;
use Drupal\jsonapi\Normalizer\Value\CacheableNormalization;
use Drupal\node\Entity\Node;
use Drupal\node\Entity\NodeType;
use Drupal\Tests\jsonapi\Traits\CommonCollectionFilterAccessTestPatternsTrait;
use Drupal\Tests\WaitTerminateTestTrait;
use Drupal\user\Entity\User;
use GuzzleHttp\RequestOptions;
/**
* JSON:API integration test for the "Node" content entity type.
*
* @group jsonapi
*/
class NodeTest extends ResourceTestBase {
use CommonCollectionFilterAccessTestPatternsTrait;
use WaitTerminateTestTrait;
/**
* {@inheritdoc}
*/
protected static $modules = ['node', 'path'];
/**
* {@inheritdoc}
*/
protected $defaultTheme = 'stark';
/**
* {@inheritdoc}
*/
protected static $entityTypeId = 'node';
/**
* {@inheritdoc}
*/
protected static $resourceTypeName = 'node--camelids';
/**
* {@inheritdoc}
*/
protected static $resourceTypeIsVersionable = TRUE;
/**
* {@inheritdoc}
*/
protected static $newRevisionsShouldBeAutomatic = TRUE;
/**
* {@inheritdoc}
*
* @var \Drupal\node\NodeInterface
*/
protected $entity;
/**
* {@inheritdoc}
*/
protected static $patchProtectedFieldNames = [
'revision_timestamp' => NULL,
'created' => "The 'administer nodes' permission is required.",
'changed' => NULL,
'promote' => "The 'administer nodes' permission is required.",
'sticky' => "The 'administer nodes' permission is required.",
'path' => "The following permissions are required: 'create url aliases' OR 'administer url aliases'.",
'revision_uid' => NULL,
];
/**
* {@inheritdoc}
*/
protected function setUpAuthorization($method): void {
switch ($method) {
case 'GET':
$this->grantPermissionsToTestedRole(['access content']);
break;
case 'POST':
$this->grantPermissionsToTestedRole(['access content', 'create camelids content']);
break;
case 'PATCH':
// Do not grant the 'create url aliases' permission to test the case
// when the path field is protected/not accessible, see
// \Drupal\Tests\rest\Functional\EntityResource\Term\TermResourceTestBase
// for a positive test.
$this->grantPermissionsToTestedRole(['access content', 'edit any camelids content']);
break;
case 'DELETE':
$this->grantPermissionsToTestedRole(['access content', 'delete any camelids content']);
break;
}
}
/**
* {@inheritdoc}
*/
protected function setUpRevisionAuthorization($method): void {
parent::setUpRevisionAuthorization($method);
$this->grantPermissionsToTestedRole(['view all revisions']);
}
/**
* {@inheritdoc}
*/
protected function createEntity() {
if (!NodeType::load('camelids')) {
// Create a "Camelids" node type.
NodeType::create([
'name' => 'Camelids',
'type' => 'camelids',
])->save();
}
// Create a "Llama" node.
$node = Node::create(['type' => 'camelids']);
$node->setTitle('Llama')
->setOwnerId($this->account->id())
->setPublished()
->setCreatedTime(123456789)
->setChangedTime(123456789)
->setRevisionCreationTime(123456789)
->set('path', '/llama')
->save();
return $node;
}
/**
* {@inheritdoc}
*/
protected function getExpectedDocument(): array {
$author = User::load($this->entity->getOwnerId());
$base_url = Url::fromUri('base:/jsonapi/node/camelids/' . $this->entity->uuid())->setAbsolute();
$self_url = clone $base_url;
$version_identifier = 'id:' . $this->entity->getRevisionId();
$self_url = $self_url->setOption('query', ['resourceVersion' => $version_identifier]);
$version_query_string = '?resourceVersion=' . urlencode($version_identifier);
return [
'jsonapi' => [
'meta' => [
'links' => [
'self' => ['href' => JsonApiSpec::SUPPORTED_SPECIFICATION_PERMALINK],
],
],
'version' => JsonApiSpec::SUPPORTED_SPECIFICATION_VERSION,
],
'links' => [
'self' => ['href' => $base_url->toString()],
],
'data' => [
'id' => $this->entity->uuid(),
'type' => 'node--camelids',
'links' => [
'self' => ['href' => $self_url->toString()],
],
'attributes' => [
'created' => '1973-11-29T21:33:09+00:00',
'changed' => (new \DateTime())->setTimestamp($this->entity->getChangedTime())->setTimezone(new \DateTimeZone('UTC'))->format(\DateTime::RFC3339),
'default_langcode' => TRUE,
'langcode' => 'en',
'path' => [
'alias' => '/llama',
'pid' => 1,
'langcode' => 'en',
],
'promote' => TRUE,
'revision_timestamp' => '1973-11-29T21:33:09+00:00',
// @todo Attempt to remove this in https://www.drupal.org/project/drupal/issues/2933518.
'revision_translation_affected' => TRUE,
'status' => TRUE,
'sticky' => FALSE,
'title' => 'Llama',
'drupal_internal__nid' => 1,
'drupal_internal__vid' => 1,
],
'relationships' => [
'node_type' => [
'data' => [
'id' => NodeType::load('camelids')->uuid(),
'meta' => [
'drupal_internal__target_id' => 'camelids',
],
'type' => 'node_type--node_type',
],
'links' => [
'related' => [
'href' => $base_url->toString() . '/node_type' . $version_query_string,
],
'self' => [
'href' => $base_url->toString() . '/relationships/node_type' . $version_query_string,
],
],
],
'uid' => [
'data' => [
'id' => $author->uuid(),
'meta' => [
'drupal_internal__target_id' => (int) $author->id(),
],
'type' => 'user--user',
],
'links' => [
'related' => [
'href' => $base_url->toString() . '/uid' . $version_query_string,
],
'self' => [
'href' => $base_url->toString() . '/relationships/uid' . $version_query_string,
],
],
],
'revision_uid' => [
'data' => [
'id' => $author->uuid(),
'meta' => [
'drupal_internal__target_id' => (int) $author->id(),
],
'type' => 'user--user',
],
'links' => [
'related' => [
'href' => $base_url->toString() . '/revision_uid' . $version_query_string,
],
'self' => [
'href' => $base_url->toString() . '/relationships/revision_uid' . $version_query_string,
],
],
],
],
],
];
}
/**
* {@inheritdoc}
*/
protected function getPostDocument(): array {
return [
'data' => [
'type' => 'node--camelids',
'attributes' => [
'title' => 'Drama llama',
],
],
];
}
/**
* {@inheritdoc}
*/
protected function getExpectedUnauthorizedAccessMessage($method): string {
switch ($method) {
case 'GET':
case 'POST':
case 'PATCH':
case 'DELETE':
return "The 'access content' permission is required.";
}
return '';
}
/**
* Tests PATCHing a node's path with and without 'create url aliases'.
*
* For a positive test, see the similar test coverage for Term.
*
* @see \Drupal\Tests\jsonapi\Functional\TermTest::testPatchPath()
* @see \Drupal\Tests\rest\Functional\EntityResource\Term\TermResourceTestBase::testPatchPath()
*/
public function testPatchPath(): void {
$this->setUpAuthorization('GET');
$this->setUpAuthorization('PATCH');
$this->config('jsonapi.settings')->set('read_only', FALSE)->save(TRUE);
// @todo Remove line below in favor of commented line in https://www.drupal.org/project/drupal/issues/2878463.
$url = Url::fromRoute(sprintf('jsonapi.%s.individual', static::$resourceTypeName), ['entity' => $this->entity->uuid()]);
// $url = $this->entity->toUrl('jsonapi');
// GET node's current normalization.
$response = $this->request('GET', $url, $this->getAuthenticationRequestOptions());
$normalization = $this->getDocumentFromResponse($response);
// Change node's path alias.
$normalization['data']['attributes']['path']['alias'] .= 's-rule-the-world';
// Create node PATCH request.
$request_options = $this->getAuthenticationRequestOptions();
$request_options[RequestOptions::HEADERS]['Content-Type'] = 'application/vnd.api+json';
$request_options[RequestOptions::BODY] = Json::encode($normalization);
// PATCH request: 403 when creating URL aliases unauthorized.
$response = $this->request('PATCH', $url, $request_options);
$this->assertResourceErrorResponse(403, "The current user is not allowed to PATCH the selected field (path). The following permissions are required: 'create url aliases' OR 'administer url aliases'.", $url, $response, '/data/attributes/path');
// Grant permission to create URL aliases.
$this->grantPermissionsToTestedRole(['create url aliases']);
// Repeat PATCH request: 200.
$response = $this->request('PATCH', $url, $request_options);
$updated_normalization = $this->getDocumentFromResponse($response);
$this->assertResourceResponse(200, FALSE, $response);
$this->assertSame($normalization['data']['attributes']['path']['alias'], $updated_normalization['data']['attributes']['path']['alias']);
}
/**
* {@inheritdoc}
*/
public function testGetIndividual(): void {
// Cacheable normalizations are written after the response is flushed to
// the client. We use WaitTerminateTestTrait to wait for Drupal to perform
// its termination work before continuing.
$this->setWaitForTerminate();
parent::testGetIndividual();
$this->assertCacheableNormalizations();
// Unpublish node.
$this->entity->setUnpublished()->save();
// @todo Remove line below in favor of commented line in https://www.drupal.org/project/drupal/issues/2878463.
$url = Url::fromRoute(sprintf('jsonapi.%s.individual', static::$resourceTypeName), ['entity' => $this->entity->uuid()]);
// $url = $this->entity->toUrl('jsonapi');
$request_options = $this->getAuthenticationRequestOptions();
// 403 when accessing own unpublished node.
$response = $this->request('GET', $url, $request_options);
$this->assertResourceErrorResponse(
403,
'The current user is not allowed to GET the selected resource.',
$url,
$response,
'/data',
['4xx-response', 'http_response', 'node:1'],
['url.query_args', 'url.site', 'user.permissions'],
'UNCACHEABLE (request policy)',
TRUE
);
// 200 after granting permission.
$this->grantPermissionsToTestedRole(['view own unpublished content']);
$response = $this->request('GET', $url, $request_options);
$this->assertResourceResponse(200, FALSE, $response, $this->getExpectedCacheTags(), $this->getExpectedCacheContexts(), 'UNCACHEABLE (request policy)', TRUE);
}
/**
* Asserts that normalizations are cached in an incremental way.
*
* @throws \Drupal\Core\Entity\EntityStorageException
*
* @internal
*/
protected function assertCacheableNormalizations(): void {
// Save the entity to invalidate caches.
$this->entity->save();
$uuid = $this->entity->uuid();
$language = $this->entity->language()->getId();
$cache = \Drupal::service('variation_cache.jsonapi_normalizations')->get(['node--camelids', $uuid, $language], new CacheableMetadata());
// After saving the entity the normalization should not be cached.
$this->assertFalse($cache);
// @todo Remove line below in favor of commented line in https://www.drupal.org/project/drupal/issues/2878463.
$url = Url::fromRoute(sprintf('jsonapi.%s.individual', static::$resourceTypeName), ['entity' => $uuid]);
// $url = $this->entity->toUrl('jsonapi');
$request_options = $this->getAuthenticationRequestOptions();
$request_options[RequestOptions::QUERY] = ['fields' => ['node--camelids' => 'title']];
$this->request('GET', $url, $request_options);
// Ensure the normalization cache is being incrementally built. After
// requesting the title, only the title is in the cache.
$this->assertNormalizedFieldsAreCached(['title']);
$request_options[RequestOptions::QUERY] = ['fields' => ['node--camelids' => 'field_rest_test']];
$this->request('GET', $url, $request_options);
// After requesting an additional field, then that field is in the cache and
// the old one is still there.
$this->assertNormalizedFieldsAreCached(['title', 'field_rest_test']);
}
/**
* Checks that the provided field names are the only fields in the cache.
*
* The normalization cache should only have these fields, which build up
* across responses.
*
* @param string[] $field_names
* The field names.
*
* @internal
*/
protected function assertNormalizedFieldsAreCached(array $field_names): void {
$variation_cache = \Drupal::service('variation_cache.jsonapi_normalizations');
// Because we warm caches in different requests, we do not properly populate
// the internal properties of our variation cache. Reset it.
$variation_cache->reset();
$cache = $variation_cache->get(['node--camelids', $this->entity->uuid(), $this->entity->language()->getId()], new CacheableMetadata());
$cached_fields = $cache->data['fields'];
$this->assertSameSize($field_names, $cached_fields);
array_walk($field_names, function ($field_name) use ($cached_fields) {
$this->assertInstanceOf(
CacheableNormalization::class,
$cached_fields[$field_name]
);
});
}
/**
* {@inheritdoc}
*/
protected function getExpectedCacheContexts(?array $sparse_fieldset = NULL) {
// \Drupal\Tests\jsonapi\Functional\ResourceTestBase::testRevisions()
// loads different revisions via query parameters, we do our best
// here to react to those directly, or indirectly.
$cache_contexts = parent::getExpectedCacheContexts($sparse_fieldset);
// This is bubbled up by
// \Drupal\node\NodeAccessControlHandler::checkAccess() directly.
if ($this->entity->isPublished()) {
return $cache_contexts;
}
if (!\Drupal::currentUser()->isAuthenticated()) {
return Cache::mergeContexts($cache_contexts, ['user.roles:authenticated']);
}
if (\Drupal::currentUser()->hasPermission('view own unpublished content')) {
return Cache::mergeContexts($cache_contexts, ['user']);
}
return $cache_contexts;
}
/**
* {@inheritdoc}
*/
protected static function getIncludePermissions(): array {
return [
'uid.node_type' => ['administer users'],
'uid.roles' => ['administer permissions'],
];
}
/**
* Creating relationships to missing resources should be 404 per JSON:API 1.1.
*
* @see https://github.com/json-api/json-api/issues/1033
*/
public function testPostNonExistingAuthor(): void {
$this->setUpAuthorization('POST');
$this->config('jsonapi.settings')->set('read_only', FALSE)->save(TRUE);
$this->grantPermissionsToTestedRole(['administer nodes']);
$random_uuid = \Drupal::service('uuid')->generate();
$doc = $this->getPostDocument();
$doc['data']['relationships']['uid']['data'] = [
'type' => 'user--user',
'id' => $random_uuid,
];
// Create node POST request.
$url = Url::fromRoute(sprintf('jsonapi.%s.collection.post', static::$resourceTypeName));
$request_options = $this->getAuthenticationRequestOptions();
$request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
$request_options[RequestOptions::HEADERS]['Content-Type'] = 'application/vnd.api+json';
$request_options[RequestOptions::BODY] = Json::encode($doc);
// POST request: 404 when adding relationships to non-existing resources.
$response = $this->request('POST', $url, $request_options);
$expected_document = [
'errors' => [
0 => [
'status' => '404',
'title' => 'Not Found',
'detail' => "The resource identified by `user--user:$random_uuid` (given as a relationship item) could not be found.",
'links' => [
'info' => ['href' => HttpExceptionNormalizer::getInfoUrl(404)],
'via' => ['href' => $url->setAbsolute()->toString()],
],
],
],
'jsonapi' => static::$jsonApiMember,
];
$this->assertResourceResponse(404, $expected_document, $response);
}
/**
* {@inheritdoc}
*/
public function testCollectionFilterAccess(): void {
$label_field_name = 'title';
$this->doTestCollectionFilterAccessForPublishableEntities($label_field_name, 'access content', 'bypass node access');
$collection_url = Url::fromRoute('jsonapi.entity_test--bar.collection');
$collection_filter_url = $collection_url->setOption('query', ["filter[spotlight.$label_field_name]" => $this->entity->label()]);
$request_options = [];
$request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
$request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions());
$this->revokePermissionsFromTestedRole(['bypass node access']);
// 0 results because the node is unpublished.
$response = $this->request('GET', $collection_filter_url, $request_options);
$doc = $this->getDocumentFromResponse($response);
$this->assertCount(0, $doc['data']);
$this->grantPermissionsToTestedRole(['view own unpublished content']);
// 1 result because the current user is the owner of the unpublished node.
$response = $this->request('GET', $collection_filter_url, $request_options);
$doc = $this->getDocumentFromResponse($response);
$this->assertCount(1, $doc['data']);
$this->entity->setOwnerId(0)->save();
// 0 results because the current user is no longer the owner.
$response = $this->request('GET', $collection_filter_url, $request_options);
$doc = $this->getDocumentFromResponse($response);
$this->assertCount(0, $doc['data']);
// Assert bubbling of cacheability from query alter hook.
$this->assertTrue($this->container->get('module_installer')->install(['node_access_test'], TRUE), 'Installed modules.');
node_access_rebuild();
$this->rebuildAll();
$response = $this->request('GET', $collection_filter_url, $request_options);
$this->assertContains('user.node_grants:view', explode(' ', $response->getHeader('X-Drupal-Cache-Contexts')[0]));
}
}

122
web/core/modules/jsonapi/tests/src/Functional/NodeTypeTest.php Normal file
View File

@ -0,0 +1,122 @@
<?php
declare(strict_types=1);
namespace Drupal\Tests\jsonapi\Functional;
use Drupal\jsonapi\JsonApiSpec;
use Drupal\Core\Url;
use Drupal\node\Entity\NodeType;
/**
* JSON:API integration test for the "NodeType" config entity type.
*
* @group jsonapi
*/
class NodeTypeTest extends ConfigEntityResourceTestBase {
/**
* {@inheritdoc}
*/
protected static $modules = ['node'];
/**
* {@inheritdoc}
*/
protected $defaultTheme = 'stark';
/**
* {@inheritdoc}
*/
protected static $entityTypeId = 'node_type';
/**
* {@inheritdoc}
*/
protected static $resourceTypeName = 'node_type--node_type';
/**
* {@inheritdoc}
*
* @var \Drupal\node\NodeTypeInterface
*/
protected $entity;
/**
* {@inheritdoc}
*/
protected function setUpAuthorization($method): void {
$this->grantPermissionsToTestedRole(['administer content types', 'access content']);
}
/**
* {@inheritdoc}
*/
protected function createEntity() {
// Create a "Camelids" node type.
$camelids = NodeType::create([
'name' => 'Camelids',
'type' => 'camelids',
'description' => 'Camelids are large, strictly herbivorous animals with slender necks and long legs.',
]);
$camelids->save();
return $camelids;
}
/**
* {@inheritdoc}
*/
protected function getExpectedDocument(): array {
$self_url = Url::fromUri('base:/jsonapi/node_type/node_type/' . $this->entity->uuid())->setAbsolute()->toString(TRUE)->getGeneratedUrl();
return [
'jsonapi' => [
'meta' => [
'links' => [
'self' => ['href' => JsonApiSpec::SUPPORTED_SPECIFICATION_PERMALINK],
],
],
'version' => JsonApiSpec::SUPPORTED_SPECIFICATION_VERSION,
],
'links' => [
'self' => ['href' => $self_url],
],
'data' => [
'id' => $this->entity->uuid(),
'type' => 'node_type--node_type',
'links' => [
'self' => ['href' => $self_url],
],
'attributes' => [
'dependencies' => [],
'description' => 'Camelids are large, strictly herbivorous animals with slender necks and long legs.',
'display_submitted' => TRUE,
'help' => NULL,
'langcode' => 'en',
'name' => 'Camelids',
'new_revision' => TRUE,
'preview_mode' => 1,
'status' => TRUE,
'drupal_internal__type' => 'camelids',
],
],
];
}
/**
* {@inheritdoc}
*/
protected function getPostDocument(): array {
// @todo Update in https://www.drupal.org/node/2300677.
return [];
}
/**
* {@inheritdoc}
*/
protected function getExpectedUnauthorizedAccessMessage($method): string {
return "The 'access content' permission is required.";
}
}

130
web/core/modules/jsonapi/tests/src/Functional/PathAliasTest.php Normal file
View File

@ -0,0 +1,130 @@
<?php
declare(strict_types=1);
namespace Drupal\Tests\jsonapi\Functional;
use Drupal\jsonapi\JsonApiSpec;
use Drupal\path_alias\Entity\PathAlias;
use Drupal\Core\Url;
/**
* JSON:API integration test for the "PathAlias" content entity type.
*
* @group jsonapi
* @group path
*/
class PathAliasTest extends ResourceTestBase {
/**
* {@inheritdoc}
*/
protected static $modules = ['path'];
/**
* {@inheritdoc}
*/
protected $defaultTheme = 'stark';
/**
* {@inheritdoc}
*/
protected static $entityTypeId = 'path_alias';
/**
* {@inheritdoc}
*/
protected static $resourceTypeName = 'path_alias--path_alias';
/**
* {@inheritdoc}
*/
protected static $resourceTypeIsVersionable = TRUE;
/**
* {@inheritdoc}
*/
protected static $patchProtectedFieldNames = [];
/**
* {@inheritdoc}
*
* @var \Drupal\user\RoleInterface
*/
protected $entity;
/**
* {@inheritdoc}
*/
protected function setUpAuthorization($method): void {
$this->grantPermissionsToTestedRole(['administer url aliases']);
}
/**
* {@inheritdoc}
*/
protected function createEntity() {
$path_alias = PathAlias::create([
'alias' => '/frontpage1',
'path' => '/<front>',
'langcode' => 'en',
]);
$path_alias->save();
return $path_alias;
}
/**
* {@inheritdoc}
*/
protected function getExpectedDocument(): array {
$base_url = Url::fromUri('base:/jsonapi/path_alias/path_alias/' . $this->entity->uuid())->setAbsolute();
$self_url = clone $base_url;
$version_identifier = 'id:' . $this->entity->getRevisionId();
$self_url = $self_url->setOption('query', ['resourceVersion' => $version_identifier]);
return [
'jsonapi' => [
'meta' => [
'links' => [
'self' => ['href' => JsonApiSpec::SUPPORTED_SPECIFICATION_PERMALINK],
],
],
'version' => JsonApiSpec::SUPPORTED_SPECIFICATION_VERSION,
],
'links' => [
'self' => ['href' => $base_url->toString()],
],
'data' => [
'id' => $this->entity->uuid(),
'type' => static::$resourceTypeName,
'links' => [
'self' => ['href' => $self_url->toString()],
],
'attributes' => [
'alias' => '/frontpage1',
'path' => '/<front>',
'langcode' => 'en',
'status' => TRUE,
'drupal_internal__id' => 1,
'drupal_internal__revision_id' => 1,
],
],
];
}
/**
* {@inheritdoc}
*/
protected function getPostDocument(): array {
return [
'data' => [
'type' => static::$resourceTypeName,
'attributes' => [
'alias' => '/frontpage1',
'path' => '/<front>',
'langcode' => 'en',
],
],
];
}
}

668
web/core/modules/jsonapi/tests/src/Functional/ResourceResponseTestTrait.php Normal file
View File

@ -0,0 +1,668 @@
<?php
declare(strict_types=1);
namespace Drupal\Tests\jsonapi\Functional;
use Drupal\jsonapi\JsonApiSpec;
use Drupal\Component\Serialization\Json;
use Drupal\Component\Utility\Crypt;
use Drupal\Core\Access\AccessResultInterface;
use Drupal\Core\Access\AccessResultReasonInterface;
use Drupal\Core\Cache\Cache;
use Drupal\Core\Cache\CacheableMetadata;
use Drupal\Core\Entity\EntityInterface;
use Drupal\Core\Entity\RevisionableInterface;
use Drupal\Core\Url;
use Drupal\jsonapi\CacheableResourceResponse;
use Drupal\jsonapi\Normalizer\HttpExceptionNormalizer;
use Psr\Http\Message\ResponseInterface;
/**
* Utility methods for handling resource responses.
*
* @internal
*/
trait ResourceResponseTestTrait {
/**
* Merges individual responses into a collection response.
*
* Here, a collection response refers to a response with multiple resource
* objects. Not necessarily to a response to a collection route. In both
* cases, the document should indistinguishable.
*
* @param \Drupal\jsonapi\ResourceResponse[] $responses
* An array or ResourceResponses to be merged.
* @param string|null $self_link
* The self link for the merged document if one should be set.
* @param bool $is_multiple
* Whether the responses are for a multiple cardinality field. This cannot
* be deduced from the number of responses, because a multiple cardinality
* field may have only one value.
*
* @return \Drupal\jsonapi\CacheableResourceResponse
* The merged ResourceResponse.
*/
protected static function toCollectionResourceResponse(array $responses, $self_link, $is_multiple) {
assert(count($responses) > 0);
$merged_document = [];
$merged_cacheability = new CacheableMetadata();
foreach ($responses as $response) {
$response_document = $response->getResponseData();
// If any of the response documents had top-level errors, we should later
// expect the merged document to have all errors as omitted links under
// the 'meta.omitted' member.
if (!empty($response_document['errors'])) {
static::addOmittedObject($merged_document, static::errorsToOmittedObject($response_document['errors']));
}
if (!empty($response_document['meta']['omitted'])) {
static::addOmittedObject($merged_document, $response_document['meta']['omitted']);
}
elseif (isset($response_document['data'])) {
$response_data = $response_document['data'];
if (!isset($merged_document['data'])) {
$merged_document['data'] = static::isResourceIdentifier($response_data) && $is_multiple
? [$response_data]
: $response_data;
}
else {
$response_resources = static::isResourceIdentifier($response_data)
? [$response_data]
: $response_data;
foreach ($response_resources as $response_resource) {
$merged_document['data'][] = $response_resource;
}
}
}
$merged_cacheability->addCacheableDependency($response->getCacheableMetadata());
}
$merged_document['jsonapi'] = [
'meta' => [
'links' => [
'self' => ['href' => JsonApiSpec::SUPPORTED_SPECIFICATION_PERMALINK],
],
],
'version' => JsonApiSpec::SUPPORTED_SPECIFICATION_VERSION,
];
// Until we can reasonably know what caused an error, we shouldn't include
// 'self' links in error documents. For example, a 404 shouldn't have a
// 'self' link because HATEOAS links shouldn't point to resources which do
// not exist.
if (isset($merged_document['errors'])) {
unset($merged_document['links']);
}
else {
if (!isset($merged_document['data'])) {
$merged_document['data'] = $is_multiple ? [] : NULL;
}
$merged_document['links'] = [
'self' => [
'href' => $self_link,
],
];
}
// All collections should be 200, without regard for the status of the
// individual resources in those collections, which means any '4xx-response'
// cache tags on the individual responses should also be omitted.
$merged_cacheability->setCacheTags(array_diff($merged_cacheability->getCacheTags(), ['4xx-response']));
return (new CacheableResourceResponse($merged_document, 200))->addCacheableDependency($merged_cacheability);
}
/**
* Gets an array of expected ResourceResponses for the given include paths.
*
* @param array $include_paths
* The list of relationship include paths for which to get expected data.
* @param array $request_options
* Request options to apply.
*
* @return \Drupal\jsonapi\ResourceResponse
* The expected ResourceResponse.
*
* @see \GuzzleHttp\ClientInterface::request()
*/
protected function getExpectedIncludedResourceResponse(array $include_paths, array $request_options) {
$resource_type = $this->resourceType;
$resource_data = array_reduce($include_paths, function ($data, $path) use ($request_options, $resource_type) {
$field_names = explode('.', $path);
/** @var \Drupal\Core\Entity\EntityInterface $entity */
$entity = $this->entity;
$collected_responses = [];
foreach ($field_names as $public_field_name) {
$resource_type = $this->container->get('jsonapi.resource_type.repository')->get($entity->getEntityTypeId(), $entity->bundle());
$field_name = $resource_type->getInternalName($public_field_name);
$field_access = static::entityFieldAccess($entity, $field_name, 'view', $this->account);
if (!$field_access->isAllowed()) {
if (!$entity->access('view') && $entity->access('view label') && $field_access instanceof AccessResultReasonInterface && empty($field_access->getReason())) {
$field_access->setReason("The user only has authorization for the 'view label' operation.");
}
$via_link = Url::fromRoute(
sprintf('jsonapi.%s.%s.related', $entity->getEntityTypeId() . '--' . $entity->bundle(), $public_field_name),
['entity' => $entity->uuid()]
);
$collected_responses[] = static::getAccessDeniedResponse($entity, $field_access, $via_link, $field_name, 'The current user is not allowed to view this relationship.', $field_name);
break;
}
if ($target_entity = $entity->{$field_name}->entity) {
$target_access = static::entityAccess($target_entity, 'view', $this->account);
if (!$target_access->isAllowed()) {
$target_access = static::entityAccess($target_entity, 'view label', $this->account)->addCacheableDependency($target_access);
}
if (!$target_access->isAllowed()) {
$resource_identifier = static::toResourceIdentifier($target_entity);
if (!static::collectionHasResourceIdentifier($resource_identifier, $data['already_checked'])) {
$data['already_checked'][] = $resource_identifier;
$via_link = Url::fromRoute(
sprintf('jsonapi.%s.individual', $resource_identifier['type']),
['entity' => $resource_identifier['id']]
);
$collected_responses[] = static::getAccessDeniedResponse($entity, $target_access, $via_link, NULL, NULL, '/data');
}
break;
}
}
$psr_responses = $this->getResponses([static::getRelatedLink(static::toResourceIdentifier($entity), $public_field_name)], $request_options);
$collected_responses[] = static::toCollectionResourceResponse(static::toResourceResponses($psr_responses), NULL, TRUE);
$entity = $entity->{$field_name}->entity;
}
if (!empty($collected_responses)) {
$data['responses'][$path] = static::toCollectionResourceResponse($collected_responses, NULL, TRUE);
}
return $data;
}, ['responses' => [], 'already_checked' => []]);
$individual_document = $this->getExpectedDocument();
$expected_base_url = Url::fromRoute(sprintf('jsonapi.%s.individual', static::$resourceTypeName), ['entity' => $this->entity->uuid()])->setAbsolute();
$include_url = clone $expected_base_url;
$query = ['include' => implode(',', $include_paths)];
$include_url->setOption('query', $query);
$individual_document['links']['self']['href'] = $include_url->toString();
// The test entity reference field should always be present.
if (!isset($individual_document['data']['relationships']['field_jsonapi_test_entity_ref'])) {
if (static::$resourceTypeIsVersionable) {
assert($this->entity instanceof RevisionableInterface);
$version_identifier = 'id:' . $this->entity->getRevisionId();
$version_query_string = '?resourceVersion=' . urlencode($version_identifier);
}
else {
$version_query_string = '';
}
$individual_document['data']['relationships']['field_jsonapi_test_entity_ref'] = [
'data' => [],
'links' => [
'related' => [
'href' => $expected_base_url->toString() . '/field_jsonapi_test_entity_ref' . $version_query_string,
],
'self' => [
'href' => $expected_base_url->toString() . '/relationships/field_jsonapi_test_entity_ref' . $version_query_string,
],
],
];
}
$basic_cacheability = (new CacheableMetadata())
->addCacheTags($this->getExpectedCacheTags())
->addCacheContexts($this->getExpectedCacheContexts());
return static::decorateExpectedResponseForIncludedFields(new CacheableResourceResponse($individual_document), $resource_data['responses'])
->addCacheableDependency($basic_cacheability);
}
/**
* Maps an array of PSR responses to JSON:API ResourceResponses.
*
* @param \Psr\Http\Message\ResponseInterface[] $responses
* The PSR responses to be mapped.
*
* @return \Drupal\jsonapi\ResourceResponse[]
* The ResourceResponses.
*/
protected static function toResourceResponses(array $responses): array {
return array_map([self::class, 'toResourceResponse'], $responses);
}
/**
* Maps a response object to a JSON:API ResourceResponse.
*
* This helper can be used to ease comparing, recording and merging
* cacheable responses and to have easier access to the JSON:API document as
* an array instead of a string.
*
* @param \Psr\Http\Message\ResponseInterface $response
* A PSR response to be mapped.
*
* @return \Drupal\jsonapi\CacheableResourceResponse
* The ResourceResponse.
*/
protected static function toResourceResponse(ResponseInterface $response) {
$cacheability = new CacheableMetadata();
if ($cache_tags = $response->getHeader('X-Drupal-Cache-Tags')) {
$cacheability->addCacheTags(explode(' ', $cache_tags[0]));
}
if (!empty($response->getHeaderLine('X-Drupal-Cache-Contexts'))) {
$cacheability->addCacheContexts(explode(' ', $response->getHeader('X-Drupal-Cache-Contexts')[0]));
}
if ($dynamic_cache = $response->getHeader('X-Drupal-Dynamic-Cache')) {
$cacheability->setCacheMaxAge((str_contains($dynamic_cache[0], 'UNCACHEABLE') && $response->getStatusCode() < 400) ? 0 : Cache::PERMANENT);
}
$related_document = Json::decode($response->getBody());
$resource_response = new CacheableResourceResponse($related_document, $response->getStatusCode());
return $resource_response->addCacheableDependency($cacheability);
}
/**
* Maps an entity to a resource identifier.
*
* @param \Drupal\Core\Entity\EntityInterface $entity
* The entity to map to a resource identifier.
*
* @return array
* A resource identifier for the given entity.
*/
protected static function toResourceIdentifier(EntityInterface $entity): array {
return [
'type' => $entity->getEntityTypeId() . '--' . $entity->bundle(),
'id' => $entity->uuid(),
];
}
/**
* Checks if a given array is a resource identifier.
*
* @param array $data
* An array to check.
*
* @return bool
* TRUE if the array has a type and ID, FALSE otherwise.
*/
protected static function isResourceIdentifier(array $data): bool {
return array_key_exists('type', $data) && array_key_exists('id', $data);
}
/**
* Sorts a collection of resources or resource identifiers.
*
* This is useful for asserting collections or resources where order cannot
* be known in advance.
*
* @param array $resources
* The resource or resource identifier.
*/
protected static function sortResourceCollection(array &$resources) {
usort($resources, function ($a, $b) {
return strcmp("{$a['type']}:{$a['id']}", "{$b['type']}:{$b['id']}");
});
}
/**
* Determines if a given resource exists in a list of resources.
*
* @param array $needle
* The resource or resource identifier.
* @param array $haystack
* The list of resources or resource identifiers to search.
*
* @return bool
* TRUE if the needle exists is present in the haystack, FALSE otherwise.
*/
protected static function collectionHasResourceIdentifier(array $needle, array $haystack): bool {
foreach ($haystack as $resource) {
if ($resource['type'] == $needle['type'] && $resource['id'] == $needle['id']) {
return TRUE;
}
}
return FALSE;
}
/**
* Turns a list of relationship field names into an array of link paths.
*
* @param array $relationship_field_names
* The relationships field names for which to build link paths.
* @param string $type
* The type of link to get. Either 'relationship' or 'related'.
*
* @return array
* An array of link paths, keyed by relationship field name.
*/
protected static function getLinkPaths(array $relationship_field_names, $type) {
assert($type === 'relationship' || $type === 'related');
return array_reduce($relationship_field_names, function ($link_paths, $relationship_field_name) use ($type) {
$tail = $type === 'relationship' ? 'self' : $type;
$link_paths[$relationship_field_name] = "data.relationships.$relationship_field_name.links.$tail.href";
return $link_paths;
}, []);
}
/**
* Extracts links from a document using a list of relationship field names.
*
* @param array $link_paths
* A list of paths to link values keyed by a name.
* @param array $document
* A JSON:API document.
*
* @return array
* The extracted links, keyed by the original associated key name.
*/
protected static function extractLinks(array $link_paths, array $document): array {
return array_map(function ($link_path) use ($document) {
$link = array_reduce(
explode('.', $link_path),
'array_column',
[$document]
);
return ($link) ? reset($link) : NULL;
}, $link_paths);
}
/**
* Creates individual resource links for a list of resource identifiers.
*
* @param array $resource_identifiers
* A list of resource identifiers for which to create links.
*
* @return string[]
* The resource links.
*/
protected static function getResourceLinks(array $resource_identifiers): array {
return array_map([static::class, 'getResourceLink'], $resource_identifiers);
}
/**
* Creates an individual resource link for a given resource identifier.
*
* @param array $resource_identifier
* A resource identifier for which to create a link.
*
* @return string
* The resource link.
*/
protected static function getResourceLink(array $resource_identifier) {
assert(static::isResourceIdentifier($resource_identifier));
$resource_type = $resource_identifier['type'];
$resource_id = $resource_identifier['id'];
$url = Url::fromRoute(sprintf('jsonapi.%s.individual', $resource_type), ['entity' => $resource_id]);
return $url->setAbsolute()->toString();
}
/**
* Creates a relationship link for a given resource identifier and field.
*
* @param array $resource_identifier
* A resource identifier for which to create a link.
* @param string $relationship_field_name
* The relationship field for which to create a link.
*
* @return string
* The relationship link.
*/
protected static function getRelationshipLink(array $resource_identifier, $relationship_field_name): string {
return static::getResourceLink($resource_identifier) . "/relationships/$relationship_field_name";
}
/**
* Creates a related resource link for a given resource identifier and field.
*
* @param array $resource_identifier
* A resource identifier for which to create a link.
* @param string $relationship_field_name
* The relationship field for which to create a link.
*
* @return string
* The related resource link.
*/
protected static function getRelatedLink(array $resource_identifier, $relationship_field_name): string {
return static::getResourceLink($resource_identifier) . "/$relationship_field_name";
}
/**
* Gets an array of related responses for the given field names.
*
* @param array $relationship_field_names
* The list of relationship field names for which to get responses.
* @param array $request_options
* Request options to apply.
* @param \Drupal\Core\Entity\EntityInterface|null $entity
* (optional) The entity for which to get expected related responses.
*
* @return array
* The related responses, keyed by relationship field names.
*
* @see \GuzzleHttp\ClientInterface::request()
*/
protected function getRelatedResponses(array $relationship_field_names, array $request_options, ?EntityInterface $entity = NULL) {
$entity = $entity ?: $this->entity;
$links = array_map(function ($relationship_field_name) use ($entity) {
return static::getRelatedLink(static::toResourceIdentifier($entity), $relationship_field_name);
}, array_combine($relationship_field_names, $relationship_field_names));
return $this->getResponses($links, $request_options);
}
/**
* Gets an array of relationship responses for the given field names.
*
* @param array $relationship_field_names
* The list of relationship field names for which to get responses.
* @param array $request_options
* Request options to apply.
*
* @return array
* The relationship responses, keyed by relationship field names.
*
* @see \GuzzleHttp\ClientInterface::request()
*/
protected function getRelationshipResponses(array $relationship_field_names, array $request_options) {
$links = array_map(function ($relationship_field_name) {
return static::getRelationshipLink(static::toResourceIdentifier($this->entity), $relationship_field_name);
}, array_combine($relationship_field_names, $relationship_field_names));
return $this->getResponses($links, $request_options);
}
/**
* Gets responses from an array of links.
*
* @param array $links
* A keyed array of links.
* @param array $request_options
* Request options to apply.
*
* @return array
* The fetched array of responses, keys are preserved.
*
* @see \GuzzleHttp\ClientInterface::request()
*/
protected function getResponses(array $links, array $request_options) {
return array_reduce(array_keys($links), function ($related_responses, $key) use ($links, $request_options) {
$related_responses[$key] = $this->request('GET', Url::fromUri($links[$key]), $request_options);
return $related_responses;
}, []);
}
/**
* Gets a generic forbidden response.
*
* @param \Drupal\Core\Entity\EntityInterface $entity
* The entity for which to generate the forbidden response.
* @param \Drupal\Core\Access\AccessResultInterface $access
* The denied AccessResult. This can carry a reason and cacheability data.
* @param \Drupal\Core\Url $via_link
* The source URL for the errors of the response.
* @param string|null $relationship_field_name
* (optional) The field name to which the forbidden result applies. Useful
* for testing related/relationship routes and includes.
* @param string|null $detail
* (optional) Details for the JSON:API error object.
* @param string|bool|null $pointer
* (optional) Document pointer for the JSON:API error object. FALSE to omit
* the pointer.
*
* @return \Drupal\jsonapi\CacheableResourceResponse
* The forbidden ResourceResponse.
*/
protected static function getAccessDeniedResponse(EntityInterface $entity, AccessResultInterface $access, Url $via_link, $relationship_field_name = NULL, $detail = NULL, $pointer = NULL) {
$detail = ($detail) ? $detail : 'The current user is not allowed to GET the selected resource.';
if ($access instanceof AccessResultReasonInterface && ($reason = $access->getReason())) {
$detail .= ' ' . $reason;
}
$error = [
'status' => '403',
'title' => 'Forbidden',
'detail' => $detail,
'links' => [
'info' => ['href' => HttpExceptionNormalizer::getInfoUrl(403)],
],
];
if ($pointer || $pointer !== FALSE && $relationship_field_name) {
$error['source']['pointer'] = ($pointer) ? $pointer : $relationship_field_name;
}
if ($via_link) {
$error['links']['via']['href'] = $via_link->setAbsolute()->toString();
}
return (new CacheableResourceResponse([
'jsonapi' => static::$jsonApiMember,
'errors' => [$error],
], 403))
->addCacheableDependency((new CacheableMetadata())->addCacheTags(['4xx-response', 'http_response'])->addCacheContexts(['url.query_args', 'url.site']))
->addCacheableDependency($access);
}
/**
* Gets a generic empty collection response.
*
* @param int $cardinality
* The cardinality of the resource collection. 1 for a to-one related
* resource collection; -1 for an unlimited cardinality.
* @param string $self_link
* The self link for collection ResourceResponse.
*
* @return \Drupal\jsonapi\CacheableResourceResponse
* The empty collection ResourceResponse.
*/
protected function getEmptyCollectionResponse($cardinality, $self_link) {
// If the entity type is revisionable, add a resource version cache context.
$cache_contexts = Cache::mergeContexts([
// Cache contexts for JSON:API URL query parameters.
'url.query_args',
// Drupal defaults.
'url.site',
], $this->entity->getEntityType()->isRevisionable() ? ['url.query_args:resourceVersion'] : []);
$cacheability = (new CacheableMetadata())->addCacheContexts($cache_contexts)->addCacheTags(['http_response']);
return (new CacheableResourceResponse([
// Empty to-one relationships should be NULL and empty to-many
// relationships should be an empty array.
'data' => $cardinality === 1 ? NULL : [],
'jsonapi' => static::$jsonApiMember,
'links' => ['self' => ['href' => $self_link]],
]))->addCacheableDependency($cacheability);
}
/**
* Add the omitted object to the document or merges it if one already exists.
*
* @param array $document
* The JSON:API response document.
* @param array $omitted
* The omitted object.
*/
protected static function addOmittedObject(array &$document, array $omitted) {
if (isset($document['meta']['omitted'])) {
$document['meta']['omitted'] = static::mergeOmittedObjects($document['meta']['omitted'], $omitted);
}
else {
$document['meta']['omitted'] = $omitted;
}
}
/**
* Maps error objects into an omitted object.
*
* @param array $errors
* An array of error objects.
*
* @return array
* A new omitted object.
*/
protected static function errorsToOmittedObject(array $errors): array {
$omitted = [
'detail' => 'Some resources have been omitted because of insufficient authorization.',
'links' => [
'help' => [
'href' => 'https://www.drupal.org/docs/8/modules/json-api/filtering#filters-access-control',
],
],
];
foreach ($errors as $error) {
$omitted['links']['item--' . substr(Crypt::hashBase64($error['links']['via']['href']), 0, 7)] = [
'href' => $error['links']['via']['href'],
'meta' => [
'detail' => $error['detail'],
'rel' => 'item',
],
];
}
return $omitted;
}
/**
* Merges the links of two omitted objects and returns a new omitted object.
*
* @param array $a
* The first omitted object.
* @param array $b
* The second omitted object.
*
* @return mixed
* A new, merged omitted object.
*/
protected static function mergeOmittedObjects(array $a, array $b) {
$merged['detail'] = 'Some resources have been omitted because of insufficient authorization.';
$merged['links']['help']['href'] = 'https://www.drupal.org/docs/8/modules/json-api/filtering#filters-access-control';
$a_links = array_diff_key($a['links'], array_flip(['help']));
$b_links = array_diff_key($b['links'], array_flip(['help']));
foreach (array_merge(array_values($a_links), array_values($b_links)) as $link) {
$merged['links'][$link['href'] . $link['meta']['detail']] = $link;
}
static::resetOmittedLinkKeys($merged);
return $merged;
}
/**
* Sorts an omitted link object array by href.
*
* @param array $omitted
* An array of JSON:API omitted link objects.
*/
protected static function sortOmittedLinks(array &$omitted) {
$help = $omitted['links']['help'];
$links = array_diff_key($omitted['links'], array_flip(['help']));
uasort($links, function ($a, $b) {
return strcmp($a['href'], $b['href']);
});
$omitted['links'] = ['help' => $help] + $links;
}
/**
* Resets omitted link keys.
*
* Omitted link keys are a link relation type + a random string. This string
* is meaningless and only serves to differentiate link objects. Given that
* these are random, we can't assert their value.
*
* @param array $omitted
* An array of JSON:API omitted link objects.
*/
protected static function resetOmittedLinkKeys(array &$omitted) {
$help = $omitted['links']['help'];
$reindexed = [];
$links = array_diff_key($omitted['links'], array_flip(['help']));
foreach (array_values($links) as $index => $link) {
$reindexed['item--' . $index] = $link;
}
$omitted['links'] = ['help' => $help] + $reindexed;
}
}

3602
web/core/modules/jsonapi/tests/src/Functional/ResourceTestBase.php Normal file
View File

File diff suppressed because it is too large Load Diff

151
web/core/modules/jsonapi/tests/src/Functional/ResponsiveImageStyleTest.php Normal file
View File

@ -0,0 +1,151 @@
<?php
declare(strict_types=1);
namespace Drupal\Tests\jsonapi\Functional;
use Drupal\jsonapi\JsonApiSpec;
use Drupal\Core\Url;
use Drupal\responsive_image\Entity\ResponsiveImageStyle;
/**
* JSON:API integration test for the "ResponsiveImageStyle" config entity type.
*
* @group jsonapi
*/
class ResponsiveImageStyleTest extends ConfigEntityResourceTestBase {
/**
* {@inheritdoc}
*/
protected static $modules = ['responsive_image'];
/**
* {@inheritdoc}
*/
protected $defaultTheme = 'stark';
/**
* {@inheritdoc}
*/
protected static $entityTypeId = 'responsive_image_style';
/**
* {@inheritdoc}
*/
protected static $resourceTypeName = 'responsive_image_style--responsive_image_style';
/**
* {@inheritdoc}
*
* @var \Drupal\responsive_image\ResponsiveImageStyleInterface
*/
protected $entity;
/**
* {@inheritdoc}
*/
protected function setUpAuthorization($method): void {
$this->grantPermissionsToTestedRole(['administer responsive images']);
}
/**
* {@inheritdoc}
*/
protected function createEntity() {
// Create a "Camelids" responsive image style.
$camelids = ResponsiveImageStyle::create([
'id' => 'camelids',
'label' => 'Camelids',
]);
$camelids->setBreakpointGroup('test_group');
$camelids->setFallbackImageStyle('fallback');
$camelids->addImageStyleMapping('test_breakpoint', '1x', [
'image_mapping_type' => 'image_style',
'image_mapping' => 'small',
]);
$camelids->addImageStyleMapping('test_breakpoint', '2x', [
'image_mapping_type' => 'sizes',
'image_mapping' => [
'sizes' => '(min-width:700px) 700px, 100vw',
'sizes_image_styles' => [
'medium' => 'medium',
'large' => 'large',
],
],
]);
$camelids->save();
return $camelids;
}
/**
* {@inheritdoc}
*/
protected function getExpectedDocument(): array {
$self_url = Url::fromUri('base:/jsonapi/responsive_image_style/responsive_image_style/' . $this->entity->uuid())->setAbsolute()->toString(TRUE)->getGeneratedUrl();
return [
'jsonapi' => [
'meta' => [
'links' => [
'self' => ['href' => JsonApiSpec::SUPPORTED_SPECIFICATION_PERMALINK],
],
],
'version' => JsonApiSpec::SUPPORTED_SPECIFICATION_VERSION,
],
'links' => [
'self' => ['href' => $self_url],
],
'data' => [
'id' => $this->entity->uuid(),
'type' => 'responsive_image_style--responsive_image_style',
'links' => [
'self' => ['href' => $self_url],
],
'attributes' => [
'breakpoint_group' => 'test_group',
'dependencies' => [
'config' => [
'image.style.large',
'image.style.medium',
],
],
'fallback_image_style' => 'fallback',
'image_style_mappings' => [
0 => [
'breakpoint_id' => 'test_breakpoint',
'image_mapping' => 'small',
'image_mapping_type' => 'image_style',
'multiplier' => '1x',
],
1 => [
'breakpoint_id' => 'test_breakpoint',
'image_mapping' => [
'sizes' => '(min-width:700px) 700px, 100vw',
'sizes_image_styles' => [
'large' => 'large',
'medium' => 'medium',
],
],
'image_mapping_type' => 'sizes',
'multiplier' => '2x',
],
],
'label' => 'Camelids',
'langcode' => 'en',
'status' => TRUE,
'drupal_internal__id' => 'camelids',
],
],
];
}
/**
* {@inheritdoc}
*/
protected function getPostDocument(): array {
// @todo Update in https://www.drupal.org/node/2300677.
return [];
}
}

54
web/core/modules/jsonapi/tests/src/Functional/RestExportJsonApiUnsupportedTest.php Normal file
View File

@ -0,0 +1,54 @@
<?php
declare(strict_types=1);
namespace Drupal\Tests\jsonapi\Functional;
use Drupal\Tests\views\Functional\ViewTestBase;
/**
* Ensures that the 'api_json' format is not supported by the REST module.
*
* @group jsonapi
*
* @internal
*/
class RestExportJsonApiUnsupportedTest extends ViewTestBase {
/**
* {@inheritdoc}
*/
public static $testViews = ['test_serializer_display_entity'];
/**
* {@inheritdoc}
*/
protected static $modules = ['jsonapi', 'rest_test_views', 'views_ui'];
/**
* {@inheritdoc}
*/
protected $defaultTheme = 'stark';
/**
* {@inheritdoc}
*/
protected function setUp($import_test_views = TRUE, $modules = ['rest_test_views']): void {
parent::setUp($import_test_views, $modules);
$this->drupalLogin($this->drupalCreateUser(['administer views']));
}
/**
* Tests that 'api_json' is not a RestExport format option.
*/
public function testFormatOptions(): void {
$this->assertSame(['json' => 'serialization', 'xml' => 'serialization'], $this->container->getParameter('serializer.format_providers'));
$this->drupalGet('admin/structure/views/nojs/display/test_serializer_display_entity/rest_export_1/style_options');
$this->assertSession()->fieldExists('style_options[formats][json]');
$this->assertSession()->fieldExists('style_options[formats][xml]');
$this->assertSession()->fieldNotExists('style_options[formats][api_json]');
}
}

132
web/core/modules/jsonapi/tests/src/Functional/RestJsonApiUnsupportedTest.php Normal file
View File

@ -0,0 +1,132 @@
<?php
declare(strict_types=1);
namespace Drupal\Tests\jsonapi\Functional;
use Drupal\Core\Cache\CacheableMetadata;
use Drupal\Core\Url;
use Drupal\node\Entity\Node;
use Drupal\node\Entity\NodeType;
use Drupal\Tests\rest\Functional\AnonResourceTestTrait;
use Drupal\Tests\rest\Functional\ResourceTestBase;
/**
* Ensures that the 'api_json' format is not supported by the REST module.
*
* @group jsonapi
*
* @internal
*/
class RestJsonApiUnsupportedTest extends ResourceTestBase {
use AnonResourceTestTrait;
/**
* {@inheritdoc}
*/
protected static $modules = ['jsonapi', 'node'];
/**
* {@inheritdoc}
*/
protected $defaultTheme = 'stark';
/**
* {@inheritdoc}
*/
protected static $format = 'api_json';
/**
* {@inheritdoc}
*/
protected static $mimeType = 'application/vnd.api+json';
/**
* {@inheritdoc}
*/
protected static $resourceConfigId = 'entity.node';
/**
* {@inheritdoc}
*/
protected function setUpAuthorization($method): void {
switch ($method) {
case 'GET':
$this->grantPermissionsToTestedRole(['access content']);
break;
default:
throw new \UnexpectedValueException();
}
}
/**
* {@inheritdoc}
*/
protected function setUp(): void {
parent::setUp();
$this->config('system.logging')->set('error_level', ERROR_REPORTING_HIDE)->save();
// Create a "Camelids" node type.
NodeType::create([
'name' => 'Camelids',
'type' => 'camelids',
])->save();
// Create a "Llama" node.
$node = Node::create(['type' => 'camelids']);
$node->setTitle('Llama')
->setOwnerId(0)
->setPublished()
->save();
}
/**
* Deploying a REST resource using api_json format results in 400 responses.
*
* @see \Drupal\jsonapi\EventSubscriber\JsonApiRequestValidator::validateQueryParams()
*/
public function testApiJsonNotSupportedInRest(): void {
$this->assertSame(['json', 'xml'], $this->container->getParameter('serializer.formats'));
$this->provisionResource(['api_json'], []);
$this->setUpAuthorization('GET');
$url = Node::load(1)->toUrl()
->setOption('query', ['_format' => 'api_json']);
$request_options = [];
$response = $this->request('GET', $url, $request_options);
$this->assertResourceErrorResponse(
400,
FALSE,
$response,
['4xx-response', 'config:system.logging', 'config:user.role.anonymous', 'http_response', 'node:1'],
['url.query_args', 'url.site', 'user.permissions'],
'MISS',
'MISS'
);
}
/**
* {@inheritdoc}
*/
protected function assertNormalizationEdgeCases($method, Url $url, array $request_options): void {}
/**
* {@inheritdoc}
*/
protected function getExpectedUnauthorizedAccessMessage($method): string {
return '';
}
/**
* {@inheritdoc}
*/
protected function getExpectedUnauthorizedAccessCacheability() {
return (new CacheableMetadata());
}
}

135
web/core/modules/jsonapi/tests/src/Functional/RestResourceConfigTest.php Normal file
View File

@ -0,0 +1,135 @@
<?php
declare(strict_types=1);
namespace Drupal\Tests\jsonapi\Functional;
use Drupal\jsonapi\JsonApiSpec;
use Drupal\Core\Url;
use Drupal\rest\Entity\RestResourceConfig;
/**
* JSON:API integration test for the "RestResourceConfig" config entity type.
*
* @group jsonapi
*/
class RestResourceConfigTest extends ConfigEntityResourceTestBase {
/**
* {@inheritdoc}
*/
protected static $modules = ['rest', 'dblog'];
/**
* {@inheritdoc}
*/
protected $defaultTheme = 'stark';
/**
* {@inheritdoc}
*/
protected static $entityTypeId = 'rest_resource_config';
/**
* {@inheritdoc}
*/
protected static $resourceTypeName = 'rest_resource_config--rest_resource_config';
/**
* {@inheritdoc}
*
* @var \Drupal\rest\RestResourceConfigInterface
*/
protected $entity;
/**
* {@inheritdoc}
*/
protected function setUpAuthorization($method): void {
$this->grantPermissionsToTestedRole(['administer rest resources']);
}
/**
* {@inheritdoc}
*/
protected function createEntity() {
$rest_resource_config = RestResourceConfig::create([
'id' => 'llama',
'plugin_id' => 'dblog',
'granularity' => 'method',
'configuration' => [
'GET' => [
'supported_formats' => [
'json',
],
'supported_auth' => [
'cookie',
],
],
],
]);
$rest_resource_config->save();
return $rest_resource_config;
}
/**
* {@inheritdoc}
*/
protected function getExpectedDocument(): array {
$self_url = Url::fromUri('base:/jsonapi/rest_resource_config/rest_resource_config/' . $this->entity->uuid())->setAbsolute()->toString(TRUE)->getGeneratedUrl();
return [
'jsonapi' => [
'meta' => [
'links' => [
'self' => ['href' => JsonApiSpec::SUPPORTED_SPECIFICATION_PERMALINK],
],
],
'version' => JsonApiSpec::SUPPORTED_SPECIFICATION_VERSION,
],
'links' => [
'self' => ['href' => $self_url],
],
'data' => [
'id' => $this->entity->uuid(),
'type' => 'rest_resource_config--rest_resource_config',
'links' => [
'self' => ['href' => $self_url],
],
'attributes' => [
'langcode' => 'en',
'status' => TRUE,
'dependencies' => [
'module' => [
'dblog',
'serialization',
'user',
],
],
'plugin_id' => 'dblog',
'granularity' => 'method',
'configuration' => [
'GET' => [
'supported_formats' => [
'json',
],
'supported_auth' => [
'cookie',
],
],
],
'drupal_internal__id' => 'llama',
],
],
];
}
/**
* {@inheritdoc}
*/
protected function getPostDocument(): array {
// @todo Update in https://www.drupal.org/node/2300677.
return [];
}
}

110
web/core/modules/jsonapi/tests/src/Functional/RoleTest.php Normal file
View File

@ -0,0 +1,110 @@
<?php
declare(strict_types=1);
namespace Drupal\Tests\jsonapi\Functional;
use Drupal\jsonapi\JsonApiSpec;
use Drupal\Core\Url;
use Drupal\user\Entity\Role;
/**
* JSON:API integration test for the "Role" config entity type.
*
* @group jsonapi
*/
class RoleTest extends ConfigEntityResourceTestBase {
/**
* {@inheritdoc}
*/
protected static $modules = ['user'];
/**
* {@inheritdoc}
*/
protected $defaultTheme = 'stark';
/**
* {@inheritdoc}
*/
protected static $entityTypeId = 'user_role';
/**
* {@inheritdoc}
*/
protected static $resourceTypeName = 'user_role--user_role';
/**
* {@inheritdoc}
*
* @var \Drupal\user\RoleInterface
*/
protected $entity;
/**
* {@inheritdoc}
*/
protected function setUpAuthorization($method): void {
$this->grantPermissionsToTestedRole(['administer permissions']);
}
/**
* {@inheritdoc}
*/
protected function createEntity() {
$role = Role::create([
'id' => 'llama',
'label' => 'Llama',
]);
$role->save();
return $role;
}
/**
* {@inheritdoc}
*/
protected function getExpectedDocument(): array {
$self_url = Url::fromUri('base:/jsonapi/user_role/user_role/' . $this->entity->uuid())->setAbsolute()->toString(TRUE)->getGeneratedUrl();
return [
'jsonapi' => [
'meta' => [
'links' => [
'self' => ['href' => JsonApiSpec::SUPPORTED_SPECIFICATION_PERMALINK],
],
],
'version' => JsonApiSpec::SUPPORTED_SPECIFICATION_VERSION,
],
'links' => [
'self' => ['href' => $self_url],
],
'data' => [
'id' => $this->entity->uuid(),
'type' => 'user_role--user_role',
'links' => [
'self' => ['href' => $self_url],
],
'attributes' => [
'weight' => 2,
'langcode' => 'en',
'status' => TRUE,
'dependencies' => [],
'label' => 'Llama',
'is_admin' => FALSE,
'permissions' => [],
'drupal_internal__id' => 'llama',
],
],
];
}
/**
* {@inheritdoc}
*/
protected function getPostDocument(): array {
// @todo Update in https://www.drupal.org/node/2300677.
return [];
}
}

152
web/core/modules/jsonapi/tests/src/Functional/SearchPageTest.php Normal file
View File

@ -0,0 +1,152 @@
<?php
declare(strict_types=1);
namespace Drupal\Tests\jsonapi\Functional;
use Drupal\jsonapi\JsonApiSpec;
use Drupal\Core\Url;
use Drupal\search\Entity\SearchPage;
// cspell:ignore hinode
/**
* JSON:API integration test for the "SearchPage" config entity type.
*
* @group jsonapi
*/
class SearchPageTest extends ConfigEntityResourceTestBase {
/**
* {@inheritdoc}
*/
protected static $modules = ['node', 'search'];
/**
* {@inheritdoc}
*/
protected $defaultTheme = 'stark';
/**
* {@inheritdoc}
*/
protected static $entityTypeId = 'search_page';
/**
* {@inheritdoc}
*/
protected static $resourceTypeName = 'search_page--search_page';
/**
* {@inheritdoc}
*
* @var \Drupal\search\SearchPageInterface
*/
protected $entity;
/**
* {@inheritdoc}
*/
protected function setUpAuthorization($method): void {
switch ($method) {
case 'GET':
$this->grantPermissionsToTestedRole(['access content']);
break;
case 'POST':
case 'PATCH':
case 'DELETE':
$this->grantPermissionsToTestedRole(['administer search']);
break;
}
}
/**
* {@inheritdoc}
*/
protected function createEntity() {
$search_page = SearchPage::create([
'id' => 'hinode_search',
'plugin' => 'node_search',
'label' => 'Search of magnetic activity of the Sun',
'path' => 'sun',
]);
$search_page->save();
return $search_page;
}
/**
* {@inheritdoc}
*/
protected function getExpectedDocument(): array {
$self_url = Url::fromUri('base:/jsonapi/search_page/search_page/' . $this->entity->uuid())->setAbsolute()->toString(TRUE)->getGeneratedUrl();
return [
'jsonapi' => [
'meta' => [
'links' => [
'self' => ['href' => JsonApiSpec::SUPPORTED_SPECIFICATION_PERMALINK],
],
],
'version' => JsonApiSpec::SUPPORTED_SPECIFICATION_VERSION,
],
'links' => [
'self' => ['href' => $self_url],
],
'data' => [
'id' => $this->entity->uuid(),
'type' => 'search_page--search_page',
'links' => [
'self' => ['href' => $self_url],
],
'attributes' => [
'configuration' => [
'rankings' => [],
],
'dependencies' => [
'module' => [
'node',
],
],
'label' => 'Search of magnetic activity of the Sun',
'langcode' => 'en',
'path' => 'sun',
'plugin' => 'node_search',
'status' => TRUE,
'weight' => 0,
'drupal_internal__id' => 'hinode_search',
],
],
];
}
/**
* {@inheritdoc}
*/
protected function getPostDocument(): array {
// @todo Update in https://www.drupal.org/node/2300677.
return [];
}
/**
* {@inheritdoc}
*/
protected function getExpectedUnauthorizedAccessMessage($method) {
switch ($method) {
case 'GET':
return "The 'access content' permission is required.";
default:
return parent::getExpectedUnauthorizedAccessMessage($method);
}
}
/**
* {@inheritdoc}
*/
protected function getExpectedUnauthorizedAccessCacheability() {
// @see \Drupal\search\SearchPageAccessControlHandler::checkAccess()
return parent::getExpectedUnauthorizedAccessCacheability()
->addCacheTags(['config:search.page.hinode_search']);
}
}

46
web/core/modules/jsonapi/tests/src/Functional/SettingsFormTest.php Normal file
View File

@ -0,0 +1,46 @@
<?php
declare(strict_types=1);
namespace Drupal\Tests\jsonapi\Functional;
use Drupal\Tests\BrowserTestBase;
/**
* @covers \Drupal\jsonapi\Form\JsonApiSettingsForm
* @group jsonapi
*/
class SettingsFormTest extends BrowserTestBase {
/**
* {@inheritdoc}
*/
protected static $modules = ['jsonapi'];
/**
* {@inheritdoc}
*/
protected $defaultTheme = 'stark';
/**
* Tests the JSON:API settings form.
*/
public function testSettingsForm(): void {
$account = $this->drupalCreateUser(['administer site configuration']);
$this->drupalLogin($account);
$this->drupalGet('/admin/config/services/jsonapi');
$page = $this->getSession()->getPage();
$page->selectFieldOption('read_only', 'rw');
$page->pressButton('Save configuration');
$assert_session = $this->assertSession();
$assert_session->pageTextContains('The configuration options have been saved.');
$assert_session->fieldValueEquals('read_only', 'rw');
$page->selectFieldOption('read_only', 'r');
$page->pressButton('Save configuration');
$assert_session->fieldValueEquals('read_only', 'r');
$assert_session->pageTextContains('The configuration options have been saved.');
}
}

132
web/core/modules/jsonapi/tests/src/Functional/ShortcutSetTest.php Normal file
View File

@ -0,0 +1,132 @@
<?php
declare(strict_types=1);
namespace Drupal\Tests\jsonapi\Functional;
use Drupal\jsonapi\JsonApiSpec;
use Drupal\Core\Url;
use Drupal\shortcut\Entity\ShortcutSet;
/**
* JSON:API integration test for the "ShortcutSet" config entity type.
*
* @group jsonapi
*/
class ShortcutSetTest extends ConfigEntityResourceTestBase {
/**
* {@inheritdoc}
*/
protected static $modules = ['shortcut'];
/**
* {@inheritdoc}
*/
protected $defaultTheme = 'stark';
/**
* {@inheritdoc}
*/
protected static $entityTypeId = 'shortcut_set';
/**
* {@inheritdoc}
*/
protected static $resourceTypeName = 'shortcut_set--shortcut_set';
/**
* {@inheritdoc}
*
* @var \Drupal\shortcut\ShortcutSetInterface
*/
protected $entity;
/**
* {@inheritdoc}
*/
protected function setUpAuthorization($method): void {
switch ($method) {
case 'GET':
$this->grantPermissionsToTestedRole(['access shortcuts']);
break;
case 'POST':
case 'PATCH':
$this->grantPermissionsToTestedRole(['access shortcuts', 'customize shortcut links']);
break;
case 'DELETE':
$this->grantPermissionsToTestedRole(['administer shortcuts']);
break;
}
}
/**
* {@inheritdoc}
*/
protected function getExpectedUnauthorizedAccessMessage($method) {
switch ($method) {
case 'GET':
return "The 'access shortcuts' permission is required.";
default:
return parent::getExpectedUnauthorizedAccessMessage($method);
}
}
/**
* {@inheritdoc}
*/
protected function createEntity() {
$set = ShortcutSet::create([
'id' => 'llama-set',
'label' => 'Llama Set',
]);
$set->save();
return $set;
}
/**
* {@inheritdoc}
*/
protected function getExpectedDocument(): array {
$self_url = Url::fromUri('base:/jsonapi/shortcut_set/shortcut_set/' . $this->entity->uuid())->setAbsolute()->toString(TRUE)->getGeneratedUrl();
return [
'jsonapi' => [
'meta' => [
'links' => [
'self' => ['href' => JsonApiSpec::SUPPORTED_SPECIFICATION_PERMALINK],
],
],
'version' => JsonApiSpec::SUPPORTED_SPECIFICATION_VERSION,
],
'links' => [
'self' => ['href' => $self_url],
],
'data' => [
'id' => $this->entity->uuid(),
'type' => 'shortcut_set--shortcut_set',
'links' => [
'self' => ['href' => $self_url],
],
'attributes' => [
'label' => 'Llama Set',
'status' => TRUE,
'langcode' => 'en',
'dependencies' => [],
'drupal_internal__id' => 'llama-set',
],
],
];
}
/**
* {@inheritdoc}
*/
protected function getPostDocument(): array {
// @todo Update in https://www.drupal.org/node/2300677.
return [];
}
}

209
web/core/modules/jsonapi/tests/src/Functional/ShortcutTest.php Normal file
View File

@ -0,0 +1,209 @@
<?php
declare(strict_types=1);
namespace Drupal\Tests\jsonapi\Functional;
use Drupal\jsonapi\JsonApiSpec;
use Drupal\Component\Utility\NestedArray;
use Drupal\Core\Session\AccountInterface;
use Drupal\Core\Url;
use Drupal\shortcut\Entity\Shortcut;
use Drupal\shortcut\Entity\ShortcutSet;
use Drupal\Tests\jsonapi\Traits\CommonCollectionFilterAccessTestPatternsTrait;
use GuzzleHttp\RequestOptions;
/**
* JSON:API integration test for the "Shortcut" content entity type.
*
* @group jsonapi
*/
class ShortcutTest extends ResourceTestBase {
use CommonCollectionFilterAccessTestPatternsTrait;
/**
* {@inheritdoc}
*/
protected static $modules = ['comment', 'shortcut'];
/**
* {@inheritdoc}
*/
protected $defaultTheme = 'stark';
/**
* {@inheritdoc}
*/
protected static $entityTypeId = 'shortcut';
/**
* {@inheritdoc}
*/
protected static $resourceTypeName = 'shortcut--default';
/**
* {@inheritdoc}
*
* @var \Drupal\shortcut\ShortcutInterface
*/
protected $entity;
/**
* {@inheritdoc}
*/
protected static $patchProtectedFieldNames = [];
/**
* {@inheritdoc}
*/
protected function setUpAuthorization($method): void {
$this->grantPermissionsToTestedRole(['access shortcuts', 'customize shortcut links']);
}
/**
* {@inheritdoc}
*/
protected function createEntity() {
$shortcut = Shortcut::create([
'shortcut_set' => 'default',
'title' => 'Comments',
'weight' => -20,
'link' => [
'uri' => 'internal:/user/logout',
],
]);
$shortcut->save();
return $shortcut;
}
/**
* {@inheritdoc}
*/
protected function getExpectedDocument(): array {
$self_url = Url::fromUri('base:/jsonapi/shortcut/default/' . $this->entity->uuid())->setAbsolute()->toString(TRUE)->getGeneratedUrl();
return [
'jsonapi' => [
'meta' => [
'links' => [
'self' => ['href' => JsonApiSpec::SUPPORTED_SPECIFICATION_PERMALINK],
],
],
'version' => JsonApiSpec::SUPPORTED_SPECIFICATION_VERSION,
],
'links' => [
'self' => ['href' => $self_url],
],
'data' => [
'id' => $this->entity->uuid(),
'type' => 'shortcut--default',
'links' => [
'self' => ['href' => $self_url],
],
'attributes' => [
'title' => 'Comments',
'link' => [
'uri' => 'internal:/user/logout',
'title' => NULL,
'options' => [],
],
'langcode' => 'en',
'default_langcode' => TRUE,
'weight' => -20,
'drupal_internal__id' => (int) $this->entity->id(),
],
'relationships' => [
'shortcut_set' => [
'data' => [
'type' => 'shortcut_set--shortcut_set',
'meta' => [
'drupal_internal__target_id' => 'default',
],
'id' => ShortcutSet::load('default')->uuid(),
],
'links' => [
'related' => ['href' => $self_url . '/shortcut_set'],
'self' => ['href' => $self_url . '/relationships/shortcut_set'],
],
],
],
],
];
}
/**
* {@inheritdoc}
*/
protected function getPostDocument(): array {
return [
'data' => [
'type' => 'shortcut--default',
'attributes' => [
'title' => 'Comments',
'link' => [
'uri' => 'internal:/',
],
],
],
];
}
/**
* {@inheritdoc}
*/
protected function getExpectedUnauthorizedAccessMessage($method): string {
return "The shortcut set must be the currently displayed set for the user and the user must have 'access shortcuts' AND 'customize shortcut links' permissions.";
}
/**
* {@inheritdoc}
*/
public function testCollectionFilterAccess(): void {
$label_field_name = 'title';
// Verify the expected behavior in the common case: default shortcut set.
$this->grantPermissionsToTestedRole(['customize shortcut links']);
$this->doTestCollectionFilterAccessBasedOnPermissions($label_field_name, 'access shortcuts');
$alternate_shortcut_set = ShortcutSet::create([
'id' => 'alternate',
'label' => 'Alternate',
]);
$alternate_shortcut_set->save();
$this->entity->shortcut_set = $alternate_shortcut_set->id();
$this->entity->save();
$collection_url = Url::fromRoute('jsonapi.entity_test--bar.collection');
$collection_filter_url = $collection_url->setOption('query', ["filter[spotlight.$label_field_name]" => $this->entity->label()]);
$request_options = [];
$request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
$request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions());
// No results because the current user does not have access to shortcuts
// not in the user's assigned set or the default set.
$response = $this->request('GET', $collection_filter_url, $request_options);
$doc = $this->getDocumentFromResponse($response);
$this->assertCount(0, $doc['data']);
// Assign the alternate shortcut set to the current user.
$this->container->get('entity_type.manager')->getStorage('shortcut_set')->assignUser($alternate_shortcut_set, $this->account);
// 1 result because the alternate shortcut set is now assigned to the
// current user.
$response = $this->request('GET', $collection_filter_url, $request_options);
$doc = $this->getDocumentFromResponse($response);
$this->assertCount(1, $doc['data']);
}
/**
* {@inheritdoc}
*/
protected static function getExpectedCollectionCacheability(AccountInterface $account, array $collection, ?array $sparse_fieldset = NULL, $filtered = FALSE) {
$cacheability = parent::getExpectedCollectionCacheability($account, $collection, $sparse_fieldset, $filtered);
if ($filtered) {
$cacheability->addCacheContexts(['user']);
}
return $cacheability;
}
}

513
web/core/modules/jsonapi/tests/src/Functional/TermTest.php Normal file
View File

@ -0,0 +1,513 @@
<?php
declare(strict_types=1);
namespace Drupal\Tests\jsonapi\Functional;
use Drupal\jsonapi\JsonApiSpec;
use Drupal\Component\Serialization\Json;
use Drupal\Component\Utility\NestedArray;
use Drupal\Core\Cache\Cache;
use Drupal\Core\Entity\EntityInterface;
use Drupal\Core\Url;
use Drupal\taxonomy\Entity\Term;
use Drupal\taxonomy\Entity\Vocabulary;
use Drupal\Tests\jsonapi\Traits\CommonCollectionFilterAccessTestPatternsTrait;
use GuzzleHttp\RequestOptions;
/**
* JSON:API integration test for the "Term" content entity type.
*
* @group jsonapi
*/
class TermTest extends ResourceTestBase {
use CommonCollectionFilterAccessTestPatternsTrait;
/**
* {@inheritdoc}
*/
protected static $modules = ['taxonomy', 'path'];
/**
* {@inheritdoc}
*/
protected $defaultTheme = 'stark';
/**
* {@inheritdoc}
*/
protected static $entityTypeId = 'taxonomy_term';
/**
* {@inheritdoc}
*/
protected static $resourceTypeName = 'taxonomy_term--camelids';
/**
* {@inheritdoc}
*/
protected static $resourceTypeIsVersionable = TRUE;
/**
* {@inheritdoc}
*/
protected static $patchProtectedFieldNames = [
'changed' => NULL,
];
/**
* {@inheritdoc}
*
* @var \Drupal\taxonomy\TermInterface
*/
protected $entity;
/**
* {@inheritdoc}
*/
protected function setUpAuthorization($method): void {
switch ($method) {
case 'GET':
$this->grantPermissionsToTestedRole(['access content', 'view vocabulary labels']);
break;
case 'POST':
$this->grantPermissionsToTestedRole(['create terms in camelids']);
break;
case 'PATCH':
// Grant the 'create url aliases' permission to test the case when
// the path field is accessible, see
// \Drupal\Tests\rest\Functional\EntityResource\Node\NodeResourceTestBase
// for a negative test.
$this->grantPermissionsToTestedRole(['edit terms in camelids', 'create url aliases']);
break;
case 'DELETE':
$this->grantPermissionsToTestedRole(['delete terms in camelids']);
break;
}
}
/**
* {@inheritdoc}
*/
protected function setUpRevisionAuthorization($method): void {
parent::setUpRevisionAuthorization($method);
$this->grantPermissionsToTestedRole(['administer taxonomy']);
}
/**
* {@inheritdoc}
*/
protected function createEntity() {
$vocabulary = Vocabulary::load('camelids');
if (!$vocabulary) {
// Create a "Camelids" vocabulary.
$vocabulary = Vocabulary::create([
'name' => 'Camelids',
'vid' => 'camelids',
]);
$vocabulary->save();
}
// Create a "Llama" taxonomy term.
$term = Term::create(['vid' => $vocabulary->id()])
->setName('Llama')
->setDescription("It is a little known fact that llamas cannot count higher than seven.")
->setChangedTime(123456789)
->set('path', '/llama');
$term->save();
return $term;
}
/**
* {@inheritdoc}
*/
protected function getExpectedDocument(): array {
$base_url = Url::fromUri('base:/jsonapi/taxonomy_term/camelids/' . $this->entity->uuid())->setAbsolute();
$self_url = clone $base_url;
$version_identifier = 'id:' . $this->entity->getRevisionId();
$self_url = $self_url->setOption('query', ['resourceVersion' => $version_identifier]);
$version_query_string = '?resourceVersion=' . urlencode($version_identifier);
// We test with multiple parent terms, and combinations thereof.
// @see ::createEntity()
// @see ::testGetIndividual()
// @see ::testGetIndividualTermWithParent()
// @see ::providerTestGetIndividualTermWithParent()
$parent_term_ids = [];
for ($i = 0; $i < $this->entity->get('parent')->count(); $i++) {
$parent_term_ids[$i] = (int) $this->entity->get('parent')[$i]->target_id;
}
$expected_parent_normalization = FALSE;
switch ($parent_term_ids) {
case [0]:
$expected_parent_normalization = [
'data' => [
[
'id' => 'virtual',
'type' => 'taxonomy_term--camelids',
'meta' => [
'links' => [
'help' => [
'href' => 'https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual',
'meta' => [
'about' => "Usage and meaning of the 'virtual' resource identifier.",
],
],
],
],
],
],
'links' => [
'related' => ['href' => $base_url->toString() . '/parent' . $version_query_string],
'self' => ['href' => $base_url->toString() . '/relationships/parent' . $version_query_string],
],
];
break;
case [2]:
$expected_parent_normalization = [
'data' => [
[
'id' => Term::load(2)->uuid(),
'meta' => [
'drupal_internal__target_id' => 2,
],
'type' => 'taxonomy_term--camelids',
],
],
'links' => [
'related' => ['href' => $base_url->toString() . '/parent' . $version_query_string],
'self' => ['href' => $base_url->toString() . '/relationships/parent' . $version_query_string],
],
];
break;
case [0, 2]:
$expected_parent_normalization = [
'data' => [
[
'id' => 'virtual',
'type' => 'taxonomy_term--camelids',
'meta' => [
'links' => [
'help' => [
'href' => 'https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual',
'meta' => [
'about' => "Usage and meaning of the 'virtual' resource identifier.",
],
],
],
],
],
[
'id' => Term::load(2)->uuid(),
'meta' => [
'drupal_internal__target_id' => 2,
],
'type' => 'taxonomy_term--camelids',
],
],
'links' => [
'related' => ['href' => $base_url->toString() . '/parent' . $version_query_string],
'self' => ['href' => $base_url->toString() . '/relationships/parent' . $version_query_string],
],
];
break;
case [3, 2]:
$expected_parent_normalization = [
'data' => [
[
'id' => Term::load(3)->uuid(),
'meta' => [
'drupal_internal__target_id' => 3,
],
'type' => 'taxonomy_term--camelids',
],
[
'id' => Term::load(2)->uuid(),
'meta' => [
'drupal_internal__target_id' => 2,
],
'type' => 'taxonomy_term--camelids',
],
],
'links' => [
'related' => ['href' => $base_url->toString() . '/parent' . $version_query_string],
'self' => ['href' => $base_url->toString() . '/relationships/parent' . $version_query_string],
],
];
break;
}
return [
'jsonapi' => [
'meta' => [
'links' => [
'self' => ['href' => JsonApiSpec::SUPPORTED_SPECIFICATION_PERMALINK],
],
],
'version' => JsonApiSpec::SUPPORTED_SPECIFICATION_VERSION,
],
'links' => [
'self' => ['href' => $base_url->toString()],
],
'data' => [
'id' => $this->entity->uuid(),
'type' => 'taxonomy_term--camelids',
'links' => [
'self' => ['href' => $self_url->toString()],
],
'attributes' => [
'changed' => (new \DateTime())->setTimestamp($this->entity->getChangedTime())->setTimezone(new \DateTimeZone('UTC'))->format(\DateTime::RFC3339),
'default_langcode' => TRUE,
'description' => [
'value' => 'It is a little known fact that llamas cannot count higher than seven.',
'format' => NULL,
'processed' => "<p>It is a little known fact that llamas cannot count higher than seven.</p>\n",
],
'langcode' => 'en',
'name' => 'Llama',
'path' => [
'alias' => '/llama',
'pid' => 1,
'langcode' => 'en',
],
'weight' => 0,
'drupal_internal__tid' => 1,
'status' => TRUE,
'drupal_internal__revision_id' => 1,
'revision_created' => (new \DateTime())->setTimestamp((int) $this->entity->getRevisionCreationTime())->setTimezone(new \DateTimeZone('UTC'))->format(\DateTime::RFC3339),
// @todo Attempt to remove this in https://www.drupal.org/project/drupal/issues/2933518.
'revision_translation_affected' => TRUE,
],
'relationships' => [
'parent' => $expected_parent_normalization,
'vid' => [
'data' => [
'id' => Vocabulary::load('camelids')->uuid(),
'meta' => [
'drupal_internal__target_id' => 'camelids',
],
'type' => 'taxonomy_vocabulary--taxonomy_vocabulary',
],
'links' => [
'related' => ['href' => $base_url->toString() . '/vid' . $version_query_string],
'self' => ['href' => $base_url->toString() . '/relationships/vid' . $version_query_string],
],
],
'revision_user' => [
'data' => NULL,
'links' => [
'related' => [
'href' => $base_url->toString() . '/revision_user' . $version_query_string,
],
'self' => [
'href' => $base_url->toString() . '/relationships/revision_user' . $version_query_string,
],
],
],
],
],
];
}
/**
* {@inheritdoc}
*/
protected function getExpectedGetRelationshipDocumentData($relationship_field_name, ?EntityInterface $entity = NULL) {
$data = parent::getExpectedGetRelationshipDocumentData($relationship_field_name, $entity);
if ($relationship_field_name === 'parent') {
$data = [
0 => [
'id' => 'virtual',
'type' => 'taxonomy_term--camelids',
'meta' => [
'links' => [
'help' => [
'href' => 'https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual',
'meta' => [
'about' => "Usage and meaning of the 'virtual' resource identifier.",
],
],
],
],
],
];
}
return $data;
}
/**
* {@inheritdoc}
*/
protected function getPostDocument(): array {
return [
'data' => [
'type' => 'taxonomy_term--camelids',
'attributes' => [
'name' => 'Drama llama',
'description' => [
'value' => 'Drama llamas are the coolest camelids.',
'format' => NULL,
],
],
],
];
}
/**
* {@inheritdoc}
*/
protected function getExpectedUnauthorizedAccessMessage($method) {
switch ($method) {
case 'GET':
return "The 'access content' permission is required and the taxonomy term must be published.";
case 'POST':
return "The following permissions are required: 'create terms in camelids' OR 'administer taxonomy'.";
case 'PATCH':
return "The following permissions are required: 'edit terms in camelids' OR 'administer taxonomy'.";
case 'DELETE':
return "The following permissions are required: 'delete terms in camelids' OR 'administer taxonomy'.";
default:
return parent::getExpectedUnauthorizedAccessMessage($method);
}
}
/**
* {@inheritdoc}
*/
protected function getExpectedUnauthorizedAccessCacheability() {
$cacheability = parent::getExpectedUnauthorizedAccessCacheability();
$cacheability->addCacheableDependency($this->entity);
return $cacheability;
}
/**
* Tests PATCHing a term's path.
*
* For a negative test, see the similar test coverage for Node.
*
* @see \Drupal\Tests\jsonapi\Functional\NodeTest::testPatchPath()
* @see \Drupal\Tests\rest\Functional\EntityResource\Node\NodeResourceTestBase::testPatchPath()
*/
public function testPatchPath(): void {
$this->setUpAuthorization('GET');
$this->setUpAuthorization('PATCH');
$this->config('jsonapi.settings')->set('read_only', FALSE)->save(TRUE);
// @todo Remove line below in favor of commented line in https://www.drupal.org/project/drupal/issues/2878463.
$url = Url::fromRoute(sprintf('jsonapi.%s.individual', static::$resourceTypeName), ['entity' => $this->entity->uuid()]);
// $url = $this->entity->toUrl('jsonapi');
$request_options = [];
$request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
$request_options[RequestOptions::HEADERS]['Content-Type'] = 'application/vnd.api+json';
$request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions());
// GET term's current normalization.
$response = $this->request('GET', $url, $request_options);
$normalization = $this->getDocumentFromResponse($response);
// Change term's path alias.
$normalization['data']['attributes']['path']['alias'] .= 's-rule-the-world';
// Create term PATCH request.
$request_options[RequestOptions::BODY] = Json::encode($normalization);
// PATCH request: 200.
$response = $this->request('PATCH', $url, $request_options);
$updated_normalization = $this->getDocumentFromResponse($response);
$this->assertResourceResponse(200, FALSE, $response);
$this->assertSame($normalization['data']['attributes']['path']['alias'], $updated_normalization['data']['attributes']['path']['alias']);
}
/**
* {@inheritdoc}
*/
protected function getExpectedCacheTags(?array $sparse_fieldset = NULL) {
$tags = parent::getExpectedCacheTags($sparse_fieldset);
if ($sparse_fieldset === NULL || in_array('description', $sparse_fieldset)) {
$tags = Cache::mergeTags($tags, ['config:filter.format.plain_text', 'config:filter.settings']);
}
return $tags;
}
/**
* {@inheritdoc}
*/
protected function getExpectedCacheContexts(?array $sparse_fieldset = NULL) {
$contexts = parent::getExpectedCacheContexts($sparse_fieldset);
if ($sparse_fieldset === NULL || in_array('description', $sparse_fieldset)) {
$contexts = Cache::mergeContexts($contexts, ['languages:language_interface', 'theme']);
}
return $contexts;
}
/**
* Tests GETting a term with a parent term other than the default <root> (0).
*
* @see ::getExpectedNormalizedEntity()
*
* @dataProvider providerTestGetIndividualTermWithParent
*/
public function testGetIndividualTermWithParent(array $parent_term_ids): void {
// Create all possible parent terms.
Term::create(['vid' => Vocabulary::load('camelids')->id()])
->setName('Lamoids')
->save();
Term::create(['vid' => Vocabulary::load('camelids')->id()])
->setName('Camels')
->save();
// Modify the entity under test to use the provided parent terms.
$this->entity->set('parent', $parent_term_ids)->save();
// @todo Remove line below in favor of commented line in https://www.drupal.org/project/drupal/issues/2878463.
$url = Url::fromRoute(sprintf('jsonapi.%s.individual', static::$resourceTypeName), ['entity' => $this->entity->uuid()]);
// $url = $this->entity->toUrl('jsonapi');
$request_options = [];
$request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
$request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions());
$this->setUpAuthorization('GET');
$response = $this->request('GET', $url, $request_options);
$this->assertSameDocument($this->getExpectedDocument(), Json::decode($response->getBody()));
}
/**
* Data provider for ::testGetIndividualTermWithParent().
*/
public static function providerTestGetIndividualTermWithParent() {
return [
'root parent: [0] (= no parent)' => [
[0],
],
'non-root parent: [2]' => [
[2],
],
'multiple parents: [0,2] (root + non-root parent)' => [
[0, 2],
],
'multiple parents: [3,2] (both non-root parents)' => [
[3, 2],
],
];
}
/**
* {@inheritdoc}
*/
public function testCollectionFilterAccess(): void {
$this->doTestCollectionFilterAccessBasedOnPermissions('name', 'access content');
}
}

841
web/core/modules/jsonapi/tests/src/Functional/UserTest.php Normal file
View File

@ -0,0 +1,841 @@
<?php
declare(strict_types=1);
namespace Drupal\Tests\jsonapi\Functional;
use Drupal\jsonapi\JsonApiSpec;
use Drupal\Component\Serialization\Json;
use Drupal\Component\Utility\NestedArray;
use Drupal\Core\Cache\Cache;
use Drupal\Core\Url;
use Drupal\field\Entity\FieldConfig;
use Drupal\field\Entity\FieldStorageConfig;
use Drupal\node\Entity\Node;
use Drupal\user\Entity\User;
use Drupal\user\UserInterface;
use GuzzleHttp\RequestOptions;
/**
* JSON:API integration test for the "User" content entity type.
*
* @group jsonapi
*/
class UserTest extends ResourceTestBase {
const BATCH_TEST_NODE_COUNT = 15;
/**
* {@inheritdoc}
*/
protected static $modules = ['user', 'jsonapi_test_user', 'node'];
/**
* {@inheritdoc}
*/
protected $defaultTheme = 'stark';
/**
* {@inheritdoc}
*/
protected static $entityTypeId = 'user';
/**
* {@inheritdoc}
*/
protected static $resourceTypeName = 'user--user';
/**
* {@inheritdoc}
*/
protected static $patchProtectedFieldNames = [
'changed' => NULL,
];
/**
* {@inheritdoc}
*/
protected static $anonymousUsersCanViewLabels = TRUE;
/**
* {@inheritdoc}
*
* @var \Drupal\taxonomy\TermInterface
*/
protected $entity;
/**
* {@inheritdoc}
*/
protected static $labelFieldName = 'display_name';
/**
* {@inheritdoc}
*/
protected static $firstCreatedEntityId = 4;
/**
* {@inheritdoc}
*/
protected static $secondCreatedEntityId = 5;
/**
* {@inheritdoc}
*/
protected function setUpAuthorization($method): void {
// @todo Remove this in
$this->grantPermissionsToTestedRole(['access content']);
switch ($method) {
case 'GET':
$this->grantPermissionsToTestedRole(['access user profiles']);
break;
case 'POST':
case 'PATCH':
case 'DELETE':
$this->grantPermissionsToTestedRole(['administer users']);
break;
}
}
/**
* {@inheritdoc}
*/
protected function createEntity() {
// Create a "Llama" user.
$user = User::create(['created' => 123456789]);
$user->setUsername('Llama')
->setChangedTime(123456789)
->activate()
->save();
return $user;
}
/**
* {@inheritdoc}
*/
protected function createAnotherEntity($key) {
/** @var \Drupal\user\UserInterface $user */
$user = $this->getEntityDuplicate($this->entity, $key);
$user->setUsername($user->label() . '_' . $key);
$user->setEmail("$key@example.com");
$user->save();
return $user;
}
/**
* {@inheritdoc}
*/
protected function doTestDeleteIndividual(): void {
$this->config('user.settings')->set('cancel_method', 'user_cancel_delete')->save(TRUE);
parent::doTestDeleteIndividual();
}
/**
* {@inheritdoc}
*/
protected function getExpectedDocument(): array {
$self_url = Url::fromUri('base:/jsonapi/user/user/' . $this->entity->uuid())->setAbsolute()->toString(TRUE)->getGeneratedUrl();
return [
'jsonapi' => [
'meta' => [
'links' => [
'self' => ['href' => JsonApiSpec::SUPPORTED_SPECIFICATION_PERMALINK],
],
],
'version' => JsonApiSpec::SUPPORTED_SPECIFICATION_VERSION,
],
'links' => [
'self' => ['href' => $self_url],
],
'data' => [
'id' => $this->entity->uuid(),
'type' => 'user--user',
'links' => [
'self' => ['href' => $self_url],
],
'attributes' => [
'display_name' => 'Llama',
'created' => '1973-11-29T21:33:09+00:00',
'changed' => (new \DateTime())->setTimestamp($this->entity->getChangedTime())->setTimezone(new \DateTimeZone('UTC'))->format(\DateTime::RFC3339),
'default_langcode' => TRUE,
'langcode' => 'en',
'name' => 'Llama',
'drupal_internal__uid' => 3,
],
],
];
}
/**
* {@inheritdoc}
*/
protected function getExpectedCacheContexts(?array $sparse_fieldset = NULL) {
$cache_contexts = parent::getExpectedCacheContexts($sparse_fieldset);
if ($sparse_fieldset === NULL || !empty(array_intersect(['mail', 'display_name'], $sparse_fieldset))) {
$cache_contexts = Cache::mergeContexts($cache_contexts, ['user']);
}
return $cache_contexts;
}
/**
* {@inheritdoc}
*/
protected function getPostDocument(): array {
return [
'data' => [
'type' => 'user--user',
'attributes' => [
'name' => 'Drama llama',
],
],
];
}
/**
* {@inheritdoc}
*/
protected function getPatchDocument() {
return [
'data' => [
'id' => $this->entity->uuid(),
'type' => 'user--user',
'attributes' => [
'name' => 'Drama llama 2',
],
],
];
}
/**
* {@inheritdoc}
*/
protected function getExpectedUnauthorizedAccessMessage($method) {
switch ($method) {
case 'GET':
return "The 'access user profiles' permission is required and the user must be active.";
case 'PATCH':
return "Users can only update their own account, unless they have the 'administer users' permission.";
case 'DELETE':
return "The 'cancel account' permission is required.";
default:
return parent::getExpectedUnauthorizedAccessMessage($method);
}
}
/**
* Tests PATCHing security-sensitive base fields of the logged in account.
*/
public function testPatchDxForSecuritySensitiveBaseFields(): void {
// @todo Remove line below in favor of commented line in https://www.drupal.org/project/drupal/issues/2878463.
$url = Url::fromRoute(sprintf('jsonapi.user--user.individual'), ['entity' => $this->account->uuid()]);
/* $url = $this->account->toUrl('jsonapi'); */
// Since this test must be performed by the user that is being modified,
// we must use $this->account, not $this->entity.
$request_options = [];
$request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
$request_options[RequestOptions::HEADERS]['Content-Type'] = 'application/vnd.api+json';
$request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions());
$response = $this->request('GET', $url, $request_options);
$original_normalization = $this->getDocumentFromResponse($response);
// Test case 1: changing email.
$normalization = $original_normalization;
$normalization['data']['attributes']['mail'] = 'new-email@example.com';
$request_options[RequestOptions::BODY] = Json::encode($normalization);
// DX: 405 when read-only mode is enabled.
$response = $this->request('PATCH', $url, $request_options);
$this->assertResourceErrorResponse(405, sprintf("JSON:API is configured to accept only read operations. Site administrators can configure this at %s.", Url::fromUri('base:/admin/config/services/jsonapi')->setAbsolute()->toString(TRUE)->getGeneratedUrl()), $url, $response);
$this->assertSame(['GET'], $response->getHeader('Allow'));
$this->config('jsonapi.settings')->set('read_only', FALSE)->save(TRUE);
// DX: 422 when changing email without providing the password.
$response = $this->request('PATCH', $url, $request_options);
$this->assertResourceErrorResponse(422, 'mail: Your current password is missing or incorrect; it\'s required to change the Email.', NULL, $response, '/data/attributes/mail');
$normalization['data']['attributes']['pass']['existing'] = 'wrong';
$request_options[RequestOptions::BODY] = Json::encode($normalization);
// DX: 422 when changing email while providing a wrong password.
$response = $this->request('PATCH', $url, $request_options);
$this->assertResourceErrorResponse(422, 'mail: Your current password is missing or incorrect; it\'s required to change the Email.', NULL, $response, '/data/attributes/mail');
$normalization['data']['attributes']['pass']['existing'] = $this->account->passRaw;
$request_options[RequestOptions::BODY] = Json::encode($normalization);
// 200 for well-formed request.
$response = $this->request('PATCH', $url, $request_options);
$this->assertResourceResponse(200, FALSE, $response);
// Test case 2: changing password.
$normalization = $this->getDocumentFromResponse($response);
$normalization['data']['attributes']['mail'] = 'new-email@example.com';
$new_password = $this->randomString();
$normalization['data']['attributes']['pass']['value'] = $new_password;
$request_options[RequestOptions::BODY] = Json::encode($normalization);
// DX: 422 when changing password without providing the current password.
$response = $this->request('PATCH', $url, $request_options);
$this->assertResourceErrorResponse(422, 'pass: Your current password is missing or incorrect; it\'s required to change the Password.', NULL, $response, '/data/attributes/pass');
$normalization['data']['attributes']['pass']['existing'] = $this->account->passRaw;
$request_options[RequestOptions::BODY] = Json::encode($normalization);
// 200 for well-formed request.
$response = $this->request('PATCH', $url, $request_options);
$this->assertResourceResponse(200, FALSE, $response);
// Verify that we can log in with the new password.
$this->assertRpcLogin($this->account->getAccountName(), $new_password);
// Update password in $this->account, prepare for future requests.
$this->account->passRaw = $new_password;
$request_options = [];
$request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
$request_options[RequestOptions::HEADERS]['Content-Type'] = 'application/vnd.api+json';
$request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions());
// Test case 3: changing name.
$normalization = $this->getDocumentFromResponse($response);
$normalization['data']['attributes']['mail'] = 'new-email@example.com';
$normalization['data']['attributes']['pass']['existing'] = $new_password;
$normalization['data']['attributes']['name'] = 'Cooler Llama';
$request_options[RequestOptions::BODY] = Json::encode($normalization);
// DX: 403 when modifying username without required permission.
$response = $this->request('PATCH', $url, $request_options);
$this->assertResourceErrorResponse(403, 'The current user is not allowed to PATCH the selected field (name).', $url, $response, '/data/attributes/name');
$this->grantPermissionsToTestedRole(['change own username']);
// 200 for well-formed request.
$response = $this->request('PATCH', $url, $request_options);
$this->assertResourceResponse(200, FALSE, $response);
// Verify that we can log in with the new username.
$this->assertRpcLogin('Cooler Llama', $new_password);
}
/**
* Verifies that logging in with the given username and password works.
*
* @param string $username
* The username to log in with.
* @param string $password
* The password to log in with.
*
* @internal
*/
protected function assertRpcLogin(string $username, string $password): void {
$request_body = [
'name' => $username,
'pass' => $password,
];
$request_options = [
RequestOptions::HEADERS => [],
RequestOptions::BODY => Json::encode($request_body),
];
$response = $this->request('POST', Url::fromRoute('user.login.http')->setRouteParameter('_format', 'json'), $request_options);
$this->assertSame(200, $response->getStatusCode());
}
/**
* Tests PATCHing security-sensitive base fields to change other users.
*/
public function testPatchSecurityOtherUser(): void {
// @todo Remove line below in favor of commented line in https://www.drupal.org/project/drupal/issues/2878463.
$url = Url::fromRoute(sprintf('jsonapi.user--user.individual'), ['entity' => $this->account->uuid()]);
/* $url = $this->account->toUrl('jsonapi'); */
$original_normalization = $this->normalize($this->account, $url);
// Since this test must be performed by the user that is being modified,
// we must use $this->account, not $this->entity.
$request_options = [];
$request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
$request_options[RequestOptions::HEADERS]['Content-Type'] = 'application/vnd.api+json';
$request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions());
$normalization = $original_normalization;
$normalization['data']['attributes']['mail'] = 'new-email@example.com';
$request_options[RequestOptions::BODY] = Json::encode($normalization);
// DX: 405 when read-only mode is enabled.
$response = $this->request('PATCH', $url, $request_options);
$this->assertResourceErrorResponse(405, sprintf("JSON:API is configured to accept only read operations. Site administrators can configure this at %s.", Url::fromUri('base:/admin/config/services/jsonapi')->setAbsolute()->toString(TRUE)->getGeneratedUrl()), $url, $response);
$this->assertSame(['GET'], $response->getHeader('Allow'));
$this->config('jsonapi.settings')->set('read_only', FALSE)->save(TRUE);
// Try changing user 1's email.
$user1 = $original_normalization;
$user1['data']['attributes']['mail'] = 'another_email_address@example.com';
$user1['data']['attributes']['uid'] = 1;
$user1['data']['attributes']['name'] = 'another_user_name';
$user1['data']['attributes']['pass']['existing'] = $this->account->passRaw;
$request_options[RequestOptions::BODY] = Json::encode($user1);
$response = $this->request('PATCH', $url, $request_options);
// Ensure the email address has not changed.
$this->assertEquals('admin@example.com', $this->entityStorage->loadUnchanged(1)->getEmail());
$this->assertResourceErrorResponse(403, 'The current user is not allowed to PATCH the selected field (uid). The entity ID cannot be changed.', $url, $response, '/data/attributes/uid');
}
/**
* Tests GETting privacy-sensitive base fields.
*/
public function testGetMailFieldOnlyVisibleToOwner(): void {
// Create user B, with the same roles (and hence permissions) as user A.
$user_a = $this->account;
$pass = \Drupal::service('password_generator')->generate();
$user_b = User::create([
'name' => 'sibling-of-' . $user_a->getAccountName(),
'mail' => 'sibling-of-' . $user_a->getAccountName() . '@example.com',
'pass' => $pass,
'status' => 1,
'roles' => $user_a->getRoles(),
]);
$user_b->save();
$user_b->passRaw = $pass;
// Grant permission to role that both users use.
$this->grantPermissionsToTestedRole(['access user profiles']);
$collection_url = Url::fromRoute('jsonapi.user--user.collection', [], ['query' => ['sort' => 'drupal_internal__uid']]);
// @todo Remove line below in favor of commented line in https://www.drupal.org/project/drupal/issues/2878463.
$user_a_url = Url::fromRoute(sprintf('jsonapi.user--user.individual'), ['entity' => $user_a->uuid()]);
/* $user_a_url = $user_a->toUrl('jsonapi'); */
$request_options = [];
$request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
$request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions());
// Viewing user A as user A: "mail" field is accessible.
$response = $this->request('GET', $user_a_url, $request_options);
$doc = $this->getDocumentFromResponse($response);
$this->assertArrayHasKey('mail', $doc['data']['attributes']);
// Also when looking at the collection.
$response = $this->request('GET', $collection_url, $request_options);
$doc = $this->getDocumentFromResponse($response);
$this->assertSame($user_a->uuid(), $doc['data']['2']['id']);
$this->assertArrayHasKey('mail', $doc['data'][2]['attributes'], "Own user--user resource's 'mail' field is visible.");
$this->assertSame($user_b->uuid(), $doc['data'][count($doc['data']) - 1]['id']);
$this->assertArrayNotHasKey('mail', $doc['data'][count($doc['data']) - 1]['attributes']);
// Now request the same URLs, but as user B (same roles/permissions).
$this->account = $user_b;
$request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions());
// Viewing user A as user B: "mail" field should be inaccessible.
$response = $this->request('GET', $user_a_url, $request_options);
$doc = $this->getDocumentFromResponse($response);
$this->assertArrayNotHasKey('mail', $doc['data']['attributes']);
// Also when looking at the collection.
$response = $this->request('GET', $collection_url, $request_options);
$doc = $this->getDocumentFromResponse($response);
$this->assertSame($user_a->uuid(), $doc['data']['2']['id']);
$this->assertArrayNotHasKey('mail', $doc['data'][2]['attributes']);
$this->assertSame($user_b->uuid(), $doc['data'][count($doc['data']) - 1]['id']);
$this->assertArrayHasKey('mail', $doc['data'][count($doc['data']) - 1]['attributes']);
// Now grant permission to view user email addresses and verify.
$this->grantPermissionsToTestedRole(['view user email addresses']);
// Viewing user A as user B: "mail" field should be accessible.
$response = $this->request('GET', $user_a_url, $request_options);
$doc = $this->getDocumentFromResponse($response);
$this->assertArrayHasKey('mail', $doc['data']['attributes']);
// Also when looking at the collection.
$response = $this->request('GET', $collection_url, $request_options);
$doc = $this->getDocumentFromResponse($response);
$this->assertSame($user_a->uuid(), $doc['data']['2']['id']);
$this->assertArrayHasKey('mail', $doc['data'][2]['attributes']);
}
/**
* Tests good error DX when trying to filter users by role.
*/
public function testQueryInvolvingRoles(): void {
$this->setUpAuthorization('GET');
$collection_url = Url::fromRoute('jsonapi.user--user.collection', [], ['query' => ['filter[roles.id][value]' => 'e9b1de3f-9517-4c27-bef0-0301229de792']]);
$request_options = [];
$request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
$request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions());
// The 'administer users' permission is required to filter by role entities.
$this->grantPermissionsToTestedRole(['administer users']);
$response = $this->request('GET', $collection_url, $request_options);
$expected_cache_contexts = ['url.path', 'url.query_args', 'url.site'];
$this->assertResourceErrorResponse(400, "Filtering on config entities is not supported by Drupal's entity API. You tried to filter on a Role config entity.", $collection_url, $response, FALSE, ['4xx-response', 'http_response'], $expected_cache_contexts, NULL, 'MISS');
}
/**
* Tests that the collection contains the anonymous user.
*/
public function testCollectionContainsAnonymousUser(): void {
$url = Url::fromRoute('jsonapi.user--user.collection', [], ['query' => ['sort' => 'drupal_internal__uid']]);
$request_options = [];
$request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
$request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions());
$response = $this->request('GET', $url, $request_options);
$doc = $this->getDocumentFromResponse($response);
$this->assertCount(4, $doc['data']);
$this->assertSame(User::load(0)->uuid(), $doc['data'][0]['id']);
$this->assertSame('User 0', $doc['data'][0]['attributes']['display_name']);
}
/**
* {@inheritdoc}
*/
public function testCollectionFilterAccess(): void {
// Set up data model.
$this->assertTrue($this->container->get('module_installer')->install(['node'], TRUE), 'Installed modules.');
FieldStorageConfig::create([
'entity_type' => static::$entityTypeId,
'field_name' => 'field_favorite_animal',
'type' => 'string',
])
->setCardinality(1)
->save();
FieldConfig::create([
'entity_type' => static::$entityTypeId,
'field_name' => 'field_favorite_animal',
'bundle' => 'user',
])
->setLabel('Test field')
->setTranslatable(FALSE)
->save();
$this->drupalCreateContentType(['type' => 'x']);
$this->rebuildAll();
$this->grantPermissionsToTestedRole(['access content']);
// Create data.
$user_a = User::create([])->setUsername('A')->activate();
$user_a->save();
$user_b = User::create([])->setUsername('B')->set('field_favorite_animal', 'stegosaurus')->block();
$user_b->save();
$node_a = Node::create(['type' => 'x'])->setTitle('Owned by A')->setOwner($user_a);
$node_a->save();
$node_b = Node::create(['type' => 'x'])->setTitle('Owned by B')->setOwner($user_b);
$node_b->save();
$node_anon_1 = Node::create(['type' => 'x'])->setTitle('Owned by anon #1')->setOwnerId(0);
$node_anon_1->save();
$node_anon_2 = Node::create(['type' => 'x'])->setTitle('Owned by anon #2')->setOwnerId(0);
$node_anon_2->save();
$node_auth_1 = Node::create(['type' => 'x'])->setTitle('Owned by auth #1')->setOwner($this->account);
$node_auth_1->save();
$favorite_animal_test_url = Url::fromRoute('jsonapi.user--user.collection')->setOption('query', ['filter[field_favorite_animal]' => 'stegosaurus']);
// Test.
$collection_url = Url::fromRoute('jsonapi.node--x.collection');
$request_options = [];
$request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
$request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions());
// ?filter[uid.id]=OWN_UUID requires no permissions: 1 result.
$response = $this->request('GET', $collection_url->setOption('query', ['filter[uid.id]' => $this->account->uuid()]), $request_options);
$this->assertSession()->responseHeaderContains('X-Drupal-Cache-Contexts', 'user.permissions');
$doc = $this->getDocumentFromResponse($response);
$this->assertCount(1, $doc['data']);
$this->assertSame($node_auth_1->uuid(), $doc['data'][0]['id']);
// ?filter[uid.id]=ANONYMOUS_UUID: 0 results.
$response = $this->request('GET', $collection_url->setOption('query', ['filter[uid.id]' => User::load(0)->uuid()]), $request_options);
$this->assertSession()->responseHeaderContains('X-Drupal-Cache-Contexts', 'user.permissions');
$doc = $this->getDocumentFromResponse($response);
$this->assertCount(0, $doc['data']);
// ?filter[uid.name]=A: 0 results.
$response = $this->request('GET', $collection_url->setOption('query', ['filter[uid.name]' => 'A']), $request_options);
$doc = $this->getDocumentFromResponse($response);
$this->assertCount(0, $doc['data']);
// /jsonapi/user/user?filter[field_favorite_animal]: 0 results.
$response = $this->request('GET', $favorite_animal_test_url, $request_options);
$doc = $this->getDocumentFromResponse($response);
$this->assertSame(200, $response->getStatusCode());
$this->assertCount(0, $doc['data']);
// Grant "view" permission.
$this->grantPermissionsToTestedRole(['access user profiles']);
// ?filter[uid.id]=ANONYMOUS_UUID: 0 results.
$response = $this->request('GET', $collection_url->setOption('query', ['filter[uid.id]' => User::load(0)->uuid()]), $request_options);
$this->assertSession()->responseHeaderContains('X-Drupal-Cache-Contexts', 'user.permissions');
$doc = $this->getDocumentFromResponse($response);
$this->assertCount(0, $doc['data']);
// ?filter[uid.name]=A: 1 result since user A is active.
$response = $this->request('GET', $collection_url->setOption('query', ['filter[uid.name]' => 'A']), $request_options);
$this->assertSession()->responseHeaderContains('X-Drupal-Cache-Contexts', 'user.permissions');
$doc = $this->getDocumentFromResponse($response);
$this->assertCount(1, $doc['data']);
$this->assertSame($node_a->uuid(), $doc['data'][0]['id']);
// ?filter[uid.name]=B: 0 results since user B is blocked.
$response = $this->request('GET', $collection_url->setOption('query', ['filter[uid.name]' => 'B']), $request_options);
$this->assertSession()->responseHeaderContains('X-Drupal-Cache-Contexts', 'user.permissions');
$doc = $this->getDocumentFromResponse($response);
$this->assertCount(0, $doc['data']);
// /jsonapi/user/user?filter[field_favorite_animal]: 0 results.
$response = $this->request('GET', $favorite_animal_test_url, $request_options);
$doc = $this->getDocumentFromResponse($response);
$this->assertSame(200, $response->getStatusCode());
$this->assertCount(0, $doc['data']);
// Grant "admin" permission.
$this->grantPermissionsToTestedRole(['administer users']);
// ?filter[uid.name]=B: 1 result.
$response = $this->request('GET', $collection_url->setOption('query', ['filter[uid.name]' => 'B']), $request_options);
$this->assertSession()->responseHeaderContains('X-Drupal-Cache-Contexts', 'user.permissions');
$doc = $this->getDocumentFromResponse($response);
$this->assertCount(1, $doc['data']);
$this->assertSame($node_b->uuid(), $doc['data'][0]['id']);
// /jsonapi/user/user?filter[field_favorite_animal]: 1 result.
$response = $this->request('GET', $favorite_animal_test_url, $request_options);
$doc = $this->getDocumentFromResponse($response);
$this->assertSame(200, $response->getStatusCode());
$this->assertCount(1, $doc['data']);
$this->assertSame($user_b->uuid(), $doc['data'][0]['id']);
}
/**
* Tests users with altered display names.
*/
public function testResaveAccountName(): void {
$this->config('jsonapi.settings')->set('read_only', FALSE)->save(TRUE);
$this->setUpAuthorization('PATCH');
$original_name = $this->entity->get('name')->value;
$url = Url::fromRoute('jsonapi.user--user.individual', ['entity' => $this->entity->uuid()]);
$request_options = [];
$request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
$request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions());
$response = $this->request('GET', $url, $request_options);
// Send the unchanged data back.
$request_options[RequestOptions::BODY] = (string) $response->getBody();
$request_options[RequestOptions::HEADERS]['Content-Type'] = 'application/vnd.api+json';
$response = $this->request('PATCH', $url, $request_options);
$this->assertEquals(200, $response->getStatusCode());
// Load the user entity again, make sure the name was not changed.
$this->entityStorage->resetCache();
$updated_user = $this->entityStorage->load($this->entity->id());
$this->assertEquals($original_name, $updated_user->get('name')->value);
}
/**
* Tests if JSON:API respects user.settings.cancel_method: user_cancel_block.
*/
public function testDeleteRespectsUserCancelBlock(): void {
$cancel_method = 'user_cancel_block';
$this->config('jsonapi.settings')->set('read_only', FALSE)->save(TRUE);
$this->config('user.settings')->set('cancel_method', $cancel_method)->save(TRUE);
$account = $this->createAnotherEntity($cancel_method);
$node = $this->drupalCreateNode(['uid' => $account->id()]);
$this->sendDeleteRequestForUser($account, $cancel_method);
$user_storage = $this->container->get('entity_type.manager')
->getStorage('user');
$user_storage->resetCache([$account->id()]);
$account = $user_storage->load($account->id());
$this->assertNotNull($account, 'User is not deleted after JSON:API DELETE operation with user.settings.cancel_method: ' . $cancel_method);
$this->assertTrue($account->isBlocked(), 'User is blocked after JSON:API DELETE operation with user.settings.cancel_method: ' . $cancel_method);
$node_storage = $this->container->get('entity_type.manager')->getStorage('node');
$node_storage->resetCache([$node->id()]);
$test_node = $node_storage->load($node->id());
$this->assertNotNull($test_node, 'Node of the user is not deleted.');
$this->assertTrue($test_node->isPublished(), 'Node of the user is published.');
$test_node = $node_storage->loadRevision($node->getRevisionId());
$this->assertTrue($test_node->isPublished(), 'Node revision of the user is published.');
}
/**
* Tests if JSON:API respects user.settings.cancel_method: user_cancel_block_unpublish.
*/
public function testDeleteRespectsUserCancelBlockUnpublish(): void {
$cancel_method = 'user_cancel_block_unpublish';
$this->config('jsonapi.settings')->set('read_only', FALSE)->save(TRUE);
$this->config('user.settings')->set('cancel_method', $cancel_method)->save(TRUE);
$account = $this->createAnotherEntity($cancel_method);
$node = $this->drupalCreateNode(['uid' => $account->id()]);
$this->sendDeleteRequestForUser($account, $cancel_method);
$user_storage = $this->container->get('entity_type.manager')
->getStorage('user');
$user_storage->resetCache([$account->id()]);
$account = $user_storage->load($account->id());
$this->assertNotNull($account, 'User is not deleted after JSON:API DELETE operation with user.settings.cancel_method: ' . $cancel_method);
$this->assertTrue($account->isBlocked(), 'User is blocked after JSON:API DELETE operation with user.settings.cancel_method: ' . $cancel_method);
$node_storage = $this->container->get('entity_type.manager')->getStorage('node');
$node_storage->resetCache([$node->id()]);
$test_node = $node_storage->load($node->id());
$this->assertNotNull($test_node, 'Node of the user is not deleted.');
$this->assertFalse($test_node->isPublished(), 'Node of the user is no longer published.');
$test_node = $node_storage->loadRevision($node->getRevisionId());
$this->assertFalse($test_node->isPublished(), 'Node revision of the user is no longer published.');
}
/**
* Tests if JSON:API respects user.settings.cancel_method: user_cancel_block_unpublish.
*
* @group jsonapi
*/
public function testDeleteRespectsUserCancelBlockUnpublishAndProcessesBatches(): void {
$cancel_method = 'user_cancel_block_unpublish';
$this->config('jsonapi.settings')->set('read_only', FALSE)->save(TRUE);
$this->config('user.settings')->set('cancel_method', $cancel_method)->save(TRUE);
$account = $this->createAnotherEntity($cancel_method);
$nodeCount = self::BATCH_TEST_NODE_COUNT;
$node_ids = [];
$nodes = [];
while ($nodeCount-- > 0) {
$node = $this->drupalCreateNode(['uid' => $account->id()]);
$nodes[] = $node;
$node_ids[] = $node->id();
}
$this->sendDeleteRequestForUser($account, $cancel_method);
$user_storage = $this->container->get('entity_type.manager')
->getStorage('user');
$user_storage->resetCache([$account->id()]);
$account = $user_storage->load($account->id());
$this->assertNotNull($account, 'User is not deleted after JSON:API DELETE operation with user.settings.cancel_method: ' . $cancel_method);
$this->assertTrue($account->isBlocked(), 'User is blocked after JSON:API DELETE operation with user.settings.cancel_method: ' . $cancel_method);
$node_storage = $this->container->get('entity_type.manager')->getStorage('node');
$node_storage->resetCache($node_ids);
$test_nodes = $node_storage->loadMultiple($node_ids);
$this->assertCount(self::BATCH_TEST_NODE_COUNT, $test_nodes, 'Nodes of the user are not deleted.');
foreach ($test_nodes as $test_node) {
$this->assertFalse($test_node->isPublished(), 'Node of the user is no longer published.');
}
foreach ($nodes as $node) {
$test_node = $node_storage->loadRevision($node->getRevisionId());
$this->assertFalse($test_node->isPublished(), 'Node revision of the user is no longer published.');
}
}
/**
* Tests if JSON:API respects user.settings.cancel_method: user_cancel_reassign.
*/
public function testDeleteRespectsUserCancelReassign(): void {
$cancel_method = 'user_cancel_reassign';
$this->config('jsonapi.settings')->set('read_only', FALSE)->save(TRUE);
$this->config('user.settings')->set('cancel_method', $cancel_method)->save(TRUE);
$account = $this->createAnotherEntity($cancel_method);
$node = $this->drupalCreateNode(['uid' => $account->id()]);
$this->sendDeleteRequestForUser($account, $cancel_method);
$user_storage = $this->container->get('entity_type.manager')
->getStorage('user');
$user_storage->resetCache([$account->id()]);
$account = $user_storage->load($account->id());
$this->assertNull($account, 'User is deleted after JSON:API DELETE operation with user.settings.cancel_method: ' . $cancel_method);
$node_storage = $this->container->get('entity_type.manager')->getStorage('node');
$node_storage->resetCache([$node->id()]);
$test_node = $node_storage->load($node->id());
$this->assertNotNull($test_node, 'Node of the user is not deleted.');
$this->assertTrue($test_node->isPublished(), 'Node of the user is still published.');
$this->assertEquals(0, $test_node->getOwnerId(), 'Node of the user has been attributed to anonymous user.');
$test_node = $node_storage->loadRevision($node->getRevisionId());
$this->assertTrue($test_node->isPublished(), 'Node revision of the user is still published.');
$this->assertEquals(0, $test_node->getRevisionUser()->id(), 'Node revision of the user has been attributed to anonymous user.');
}
/**
* Tests if JSON:API respects user.settings.cancel_method: user_cancel_delete.
*/
public function testDeleteRespectsUserCancelDelete(): void {
$cancel_method = 'user_cancel_delete';
$this->config('jsonapi.settings')->set('read_only', FALSE)->save(TRUE);
$this->config('user.settings')->set('cancel_method', $cancel_method)->save(TRUE);
$account = $this->createAnotherEntity($cancel_method);
$node = $this->drupalCreateNode(['uid' => $account->id()]);
$url = Url::fromRoute(sprintf('jsonapi.%s.individual', static::$resourceTypeName), ['entity' => $account->uuid()]);
$request_options = [];
$request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
$request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions());
$this->setUpAuthorization('DELETE');
$response = $this->request('DELETE', $url, $request_options);
$this->assertResourceResponse(204, NULL, $response);
$node_storage = $this->container->get('entity_type.manager')->getStorage('node');
$user_storage = $this->container->get('entity_type.manager')->getStorage('user');
$user_storage->resetCache([$account->id()]);
$account = $user_storage->load($account->id());
$this->assertNull($account, 'User is deleted after JSON:API DELETE operation with user.settings.cancel_method: ' . $cancel_method);
$node_storage->resetCache([$node->id()]);
$test_node = $node_storage->load($node->id());
$this->assertNull($test_node, 'Node of the user is deleted.');
}
/**
* {@inheritdoc}
*/
protected function getModifiedEntityForPostTesting() {
$modified = parent::getModifiedEntityForPostTesting();
$modified['data']['attributes']['name'] = $this->randomMachineName();
return $modified;
}
/**
* {@inheritdoc}
*/
protected function makeNormalizationInvalid(array $document, $entity_key) {
if ($entity_key === 'label') {
$document['data']['attributes']['name'] = [
0 => $document['data']['attributes']['name'],
1 => 'Second Title',
];
return $document;
}
return parent::makeNormalizationInvalid($document, $entity_key);
}
/**
* @param \Drupal\user\UserInterface $account
* The user account.
* @param string $cancel_method
* The cancel method.
*/
private function sendDeleteRequestForUser(UserInterface $account, string $cancel_method): void {
$url = Url::fromRoute(sprintf('jsonapi.%s.individual', static::$resourceTypeName), ['entity' => $account->uuid()]);
$request_options = [];
$request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
$request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions());
$this->setUpAuthorization('DELETE');
$response = $this->request('DELETE', $url, $request_options);
$this->assertResourceResponse(204, NULL, $response);
}
}

130
web/core/modules/jsonapi/tests/src/Functional/ViewTest.php Normal file
View File

@ -0,0 +1,130 @@
<?php
declare(strict_types=1);
namespace Drupal\Tests\jsonapi\Functional;
use Drupal\jsonapi\JsonApiSpec;
use Drupal\Core\Url;
use Drupal\views\Entity\View;
/**
* JSON:API integration test for the "View" config entity type.
*
* @group jsonapi
*/
class ViewTest extends ConfigEntityResourceTestBase {
/**
* {@inheritdoc}
*/
protected static $modules = ['views', 'views_ui'];
/**
* {@inheritdoc}
*/
protected $defaultTheme = 'stark';
/**
* {@inheritdoc}
*/
protected static $entityTypeId = 'view';
/**
* {@inheritdoc}
*/
protected static $resourceTypeName = 'view--view';
/**
* {@inheritdoc}
*
* @var \Drupal\views\ViewEntityInterface
*/
protected $entity;
/**
* {@inheritdoc}
*/
protected function setUpAuthorization($method): void {
$this->grantPermissionsToTestedRole(['administer views']);
}
/**
* {@inheritdoc}
*/
protected function createEntity() {
$view = View::create([
'id' => 'test_rest',
'label' => 'Test REST',
]);
$view->save();
return $view;
}
/**
* {@inheritdoc}
*/
protected function getExpectedDocument(): array {
$self_url = Url::fromUri('base:/jsonapi/view/view/' . $this->entity->uuid())->setAbsolute()->toString(TRUE)->getGeneratedUrl();
return [
'jsonapi' => [
'meta' => [
'links' => [
'self' => ['href' => JsonApiSpec::SUPPORTED_SPECIFICATION_PERMALINK],
],
],
'version' => JsonApiSpec::SUPPORTED_SPECIFICATION_VERSION,
],
'links' => [
'self' => ['href' => $self_url],
],
'data' => [
'id' => $this->entity->uuid(),
'type' => 'view--view',
'links' => [
'self' => ['href' => $self_url],
],
'attributes' => [
'base_field' => 'nid',
'base_table' => 'node',
'dependencies' => [],
'description' => '',
'display' => [
'default' => [
'display_plugin' => 'default',
'id' => 'default',
'display_title' => 'Default',
'position' => 0,
'display_options' => [
'display_extenders' => [],
],
'cache_metadata' => [
'max-age' => -1,
'contexts' => [
'languages:language_interface',
'url.query_args',
],
'tags' => [],
],
],
],
'label' => 'Test REST',
'langcode' => 'en',
'module' => 'views',
'status' => TRUE,
'tag' => '',
'drupal_internal__id' => 'test_rest',
],
],
];
}
/**
* {@inheritdoc}
*/
protected function getPostDocument(): array {
// @todo Update in https://www.drupal.org/node/2300677.
return [];
}
}

120
web/core/modules/jsonapi/tests/src/Functional/VocabularyTest.php Normal file
View File

@ -0,0 +1,120 @@
<?php
declare(strict_types=1);
namespace Drupal\Tests\jsonapi\Functional;
use Drupal\jsonapi\JsonApiSpec;
use Drupal\Core\Url;
use Drupal\taxonomy\Entity\Vocabulary;
/**
* JSON:API integration test for the "vocabulary" config entity type.
*
* @group jsonapi
*/
class VocabularyTest extends ConfigEntityResourceTestBase {
/**
* {@inheritdoc}
*/
protected static $modules = ['taxonomy'];
/**
* {@inheritdoc}
*/
protected $defaultTheme = 'stark';
/**
* {@inheritdoc}
*/
protected static $entityTypeId = 'taxonomy_vocabulary';
/**
* {@inheritdoc}
*/
protected static $resourceTypeName = 'taxonomy_vocabulary--taxonomy_vocabulary';
/**
* {@inheritdoc}
*
* @var \Drupal\taxonomy\VocabularyInterface
*/
protected $entity;
/**
* {@inheritdoc}
*/
protected function setUpAuthorization($method): void {
$this->grantPermissionsToTestedRole(['administer taxonomy']);
}
/**
* {@inheritdoc}
*/
protected function createEntity() {
$vocabulary = Vocabulary::create([
'name' => 'Llama',
'vid' => 'llama',
]);
$vocabulary->save();
return $vocabulary;
}
/**
* {@inheritdoc}
*/
protected function getExpectedDocument(): array {
$self_url = Url::fromUri('base:/jsonapi/taxonomy_vocabulary/taxonomy_vocabulary/' . $this->entity->uuid())->setAbsolute()->toString(TRUE)->getGeneratedUrl();
return [
'jsonapi' => [
'meta' => [
'links' => [
'self' => ['href' => JsonApiSpec::SUPPORTED_SPECIFICATION_PERMALINK],
],
],
'version' => JsonApiSpec::SUPPORTED_SPECIFICATION_VERSION,
],
'links' => [
'self' => ['href' => $self_url],
],
'data' => [
'id' => $this->entity->uuid(),
'type' => 'taxonomy_vocabulary--taxonomy_vocabulary',
'links' => [
'self' => ['href' => $self_url],
],
'attributes' => [
'langcode' => 'en',
'status' => TRUE,
'dependencies' => [],
'name' => 'Llama',
'new_revision' => FALSE,
'description' => NULL,
'weight' => 0,
'drupal_internal__vid' => 'llama',
],
],
];
}
/**
* {@inheritdoc}
*/
protected function getPostDocument(): array {
// @todo Update in https://www.drupal.org/node/2300677.
return [];
}
/**
* {@inheritdoc}
*/
protected function getExpectedUnauthorizedAccessMessage($method) {
if ($method === 'GET') {
return "The following permissions are required: 'access taxonomy overview' OR 'administer taxonomy'.";
}
return parent::getExpectedUnauthorizedAccessMessage($method);
}
}

135
web/core/modules/jsonapi/tests/src/Functional/WorkflowTest.php Normal file
View File

@ -0,0 +1,135 @@
<?php
declare(strict_types=1);
namespace Drupal\Tests\jsonapi\Functional;
use Drupal\jsonapi\JsonApiSpec;
use Drupal\Core\Url;
use Drupal\workflows\Entity\Workflow;
/**
* JSON:API integration test for the "Workflow" config entity type.
*
* @group jsonapi
*/
class WorkflowTest extends ConfigEntityResourceTestBase {
/**
* {@inheritdoc}
*/
protected static $modules = ['workflows', 'workflow_type_test'];
/**
* {@inheritdoc}
*/
protected $defaultTheme = 'stark';
/**
* {@inheritdoc}
*/
protected static $entityTypeId = 'workflow';
/**
* {@inheritdoc}
*/
protected static $resourceTypeName = 'workflow--workflow';
/**
* {@inheritdoc}
*
* @var \Drupal\shortcut\ShortcutSetInterface
*/
protected $entity;
/**
* {@inheritdoc}
*/
protected function setUpAuthorization($method): void {
$this->grantPermissionsToTestedRole(['administer workflows']);
}
/**
* {@inheritdoc}
*/
protected function createEntity() {
$workflow = Workflow::create([
'id' => 'rest_workflow',
'label' => 'REST Workflow',
'type' => 'workflow_type_complex_test',
]);
$workflow
->getTypePlugin()
->addState('draft', 'Draft')
->addState('published', 'Published');
$configuration = $workflow->getTypePlugin()->getConfiguration();
$configuration['example_setting'] = 'foo';
$configuration['states']['draft']['extra'] = 'bar';
$workflow->getTypePlugin()->setConfiguration($configuration);
$workflow->save();
return $workflow;
}
/**
* {@inheritdoc}
*/
protected function getExpectedDocument(): array {
$self_url = Url::fromUri('base:/jsonapi/workflow/workflow/' . $this->entity->uuid())->setAbsolute()->toString(TRUE)->getGeneratedUrl();
return [
'jsonapi' => [
'meta' => [
'links' => [
'self' => ['href' => JsonApiSpec::SUPPORTED_SPECIFICATION_PERMALINK],
],
],
'version' => JsonApiSpec::SUPPORTED_SPECIFICATION_VERSION,
],
'links' => [
'self' => ['href' => $self_url],
],
'data' => [
'id' => $this->entity->uuid(),
'type' => 'workflow--workflow',
'links' => [
'self' => ['href' => $self_url],
],
'attributes' => [
'dependencies' => [
'module' => [
'workflow_type_test',
],
],
'label' => 'REST Workflow',
'langcode' => 'en',
'status' => TRUE,
'workflow_type' => 'workflow_type_complex_test',
'type_settings' => [
'states' => [
'draft' => [
'extra' => 'bar',
'label' => 'Draft',
'weight' => 0,
],
'published' => [
'label' => 'Published',
'weight' => 1,
],
],
'transitions' => [],
'example_setting' => 'foo',
],
'drupal_internal__id' => 'rest_workflow',
],
],
];
}
/**
* {@inheritdoc}
*/
protected function getPostDocument(): array {
// @todo Update in https://www.drupal.org/node/2300677.
return [];
}
}

265
web/core/modules/jsonapi/tests/src/Functional/WorkspaceTest.php Normal file
View File

@ -0,0 +1,265 @@
<?php
declare(strict_types=1);
namespace Drupal\Tests\jsonapi\Functional;
use Drupal\Core\Cache\CacheableMetadata;
use Drupal\Core\Entity\EntityInterface;
use Drupal\Core\Url;
use Drupal\jsonapi\JsonApiSpec;
use Drupal\user\Entity\User;
use Drupal\workspaces\Entity\Workspace;
/**
* JSON:API integration test for the "Workspace" content entity type.
*
* @group jsonapi
* @group workspaces
*/
class WorkspaceTest extends ResourceTestBase {
/**
* {@inheritdoc}
*/
protected static $modules = ['workspaces'];
/**
* {@inheritdoc}
*/
protected $defaultTheme = 'stark';
/**
* {@inheritdoc}
*/
protected static $entityTypeId = 'workspace';
/**
* {@inheritdoc}
*/
protected static $resourceTypeName = 'workspace--workspace';
/**
* {@inheritdoc}
*/
protected static $resourceTypeIsVersionable = TRUE;
/**
* {@inheritdoc}
*/
protected static $patchProtectedFieldNames = [
'changed' => NULL,
];
/**
* {@inheritdoc}
*/
protected static $uniqueFieldNames = ['id'];
/**
* {@inheritdoc}
*/
protected static $firstCreatedEntityId = 'autumn_campaign';
/**
* {@inheritdoc}
*/
protected static $secondCreatedEntityId = 'autumn_campaign';
/**
* {@inheritdoc}
*
* @var \Drupal\workspaces\WorkspaceInterface
*/
protected $entity;
/**
* {@inheritdoc}
*/
protected function setUpAuthorization($method): void {
switch ($method) {
case 'GET':
$this->grantPermissionsToTestedRole(['view any workspace']);
break;
case 'POST':
$this->grantPermissionsToTestedRole(['create workspace']);
break;
case 'PATCH':
$this->grantPermissionsToTestedRole(['edit any workspace']);
break;
case 'DELETE':
$this->grantPermissionsToTestedRole(['delete any workspace']);
break;
}
}
/**
* {@inheritdoc}
*/
protected function createEntity(): EntityInterface {
$entity = Workspace::create([
'id' => 'campaign',
'label' => 'Campaign',
'uid' => $this->account->id(),
'created' => 123456789,
]);
$entity->save();
return $entity;
}
/**
* {@inheritdoc}
*/
protected function getExpectedDocument(): array {
$author = User::load($this->entity->getOwnerId());
$base_url = Url::fromUri('base:/jsonapi/workspace/workspace/' . $this->entity->uuid())->setAbsolute();
$self_url = clone $base_url;
$version_identifier = 'id:' . $this->entity->getRevisionId();
$self_url = $self_url->setOption('query', ['resourceVersion' => $version_identifier]);
$version_query_string = '?resourceVersion=' . urlencode($version_identifier);
return [
'jsonapi' => [
'meta' => [
'links' => [
'self' => ['href' => JsonApiSpec::SUPPORTED_SPECIFICATION_PERMALINK],
],
],
'version' => JsonApiSpec::SUPPORTED_SPECIFICATION_VERSION,
],
'links' => [
'self' => ['href' => $base_url->toString()],
],
'data' => [
'id' => $this->entity->uuid(),
'type' => static::$resourceTypeName,
'links' => [
'self' => ['href' => $self_url->toString()],
],
'attributes' => [
'created' => '1973-11-29T21:33:09+00:00',
'changed' => (new \DateTime())->setTimestamp($this->entity->getChangedTime())->setTimezone(new \DateTimeZone('UTC'))->format(\DateTime::RFC3339),
'label' => 'Campaign',
'drupal_internal__id' => 'campaign',
'drupal_internal__revision_id' => 1,
],
'relationships' => [
'parent' => [
'data' => NULL,
'links' => [
'related' => [
'href' => $base_url->toString() . '/parent' . $version_query_string,
],
'self' => [
'href' => $base_url->toString() . '/relationships/parent' . $version_query_string,
],
],
],
'uid' => [
'data' => [
'id' => $author->uuid(),
'meta' => [
'drupal_internal__target_id' => (int) $author->id(),
],
'type' => 'user--user',
],
'links' => [
'related' => [
'href' => $base_url->toString() . '/uid' . $version_query_string,
],
'self' => [
'href' => $base_url->toString() . '/relationships/uid' . $version_query_string,
],
],
],
],
],
];
}
/**
* {@inheritdoc}
*/
protected function getPostDocument(): array {
return [
'data' => [
'type' => static::$resourceTypeName,
'attributes' => [
'drupal_internal__id' => 'autumn_campaign',
'label' => 'Autumn campaign',
],
],
];
}
/**
* {@inheritdoc}
*/
protected function getModifiedEntityForPostTesting() {
$modified = parent::getModifiedEntityForPostTesting();
// Even though the field type of the workspace ID is 'string', it acts as a
// machine name through a custom constraint, so we need to ensure that we
// generate a proper random value for it.
// @see \Drupal\workspaces\Entity\Workspace::baseFieldDefinitions()
$modified['data']['attributes']['id'] = $this->randomMachineName();
return $modified;
}
/**
* {@inheritdoc}
*/
protected function getPatchDocument(): array {
$patch_document = parent::getPatchDocument();
unset($patch_document['data']['attributes']['drupal_internal__id']);
return $patch_document;
}
/**
* {@inheritdoc}
*/
protected function getExpectedUnauthorizedAccessCacheability(): CacheableMetadata {
// @see \Drupal\workspaces\WorkspaceAccessControlHandler::checkAccess()
return parent::getExpectedUnauthorizedAccessCacheability()
->addCacheTags(['workspace:campaign'])
// The "view|edit|delete own workspace" permissions add the 'user' cache
// context.
->addCacheContexts(['user']);
}
/**
* {@inheritdoc}
*/
protected function getExpectedUnauthorizedAccessMessage($method): string {
switch ($method) {
case 'GET':
return "The 'view own workspace' permission is required.";
case 'POST':
return "The following permissions are required: 'administer workspaces' OR 'create workspace'.";
case 'PATCH':
return "The 'edit own workspace' permission is required.";
case 'DELETE':
return "The 'delete own workspace' permission is required.";
default:
return parent::getExpectedUnauthorizedAccessMessage($method);
}
}
/**
* {@inheritdoc}
*/
protected function getSparseFieldSets(): array {
// Workspace's resource type name ('workspace') comes after the 'uid' field,
// which breaks nested sparse fieldset tests.
return array_diff_key(parent::getSparseFieldSets(), array_flip([
'nested_empty_fieldset',
'nested_fieldset_with_owner_fieldset',
]));
}
}

Some files were not shown because too many files have changed in this diff Show More