',
+ ],
+ ],
+ ],
+ ]);
+ $pablo_format->save();
+ return $pablo_format;
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function getExpectedDocument() {
+ $self_url = Url::fromUri('base:/jsonapi/filter_format/filter_format/' . $this->entity->uuid())->setAbsolute()->toString(TRUE)->getGeneratedUrl();
+ return [
+ 'jsonapi' => [
+ 'meta' => [
+ 'links' => [
+ 'self' => ['href' => 'http://jsonapi.org/format/1.0/'],
+ ],
+ ],
+ 'version' => '1.0',
+ ],
+ 'links' => [
+ 'self' => ['href' => $self_url],
+ ],
+ 'data' => [
+ 'id' => $this->entity->uuid(),
+ 'type' => 'filter_format--filter_format',
+ 'links' => [
+ 'self' => ['href' => $self_url],
+ ],
+ 'attributes' => [
+ 'dependencies' => [],
+ 'filters' => [
+ 'filter_html' => [
+ 'id' => 'filter_html',
+ 'provider' => 'filter',
+ 'status' => TRUE,
+ 'weight' => -10,
+ 'settings' => [
+ 'allowed_html' => ' ',
+ 'filter_html_help' => TRUE,
+ 'filter_html_nofollow' => FALSE,
+ ],
+ ],
+ ],
+ 'langcode' => 'es',
+ 'name' => 'Pablo Piccasso',
+ 'status' => TRUE,
+ 'weight' => 0,
+ 'drupal_internal__format' => 'pablo',
+ ],
+ ],
+ ];
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function getPostDocument() {
+ // @todo Update in https://www.drupal.org/node/2300677.
+ }
+
+}
diff --git a/core/modules/jsonapi/tests/src/Functional/ImageStyleTest.php b/core/modules/jsonapi/tests/src/Functional/ImageStyleTest.php
new file mode 100644
index 0000000000..55193d81a5
--- /dev/null
+++ b/core/modules/jsonapi/tests/src/Functional/ImageStyleTest.php
@@ -0,0 +1,130 @@
+grantPermissionsToTestedRole(['administer image styles']);
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function createEntity() {
+ // Create a "Camelids" image style.
+ $camelids = ImageStyle::create([
+ 'name' => 'camelids',
+ 'label' => 'Camelids',
+ ]);
+
+ // Add an image effect.
+ $effect = [
+ 'id' => 'image_scale_and_crop',
+ 'data' => [
+ 'width' => 120,
+ 'height' => 121,
+ ],
+ 'weight' => 0,
+ ];
+ $this->effectUuid = $camelids->addImageEffect($effect);
+
+ $camelids->save();
+
+ return $camelids;
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function getExpectedDocument() {
+ $self_url = Url::fromUri('base:/jsonapi/image_style/image_style/' . $this->entity->uuid())->setAbsolute()->toString(TRUE)->getGeneratedUrl();
+ return [
+ 'jsonapi' => [
+ 'meta' => [
+ 'links' => [
+ 'self' => ['href' => 'http://jsonapi.org/format/1.0/'],
+ ],
+ ],
+ 'version' => '1.0',
+ ],
+ 'links' => [
+ 'self' => ['href' => $self_url],
+ ],
+ 'data' => [
+ 'id' => $this->entity->uuid(),
+ 'type' => 'image_style--image_style',
+ 'links' => [
+ 'self' => ['href' => $self_url],
+ ],
+ 'attributes' => [
+ 'dependencies' => [],
+ 'effects' => [
+ $this->effectUuid => [
+ 'uuid' => $this->effectUuid,
+ 'id' => 'image_scale_and_crop',
+ 'weight' => 0,
+ 'data' => [
+ 'anchor' => 'center-center',
+ 'width' => 120,
+ 'height' => 121,
+ ],
+ ],
+ ],
+ 'label' => 'Camelids',
+ 'langcode' => 'en',
+ 'status' => TRUE,
+ 'drupal_internal__name' => 'camelids',
+ ],
+ ],
+ ];
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function getPostDocument() {
+ // @todo Update in https://www.drupal.org/node/2300677.
+ }
+
+}
diff --git a/core/modules/jsonapi/tests/src/Functional/InternalEntitiesTest.php b/core/modules/jsonapi/tests/src/Functional/InternalEntitiesTest.php
new file mode 100644
index 0000000000..e170222a08
--- /dev/null
+++ b/core/modules/jsonapi/tests/src/Functional/InternalEntitiesTest.php
@@ -0,0 +1,187 @@
+testUser = $this->drupalCreateUser([
+ 'view test entity',
+ 'administer entity_test_with_bundle content',
+ ], $this->randomString(), TRUE);
+ EntityTestBundle::create([
+ 'id' => 'internal_referencer',
+ 'label' => 'Entity Test Internal Referencer',
+ ])->save();
+ $this->createEntityReferenceField(
+ 'entity_test_with_bundle',
+ 'internal_referencer',
+ 'field_internal',
+ 'Internal Entities',
+ 'entity_test_no_label'
+ );
+ $this->internalEntity = EntityTestNoLabel::create([]);
+ $this->internalEntity->save();
+ $this->referencingEntity = EntityTestWithBundle::create([
+ 'type' => 'internal_referencer',
+ 'field_internal' => $this->internalEntity->id(),
+ ]);
+ $this->referencingEntity->save();
+ drupal_flush_all_caches();
+ }
+
+ /**
+ * Ensures that internal resources types aren't present in the entry point.
+ */
+ public function testEntryPoint() {
+ $document = $this->jsonapiGet('/jsonapi');
+ $this->assertArrayNotHasKey(
+ "{$this->internalEntity->getEntityTypeId()}--{$this->internalEntity->bundle()}",
+ $document['links'],
+ 'The entry point should not contain links to internal resource type routes.'
+ );
+ }
+
+ /**
+ * Ensures that internal resources types aren't present in the routes.
+ */
+ public function testRoutes() {
+ // This cannot be in a data provider because it needs values created by the
+ // setUp method.
+ $paths = [
+ 'individual' => "/jsonapi/entity_test_no_label/entity_test_no_label/{$this->internalEntity->uuid()}",
+ 'collection' => "/jsonapi/entity_test_no_label/entity_test_no_label",
+ 'related' => "/jsonapi/entity_test_no_label/entity_test_no_label/{$this->internalEntity->uuid()}/field_internal",
+ ];
+ $this->drupalLogin($this->testUser);
+ foreach ($paths as $type => $path) {
+ $this->drupalGet($path, ['Accept' => 'application/vnd.api+json']);
+ $this->assertSame(404, $this->getSession()->getStatusCode());
+ }
+ }
+
+ /**
+ * Asserts that internal entities are not included in compound documents.
+ */
+ public function testIncludes() {
+ $document = $this->getIndividual($this->referencingEntity, [
+ 'query' => ['include' => 'field_internal'],
+ ]);
+ $this->assertArrayNotHasKey(
+ 'included',
+ $document,
+ 'Internal entities should not be included in compound documents.'
+ );
+ }
+
+ /**
+ * Asserts that links to internal relationships aren't generated.
+ */
+ public function testLinks() {
+ $document = $this->getIndividual($this->referencingEntity);
+ $this->assertArrayNotHasKey(
+ 'related',
+ $document['data']['relationships']['field_internal']['links'],
+ 'Links to internal-only related routes should not be in the document.'
+ );
+ }
+
+ /**
+ * Returns the decoded JSON:API document for the for the given entity.
+ *
+ * @param \Drupal\Core\Entity\EntityInterface $entity
+ * The entity to request.
+ * @param array $options
+ * URL options.
+ *
+ * @return array
+ * The decoded response document.
+ */
+ protected function getIndividual(EntityInterface $entity, array $options = []) {
+ $entity_type_id = $entity->getEntityTypeId();
+ $bundle = $entity->bundle();
+ $path = "/jsonapi/{$entity_type_id}/{$bundle}/{$entity->uuid()}";
+ return $this->jsonapiGet($path, $options);
+ }
+
+ /**
+ * Performs an authenticated request and returns the decoded document.
+ *
+ * @param \Drupal\Core\Entity\EntityInterface $entity
+ * The entity to request.
+ * @param string $relationship
+ * The field name of the relationship to request.
+ * @param array $options
+ * URL options.
+ *
+ * @return array
+ * The decoded response document.
+ */
+ protected function getRelated(EntityInterface $entity, $relationship, array $options = []) {
+ $entity_type_id = $entity->getEntityTypeId();
+ $bundle = $entity->bundle();
+ $path = "/jsonapi/{$entity_type_id}/{$bundle}/{$entity->uuid()}/{$relationship}";
+ return $this->jsonapiGet($path, $options);
+ }
+
+ /**
+ * Performs an authenticated request and returns the decoded document.
+ */
+ protected function jsonapiGet($path, array $options = []) {
+ $this->drupalLogin($this->testUser);
+ $response = $this->drupalGet($path, $options, ['Accept' => 'application/vnd.api+json']);
+ return Json::decode($response);
+ }
+
+}
diff --git a/core/modules/jsonapi/tests/src/Functional/ItemTest.php b/core/modules/jsonapi/tests/src/Functional/ItemTest.php
new file mode 100644
index 0000000000..6e3a48f027
--- /dev/null
+++ b/core/modules/jsonapi/tests/src/Functional/ItemTest.php
@@ -0,0 +1,175 @@
+grantPermissionsToTestedRole(['access news feeds']);
+ break;
+
+ case 'POST':
+ case 'PATCH':
+ case 'DELETE':
+ $this->grantPermissionsToTestedRole(['administer news feeds']);
+ break;
+ }
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function createEntity() {
+ // Create a "Camelids" feed.
+ $feed = Feed::create([
+ 'title' => 'Camelids',
+ 'url' => 'https://groups.drupal.org/not_used/167169',
+ 'refresh' => 900,
+ 'checked' => 1389919932,
+ 'description' => 'Drupal Core Group feed',
+ ]);
+ $feed->save();
+
+ // Create a "Llama" item.
+ $item = Item::create();
+ $item->setTitle('Llama')
+ ->setFeedId($feed->id())
+ ->setLink('https://www.drupal.org/')
+ ->setPostedTime(123456789)
+ ->save();
+
+ return $item;
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function createAnotherEntity($key) {
+ $duplicate = $this->getEntityDuplicate($this->entity, $key);
+ $duplicate->setLink('https://www.example.org/');
+ $duplicate->save();
+ return $duplicate;
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function getExpectedDocument() {
+ return [];
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function getPostDocument() {
+ return [];
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function getExpectedUnauthorizedAccessMessage($method) {
+ switch ($method) {
+ case 'GET':
+ return "The 'access news feeds' permission is required.";
+
+ case 'POST':
+ case 'PATCH':
+ case 'DELETE':
+ return "The 'administer news feeds' permission is required.";
+ }
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function testGetIndividual() {
+ $this->markTestSkipped('Remove this override in https://www.drupal.org/project/drupal/issues/2149851');
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function testCollection() {
+ $this->markTestSkipped('Remove this override in https://www.drupal.org/project/drupal/issues/2149851');
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function testRelated() {
+ $this->markTestSkipped('Remove this override in https://www.drupal.org/project/drupal/issues/2149851');
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function testRelationships() {
+ $this->markTestSkipped('Remove this override in https://www.drupal.org/project/drupal/issues/2149851');
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function testPostIndividual() {
+ $this->markTestSkipped('Remove this override in https://www.drupal.org/project/drupal/issues/2149851');
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function testPatchIndividual() {
+ $this->markTestSkipped('Remove this override in https://www.drupal.org/project/drupal/issues/2149851');
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function testDeleteIndividual() {
+ $this->markTestSkipped('Remove this override in https://www.drupal.org/project/drupal/issues/2149851');
+ }
+
+}
diff --git a/core/modules/jsonapi/tests/src/Functional/JsonApiFunctionalMultilingualTest.php b/core/modules/jsonapi/tests/src/Functional/JsonApiFunctionalMultilingualTest.php
new file mode 100644
index 0000000000..a060d9aa17
--- /dev/null
+++ b/core/modules/jsonapi/tests/src/Functional/JsonApiFunctionalMultilingualTest.php
@@ -0,0 +1,76 @@
+save();
+
+ // In order to reflect the changes for a multilingual site in the container
+ // we have to rebuild it.
+ $this->rebuildContainer();
+
+ \Drupal::configFactory()->getEditable('language.negotiation')
+ ->set('url.prefixes.ca', 'ca')
+ ->save();
+ }
+
+ /**
+ * Tests reading multilingual content.
+ */
+ public function testReadMultilingual() {
+ $this->createDefaultContent(5, 5, TRUE, TRUE, static::IS_MULTILINGUAL, FALSE);
+
+ // Different databases have different sort orders, so a sort is required so
+ // test expectations do not need to vary per database.
+ $default_sort = ['sort' => 'drupal_internal__nid'];
+
+ // Test reading an individual entity.
+ $output = Json::decode($this->drupalGet('/ca/jsonapi/node/article/' . $this->nodes[0]->uuid(), ['query' => ['include' => 'field_tags,field_image'] + $default_sort]));
+ $this->assertEquals($this->nodes[0]->getTranslation('ca')->getTitle(), $output['data']['attributes']['title']);
+
+ $included_tags = array_filter($output['included'], function ($entry) {
+ return $entry['type'] === 'taxonomy_term--tags';
+ });
+ $tag_name = $this->nodes[0]->get('field_tags')->entity
+ ->getTranslation('ca')->getName();
+ // TODO figure out how to fetcht the alt text of an image.
+ $this->assertEquals($tag_name, reset($included_tags)['attributes']['name']);
+
+ $output = Json::decode($this->drupalGet('/ca/jsonapi/node/article/' . $this->nodes[0]->uuid(), ['query' => $default_sort]));
+ $this->assertEquals($this->nodes[0]->getTranslation('ca')->getTitle(), $output['data']['attributes']['title']);
+
+ // Test reading a collection of entities.
+ $output = Json::decode($this->drupalGet('/ca/jsonapi/node/article', ['query' => $default_sort]));
+ $this->assertEquals($this->nodes[0]->getTranslation('ca')->getTitle(), $output['data'][0]['attributes']['title']);
+ }
+
+}
diff --git a/core/modules/jsonapi/tests/src/Functional/JsonApiFunctionalTest.php b/core/modules/jsonapi/tests/src/Functional/JsonApiFunctionalTest.php
new file mode 100644
index 0000000000..80db077449
--- /dev/null
+++ b/core/modules/jsonapi/tests/src/Functional/JsonApiFunctionalTest.php
@@ -0,0 +1,876 @@
+createDefaultContent(61, 5, TRUE, TRUE, static::IS_NOT_MULTILINGUAL, FALSE);
+ // Unpublish the last entity, so we can check access.
+ $this->nodes[60]->setUnpublished()->save();
+
+ // Different databases have different sort orders, so a sort is required so
+ // test expectations do not need to vary per database.
+ $default_sort = ['sort' => 'drupal_internal__nid'];
+
+ // 0. HEAD request allows a client to verify that JSON:API is installed.
+ $this->httpClient->request('HEAD', $this->buildUrl('/jsonapi/node/article'));
+ $this->assertSession()->statusCodeEquals(200);
+ // 1. Load all articles (1st page).
+ $collection_output = Json::decode($this->drupalGet('/jsonapi/node/article', [
+ 'query' => $default_sort,
+ ]));
+ $this->assertSession()->statusCodeEquals(200);
+ $this->assertEquals(OffsetPage::SIZE_MAX, count($collection_output['data']));
+ $this->assertSession()
+ ->responseHeaderEquals('Content-Type', 'application/vnd.api+json');
+ // 2. Load all articles (Offset 3).
+ $collection_output = Json::decode($this->drupalGet('/jsonapi/node/article', [
+ 'query' => ['page' => ['offset' => 3]] + $default_sort,
+ ]));
+ $this->assertSession()->statusCodeEquals(200);
+ $this->assertEquals(OffsetPage::SIZE_MAX, count($collection_output['data']));
+ $this->assertContains('page%5Boffset%5D=53', $collection_output['links']['next']['href']);
+ // 3. Load all articles (1st page, 2 items)
+ $collection_output = Json::decode($this->drupalGet('/jsonapi/node/article', [
+ 'query' => ['page' => ['limit' => 2]] + $default_sort,
+ ]));
+ $this->assertSession()->statusCodeEquals(200);
+ $this->assertEquals(2, count($collection_output['data']));
+ // 4. Load all articles (2nd page, 2 items).
+ $collection_output = Json::decode($this->drupalGet('/jsonapi/node/article', [
+ 'query' => [
+ 'page' => [
+ 'limit' => 2,
+ 'offset' => 2,
+ ],
+ ] + $default_sort,
+ ]));
+ $this->assertSession()->statusCodeEquals(200);
+ $this->assertEquals(2, count($collection_output['data']));
+ $this->assertContains('page%5Boffset%5D=4', $collection_output['links']['next']['href']);
+ // 5. Single article.
+ $uuid = $this->nodes[0]->uuid();
+ $single_output = Json::decode($this->drupalGet('/jsonapi/node/article/' . $uuid));
+ $this->assertSession()->statusCodeEquals(200);
+ $this->assertArrayHasKey('type', $single_output['data']);
+ $this->assertEquals($this->nodes[0]->getTitle(), $single_output['data']['attributes']['title']);
+
+ // 5.1 Single article with access denied because unauthenticated.
+ Json::decode($this->drupalGet('/jsonapi/node/article/' . $this->nodes[60]->uuid()));
+ $this->assertSession()->statusCodeEquals(401);
+
+ // 5.1 Single article with access denied while authenticated.
+ $this->drupalLogin($this->userCanViewProfiles);
+ $single_output = Json::decode($this->drupalGet('/jsonapi/node/article/' . $this->nodes[60]->uuid()));
+ $this->assertSession()->statusCodeEquals(403);
+ $this->assertEquals('/data', $single_output['errors'][0]['source']['pointer']);
+ $this->drupalLogout();
+
+ // 6. Single relationship item.
+ $single_output = Json::decode($this->drupalGet('/jsonapi/node/article/' . $uuid . '/relationships/node_type'));
+ $this->assertSession()->statusCodeEquals(200);
+ $this->assertArrayHasKey('type', $single_output['data']);
+ $this->assertArrayNotHasKey('attributes', $single_output['data']);
+ $this->assertArrayHasKey('related', $single_output['links']);
+ // 7. Single relationship image.
+ $single_output = Json::decode($this->drupalGet('/jsonapi/node/article/' . $uuid . '/relationships/field_image'));
+ $this->assertSession()->statusCodeEquals(200);
+ $this->assertArrayHasKey('type', $single_output['data']);
+ $this->assertArrayNotHasKey('attributes', $single_output['data']);
+ $this->assertArrayHasKey('related', $single_output['links']);
+ // 8. Multiple relationship item.
+ $single_output = Json::decode($this->drupalGet('/jsonapi/node/article/' . $uuid . '/relationships/field_tags'));
+ $this->assertSession()->statusCodeEquals(200);
+ $this->assertArrayHasKey('type', $single_output['data'][0]);
+ $this->assertArrayNotHasKey('attributes', $single_output['data'][0]);
+ $this->assertArrayHasKey('related', $single_output['links']);
+ // 8b. Single related item, empty.
+ $single_output = Json::decode($this->drupalGet('/jsonapi/node/article/' . $uuid . '/field_heroless'));
+ $this->assertSession()->statusCodeEquals(200);
+ $this->assertSame(NULL, $single_output['data']);
+ // 9. Related tags with includes.
+ $single_output = Json::decode($this->drupalGet('/jsonapi/node/article/' . $uuid . '/field_tags', [
+ 'query' => ['include' => 'vid'],
+ ]));
+ $this->assertSession()->statusCodeEquals(200);
+ $this->assertEquals('taxonomy_term--tags', $single_output['data'][0]['type']);
+ $this->assertArrayNotHasKey('tid', $single_output['data'][0]['attributes']);
+ $this->assertContains(
+ '/taxonomy_term/tags/',
+ $single_output['data'][0]['links']['self']['href']
+ );
+ $this->assertEquals(
+ 'taxonomy_vocabulary--taxonomy_vocabulary',
+ $single_output['included'][0]['type']
+ );
+ // 10. Single article with includes.
+ $single_output = Json::decode($this->drupalGet('/jsonapi/node/article/' . $uuid, [
+ 'query' => ['include' => 'uid,field_tags'],
+ ]));
+ $this->assertSession()->statusCodeEquals(200);
+ $this->assertEquals('node--article', $single_output['data']['type']);
+ $first_include = reset($single_output['included']);
+ $this->assertEquals(
+ 'user--user',
+ $first_include['type']
+ );
+ $last_include = end($single_output['included']);
+ $this->assertEquals(
+ 'taxonomy_term--tags',
+ $last_include['type']
+ );
+
+ // 10b. Single article with nested includes.
+ $single_output = Json::decode($this->drupalGet('/jsonapi/node/article/' . $uuid, [
+ 'query' => ['include' => 'field_tags,field_tags.vid'],
+ ]));
+ $this->assertSession()->statusCodeEquals(200);
+ $this->assertEquals('node--article', $single_output['data']['type']);
+ $first_include = reset($single_output['included']);
+ $this->assertEquals(
+ 'taxonomy_term--tags',
+ $first_include['type']
+ );
+ $last_include = end($single_output['included']);
+ $this->assertEquals(
+ 'taxonomy_vocabulary--taxonomy_vocabulary',
+ $last_include['type']
+ );
+
+ // 11. Includes with relationships.
+ $this->drupalGet('/jsonapi/node/article/' . $uuid . '/relationships/uid');
+ $single_output = Json::decode($this->drupalGet('/jsonapi/node/article/' . $uuid . '/relationships/uid', [
+ 'query' => ['include' => 'uid'],
+ ]));
+ $this->assertSession()->statusCodeEquals(200);
+ $this->assertEquals('user--user', $single_output['data']['type']);
+ $this->assertArrayHasKey('related', $single_output['links']);
+ $this->assertArrayHasKey('included', $single_output);
+ $first_include = reset($single_output['included']);
+ $this->assertEquals(
+ 'user--user',
+ $first_include['type']
+ );
+ $this->assertFalse(empty($first_include['attributes']));
+ $this->assertTrue(empty($first_include['attributes']['mail']));
+ $this->assertTrue(empty($first_include['attributes']['pass']));
+ // 12. Collection with one access denied.
+ $this->nodes[1]->set('status', FALSE);
+ $this->nodes[1]->save();
+ $single_output = Json::decode($this->drupalGet('/jsonapi/node/article', [
+ 'query' => ['page' => ['limit' => 2]] + $default_sort,
+ ]));
+ $this->assertSession()->statusCodeEquals(200);
+ $this->assertEquals(1, count($single_output['data']));
+ $this->assertEquals(1, count(array_filter(array_keys($single_output['meta']['omitted']['links']), function ($key) {
+ return $key !== 'help';
+ })));
+ $link_keys = array_keys($single_output['meta']['omitted']['links']);
+ $this->assertSame('help', reset($link_keys));
+ $this->assertRegExp('/^item:[a-zA-Z0-9]{7}$/', next($link_keys));
+ $this->nodes[1]->set('status', TRUE);
+ $this->nodes[1]->save();
+ // 13. Test filtering when using short syntax.
+ $filter = [
+ 'uid.id' => ['value' => $this->user->uuid()],
+ 'field_tags.id' => ['value' => $this->tags[0]->uuid()],
+ ];
+ $single_output = Json::decode($this->drupalGet('/jsonapi/node/article', [
+ 'query' => ['filter' => $filter, 'include' => 'uid,field_tags'],
+ ]));
+ $this->assertSession()->statusCodeEquals(200);
+ $this->assertGreaterThan(0, count($single_output['data']));
+ // 14. Test filtering when using long syntax.
+ $filter = [
+ 'and_group' => ['group' => ['conjunction' => 'AND']],
+ 'filter_user' => [
+ 'condition' => [
+ 'path' => 'uid.id',
+ 'value' => $this->user->uuid(),
+ 'memberOf' => 'and_group',
+ ],
+ ],
+ 'filter_tags' => [
+ 'condition' => [
+ 'path' => 'field_tags.id',
+ 'value' => $this->tags[0]->uuid(),
+ 'memberOf' => 'and_group',
+ ],
+ ],
+ ];
+ $single_output = Json::decode($this->drupalGet('/jsonapi/node/article', [
+ 'query' => ['filter' => $filter, 'include' => 'uid,field_tags'],
+ ]));
+ $this->assertSession()->statusCodeEquals(200);
+ $this->assertGreaterThan(0, count($single_output['data']));
+ // 15. Test filtering when using invalid syntax.
+ $filter = [
+ 'and_group' => ['group' => ['conjunction' => 'AND']],
+ 'filter_user' => [
+ 'condition' => [
+ 'name-with-a-typo' => 'uid.id',
+ 'value' => $this->user->uuid(),
+ 'memberOf' => 'and_group',
+ ],
+ ],
+ ];
+ $this->drupalGet('/jsonapi/node/article', [
+ 'query' => ['filter' => $filter] + $default_sort,
+ ]);
+ $this->assertSession()->statusCodeEquals(400);
+ // 16. Test filtering on the same field.
+ $filter = [
+ 'or_group' => ['group' => ['conjunction' => 'OR']],
+ 'filter_tags_1' => [
+ 'condition' => [
+ 'path' => 'field_tags.id',
+ 'value' => $this->tags[0]->uuid(),
+ 'memberOf' => 'or_group',
+ ],
+ ],
+ 'filter_tags_2' => [
+ 'condition' => [
+ 'path' => 'field_tags.id',
+ 'value' => $this->tags[1]->uuid(),
+ 'memberOf' => 'or_group',
+ ],
+ ],
+ ];
+ $single_output = Json::decode($this->drupalGet('/jsonapi/node/article', [
+ 'query' => ['filter' => $filter, 'include' => 'field_tags'] + $default_sort,
+ ]));
+ $this->assertSession()->statusCodeEquals(200);
+ $this->assertGreaterThanOrEqual(2, count($single_output['included']));
+ // 17. Single user (check fields lacking 'view' access).
+ $user_url = Url::fromRoute('jsonapi.user--user.individual', [
+ 'entity' => $this->user->uuid(),
+ ]);
+ $response = $this->request('GET', $user_url, [
+ 'auth' => [
+ $this->userCanViewProfiles->getUsername(),
+ $this->userCanViewProfiles->pass_raw,
+ ],
+ ]);
+ $single_output = Json::decode($response->getBody()->__toString());
+ $this->assertEquals(200, $response->getStatusCode());
+ $this->assertEquals('user--user', $single_output['data']['type']);
+ $this->assertEquals($this->user->get('name')->value, $single_output['data']['attributes']['name']);
+ $this->assertTrue(empty($single_output['data']['attributes']['mail']));
+ $this->assertTrue(empty($single_output['data']['attributes']['pass']));
+ // 18. Test filtering on the column of a link.
+ $filter = [
+ 'linkUri' => [
+ 'condition' => [
+ 'path' => 'field_link.uri',
+ 'value' => 'https://',
+ 'operator' => 'STARTS_WITH',
+ ],
+ ],
+ ];
+ $single_output = Json::decode($this->drupalGet('/jsonapi/node/article', [
+ 'query' => ['filter' => $filter] + $default_sort,
+ ]));
+ $this->assertSession()->statusCodeEquals(200);
+ $this->assertGreaterThanOrEqual(1, count($single_output['data']));
+ // 19. Test non-existing route without 'Accept' header.
+ $this->drupalGet('/jsonapi/node/article/broccoli');
+ $this->assertSession()->statusCodeEquals(404);
+ // Even without the 'Accept' header the 404 error is formatted as JSON:API.
+ $this->assertSession()->responseHeaderEquals('Content-Type', 'application/vnd.api+json');
+ // 20. Test non-existing route with 'Accept' header.
+ $single_output = Json::decode($this->drupalGet('/jsonapi/node/article/broccoli', [], [
+ 'Accept' => 'application/vnd.api+json',
+ ]));
+ $this->assertEquals(404, $single_output['errors'][0]['status']);
+ $this->assertSession()->statusCodeEquals(404);
+ // With the 'Accept' header we can know we want the 404 error formatted as
+ // JSON:API.
+ $this->assertSession()->responseHeaderContains('Content-Type', 'application/vnd.api+json');
+ // 22. Test sort criteria on multiple fields: both ASC.
+ $output = Json::decode($this->drupalGet('/jsonapi/node/article', [
+ 'query' => [
+ 'page[limit]' => 6,
+ 'sort' => 'field_sort1,field_sort2',
+ ],
+ ]));
+ $output_uuids = array_map(function ($result) {
+ return $result['id'];
+ }, $output['data']);
+ $this->assertCount(6, $output_uuids);
+ $this->assertSame([
+ Node::load(5)->uuid(),
+ Node::load(4)->uuid(),
+ Node::load(3)->uuid(),
+ Node::load(2)->uuid(),
+ Node::load(1)->uuid(),
+ Node::load(10)->uuid(),
+ ], $output_uuids);
+ // 23. Test sort criteria on multiple fields: first ASC, second DESC.
+ $output = Json::decode($this->drupalGet('/jsonapi/node/article', [
+ 'query' => [
+ 'page[limit]' => 6,
+ 'sort' => 'field_sort1,-field_sort2',
+ ],
+ ]));
+ $output_uuids = array_map(function ($result) {
+ return $result['id'];
+ }, $output['data']);
+ $this->assertCount(6, $output_uuids);
+ $this->assertSame([
+ Node::load(1)->uuid(),
+ Node::load(2)->uuid(),
+ Node::load(3)->uuid(),
+ Node::load(4)->uuid(),
+ Node::load(5)->uuid(),
+ Node::load(6)->uuid(),
+ ], $output_uuids);
+ // 24. Test sort criteria on multiple fields: first DESC, second ASC.
+ $output = Json::decode($this->drupalGet('/jsonapi/node/article', [
+ 'query' => [
+ 'page[limit]' => 6,
+ 'sort' => '-field_sort1,field_sort2',
+ ],
+ ]));
+ $output_uuids = array_map(function ($result) {
+ return $result['id'];
+ }, $output['data']);
+ $this->assertCount(5, $output_uuids);
+ $this->assertCount(2, $output['meta']['omitted']['links']);
+ $this->assertSame([
+ Node::load(60)->uuid(),
+ Node::load(59)->uuid(),
+ Node::load(58)->uuid(),
+ Node::load(57)->uuid(),
+ Node::load(56)->uuid(),
+ ], $output_uuids);
+ // 25. Test sort criteria on multiple fields: both DESC.
+ $output = Json::decode($this->drupalGet('/jsonapi/node/article', [
+ 'query' => [
+ 'page[limit]' => 6,
+ 'sort' => '-field_sort1,-field_sort2',
+ ],
+ ]));
+ $output_uuids = array_map(function ($result) {
+ return $result['id'];
+ }, $output['data']);
+ $this->assertCount(5, $output_uuids);
+ $this->assertCount(2, $output['meta']['omitted']['links']);
+ $this->assertSame([
+ Node::load(56)->uuid(),
+ Node::load(57)->uuid(),
+ Node::load(58)->uuid(),
+ Node::load(59)->uuid(),
+ Node::load(60)->uuid(),
+ ], $output_uuids);
+ // 25. Test collection count.
+ $this->container->get('module_installer')->install(['jsonapi_test_collection_count']);
+ $collection_output = Json::decode($this->drupalGet('/jsonapi/node/article'));
+ $this->assertSession()->statusCodeEquals(200);
+ $this->assertEquals(61, $collection_output['meta']['count']);
+ $this->container->get('module_installer')->uninstall(['jsonapi_test_collection_count']);
+
+ // Test documentation filtering examples.
+ // 1. Only get published nodes.
+ $filter = [
+ 'status-filter' => [
+ 'condition' => [
+ 'path' => 'status',
+ 'value' => 1,
+ ],
+ ],
+ ];
+ $collection_output = Json::decode($this->drupalGet('/jsonapi/node/article', [
+ 'query' => ['filter' => $filter] + $default_sort,
+ ]));
+ $this->assertSession()->statusCodeEquals(200);
+ $this->assertGreaterThanOrEqual(OffsetPage::SIZE_MAX, count($collection_output['data']));
+ // 2. Nested Filters: Get nodes created by user admin.
+ $filter = [
+ 'name-filter' => [
+ 'condition' => [
+ 'path' => 'uid.name',
+ 'value' => $this->user->getAccountName(),
+ ],
+ ],
+ ];
+ $collection_output = Json::decode($this->drupalGet('/jsonapi/node/article', [
+ 'query' => ['filter' => $filter] + $default_sort,
+ ]));
+ $this->assertSession()->statusCodeEquals(200);
+ $this->assertGreaterThanOrEqual(OffsetPage::SIZE_MAX, count($collection_output['data']));
+ // 3. Filtering with arrays: Get nodes created by users [admin, john].
+ $filter = [
+ 'name-filter' => [
+ 'condition' => [
+ 'path' => 'uid.name',
+ 'operator' => 'IN',
+ 'value' => [
+ $this->user->getAccountName(),
+ $this->getRandomGenerator()->name(),
+ ],
+ ],
+ ],
+ ];
+ $collection_output = Json::decode($this->drupalGet('/jsonapi/node/article', [
+ 'query' => ['filter' => $filter] + $default_sort,
+ ]));
+ $this->assertSession()->statusCodeEquals(200);
+ $this->assertGreaterThanOrEqual(OffsetPage::SIZE_MAX, count($collection_output['data']));
+ // 4. Grouping filters: Get nodes that are published and create by admin.
+ $filter = [
+ 'and-group' => [
+ 'group' => [
+ 'conjunction' => 'AND',
+ ],
+ ],
+ 'name-filter' => [
+ 'condition' => [
+ 'path' => 'uid.name',
+ 'value' => $this->user->getAccountName(),
+ 'memberOf' => 'and-group',
+ ],
+ ],
+ 'status-filter' => [
+ 'condition' => [
+ 'path' => 'status',
+ 'value' => 1,
+ 'memberOf' => 'and-group',
+ ],
+ ],
+ ];
+ $collection_output = Json::decode($this->drupalGet('/jsonapi/node/article', [
+ 'query' => ['filter' => $filter] + $default_sort,
+ ]));
+ $this->assertSession()->statusCodeEquals(200);
+ $this->assertGreaterThanOrEqual(OffsetPage::SIZE_MAX, count($collection_output['data']));
+ // 5. Grouping grouped filters: Get nodes that are promoted or sticky and
+ // created by admin.
+ $filter = [
+ 'and-group' => [
+ 'group' => [
+ 'conjunction' => 'AND',
+ ],
+ ],
+ 'or-group' => [
+ 'group' => [
+ 'conjunction' => 'OR',
+ 'memberOf' => 'and-group',
+ ],
+ ],
+ 'admin-filter' => [
+ 'condition' => [
+ 'path' => 'uid.name',
+ 'value' => $this->user->getAccountName(),
+ 'memberOf' => 'and-group',
+ ],
+ ],
+ 'sticky-filter' => [
+ 'condition' => [
+ 'path' => 'sticky',
+ 'value' => 1,
+ 'memberOf' => 'or-group',
+ ],
+ ],
+ 'promote-filter' => [
+ 'condition' => [
+ 'path' => 'promote',
+ 'value' => 0,
+ 'memberOf' => 'or-group',
+ ],
+ ],
+ ];
+ $collection_output = Json::decode($this->drupalGet('/jsonapi/node/article', [
+ 'query' => ['filter' => $filter] + $default_sort,
+ ]));
+ $this->assertSession()->statusCodeEquals(200);
+ $this->assertEquals(0, count($collection_output['data']));
+ }
+
+ /**
+ * Test the GET method on articles referencing the same tag twice.
+ */
+ public function testReferencingTwiceRead() {
+ $this->createDefaultContent(1, 1, FALSE, FALSE, static::IS_NOT_MULTILINGUAL, TRUE);
+
+ // 1. Load all articles (1st page).
+ $collection_output = Json::decode($this->drupalGet('/jsonapi/node/article'));
+ $this->assertSession()->statusCodeEquals(200);
+ $this->assertEquals(1, count($collection_output['data']));
+ $this->assertSession()
+ ->responseHeaderEquals('Content-Type', 'application/vnd.api+json');
+ }
+
+ /**
+ * Test POST, PATCH and DELETE.
+ */
+ public function testWrite() {
+ $this->createDefaultContent(0, 3, FALSE, FALSE, static::IS_NOT_MULTILINGUAL, FALSE);
+ // 1. Successful post.
+ $collection_url = Url::fromRoute('jsonapi.node--article.collection.post');
+ $body = [
+ 'data' => [
+ 'type' => 'node--article',
+ 'attributes' => [
+ 'langcode' => 'en',
+ 'title' => 'My custom title',
+ 'default_langcode' => '1',
+ 'body' => [
+ 'value' => 'Custom value',
+ 'format' => 'plain_text',
+ 'summary' => 'Custom summary',
+ ],
+ ],
+ 'relationships' => [
+ 'field_tags' => [
+ 'data' => [
+ [
+ 'type' => 'taxonomy_term--tags',
+ 'id' => $this->tags[0]->uuid(),
+ ],
+ [
+ 'type' => 'taxonomy_term--tags',
+ 'id' => $this->tags[1]->uuid(),
+ ],
+ ],
+ ],
+ ],
+ ],
+ ];
+ $response = $this->request('POST', $collection_url, [
+ 'body' => Json::encode($body),
+ 'auth' => [$this->user->getUsername(), $this->user->pass_raw],
+ 'headers' => ['Content-Type' => 'application/vnd.api+json'],
+ ]);
+ $created_response = Json::decode($response->getBody()->__toString());
+ $this->assertEquals(201, $response->getStatusCode());
+ $this->assertArrayNotHasKey('uuid', $created_response['data']['attributes']);
+ $uuid = $created_response['data']['id'];
+ $this->assertEquals(2, count($created_response['data']['relationships']['field_tags']['data']));
+ $this->assertEquals($created_response['data']['links']['self']['href'], $response->getHeader('Location')[0]);
+
+ // 2. Authorization error.
+ $response = $this->request('POST', $collection_url, [
+ 'body' => Json::encode($body),
+ 'headers' => ['Content-Type' => 'application/vnd.api+json'],
+ ]);
+ $created_response = Json::decode($response->getBody()->__toString());
+ $this->assertEquals(401, $response->getStatusCode());
+ $this->assertNotEmpty($created_response['errors']);
+ $this->assertEquals('Unauthorized', $created_response['errors'][0]['title']);
+
+ // 2.1 Authorization error with a user without create permissions.
+ $response = $this->request('POST', $collection_url, [
+ 'body' => Json::encode($body),
+ 'auth' => [$this->userCanViewProfiles->getUsername(), $this->userCanViewProfiles->pass_raw],
+ 'headers' => ['Content-Type' => 'application/vnd.api+json'],
+ ]);
+ $created_response = Json::decode($response->getBody()->__toString());
+ $this->assertEquals(403, $response->getStatusCode());
+ $this->assertNotEmpty($created_response['errors']);
+ $this->assertEquals('Forbidden', $created_response['errors'][0]['title']);
+
+ // 3. Missing Content-Type error.
+ $response = $this->request('POST', $collection_url, [
+ 'body' => Json::encode($body),
+ 'auth' => [$this->user->getUsername(), $this->user->pass_raw],
+ 'headers' => ['Accept' => 'application/vnd.api+json'],
+ ]);
+ $created_response = Json::decode($response->getBody()->__toString());
+ $this->assertEquals(415, $response->getStatusCode());
+
+ // 4. Article with a duplicate ID.
+ $invalid_body = $body;
+ $invalid_body['data']['id'] = Node::load(1)->uuid();
+ $response = $this->request('POST', $collection_url, [
+ 'body' => Json::encode($invalid_body),
+ 'auth' => [$this->user->getUsername(), $this->user->pass_raw],
+ 'headers' => [
+ 'Accept' => 'application/vnd.api+json',
+ 'Content-Type' => 'application/vnd.api+json',
+ ],
+ ]);
+ $created_response = Json::decode($response->getBody()->__toString());
+ $this->assertEquals(409, $response->getStatusCode());
+ $this->assertNotEmpty($created_response['errors']);
+ $this->assertEquals('Conflict', $created_response['errors'][0]['title']);
+ // 5. Article with wrong reference UUIDs for tags.
+ $body_invalid_tags = $body;
+ $body_invalid_tags['data']['relationships']['field_tags']['data'][0]['id'] = 'lorem';
+ $body_invalid_tags['data']['relationships']['field_tags']['data'][1]['id'] = 'ipsum';
+ $response = $this->request('POST', $collection_url, [
+ 'body' => Json::encode($body_invalid_tags),
+ 'auth' => [$this->user->getUsername(), $this->user->pass_raw],
+ 'headers' => ['Content-Type' => 'application/vnd.api+json'],
+ ]);
+ $created_response = Json::decode($response->getBody()->__toString());
+ $this->assertEquals(404, $response->getStatusCode());
+ // 6. Decoding error.
+ $response = $this->request('POST', $collection_url, [
+ 'body' => '{"bad json",,,}',
+ 'auth' => [$this->user->getUsername(), $this->user->pass_raw],
+ 'headers' => [
+ 'Content-Type' => 'application/vnd.api+json',
+ 'Accept' => 'application/vnd.api+json',
+ ],
+ ]);
+ $created_response = Json::decode($response->getBody()->__toString());
+ $this->assertEquals(400, $response->getStatusCode());
+ $this->assertNotEmpty($created_response['errors']);
+ $this->assertEquals('Bad Request', $created_response['errors'][0]['title']);
+ // 6.1 Denormalizing error.
+ $response = $this->request('POST', $collection_url, [
+ 'body' => '{"data":{"type":"something"},"valid yet nonsensical json":[]}',
+ 'auth' => [$this->user->getUsername(), $this->user->pass_raw],
+ 'headers' => [
+ 'Content-Type' => 'application/vnd.api+json',
+ 'Accept' => 'application/vnd.api+json',
+ ],
+ ]);
+ $created_response = Json::decode($response->getBody()->__toString());
+ $this->assertEquals(422, $response->getStatusCode());
+ $this->assertNotEmpty($created_response['errors']);
+ $this->assertEquals('Unprocessable Entity', $created_response['errors'][0]['title']);
+ // 6.2 Relationships are not included in "data".
+ $malformed_body = $body;
+ unset($malformed_body['data']['relationships']);
+ $malformed_body['relationships'] = $body['data']['relationships'];
+ $response = $this->request('POST', $collection_url, [
+ 'body' => Json::encode($malformed_body),
+ 'auth' => [$this->user->getUsername(), $this->user->pass_raw],
+ 'headers' => [
+ 'Accept' => 'application/vnd.api+json',
+ 'Content-Type' => 'application/vnd.api+json',
+ ],
+ ]);
+ $created_response = Json::decode((string) $response->getBody());
+ $this->assertSame(400, $response->getStatusCode());
+ $this->assertNotEmpty($created_response['errors']);
+ $this->assertSame("Bad Request", $created_response['errors'][0]['title']);
+ $this->assertSame("Found \"relationships\" within the document's top level. The \"relationships\" key must be within resource object.", $created_response['errors'][0]['detail']);
+ // 6.2 "type" not included in "data".
+ $missing_type = $body;
+ unset($missing_type['data']['type']);
+ $response = $this->request('POST', $collection_url, [
+ 'body' => Json::encode($missing_type),
+ 'auth' => [$this->user->getUsername(), $this->user->pass_raw],
+ 'headers' => [
+ 'Accept' => 'application/vnd.api+json',
+ 'Content-Type' => 'application/vnd.api+json',
+ ],
+ ]);
+ $created_response = Json::decode((string) $response->getBody());
+ $this->assertSame(400, $response->getStatusCode());
+ $this->assertNotEmpty($created_response['errors']);
+ $this->assertSame("Bad Request", $created_response['errors'][0]['title']);
+ $this->assertSame("Resource object must include a \"type\".", $created_response['errors'][0]['detail']);
+ // 7. Successful PATCH.
+ $body = [
+ 'data' => [
+ 'id' => $uuid,
+ 'type' => 'node--article',
+ 'attributes' => ['title' => 'My updated title'],
+ ],
+ ];
+ $individual_url = Url::fromRoute('jsonapi.node--article.individual', [
+ 'entity' => $uuid,
+ ]);
+ $response = $this->request('PATCH', $individual_url, [
+ 'body' => Json::encode($body),
+ 'auth' => [$this->user->getUsername(), $this->user->pass_raw],
+ 'headers' => ['Content-Type' => 'application/vnd.api+json'],
+ ]);
+ $updated_response = Json::decode($response->getBody()->__toString());
+ $this->assertEquals(200, $response->getStatusCode());
+ $this->assertEquals('My updated title', $updated_response['data']['attributes']['title']);
+
+ // 7.1 Unsuccessful PATCH due to access restrictions.
+ $body = [
+ 'data' => [
+ 'id' => $uuid,
+ 'type' => 'node--article',
+ 'attributes' => ['title' => 'My updated title'],
+ ],
+ ];
+ $individual_url = Url::fromRoute('jsonapi.node--article.individual', [
+ 'entity' => $uuid,
+ ]);
+ $response = $this->request('PATCH', $individual_url, [
+ 'body' => Json::encode($body),
+ 'auth' => [$this->userCanViewProfiles->getUsername(), $this->userCanViewProfiles->pass_raw],
+ 'headers' => ['Content-Type' => 'application/vnd.api+json'],
+ ]);
+ $this->assertEquals(403, $response->getStatusCode());
+
+ // 8. Field access forbidden check.
+ $body = [
+ 'data' => [
+ 'id' => $uuid,
+ 'type' => 'node--article',
+ 'attributes' => [
+ 'title' => 'My updated title',
+ 'status' => 0,
+ ],
+ ],
+ ];
+ $response = $this->request('PATCH', $individual_url, [
+ 'body' => Json::encode($body),
+ 'auth' => [$this->user->getUsername(), $this->user->pass_raw],
+ 'headers' => ['Content-Type' => 'application/vnd.api+json'],
+ ]);
+ $updated_response = Json::decode($response->getBody()->__toString());
+ $this->assertEquals(403, $response->getStatusCode());
+ $this->assertEquals("The current user is not allowed to PATCH the selected field (status). The 'administer nodes' permission is required.",
+ $updated_response['errors'][0]['detail']);
+
+ $node = \Drupal::entityManager()->loadEntityByUuid('node', $uuid);
+ $this->assertEquals(1, $node->get('status')->value, 'Node status was not changed.');
+ // 9. Successful POST to related endpoint.
+ $body = [
+ 'data' => [
+ [
+ 'id' => $this->tags[2]->uuid(),
+ 'type' => 'taxonomy_term--tags',
+ ],
+ ],
+ ];
+ $relationship_url = Url::fromRoute('jsonapi.node--article.field_tags.relationship.post', [
+ 'entity' => $uuid,
+ ]);
+ $response = $this->request('POST', $relationship_url, [
+ 'body' => Json::encode($body),
+ 'auth' => [$this->user->getUsername(), $this->user->pass_raw],
+ 'headers' => ['Content-Type' => 'application/vnd.api+json'],
+ ]);
+ $updated_response = Json::decode($response->getBody()->__toString());
+ $this->assertEquals(200, $response->getStatusCode());
+ $this->assertEquals(3, count($updated_response['data']));
+ $this->assertEquals('taxonomy_term--tags', $updated_response['data'][2]['type']);
+ $this->assertEquals($this->tags[2]->uuid(), $updated_response['data'][2]['id']);
+ // 10. Successful PATCH to related endpoint.
+ $body = [
+ 'data' => [
+ [
+ 'id' => $this->tags[1]->uuid(),
+ 'type' => 'taxonomy_term--tags',
+ ],
+ ],
+ ];
+ $response = $this->request('PATCH', $relationship_url, [
+ 'body' => Json::encode($body),
+ 'auth' => [$this->user->getUsername(), $this->user->pass_raw],
+ 'headers' => ['Content-Type' => 'application/vnd.api+json'],
+ ]);
+ $this->assertEquals(204, $response->getStatusCode());
+ $this->assertEmpty($response->getBody()->__toString());
+ // 11. Successful DELETE to related endpoint.
+ $response = $this->request('DELETE', $relationship_url, [
+ // Send a request with no body.
+ 'auth' => [$this->user->getUsername(), $this->user->pass_raw],
+ 'headers' => [
+ 'Content-Type' => 'application/vnd.api+json',
+ 'Accept' => 'application/vnd.api+json',
+ ],
+ ]);
+ $updated_response = Json::decode($response->getBody()->__toString());
+ $this->assertEquals(
+ 'You need to provide a body for DELETE operations on a relationship (field_tags).',
+ $updated_response['errors'][0]['detail']
+ );
+ $this->assertEquals(400, $response->getStatusCode());
+ $response = $this->request('DELETE', $relationship_url, [
+ // Send a request with no authentication.
+ 'body' => Json::encode($body),
+ 'headers' => ['Content-Type' => 'application/vnd.api+json'],
+ ]);
+ $this->assertEquals(401, $response->getStatusCode());
+ $response = $this->request('DELETE', $relationship_url, [
+ // Remove the existing relationship item.
+ 'body' => Json::encode($body),
+ 'auth' => [$this->user->getUsername(), $this->user->pass_raw],
+ 'headers' => ['Content-Type' => 'application/vnd.api+json'],
+ ]);
+ $this->assertEquals(204, $response->getStatusCode());
+ $this->assertEmpty($response->getBody()->__toString());
+ // 12. PATCH with invalid title and body format.
+ $body = [
+ 'data' => [
+ 'id' => $uuid,
+ 'type' => 'node--article',
+ 'attributes' => [
+ 'title' => '',
+ 'body' => [
+ 'value' => 'Custom value',
+ 'format' => 'invalid_format',
+ 'summary' => 'Custom summary',
+ ],
+ ],
+ ],
+ ];
+ $response = $this->request('PATCH', $individual_url, [
+ 'body' => Json::encode($body),
+ 'auth' => [$this->user->getUsername(), $this->user->pass_raw],
+ 'headers' => [
+ 'Content-Type' => 'application/vnd.api+json',
+ 'Accept' => 'application/vnd.api+json',
+ ],
+ ]);
+ $updated_response = Json::decode($response->getBody()->__toString());
+ $this->assertEquals(422, $response->getStatusCode());
+ $this->assertCount(2, $updated_response['errors']);
+ for ($i = 0; $i < 2; $i++) {
+ $this->assertEquals("Unprocessable Entity", $updated_response['errors'][$i]['title']);
+ $this->assertEquals(422, $updated_response['errors'][$i]['status']);
+ }
+ $this->assertEquals("title: This value should not be null.", $updated_response['errors'][0]['detail']);
+ $this->assertEquals("body.0.format: The value you selected is not a valid choice.", $updated_response['errors'][1]['detail']);
+ $this->assertEquals("/data/attributes/title", $updated_response['errors'][0]['source']['pointer']);
+ $this->assertEquals("/data/attributes/body/format", $updated_response['errors'][1]['source']['pointer']);
+ // 13. PATCH with field that doesn't exist on Entity.
+ $body = [
+ 'data' => [
+ 'id' => $uuid,
+ 'type' => 'node--article',
+ 'attributes' => [
+ 'field_that_doesnt_exist' => 'foobar',
+ ],
+ ],
+ ];
+ $response = $this->request('PATCH', $individual_url, [
+ 'body' => Json::encode($body),
+ 'auth' => [$this->user->getUsername(), $this->user->pass_raw],
+ 'headers' => [
+ 'Content-Type' => 'application/vnd.api+json',
+ 'Accept' => 'application/vnd.api+json',
+ ],
+ ]);
+ $updated_response = Json::decode($response->getBody()->__toString());
+ $this->assertEquals(422, $response->getStatusCode());
+ $this->assertEquals("The attribute field_that_doesnt_exist does not exist on the node--article resource type.",
+ $updated_response['errors']['0']['detail']);
+ // 14. Successful DELETE.
+ $response = $this->request('DELETE', $individual_url, [
+ 'auth' => [$this->user->getUsername(), $this->user->pass_raw],
+ ]);
+ $this->assertEquals(204, $response->getStatusCode());
+ $response = $this->request('GET', $individual_url, []);
+ $this->assertEquals(404, $response->getStatusCode());
+ }
+
+}
diff --git a/core/modules/jsonapi/tests/src/Functional/JsonApiFunctionalTestBase.php b/core/modules/jsonapi/tests/src/Functional/JsonApiFunctionalTestBase.php
new file mode 100644
index 0000000000..87ab13e724
--- /dev/null
+++ b/core/modules/jsonapi/tests/src/Functional/JsonApiFunctionalTestBase.php
@@ -0,0 +1,329 @@
+httpClient = $this->container->get('http_client_factory')
+ ->fromOptions(['base_uri' => $this->baseUrl]);
+
+ // Create Basic page and Article node types.
+ if ($this->profile != 'standard') {
+ $this->drupalCreateContentType([
+ 'type' => 'article',
+ 'name' => 'Article',
+ ]);
+
+ // Setup vocabulary.
+ Vocabulary::create([
+ 'vid' => 'tags',
+ 'name' => 'Tags',
+ ])->save();
+
+ // Add tags and field_image to the article.
+ $this->createEntityReferenceField(
+ 'node',
+ 'article',
+ 'field_tags',
+ 'Tags',
+ 'taxonomy_term',
+ 'default',
+ [
+ 'target_bundles' => [
+ 'tags' => 'tags',
+ ],
+ 'auto_create' => TRUE,
+ ],
+ FieldStorageDefinitionInterface::CARDINALITY_UNLIMITED
+ );
+ $this->createImageField('field_image', 'article');
+ $this->createImageField('field_heroless', 'article');
+ }
+
+ FieldStorageConfig::create([
+ 'field_name' => 'field_link',
+ 'entity_type' => 'node',
+ 'type' => 'link',
+ 'settings' => [],
+ 'cardinality' => 1,
+ ])->save();
+
+ $field_config = FieldConfig::create([
+ 'field_name' => 'field_link',
+ 'label' => 'Link',
+ 'entity_type' => 'node',
+ 'bundle' => 'article',
+ 'required' => FALSE,
+ 'settings' => [],
+ 'description' => '',
+ ]);
+ $field_config->save();
+
+ // Field for testing sorting.
+ FieldStorageConfig::create([
+ 'field_name' => 'field_sort1',
+ 'entity_type' => 'node',
+ 'type' => 'integer',
+ ])->save();
+ FieldConfig::create([
+ 'field_name' => 'field_sort1',
+ 'entity_type' => 'node',
+ 'bundle' => 'article',
+ ])->save();
+
+ // Another field for testing sorting.
+ FieldStorageConfig::create([
+ 'field_name' => 'field_sort2',
+ 'entity_type' => 'node',
+ 'type' => 'integer',
+ ])->save();
+ FieldConfig::create([
+ 'field_name' => 'field_sort2',
+ 'entity_type' => 'node',
+ 'bundle' => 'article',
+ ])->save();
+
+ $this->user = $this->drupalCreateUser([
+ 'create article content',
+ 'edit any article content',
+ 'delete any article content',
+ ]);
+
+ // Create a user that can.
+ $this->userCanViewProfiles = $this->drupalCreateUser([
+ 'access user profiles',
+ ]);
+
+ $this->grantPermissions(Role::load(RoleInterface::ANONYMOUS_ID), [
+ 'access user profiles',
+ 'administer taxonomy',
+ ]);
+
+ drupal_flush_all_caches();
+ }
+
+ /**
+ * Performs a HTTP request. Wraps the Guzzle HTTP client.
+ *
+ * Why wrap the Guzzle HTTP client? Because any error response is returned via
+ * an exception, which would make the tests unnecessarily complex to read.
+ *
+ * @param string $method
+ * HTTP method.
+ * @param \Drupal\Core\Url $url
+ * URL to request.
+ * @param array $request_options
+ * Request options to apply.
+ *
+ * @return \Psr\Http\Message\ResponseInterface
+ * The request response.
+ *
+ * @throws \GuzzleHttp\Exception\GuzzleException
+ *
+ * @see \GuzzleHttp\ClientInterface::request
+ */
+ protected function request($method, Url $url, array $request_options) {
+ try {
+ $response = $this->httpClient->request($method, $url->toString(), $request_options);
+ }
+ catch (ClientException $e) {
+ $response = $e->getResponse();
+ }
+ catch (ServerException $e) {
+ $response = $e->getResponse();
+ }
+
+ return $response;
+ }
+
+ /**
+ * Creates default content to test the API.
+ *
+ * @param int $num_articles
+ * Number of articles to create.
+ * @param int $num_tags
+ * Number of tags to create.
+ * @param bool $article_has_image
+ * Set to TRUE if you want to add an image to the generated articles.
+ * @param bool $article_has_link
+ * Set to TRUE if you want to add a link to the generated articles.
+ * @param bool $is_multilingual
+ * (optional) Set to TRUE if you want to enable multilingual content.
+ * @param bool $referencing_twice
+ * (optional) Set to TRUE if you want articles to reference the same tag
+ * twice.
+ */
+ protected function createDefaultContent($num_articles, $num_tags, $article_has_image, $article_has_link, $is_multilingual, $referencing_twice = FALSE) {
+ $random = $this->getRandomGenerator();
+ for ($created_tags = 0; $created_tags < $num_tags; $created_tags++) {
+ $term = Term::create([
+ 'vid' => 'tags',
+ 'name' => $random->name(),
+ ]);
+
+ if ($is_multilingual) {
+ $term->addTranslation('ca', ['name' => $term->getName() . ' (ca)']);
+ }
+
+ $term->save();
+ $this->tags[] = $term;
+ }
+ for ($created_nodes = 0; $created_nodes < $num_articles; $created_nodes++) {
+ $values = [
+ 'uid' => ['target_id' => $this->user->id()],
+ 'type' => 'article',
+ ];
+
+ if ($referencing_twice) {
+ $values['field_tags'] = [
+ ['target_id' => 1],
+ ['target_id' => 1],
+ ];
+ }
+ else {
+ // Get N random tags.
+ $selected_tags = mt_rand(1, $num_tags);
+ $tags = [];
+ while (count($tags) < $selected_tags) {
+ $tags[] = mt_rand(1, $num_tags);
+ $tags = array_unique($tags);
+ }
+ $values['field_tags'] = array_map(function ($tag) {
+ return ['target_id' => $tag];
+ }, $tags);
+ }
+ if ($article_has_image) {
+ $file = File::create([
+ 'uri' => 'vfs://' . $random->name() . '.png',
+ ]);
+ $file->setPermanent();
+ $file->save();
+ $this->files[] = $file;
+ $values['field_image'] = ['target_id' => $file->id(), 'alt' => 'alt text'];
+ }
+ if ($article_has_link) {
+ $values['field_link'] = [
+ 'title' => $this->getRandomGenerator()->name(),
+ 'uri' => sprintf(
+ '%s://%s.%s',
+ 'http' . (mt_rand(0, 2) > 1 ? '' : 's'),
+ $this->getRandomGenerator()->name(),
+ 'org'
+ ),
+ ];
+ }
+
+ // Create values for the sort fields, to allow for testing complex
+ // sorting:
+ // - field_sort1 increments every 5 articles, starting at zero
+ // - field_sort2 decreases every article, ending at zero.
+ $values['field_sort1'] = ['value' => floor($created_nodes / 5)];
+ $values['field_sort2'] = ['value' => $num_articles - $created_nodes];
+
+ $node = $this->createNode($values);
+
+ if ($is_multilingual === static::IS_MULTILINGUAL) {
+ $values['title'] = $node->getTitle() . ' (ca)';
+ $values['field_image']['alt'] = 'alt text (ca)';
+ $node->addTranslation('ca', $values);
+ }
+ $node->save();
+
+ $this->nodes[] = $node;
+ }
+ if ($article_has_link) {
+ // Make sure that there is at least 1 https link for ::testRead() #19.
+ $this->nodes[0]->field_link = [
+ 'title' => 'Drupal',
+ 'uri' => 'https://drupal.org',
+ ];
+ $this->nodes[0]->save();
+ }
+ }
+
+}
diff --git a/core/modules/jsonapi/tests/src/Functional/JsonApiRegressionTest.php b/core/modules/jsonapi/tests/src/Functional/JsonApiRegressionTest.php
new file mode 100644
index 0000000000..5cc33890de
--- /dev/null
+++ b/core/modules/jsonapi/tests/src/Functional/JsonApiRegressionTest.php
@@ -0,0 +1,847 @@
+assertTrue($this->container->get('module_installer')->install(['comment'], TRUE), 'Installed modules.');
+ $this->addDefaultCommentField('taxonomy_term', 'tags', 'comment', CommentItemInterface::OPEN, 'tcomment');
+ $this->rebuildAll();
+
+ // Create data.
+ Term::create([
+ 'name' => 'foobar',
+ 'vid' => 'tags',
+ ])->save();
+ Comment::create([
+ 'subject' => 'Llama',
+ 'entity_id' => 1,
+ 'entity_type' => 'taxonomy_term',
+ 'field_name' => 'comment',
+ ])->save();
+
+ // Test.
+ $user = $this->drupalCreateUser([
+ 'access comments',
+ ]);
+ $response = $this->request('GET', Url::fromUri('internal:/jsonapi/comment/tcomment?include=entity_id&filter[entity_id.name]=foobar'), [
+ RequestOptions::AUTH => [
+ $user->getUsername(),
+ $user->pass_raw,
+ ],
+ ]);
+ $this->assertSame(200, $response->getStatusCode());
+ }
+
+ /**
+ * Ensure deep nested include works on multi target entity type field.
+ *
+ * @see https://www.drupal.org/project/jsonapi/issues/2973681
+ */
+ public function testDeepNestedIncludeMultiTargetEntityTypeFieldFromIssue2973681() {
+ // Set up data model.
+ $this->assertTrue($this->container->get('module_installer')->install(['comment'], TRUE), 'Installed modules.');
+ $this->addDefaultCommentField('node', 'article');
+ $this->addDefaultCommentField('taxonomy_term', 'tags', 'comment', CommentItemInterface::OPEN, 'tcomment');
+ $this->drupalCreateContentType(['type' => 'page']);
+ $this->createEntityReferenceField(
+ 'node',
+ 'page',
+ 'field_comment',
+ NULL,
+ 'comment',
+ 'default',
+ [
+ 'target_bundles' => [
+ 'comment' => 'comment',
+ 'tcomment' => 'tcomment',
+ ],
+ ],
+ FieldStorageDefinitionInterface::CARDINALITY_UNLIMITED
+ );
+ $this->rebuildAll();
+
+ // Create data.
+ $node = Node::create([
+ 'title' => 'test article',
+ 'type' => 'article',
+ ]);
+ $node->save();
+ $comment = Comment::create([
+ 'subject' => 'Llama',
+ 'entity_id' => 1,
+ 'entity_type' => 'node',
+ 'field_name' => 'comment',
+ ]);
+ $comment->save();
+ $page = Node::create([
+ 'title' => 'test node',
+ 'type' => 'page',
+ 'field_comment' => [
+ 'entity' => $comment,
+ ],
+ ]);
+ $page->save();
+
+ // Test.
+ $user = $this->drupalCreateUser([
+ 'access content',
+ 'access comments',
+ ]);
+ $response = $this->request('GET', Url::fromUri('internal:/jsonapi/node/page?include=field_comment,field_comment.entity_id,field_comment.entity_id.uid'), [
+ RequestOptions::AUTH => [
+ $user->getUsername(),
+ $user->pass_raw,
+ ],
+ ]);
+ $this->assertSame(200, $response->getStatusCode());
+ }
+
+ /**
+ * Ensure POST and PATCH works for bundle-less relationship routes.
+ *
+ * @see https://www.drupal.org/project/jsonapi/issues/2976371
+ */
+ public function testBundlelessRelationshipMutationFromIssue2973681() {
+ // Set up data model.
+ $this->drupalCreateContentType(['type' => 'page']);
+ $this->createEntityReferenceField(
+ 'node',
+ 'page',
+ 'field_test',
+ NULL,
+ 'user',
+ 'default',
+ [
+ 'target_bundles' => NULL,
+ ],
+ FieldStorageDefinitionInterface::CARDINALITY_UNLIMITED
+ );
+ $this->rebuildAll();
+
+ // Create data.
+ $node = Node::create([
+ 'title' => 'test article',
+ 'type' => 'page',
+ ]);
+ $node->save();
+ $target = $this->createUser();
+
+ // Test.
+ $user = $this->drupalCreateUser(['bypass node access']);
+ $url = Url::fromRoute('jsonapi.node--page.field_test.relationship.post', ['entity' => $node->uuid()]);
+ $request_options = [
+ RequestOptions::HEADERS => [
+ 'Content-Type' => 'application/vnd.api+json',
+ 'Accept' => 'application/vnd.api+json',
+ ],
+ RequestOptions::AUTH => [$user->getUsername(), $user->pass_raw],
+ RequestOptions::JSON => [
+ 'data' => [
+ ['type' => 'user--user', 'id' => $target->uuid()],
+ ],
+ ],
+ ];
+ $response = $this->request('POST', $url, $request_options);
+ $this->assertSame(204, $response->getStatusCode(), (string) $response->getBody());
+ }
+
+ /**
+ * Ensures GETting terms works when multiple vocabularies exist.
+ *
+ * @see https://www.drupal.org/project/jsonapi/issues/2977879
+ */
+ public function testGetTermWhenMultipleVocabulariesExistFromIssue2977879() {
+ // Set up data model.
+ $this->assertTrue($this->container->get('module_installer')->install(['taxonomy'], TRUE), 'Installed modules.');
+ Vocabulary::create([
+ 'name' => 'one',
+ 'vid' => 'one',
+ ])->save();
+ Vocabulary::create([
+ 'name' => 'two',
+ 'vid' => 'two',
+ ])->save();
+ $this->rebuildAll();
+
+ // Create data.
+ Term::create(['vid' => 'one'])
+ ->setName('Test')
+ ->save();
+
+ // Test.
+ $user = $this->drupalCreateUser([
+ 'access content',
+ ]);
+ $response = $this->request('GET', Url::fromUri('internal:/jsonapi/taxonomy_term/one'), [
+ RequestOptions::AUTH => [
+ $user->getUsername(),
+ $user->pass_raw,
+ ],
+ ]);
+ $this->assertSame(200, $response->getStatusCode());
+ }
+
+ /**
+ * Cannot PATCH an entity with dangling references in an ER field.
+ *
+ * @see https://www.drupal.org/project/jsonapi/issues/2968972
+ */
+ public function testDanglingReferencesInAnEntityReferenceFieldFromIssue2968972() {
+ // Set up data model.
+ $this->drupalCreateContentType(['type' => 'journal_issue']);
+ $this->drupalCreateContentType(['type' => 'journal_article']);
+ $this->createEntityReferenceField(
+ 'node',
+ 'journal_article',
+ 'field_issue',
+ NULL,
+ 'node',
+ 'default',
+ [
+ 'target_bundles' => [
+ 'journal_issue' => 'journal_issue',
+ ],
+ ],
+ FieldStorageDefinitionInterface::CARDINALITY_UNLIMITED
+ );
+ $this->rebuildAll();
+
+ // Create data.
+ $issue_node = Node::create([
+ 'title' => 'Test Journal Issue',
+ 'type' => 'journal_issue',
+ ]);
+ $issue_node->save();
+
+ $user = $this->drupalCreateUser([
+ 'access content',
+ 'edit own journal_article content',
+ ]);
+ $article_node = Node::create([
+ 'title' => 'Test Journal Article',
+ 'type' => 'journal_article',
+ 'field_issue' => [
+ 'target_id' => $issue_node->id(),
+ ],
+ ]);
+ $article_node->setOwner($user);
+ $article_node->save();
+
+ // Test.
+ $url = Url::fromUri(sprintf('internal:/jsonapi/node/journal_article/%s', $article_node->uuid()));
+ $request_options = [
+ RequestOptions::HEADERS => [
+ 'Content-Type' => 'application/vnd.api+json',
+ 'Accept' => 'application/vnd.api+json',
+ ],
+ RequestOptions::AUTH => [$user->getUsername(), $user->pass_raw],
+ RequestOptions::JSON => [
+ 'data' => [
+ 'type' => 'node--journal_article',
+ 'id' => $article_node->uuid(),
+ 'attributes' => [
+ 'title' => 'My New Article Title',
+ ],
+ ],
+ ],
+ ];
+ $issue_node->delete();
+ $response = $this->request('PATCH', $url, $request_options);
+ $this->assertSame(200, $response->getStatusCode(), (string) $response->getBody());
+ }
+
+ /**
+ * Ensures GETting node collection + hook_node_grants() implementations works.
+ *
+ * @see https://www.drupal.org/project/jsonapi/issues/2984964
+ */
+ public function testGetNodeCollectionWithHookNodeGrantsImplementationsFromIssue2984964() {
+ // Set up data model.
+ $this->assertTrue($this->container->get('module_installer')->install(['node_access_test'], TRUE), 'Installed modules.');
+ node_access_rebuild();
+ $this->rebuildAll();
+
+ // Create data.
+ Node::create([
+ 'title' => 'test article',
+ 'type' => 'article',
+ ])->save();
+
+ // Test.
+ $user = $this->drupalCreateUser([
+ 'access content',
+ ]);
+ $response = $this->request('GET', Url::fromUri('internal:/jsonapi/node/article'), [
+ RequestOptions::AUTH => [
+ $user->getUsername(),
+ $user->pass_raw,
+ ],
+ ]);
+ $this->assertSame(200, $response->getStatusCode());
+ $this->assertTrue(in_array('user.node_grants:view', explode(' ', $response->getHeader('X-Drupal-Cache-Contexts')[0]), TRUE));
+ }
+
+ /**
+ * Cannot GET an entity with dangling references in an ER field.
+ *
+ * @see https://www.drupal.org/project/jsonapi/issues/2984647
+ */
+ public function testDanglingReferencesInAnEntityReferenceFieldFromIssue2984647() {
+ // Set up data model.
+ $this->drupalCreateContentType(['type' => 'journal_issue']);
+ $this->drupalCreateContentType(['type' => 'journal_conference']);
+ $this->drupalCreateContentType(['type' => 'journal_article']);
+ $this->createEntityReferenceField(
+ 'node',
+ 'journal_article',
+ 'field_issue',
+ NULL,
+ 'node',
+ 'default',
+ [
+ 'target_bundles' => [
+ 'journal_issue' => 'journal_issue',
+ ],
+ ],
+ FieldStorageDefinitionInterface::CARDINALITY_UNLIMITED
+ );
+ $this->createEntityReferenceField(
+ 'node',
+ 'journal_article',
+ 'field_mentioned_in',
+ NULL,
+ 'node',
+ 'default',
+ [
+ 'target_bundles' => [
+ 'journal_issue' => 'journal_issue',
+ 'journal_conference' => 'journal_conference',
+ ],
+ ],
+ FieldStorageDefinitionInterface::CARDINALITY_UNLIMITED
+ );
+ $this->rebuildAll();
+
+ // Create data.
+ $issue_node = Node::create([
+ 'title' => 'Test Journal Issue',
+ 'type' => 'journal_issue',
+ ]);
+ $issue_node->save();
+ $conference_node = Node::create([
+ 'title' => 'First Journal Conference!',
+ 'type' => 'journal_conference',
+ ]);
+ $conference_node->save();
+
+ $user = $this->drupalCreateUser([
+ 'access content',
+ 'edit own journal_article content',
+ ]);
+ $article_node = Node::create([
+ 'title' => 'Test Journal Article',
+ 'type' => 'journal_article',
+ 'field_issue' => [
+ ['target_id' => $issue_node->id()],
+ ],
+ 'field_mentioned_in' => [
+ ['target_id' => $issue_node->id()],
+ ['target_id' => $conference_node->id()],
+ ],
+ ]);
+ $article_node->setOwner($user);
+ $article_node->save();
+
+ // Test.
+ $url = Url::fromUri(sprintf('internal:/jsonapi/node/journal_article/%s', $article_node->uuid()));
+ $request_options = [
+ RequestOptions::HEADERS => [
+ 'Content-Type' => 'application/vnd.api+json',
+ 'Accept' => 'application/vnd.api+json',
+ ],
+ RequestOptions::AUTH => [$user->getUsername(), $user->pass_raw],
+ ];
+ $issue_node->delete();
+ $response = $this->request('GET', $url, $request_options);
+ $this->assertSame(200, $response->getStatusCode());
+
+ // Entity reference field allowing a single bundle: dangling reference's
+ // resource type is deduced.
+ $this->assertSame([
+ [
+ 'type' => 'node--journal_issue',
+ 'id' => 'missing',
+ 'meta' => [
+ 'links' => [
+ 'help' => [
+ 'href' => 'https://www.drupal.org/docs/8/modules/json-api/core-concepts#missing',
+ 'meta' => [
+ 'about' => "Usage and meaning of the 'missing' resource identifier.",
+ ],
+ ],
+ ],
+ ],
+ ],
+ ], Json::decode((string) $response->getBody())['data']['relationships']['field_issue']['data']);
+
+ // Entity reference field allowing multiple bundles: dangling reference's
+ // resource type is NOT deduced.
+ $this->assertSame([
+ [
+ 'type' => 'unknown',
+ 'id' => 'missing',
+ 'meta' => [
+ 'links' => [
+ 'help' => [
+ 'href' => 'https://www.drupal.org/docs/8/modules/json-api/core-concepts#missing',
+ 'meta' => [
+ 'about' => "Usage and meaning of the 'missing' resource identifier.",
+ ],
+ ],
+ ],
+ ],
+ ],
+ [
+ 'type' => 'node--journal_conference',
+ 'id' => $conference_node->uuid(),
+ ],
+ ], Json::decode((string) $response->getBody())['data']['relationships']['field_mentioned_in']['data']);
+ }
+
+ /**
+ * Ensures that JSON:API routes are caches are dynamically rebuilt.
+ *
+ * Adding a new relationship field should cause new routes to be immediately
+ * regenerated. The site builder should not need to manually rebuild caches.
+ *
+ * @see https://www.drupal.org/project/jsonapi/issues/2984886
+ */
+ public function testThatRoutesAreRebuiltAfterDataModelChangesFromIssue2984886() {
+ $user = $this->drupalCreateUser(['access content']);
+ $request_options = [
+ RequestOptions::AUTH => [
+ $user->getUsername(),
+ $user->pass_raw,
+ ],
+ ];
+
+ $response = $this->request('GET', Url::fromUri('internal:/jsonapi/node/dog'), $request_options);
+ $this->assertSame(404, $response->getStatusCode());
+
+ $node_type_dog = NodeType::create(['type' => 'dog']);
+ $node_type_dog->save();
+ NodeType::create(['type' => 'cat'])->save();
+ \Drupal::service('router.builder')->rebuildIfNeeded();
+
+ $response = $this->request('GET', Url::fromUri('internal:/jsonapi/node/dog'), $request_options);
+ $this->assertSame(200, $response->getStatusCode());
+
+ $this->createEntityReferenceField('node', 'dog', 'field_test', NULL, 'node');
+ \Drupal::service('router.builder')->rebuildIfNeeded();
+
+ $dog = Node::create(['type' => 'dog', 'title' => 'Rosie P. Mosie']);
+ $dog->save();
+
+ $response = $this->request('GET', Url::fromUri('internal:/jsonapi/node/dog/' . $dog->uuid() . '/field_test'), $request_options);
+ $this->assertSame(200, $response->getStatusCode());
+
+ $this->createEntityReferenceField('node', 'cat', 'field_test', NULL, 'node');
+ \Drupal::service('router.builder')->rebuildIfNeeded();
+
+ $cat = Node::create(['type' => 'cat', 'title' => 'E. Napoleon']);
+ $cat->save();
+
+ $response = $this->request('GET', Url::fromUri('internal:/jsonapi/node/cat/' . $cat->uuid() . '/field_test'), $request_options);
+ $this->assertSame(200, $response->getStatusCode());
+
+ FieldConfig::loadByName('node', 'cat', 'field_test')->delete();
+ \Drupal::service('router.builder')->rebuildIfNeeded();
+
+ $response = $this->request('GET', Url::fromUri('internal:/jsonapi/node/cat/' . $cat->uuid() . '/field_test'), $request_options);
+ $this->assertSame(404, $response->getStatusCode());
+
+ $node_type_dog->delete();
+ \Drupal::service('router.builder')->rebuildIfNeeded();
+
+ $response = $this->request('GET', Url::fromUri('internal:/jsonapi/node/dog'), $request_options);
+ $this->assertSame(404, $response->getStatusCode());
+ }
+
+ /**
+ * Ensures denormalizing relationships with aliased field names works.
+ *
+ * @see https://www.drupal.org/project/jsonapi/issues/3007113
+ * @see https://www.drupal.org/project/jsonapi_extras/issues/3004582#comment-12817261
+ */
+ public function testDenormalizeAliasedRelationshipFromIssue2953207() {
+ // Since the JSON:API module does not have an explicit mechanism to set up
+ // field aliases, create a strange data model so that automatic aliasing
+ // allows us to test aliased relationships.
+ // @see \Drupal\jsonapi\ResourceType\ResourceTypeRepository::getFieldMapping()
+ $internal_relationship_field_name = 'type';
+ $public_relationship_field_name = 'taxonomy_term_' . $internal_relationship_field_name;
+
+ // Set up data model.
+ $this->createEntityReferenceField(
+ 'taxonomy_term',
+ 'tags',
+ $internal_relationship_field_name,
+ NULL,
+ 'user'
+ );
+ $this->rebuildAll();
+
+ // Create data.
+ Term::create([
+ 'name' => 'foobar',
+ 'vid' => 'tags',
+ 'type' => ['target_id' => 1],
+ ])->save();
+
+ // Test.
+ $user = $this->drupalCreateUser([
+ 'edit terms in tags',
+ ]);
+ $body = [
+ 'data' => [
+ 'type' => 'user--user',
+ 'id' => User::load(0)->uuid(),
+ ],
+ ];
+
+ // Test.
+ $response = $this->request('PATCH', Url::fromUri(sprintf('internal:/jsonapi/taxonomy_term/tags/%s/relationships/%s', Term::load(1)->uuid(), $public_relationship_field_name)), [
+ RequestOptions::AUTH => [
+ $user->getUsername(),
+ $user->pass_raw,
+ ],
+ RequestOptions::HEADERS => [
+ 'Content-Type' => 'application/vnd.api+json',
+ ],
+ RequestOptions::BODY => Json::encode($body),
+ ]);
+ $this->assertSame(204, $response->getStatusCode());
+ }
+
+ /**
+ * Ensures that Drupal's page cache is effective.
+ *
+ * @see https://www.drupal.org/project/jsonapi/issues/3009596
+ */
+ public function testPageCacheFromIssue3009596() {
+ $anonymous_role = Role::load(RoleInterface::ANONYMOUS_ID);
+ $anonymous_role->grantPermission('access content');
+ $anonymous_role->trustData()->save();
+
+ NodeType::create(['type' => 'emu_fact'])->save();
+ \Drupal::service('router.builder')->rebuildIfNeeded();
+
+ $node = Node::create([
+ 'type' => 'emu_fact',
+ 'title' => "Emus don't say moo!",
+ ]);
+ $node->save();
+
+ $request_options = [
+ RequestOptions::HEADERS => ['Accept' => 'application/vnd.api+json'],
+ ];
+ $node_url = Url::fromUri('internal:/jsonapi/node/emu_fact/' . $node->uuid());
+
+ // The first request should be a cache MISS.
+ $response = $this->request('GET', $node_url, $request_options);
+ $this->assertSame(200, $response->getStatusCode());
+ $this->assertSame('MISS', $response->getHeader('X-Drupal-Cache')[0]);
+
+ // The second request should be a cache HIT.
+ $response = $this->request('GET', $node_url, $request_options);
+ $this->assertSame(200, $response->getStatusCode());
+ $this->assertSame('HIT', $response->getHeader('X-Drupal-Cache')[0]);
+ }
+
+ /**
+ * Ensures that filtering by a sequential internal ID named 'id' is possible.
+ *
+ * @see https://www.drupal.org/project/jsonapi/issues/3015759
+ */
+ public function testFilterByIdFromIssue3015759() {
+ // Set up data model.
+ $this->assertTrue($this->container->get('module_installer')->install(['shortcut'], TRUE), 'Installed modules.');
+ $this->rebuildAll();
+
+ // Create data.
+ $shortcut = Shortcut::create([
+ 'shortcut_set' => 'default',
+ 'title' => $this->randomMachineName(),
+ 'weight' => -20,
+ 'link' => [
+ 'uri' => 'internal:/user/logout',
+ ],
+ ]);
+ $shortcut->save();
+
+ // Test.
+ $user = $this->drupalCreateUser([
+ 'access shortcuts',
+ 'customize shortcut links',
+ ]);
+ $response = $this->request('GET', Url::fromUri('internal:/jsonapi/shortcut/default?filter[drupal_internal__id]=' . $shortcut->id()), [
+ RequestOptions::AUTH => [
+ $user->getUsername(),
+ $user->pass_raw,
+ ],
+ ]);
+ $this->assertSame(200, $response->getStatusCode());
+ $doc = Json::decode((string) $response->getBody());
+ $this->assertNotEmpty($doc['data']);
+ $this->assertSame($doc['data'][0]['id'], $shortcut->uuid());
+ $this->assertSame($doc['data'][0]['attributes']['drupal_internal__id'], (int) $shortcut->id());
+ $this->assertSame($doc['data'][0]['attributes']['title'], $shortcut->label());
+ }
+
+ /**
+ * Ensures datetime fields are normalized using the correct timezone.
+ *
+ * @see https://www.drupal.org/project/jsonapi/issues/2999438
+ */
+ public function testPatchingDateTimeNormalizedWrongTimeZoneIssue3021194() {
+ // Set up data model.
+ $this->assertTrue($this->container->get('module_installer')->install(['datetime'], TRUE), 'Installed modules.');
+ $this->drupalCreateContentType(['type' => 'page']);
+ $this->rebuildAll();
+ FieldStorageConfig::create([
+ 'field_name' => 'when',
+ 'type' => 'datetime',
+ 'entity_type' => 'node',
+ 'settings' => ['datetime_type' => DateTimeItem::DATETIME_TYPE_DATETIME],
+ ])
+ ->save();
+ FieldConfig::create([
+ 'field_name' => 'when',
+ 'entity_type' => 'node',
+ 'bundle' => 'page',
+ ])
+ ->save();
+
+ // Create data.
+ $page = Node::create([
+ 'title' => 'Stegosaurus',
+ 'type' => 'page',
+ 'when' => [
+ 'value' => '2018-09-16T12:00:00',
+ ],
+ ]);
+ $page->save();
+
+ // Test.
+ $user = $this->drupalCreateUser([
+ 'access content',
+ ]);
+ $response = $this->request('GET', Url::fromUri('internal:/jsonapi/node/page/' . $page->uuid()), [
+ RequestOptions::AUTH => [
+ $user->getUsername(),
+ $user->pass_raw,
+ ],
+ ]);
+ $this->assertSame(200, $response->getStatusCode());
+ $doc = Json::decode((string) $response->getBody());
+ $this->assertSame('2018-09-16T22:00:00+10:00', $doc['data']['attributes']['when']);
+ }
+
+ /**
+ * Ensures PATCHing datetime (both date-only & date+time) fields is possible.
+ *
+ * @see https://www.drupal.org/project/jsonapi/issues/3021194
+ */
+ public function testPatchingDateTimeFieldsFromIssue3021194() {
+ // Set up data model.
+ $this->assertTrue($this->container->get('module_installer')->install(['datetime'], TRUE), 'Installed modules.');
+ $this->drupalCreateContentType(['type' => 'page']);
+ $this->rebuildAll();
+ FieldStorageConfig::create([
+ 'field_name' => 'when',
+ 'type' => 'datetime',
+ 'entity_type' => 'node',
+ 'settings' => ['datetime_type' => DateTimeItem::DATETIME_TYPE_DATE],
+ ])
+ ->save();
+ FieldConfig::create([
+ 'field_name' => 'when',
+ 'entity_type' => 'node',
+ 'bundle' => 'page',
+ ])
+ ->save();
+ FieldStorageConfig::create([
+ 'field_name' => 'when_exactly',
+ 'type' => 'datetime',
+ 'entity_type' => 'node',
+ 'settings' => ['datetime_type' => DateTimeItem::DATETIME_TYPE_DATETIME],
+ ])
+ ->save();
+ FieldConfig::create([
+ 'field_name' => 'when_exactly',
+ 'entity_type' => 'node',
+ 'bundle' => 'page',
+ ])
+ ->save();
+
+ // Create data.
+ $page = Node::create([
+ 'title' => 'Stegosaurus',
+ 'type' => 'page',
+ 'when' => [
+ 'value' => '2018-12-19',
+ ],
+ 'when_exactly' => [
+ 'value' => '2018-12-19T17:00:00',
+ ],
+ ]);
+ $page->save();
+
+ // Test.
+ $user = $this->drupalCreateUser([
+ 'access content',
+ 'edit any page content',
+ ]);
+ $request_options = [
+ RequestOptions::AUTH => [
+ $user->getUsername(),
+ $user->pass_raw,
+ ],
+ RequestOptions::HEADERS => [
+ 'Content-Type' => 'application/vnd.api+json',
+ 'Accept' => 'application/vnd.api+json',
+ ],
+ ];
+ $node_url = Url::fromUri('internal:/jsonapi/node/page/' . $page->uuid());
+ $response = $this->request('GET', $node_url, $request_options);
+ $this->assertSame(200, $response->getStatusCode());
+ $doc = Json::decode((string) $response->getBody());
+ $this->assertSame('2018-12-19', $doc['data']['attributes']['when']);
+ $this->assertSame('2018-12-20T04:00:00+11:00', $doc['data']['attributes']['when_exactly']);
+ $doc['data']['attributes']['when'] = '2018-12-20';
+ $doc['data']['attributes']['when_exactly'] = '2018-12-19T19:00:00+01:00';
+ $request_options = $request_options + [RequestOptions::JSON => $doc];
+ $response = $this->request('PATCH', $node_url, $request_options);
+ $this->assertSame(200, $response->getStatusCode());
+ $doc = Json::decode((string) $response->getBody());
+ $this->assertSame('2018-12-20', $doc['data']['attributes']['when']);
+ $this->assertSame('2018-12-20T05:00:00+11:00', $doc['data']['attributes']['when_exactly']);
+ }
+
+ /**
+ * Ensure includes are respected even when POSTing.
+ *
+ * @see https://www.drupal.org/project/jsonapi/issues/3026030
+ */
+ public function testPostToIncludeUrlDoesNotReturnIncludeFromIssue3026030() {
+ // Set up data model.
+ $this->drupalCreateContentType(['type' => 'page']);
+ $this->rebuildAll();
+
+ // Test.
+ $user = $this->drupalCreateUser(['bypass node access']);
+ $url = Url::fromUri('internal:/jsonapi/node/page?include=uid');
+ $request_options = [
+ RequestOptions::HEADERS => [
+ 'Content-Type' => 'application/vnd.api+json',
+ 'Accept' => 'application/vnd.api+json',
+ ],
+ RequestOptions::AUTH => [$user->getUsername(), $user->pass_raw],
+ RequestOptions::JSON => [
+ 'data' => [
+ 'type' => 'node--page',
+ 'attributes' => [
+ 'title' => 'test',
+ ],
+ ],
+ ],
+ ];
+ $response = $this->request('POST', $url, $request_options);
+ $this->assertSame(201, $response->getStatusCode());
+ $doc = Json::decode((string) $response->getBody());
+ $this->assertArrayHasKey('included', $doc);
+ $this->assertSame($user->label(), $doc['included'][0]['attributes']['name']);
+ }
+
+ /**
+ * Ensure includes are respected even when PATCHing.
+ *
+ * @see https://www.drupal.org/project/jsonapi/issues/3026030
+ */
+ public function testPatchToIncludeUrlDoesNotReturnIncludeFromIssue3026030() {
+ // Set up data model.
+ $this->drupalCreateContentType(['type' => 'page']);
+ $this->rebuildAll();
+
+ // Create data.
+ $user = $this->drupalCreateUser(['bypass node access']);
+ $page = Node::create([
+ 'title' => 'original',
+ 'type' => 'page',
+ 'uid' => $user->id(),
+ ]);
+ $page->save();
+
+ // Test.
+ $url = Url::fromUri(sprintf('internal:/jsonapi/node/page/%s/?include=uid', $page->uuid()));
+ $request_options = [
+ RequestOptions::HEADERS => [
+ 'Content-Type' => 'application/vnd.api+json',
+ 'Accept' => 'application/vnd.api+json',
+ ],
+ RequestOptions::AUTH => [$user->getUsername(), $user->pass_raw],
+ RequestOptions::JSON => [
+ 'data' => [
+ 'type' => 'node--page',
+ 'id' => $page->uuid(),
+ 'attributes' => [
+ 'title' => 'modified',
+ ],
+ ],
+ ],
+ ];
+ $response = $this->request('PATCH', $url, $request_options);
+ $this->assertSame(200, $response->getStatusCode());
+ $doc = Json::decode((string) $response->getBody());
+ $this->assertArrayHasKey('included', $doc);
+ $this->assertSame($user->label(), $doc['included'][0]['attributes']['name']);
+ }
+
+}
diff --git a/core/modules/jsonapi/tests/src/Functional/JsonApiRequestTestTrait.php b/core/modules/jsonapi/tests/src/Functional/JsonApiRequestTestTrait.php
new file mode 100644
index 0000000000..7d92087550
--- /dev/null
+++ b/core/modules/jsonapi/tests/src/Functional/JsonApiRequestTestTrait.php
@@ -0,0 +1,74 @@
+refreshVariables();
+ $request_options[RequestOptions::HTTP_ERRORS] = FALSE;
+ $request_options[RequestOptions::ALLOW_REDIRECTS] = FALSE;
+ $request_options = $this->decorateWithXdebugCookie($request_options);
+ $client = $this->getSession()->getDriver()->getClient()->getClient();
+ return $client->request($method, $url->setAbsolute(TRUE)->toString(), $request_options);
+ }
+
+ /**
+ * Adds the Xdebug cookie to the request options.
+ *
+ * @param array $request_options
+ * The request options.
+ *
+ * @return array
+ * Request options updated with the Xdebug cookie if present.
+ */
+ protected function decorateWithXdebugCookie(array $request_options) {
+ $session = $this->getSession();
+ $driver = $session->getDriver();
+ if ($driver instanceof BrowserKitDriver) {
+ $client = $driver->getClient();
+ foreach ($client->getCookieJar()->all() as $cookie) {
+ if (isset($request_options[RequestOptions::HEADERS]['Cookie'])) {
+ $request_options[RequestOptions::HEADERS]['Cookie'] .= '; ' . $cookie->getName() . '=' . $cookie->getValue();
+ }
+ else {
+ $request_options[RequestOptions::HEADERS]['Cookie'] = $cookie->getName() . '=' . $cookie->getValue();
+ }
+ }
+ }
+ return $request_options;
+ }
+
+}
diff --git a/core/modules/jsonapi/tests/src/Functional/MediaTest.php b/core/modules/jsonapi/tests/src/Functional/MediaTest.php
new file mode 100644
index 0000000000..30b4bb412f
--- /dev/null
+++ b/core/modules/jsonapi/tests/src/Functional/MediaTest.php
@@ -0,0 +1,370 @@
+ NULL,
+ ];
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function setUpAuthorization($method) {
+ switch ($method) {
+ case 'GET':
+ $this->grantPermissionsToTestedRole(['view media']);
+ break;
+
+ case 'POST':
+ $this->grantPermissionsToTestedRole(['create camelids media', 'access content']);
+ break;
+
+ case 'PATCH':
+ $this->grantPermissionsToTestedRole(['edit any camelids media']);
+ // @todo Remove this in https://www.drupal.org/node/2824851.
+ $this->grantPermissionsToTestedRole(['access content']);
+ break;
+
+ case 'DELETE':
+ $this->grantPermissionsToTestedRole(['delete any camelids media']);
+ break;
+ }
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function setUpRevisionAuthorization($method) {
+ parent::setUpRevisionAuthorization($method);
+ $this->grantPermissionsToTestedRole(['view all media revisions']);
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function createEntity() {
+ if (!MediaType::load('camelids')) {
+ // Create a "Camelids" media type.
+ $media_type = MediaType::create([
+ 'name' => 'Camelids',
+ 'id' => 'camelids',
+ 'description' => 'Camelids are large, strictly herbivorous animals with slender necks and long legs.',
+ 'source' => 'file',
+ ]);
+ $media_type->save();
+ // Create the source field.
+ $source_field = $media_type->getSource()->createSourceField($media_type);
+ $source_field->getFieldStorageDefinition()->save();
+ $source_field->save();
+ $media_type
+ ->set('source_configuration', [
+ 'source_field' => $source_field->getName(),
+ ])
+ ->save();
+ }
+
+ // Create a file to upload.
+ $file = File::create([
+ 'uri' => 'public://llama.txt',
+ ]);
+ $file->setPermanent();
+ $file->save();
+
+ // @see \Drupal\Tests\jsonapi\Functional\MediaTest::testPostIndividual()
+ $post_file = File::create([
+ 'uri' => 'public://llama2.txt',
+ ]);
+ $post_file->setPermanent();
+ $post_file->save();
+
+ // Create a "Llama" media item.
+ $media = Media::create([
+ 'bundle' => 'camelids',
+ 'field_media_file' => [
+ 'target_id' => $file->id(),
+ ],
+ ]);
+ $media
+ ->setName('Llama')
+ ->setPublished()
+ ->setCreatedTime(123456789)
+ ->setOwnerId($this->account->id())
+ ->setRevisionUserId($this->account->id())
+ ->save();
+
+ return $media;
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function getExpectedDocument() {
+ $file = File::load(1);
+ $thumbnail = File::load(3);
+ $author = User::load($this->entity->getOwnerId());
+ $self_url = Url::fromUri('base:/jsonapi/media/camelids/' . $this->entity->uuid())->setAbsolute()->toString(TRUE)->getGeneratedUrl();
+ return [
+ 'jsonapi' => [
+ 'meta' => [
+ 'links' => [
+ 'self' => ['href' => 'http://jsonapi.org/format/1.0/'],
+ ],
+ ],
+ 'version' => '1.0',
+ ],
+ 'links' => [
+ 'self' => ['href' => $self_url],
+ ],
+ 'data' => [
+ 'id' => $this->entity->uuid(),
+ 'type' => 'media--camelids',
+ 'links' => [
+ 'self' => ['href' => $self_url],
+ ],
+ 'attributes' => [
+ 'langcode' => 'en',
+ 'name' => 'Llama',
+ 'status' => TRUE,
+ 'created' => '1973-11-29T21:33:09+00:00',
+ 'changed' => (new \DateTime())->setTimestamp($this->entity->getChangedTime())->setTimezone(new \DateTimeZone('UTC'))->format(\DateTime::RFC3339),
+ 'revision_created' => (new \DateTime())->setTimestamp($this->entity->getRevisionCreationTime())->setTimezone(new \DateTimeZone('UTC'))->format(\DateTime::RFC3339),
+ 'default_langcode' => TRUE,
+ 'revision_log_message' => NULL,
+ // @todo Attempt to remove this in https://www.drupal.org/project/drupal/issues/2933518.
+ 'revision_translation_affected' => TRUE,
+ 'drupal_internal__mid' => 1,
+ 'drupal_internal__vid' => 1,
+ ],
+ 'relationships' => [
+ 'field_media_file' => [
+ 'data' => [
+ 'id' => $file->uuid(),
+ 'meta' => [
+ 'description' => NULL,
+ 'display' => NULL,
+ ],
+ 'type' => 'file--file',
+ ],
+ 'links' => [
+ 'related' => ['href' => $self_url . '/field_media_file'],
+ 'self' => [
+ 'href' => $self_url . '/relationships/field_media_file',
+ ],
+ ],
+ ],
+ 'thumbnail' => [
+ 'data' => [
+ 'id' => $thumbnail->uuid(),
+ 'meta' => [
+ 'alt' => '',
+ 'width' => 180,
+ 'height' => 180,
+ 'title' => NULL,
+ ],
+ 'type' => 'file--file',
+ ],
+ 'links' => [
+ 'related' => ['href' => $self_url . '/thumbnail'],
+ 'self' => ['href' => $self_url . '/relationships/thumbnail'],
+ ],
+ ],
+ 'bundle' => [
+ 'data' => [
+ 'id' => MediaType::load('camelids')->uuid(),
+ 'type' => 'media_type--media_type',
+ ],
+ 'links' => [
+ 'related' => ['href' => $self_url . '/bundle'],
+ 'self' => ['href' => $self_url . '/relationships/bundle'],
+ ],
+ ],
+ 'uid' => [
+ 'data' => [
+ 'id' => $author->uuid(),
+ 'type' => 'user--user',
+ ],
+ 'links' => [
+ 'related' => ['href' => $self_url . '/uid'],
+ 'self' => ['href' => $self_url . '/relationships/uid'],
+ ],
+ ],
+ 'revision_user' => [
+ 'data' => [
+ 'id' => $author->uuid(),
+ 'type' => 'user--user',
+ ],
+ 'links' => [
+ 'related' => ['href' => $self_url . '/revision_user'],
+ 'self' => ['href' => $self_url . '/relationships/revision_user'],
+ ],
+ ],
+ ],
+ ],
+ ];
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function getPostDocument() {
+ $file = File::load(2);
+ return [
+ 'data' => [
+ 'type' => 'media--camelids',
+ 'attributes' => [
+ 'name' => 'Dramallama',
+ ],
+ 'relationships' => [
+ 'field_media_file' => [
+ 'data' => [
+ 'id' => $file->uuid(),
+ 'meta' => [
+ 'description' => 'This file is better!',
+ 'display' => NULL,
+ ],
+ 'type' => 'file--file',
+ ],
+ ],
+ ],
+ ],
+ ];
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function getExpectedUnauthorizedAccessMessage($method) {
+ switch ($method) {
+ case 'GET';
+ return "The 'view media' permission is required and the media item must be published.";
+
+ case 'POST':
+ return "The following permissions are required: 'administer media' OR 'create media' OR 'create camelids media'.";
+
+ case 'PATCH':
+ return "The following permissions are required: 'update any media' OR 'update own media' OR 'camelids: edit any media' OR 'camelids: edit own media'.";
+
+ case 'DELETE':
+ return "The following permissions are required: 'delete any media' OR 'delete own media' OR 'camelids: delete any media' OR 'camelids: delete own media'.";
+
+ default:
+ return '';
+ }
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function getEditorialPermissions() {
+ return array_merge(parent::getEditorialPermissions(), ['view any unpublished content']);
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function getExpectedUnauthorizedAccessCacheability() {
+ // @see \Drupal\media\MediaAccessControlHandler::checkAccess()
+ return parent::getExpectedUnauthorizedAccessCacheability()
+ ->addCacheTags(['media:1']);
+ }
+
+ // @codingStandardsIgnoreStart
+ /**
+ * {@inheritdoc}
+ */
+ public function testPostIndividual() {
+ // @todo Mimic \Drupal\Tests\rest\Functional\EntityResource\Media\MediaResourceTestBase::testPost()
+ // @todo Later, use https://www.drupal.org/project/jsonapi/issues/2958554 to upload files rather than the REST module.
+ parent::testPostIndividual();
+ }
+ // @codingStandardsIgnoreEnd
+
+ /**
+ * {@inheritdoc}
+ *
+ * @todo Determine if this override should be removed in https://www.drupal.org/project/jsonapi/issues/2952522
+ */
+ protected function getExpectedGetRelationshipDocumentData($relationship_field_name, EntityInterface $entity = NULL) {
+ $data = parent::getExpectedGetRelationshipDocumentData($relationship_field_name, $entity);
+ switch ($relationship_field_name) {
+ case 'thumbnail':
+ $data['meta'] = [
+ 'alt' => '',
+ 'width' => 180,
+ 'height' => 180,
+ 'title' => NULL,
+ ];
+ return $data;
+
+ case 'field_media_file':
+ $data['meta'] = [
+ 'description' => NULL,
+ 'display' => NULL,
+ ];
+ return $data;
+
+ default:
+ return $data;
+ }
+ }
+
+ /**
+ * {@inheritdoc}
+ *
+ * @todo Remove this in https://www.drupal.org/node/2824851.
+ */
+ protected function doTestRelationshipMutation(array $request_options) {
+ $this->grantPermissionsToTestedRole(['access content']);
+ parent::doTestRelationshipMutation($request_options);
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function testCollectionFilterAccess() {
+ $this->doTestCollectionFilterAccessForPublishableEntities('name', 'view media', 'administer media');
+ }
+
+}
diff --git a/core/modules/jsonapi/tests/src/Functional/MediaTypeTest.php b/core/modules/jsonapi/tests/src/Functional/MediaTypeTest.php
new file mode 100644
index 0000000000..3e2a0151ec
--- /dev/null
+++ b/core/modules/jsonapi/tests/src/Functional/MediaTypeTest.php
@@ -0,0 +1,110 @@
+grantPermissionsToTestedRole(['administer media types']);
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function createEntity() {
+ // Create a "Camelids" media type.
+ $camelids = MediaType::create([
+ 'name' => 'Camelids',
+ 'id' => 'camelids',
+ 'description' => 'Camelids are large, strictly herbivorous animals with slender necks and long legs.',
+ 'source' => 'file',
+ ]);
+
+ $camelids->save();
+
+ return $camelids;
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function getExpectedDocument() {
+ $self_url = Url::fromUri('base:/jsonapi/media_type/media_type/' . $this->entity->uuid())->setAbsolute()->toString(TRUE)->getGeneratedUrl();
+ return [
+ 'jsonapi' => [
+ 'meta' => [
+ 'links' => [
+ 'self' => ['href' => 'http://jsonapi.org/format/1.0/'],
+ ],
+ ],
+ 'version' => '1.0',
+ ],
+ 'links' => [
+ 'self' => ['href' => $self_url],
+ ],
+ 'data' => [
+ 'id' => $this->entity->uuid(),
+ 'type' => 'media_type--media_type',
+ 'links' => [
+ 'self' => ['href' => $self_url],
+ ],
+ 'attributes' => [
+ 'dependencies' => [],
+ 'description' => 'Camelids are large, strictly herbivorous animals with slender necks and long legs.',
+ 'field_map' => [],
+ 'label' => NULL,
+ 'langcode' => 'en',
+ 'new_revision' => FALSE,
+ 'queue_thumbnail_downloads' => FALSE,
+ 'source' => 'file',
+ 'source_configuration' => [
+ 'source_field' => '',
+ ],
+ 'status' => TRUE,
+ 'drupal_internal__id' => 'camelids',
+ ],
+ ],
+ ];
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function getPostDocument() {
+ // @todo Update in https://www.drupal.org/node/2300677.
+ }
+
+}
diff --git a/core/modules/jsonapi/tests/src/Functional/MenuLinkContentTest.php b/core/modules/jsonapi/tests/src/Functional/MenuLinkContentTest.php
new file mode 100644
index 0000000000..2e6b04c5ee
--- /dev/null
+++ b/core/modules/jsonapi/tests/src/Functional/MenuLinkContentTest.php
@@ -0,0 +1,156 @@
+ NULL,
+ ];
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function setUpAuthorization($method) {
+ $this->grantPermissionsToTestedRole(['administer menu']);
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function createEntity() {
+ $menu_link = MenuLinkContent::create([
+ 'id' => 'llama',
+ 'title' => 'Llama Gabilondo',
+ 'description' => 'Llama Gabilondo',
+ 'link' => 'https://nl.wikipedia.org/wiki/Llama',
+ 'weight' => 0,
+ 'menu_name' => 'main',
+ ]);
+ $menu_link->save();
+
+ return $menu_link;
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function getExpectedDocument() {
+ $self_url = Url::fromUri('base:/jsonapi/menu_link_content/menu_link_content/' . $this->entity->uuid())->setAbsolute()->toString(TRUE)->getGeneratedUrl();
+ return [
+ 'jsonapi' => [
+ 'meta' => [
+ 'links' => [
+ 'self' => ['href' => 'http://jsonapi.org/format/1.0/'],
+ ],
+ ],
+ 'version' => '1.0',
+ ],
+ 'links' => [
+ 'self' => ['href' => $self_url],
+ ],
+ 'data' => [
+ 'id' => $this->entity->uuid(),
+ 'type' => 'menu_link_content--menu_link_content',
+ 'links' => [
+ 'self' => ['href' => $self_url],
+ ],
+ 'attributes' => [
+ 'bundle' => 'menu_link_content',
+ 'link' => [
+ 'uri' => 'https://nl.wikipedia.org/wiki/Llama',
+ 'title' => NULL,
+ 'options' => [],
+ ],
+ 'changed' => (new \DateTime())->setTimestamp($this->entity->getChangedTime())->setTimezone(new \DateTimeZone('UTC'))->format(\DateTime::RFC3339),
+ 'default_langcode' => TRUE,
+ 'description' => 'Llama Gabilondo',
+ 'enabled' => TRUE,
+ 'expanded' => FALSE,
+ 'external' => FALSE,
+ 'langcode' => 'en',
+ 'menu_name' => 'main',
+ 'parent' => NULL,
+ 'rediscover' => FALSE,
+ 'title' => 'Llama Gabilondo',
+ 'weight' => 0,
+ 'drupal_internal__id' => 1,
+ ],
+ ],
+ ];
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function getPostDocument() {
+ return [
+ 'data' => [
+ 'type' => 'menu_link_content--menu_link_content',
+ 'attributes' => [
+ 'title' => 'Dramallama',
+ 'link' => [
+ 'uri' => 'http://www.urbandictionary.com/define.php?term=drama%20llama',
+ ],
+ ],
+ ],
+ ];
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function getExpectedUnauthorizedAccessMessage($method) {
+ switch ($method) {
+ case 'DELETE':
+ return "The 'administer menu' permission is required.";
+
+ default:
+ return parent::getExpectedUnauthorizedAccessMessage($method);
+ }
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function testCollectionFilterAccess() {
+ $this->doTestCollectionFilterAccessBasedOnPermissions('title', 'administer menu');
+ }
+
+}
diff --git a/core/modules/jsonapi/tests/src/Functional/MenuTest.php b/core/modules/jsonapi/tests/src/Functional/MenuTest.php
new file mode 100644
index 0000000000..2acb15f01a
--- /dev/null
+++ b/core/modules/jsonapi/tests/src/Functional/MenuTest.php
@@ -0,0 +1,106 @@
+grantPermissionsToTestedRole(['administer menu']);
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function createEntity() {
+ $menu = Menu::create([
+ 'id' => 'menu',
+ 'label' => 'Menu',
+ 'description' => 'Menu',
+ ]);
+ $menu->save();
+
+ return $menu;
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function getExpectedDocument() {
+ $self_url = Url::fromUri('base:/jsonapi/menu/menu/' . $this->entity->uuid())->setAbsolute()->toString(TRUE)->getGeneratedUrl();
+ return [
+ 'jsonapi' => [
+ 'meta' => [
+ 'links' => [
+ 'self' => ['href' => 'http://jsonapi.org/format/1.0/'],
+ ],
+ ],
+ 'version' => '1.0',
+ ],
+ 'links' => [
+ 'self' => ['href' => $self_url],
+ ],
+ 'data' => [
+ 'id' => $this->entity->uuid(),
+ 'type' => 'menu--menu',
+ 'links' => [
+ 'self' => ['href' => $self_url],
+ ],
+ 'attributes' => [
+ 'dependencies' => [],
+ 'description' => 'Menu',
+ 'label' => 'Menu',
+ 'langcode' => 'en',
+ 'locked' => FALSE,
+ 'status' => TRUE,
+ 'drupal_internal__id' => 'menu',
+ ],
+ ],
+ ];
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function getPostDocument() {
+ // @todo Update in https://www.drupal.org/node/2300677.
+ }
+
+}
diff --git a/core/modules/jsonapi/tests/src/Functional/MessageTest.php b/core/modules/jsonapi/tests/src/Functional/MessageTest.php
new file mode 100644
index 0000000000..48b82ed2b1
--- /dev/null
+++ b/core/modules/jsonapi/tests/src/Functional/MessageTest.php
@@ -0,0 +1,189 @@
+grantPermissionsToTestedRole(['access site-wide contact form']);
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function createEntity() {
+ if (!ContactForm::load('camelids')) {
+ // Create a "Camelids" contact form.
+ ContactForm::create([
+ 'id' => 'camelids',
+ 'label' => 'Llama',
+ 'message' => 'Let us know what you think about llamas',
+ 'reply' => 'Llamas are indeed awesome!',
+ 'recipients' => [
+ 'llama@example.com',
+ 'contact@example.com',
+ ],
+ ])->save();
+ }
+
+ $message = Message::create([
+ 'contact_form' => 'camelids',
+ 'subject' => 'Llama Gabilondo',
+ 'message' => 'Llamas are awesome!',
+ ]);
+ $message->save();
+
+ return $message;
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function getExpectedDocument() {
+ throw new \Exception('Not yet supported.');
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function getPostDocument() {
+ return [
+ 'data' => [
+ 'type' => 'contact_message--camelids',
+ 'attributes' => [
+ 'subject' => 'Dramallama',
+ 'message' => 'http://www.urbandictionary.com/define.php?term=drama%20llama',
+ ],
+ ],
+ ];
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function getExpectedUnauthorizedAccessMessage($method) {
+ if ($method === 'POST') {
+ return "The 'access site-wide contact form' permission is required.";
+ }
+ return parent::getExpectedUnauthorizedAccessMessage($method);
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function testGetIndividual() {
+ // Contact Message entities are not stored, so they cannot be retrieved.
+ $this->setExpectedException(RouteNotFoundException::class, 'Route "jsonapi.contact_message--camelids.individual" does not exist.');
+
+ Url::fromRoute('jsonapi.contact_message--camelids.individual')->toString(TRUE);
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function testPatchIndividual() {
+ // Contact Message entities are not stored, so they cannot be modified.
+ $this->setExpectedException(RouteNotFoundException::class, 'Route "jsonapi.contact_message--camelids.individual" does not exist.');
+
+ Url::fromRoute('jsonapi.contact_message--camelids.individual')->toString(TRUE);
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function testDeleteIndividual() {
+ // Contact Message entities are not stored, so they cannot be deleted.
+ $this->setExpectedException(RouteNotFoundException::class, 'Route "jsonapi.contact_message--camelids.individual" does not exist.');
+
+ Url::fromRoute('jsonapi.contact_message--camelids.individual')->toString(TRUE);
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function testRelated() {
+ // Contact Message entities are not stored, so they cannot be retrieved.
+ $this->setExpectedException(RouteNotFoundException::class, 'Route "jsonapi.contact_message--camelids.related" does not exist.');
+
+ Url::fromRoute('jsonapi.contact_message--camelids.related')->toString(TRUE);
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function testRelationships() {
+ // Contact Message entities are not stored, so they cannot be retrieved.
+ $this->setExpectedException(RouteNotFoundException::class, 'Route "jsonapi.contact_message--camelids.relationship.get" does not exist.');
+
+ Url::fromRoute('jsonapi.contact_message--camelids.relationship.get')->toString(TRUE);
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function testCollection() {
+ $collection_url = Url::fromRoute('jsonapi.contact_message--camelids.collection.post')->setAbsolute(TRUE);
+ $request_options = [];
+ $request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
+ $request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions());
+
+ // 405 because Message entities are not stored, so they cannot be retrieved,
+ // yet the same URL can be used to POST them.
+ $response = $this->request('GET', $collection_url, $request_options);
+ $this->assertSame(405, $response->getStatusCode());
+ $this->assertSame(['POST'], $response->getHeader('Allow'));
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function testRevisions() {
+ // Contact Message entities are not stored, so they cannot be retrieved.
+ $this->setExpectedException(RouteNotFoundException::class, 'Route "jsonapi.contact_message--camelids.individual" does not exist.');
+
+ Url::fromRoute('jsonapi.contact_message--camelids.individual')->toString(TRUE);
+ }
+
+}
diff --git a/core/modules/jsonapi/tests/src/Functional/NodeTest.php b/core/modules/jsonapi/tests/src/Functional/NodeTest.php
new file mode 100644
index 0000000000..6e2d2ce1d9
--- /dev/null
+++ b/core/modules/jsonapi/tests/src/Functional/NodeTest.php
@@ -0,0 +1,423 @@
+ NULL,
+ 'created' => "The 'administer nodes' permission is required.",
+ 'changed' => NULL,
+ 'promote' => "The 'administer nodes' permission is required.",
+ 'sticky' => "The 'administer nodes' permission is required.",
+ 'path' => "The following permissions are required: 'create url aliases' OR 'administer url aliases'.",
+ 'revision_uid' => NULL,
+ ];
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function setUpAuthorization($method) {
+ switch ($method) {
+ case 'GET':
+ $this->grantPermissionsToTestedRole(['access content']);
+ break;
+
+ case 'POST':
+ $this->grantPermissionsToTestedRole(['access content', 'create camelids content']);
+ break;
+
+ case 'PATCH':
+ // Do not grant the 'create url aliases' permission to test the case
+ // when the path field is protected/not accessible, see
+ // \Drupal\Tests\rest\Functional\EntityResource\Term\TermResourceTestBase
+ // for a positive test.
+ $this->grantPermissionsToTestedRole(['access content', 'edit any camelids content']);
+ break;
+
+ case 'DELETE':
+ $this->grantPermissionsToTestedRole(['access content', 'delete any camelids content']);
+ break;
+ }
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function setUpRevisionAuthorization($method) {
+ parent::setUpRevisionAuthorization($method);
+ $this->grantPermissionsToTestedRole(['view all revisions']);
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function createEntity() {
+ if (!NodeType::load('camelids')) {
+ // Create a "Camelids" node type.
+ NodeType::create([
+ 'name' => 'Camelids',
+ 'type' => 'camelids',
+ ])->save();
+ }
+
+ // Create a "Llama" node.
+ $node = Node::create(['type' => 'camelids']);
+ $node->setTitle('Llama')
+ ->setOwnerId($this->account->id())
+ ->setPublished()
+ ->setCreatedTime(123456789)
+ ->setChangedTime(123456789)
+ ->setRevisionCreationTime(123456789)
+ ->set('path', '/llama')
+ ->save();
+
+ return $node;
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function getExpectedDocument() {
+ $author = User::load($this->entity->getOwnerId());
+ $self_url = Url::fromUri('base:/jsonapi/node/camelids/' . $this->entity->uuid())->setAbsolute()->toString(TRUE)->getGeneratedUrl();
+ return [
+ 'jsonapi' => [
+ 'meta' => [
+ 'links' => [
+ 'self' => ['href' => 'http://jsonapi.org/format/1.0/'],
+ ],
+ ],
+ 'version' => '1.0',
+ ],
+ 'links' => [
+ 'self' => ['href' => $self_url],
+ ],
+ 'data' => [
+ 'id' => $this->entity->uuid(),
+ 'type' => 'node--camelids',
+ 'links' => [
+ 'self' => ['href' => $self_url],
+ ],
+ 'attributes' => [
+ 'created' => '1973-11-29T21:33:09+00:00',
+ 'changed' => (new \DateTime())->setTimestamp($this->entity->getChangedTime())->setTimezone(new \DateTimeZone('UTC'))->format(\DateTime::RFC3339),
+ 'default_langcode' => TRUE,
+ 'langcode' => 'en',
+ 'path' => [
+ 'alias' => '/llama',
+ 'pid' => 1,
+ 'langcode' => 'en',
+ ],
+ 'promote' => TRUE,
+ 'revision_log' => NULL,
+ 'revision_timestamp' => '1973-11-29T21:33:09+00:00',
+ // @todo Attempt to remove this in https://www.drupal.org/project/drupal/issues/2933518.
+ 'revision_translation_affected' => TRUE,
+ 'status' => TRUE,
+ 'sticky' => FALSE,
+ 'title' => 'Llama',
+ 'drupal_internal__nid' => 1,
+ 'drupal_internal__vid' => 1,
+ ],
+ 'relationships' => [
+ 'node_type' => [
+ 'data' => [
+ 'id' => NodeType::load('camelids')->uuid(),
+ 'type' => 'node_type--node_type',
+ ],
+ 'links' => [
+ 'related' => ['href' => $self_url . '/node_type'],
+ 'self' => ['href' => $self_url . '/relationships/node_type'],
+ ],
+ ],
+ 'uid' => [
+ 'data' => [
+ 'id' => $author->uuid(),
+ 'type' => 'user--user',
+ ],
+ 'links' => [
+ 'related' => ['href' => $self_url . '/uid'],
+ 'self' => ['href' => $self_url . '/relationships/uid'],
+ ],
+ ],
+ 'revision_uid' => [
+ 'data' => [
+ 'id' => $author->uuid(),
+ 'type' => 'user--user',
+ ],
+ 'links' => [
+ 'related' => ['href' => $self_url . '/revision_uid'],
+ 'self' => ['href' => $self_url . '/relationships/revision_uid'],
+ ],
+ ],
+ ],
+ ],
+ ];
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function getPostDocument() {
+ return [
+ 'data' => [
+ 'type' => 'node--camelids',
+ 'attributes' => [
+ 'title' => 'Dramallama',
+ ],
+ ],
+ ];
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function getExpectedUnauthorizedAccessMessage($method) {
+ switch ($method) {
+ case 'GET':
+ case 'PATCH':
+ case 'DELETE':
+ return "The 'access content' permission is required.";
+
+ case 'POST':
+ // @see \Drupal\node\NodeAccessControlHandler::createAccess() forbids access without providing a reason if the user doe
+ return '';
+ }
+ }
+
+ /**
+ * Tests PATCHing a node's path with and without 'create url aliases'.
+ *
+ * For a positive test, see the similar test coverage for Term.
+ *
+ * @see \Drupal\Tests\jsonapi\Functional\TermTest::testPatchPath()
+ * @see \Drupal\Tests\rest\Functional\EntityResource\Term\TermResourceTestBase::testPatchPath()
+ */
+ public function testPatchPath() {
+ $this->setUpAuthorization('GET');
+ $this->setUpAuthorization('PATCH');
+
+ // @todo Remove line below in favor of commented line in https://www.drupal.org/project/jsonapi/issues/2878463.
+ $url = Url::fromRoute(sprintf('jsonapi.%s.individual', static::$resourceTypeName), ['entity' => $this->entity->uuid()]);
+ /* $url = $this->entity->toUrl('jsonapi'); */
+
+ // GET node's current normalization.
+ $response = $this->request('GET', $url, $this->getAuthenticationRequestOptions());
+ $normalization = Json::decode((string) $response->getBody());
+
+ // Change node's path alias.
+ $normalization['data']['attributes']['path']['alias'] .= 's-rule-the-world';
+
+ // Create node PATCH request.
+ $request_options = $this->getAuthenticationRequestOptions();
+ $request_options[RequestOptions::HEADERS]['Content-Type'] = 'application/vnd.api+json';
+ $request_options[RequestOptions::BODY] = Json::encode($normalization);
+
+ // PATCH request: 403 when creating URL aliases unauthorized.
+ $response = $this->request('PATCH', $url, $request_options);
+ $this->assertResourceErrorResponse(403, "The current user is not allowed to PATCH the selected field (path). The following permissions are required: 'create url aliases' OR 'administer url aliases'.", $url, $response, '/data/attributes/path');
+
+ // Grant permission to create URL aliases.
+ $this->grantPermissionsToTestedRole(['create url aliases']);
+
+ // Repeat PATCH request: 200.
+ $response = $this->request('PATCH', $url, $request_options);
+ $this->assertResourceResponse(200, FALSE, $response);
+ $updated_normalization = Json::decode((string) $response->getBody());
+ $this->assertSame($normalization['data']['attributes']['path']['alias'], $updated_normalization['data']['attributes']['path']['alias']);
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function testGetIndividual() {
+ parent::testGetIndividual();
+
+ // Unpublish node.
+ $this->entity->setUnpublished()->save();
+
+ // @todo Remove line below in favor of commented line in https://www.drupal.org/project/jsonapi/issues/2878463.
+ $url = Url::fromRoute(sprintf('jsonapi.%s.individual', static::$resourceTypeName), ['entity' => $this->entity->uuid()]);
+ /* $url = $this->entity->toUrl('jsonapi'); */
+ $request_options = $this->getAuthenticationRequestOptions();
+
+ // 403 when accessing own unpublished node.
+ $response = $this->request('GET', $url, $request_options);
+ // @todo Remove $expected + assertResourceResponse() in favor of the commented line below once https://www.drupal.org/project/jsonapi/issues/2943176 lands.
+ $expected_document = [
+ 'jsonapi' => static::$jsonApiMember,
+ 'errors' => [
+ [
+ 'title' => 'Forbidden',
+ 'status' => 403,
+ 'detail' => 'The current user is not allowed to GET the selected resource.',
+ 'links' => [
+ 'info' => ['href' => HttpExceptionNormalizer::getInfoUrl(403)],
+ 'via' => ['href' => $url->setAbsolute()->toString()],
+ ],
+ 'source' => [
+ 'pointer' => '/data',
+ ],
+ ],
+ ],
+ ];
+ $this->assertResourceResponse(
+ 403,
+ $expected_document,
+ $response,
+ ['4xx-response', 'http_response', 'node:1'],
+ ['url.query_args:resourceVersion', 'url.site', 'user.permissions'],
+ FALSE,
+ 'MISS'
+ );
+ /* $this->assertResourceErrorResponse(403, 'The current user is not allowed to GET the selected resource.', $response, '/data'); */
+
+ // 200 after granting permission.
+ $this->grantPermissionsToTestedRole(['view own unpublished content']);
+ $response = $this->request('GET', $url, $request_options);
+ // The response varies by 'user', causing the 'user.permissions' cache
+ // context to be optimized away.
+ $expected_cache_contexts = Cache::mergeContexts($this->getExpectedCacheContexts(), ['user']);
+ $expected_cache_contexts = array_diff($expected_cache_contexts, ['user.permissions']);
+ $this->assertResourceResponse(200, FALSE, $response, $this->getExpectedCacheTags(), $expected_cache_contexts, FALSE, 'UNCACHEABLE');
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected static function getIncludePermissions() {
+ return [
+ 'uid.node_type' => ['administer users'],
+ 'uid.roles' => ['administer permissions'],
+ ];
+ }
+
+ /**
+ * Creating relationships to missing resources should be 404 per JSON:API 1.1.
+ *
+ * @see https://github.com/json-api/json-api/issues/1033
+ */
+ public function testPostNonExistingAuthor() {
+ $this->setUpAuthorization('POST');
+ $this->grantPermissionsToTestedRole(['administer nodes']);
+
+ $random_uuid = \Drupal::service('uuid')->generate();
+ $doc = $this->getPostDocument();
+ $doc['data']['relationships']['uid']['data'] = [
+ 'type' => 'user--user',
+ 'id' => $random_uuid,
+ ];
+
+ // Create node POST request.
+ $url = Url::fromRoute(sprintf('jsonapi.%s.collection.post', static::$resourceTypeName));
+ $request_options = $this->getAuthenticationRequestOptions();
+ $request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
+ $request_options[RequestOptions::HEADERS]['Content-Type'] = 'application/vnd.api+json';
+ $request_options[RequestOptions::BODY] = Json::encode($doc);
+
+ // POST request: 404 when adding relationships to non-existing resources.
+ $response = $this->request('POST', $url, $request_options);
+ $expected_document = [
+ 'errors' => [
+ 0 => [
+ 'status' => 404,
+ 'title' => 'Not Found',
+ 'detail' => "The resource identified by `user--user:$random_uuid` (given as a relationship item) could not be found.",
+ 'links' => [
+ 'info' => ['href' => HttpExceptionNormalizer::getInfoUrl(404)],
+ 'via' => ['href' => $url->setAbsolute()->toString()],
+ ],
+ ],
+ ],
+ 'jsonapi' => static::$jsonApiMember,
+ ];
+ $this->assertResourceResponse(404, $expected_document, $response);
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function testCollectionFilterAccess() {
+ $label_field_name = 'title';
+ $this->doTestCollectionFilterAccessForPublishableEntities($label_field_name, 'access content', 'bypass node access');
+
+ $collection_url = Url::fromRoute('jsonapi.entity_test--bar.collection');
+ $collection_filter_url = $collection_url->setOption('query', ["filter[spotlight.$label_field_name]" => $this->entity->label()]);
+ $request_options = [];
+ $request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
+ $request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions());
+
+ $this->revokePermissionsFromTestedRole(['bypass node access']);
+
+ // 0 results because the node is unpublished.
+ $response = $this->request('GET', $collection_filter_url, $request_options);
+ $doc = Json::decode((string) $response->getBody());
+ $this->assertCount(0, $doc['data']);
+
+ $this->grantPermissionsToTestedRole(['view own unpublished content']);
+
+ // 1 result because the current user is the owner of the unpublished node.
+ $response = $this->request('GET', $collection_filter_url, $request_options);
+ $doc = Json::decode((string) $response->getBody());
+ $this->assertCount(1, $doc['data']);
+
+ $this->entity->setOwnerId(0)->save();
+
+ // 0 results because the current user is no longer the owner.
+ $response = $this->request('GET', $collection_filter_url, $request_options);
+ $doc = Json::decode((string) $response->getBody());
+ $this->assertCount(0, $doc['data']);
+
+ // Assert bubbling of cacheability from query alter hook.
+ $this->assertTrue($this->container->get('module_installer')->install(['node_access_test'], TRUE), 'Installed modules.');
+ node_access_rebuild();
+ $this->rebuildAll();
+ $response = $this->request('GET', $collection_filter_url, $request_options);
+ $this->assertTrue(in_array('user.node_grants:view', explode(' ', $response->getHeader('X-Drupal-Cache-Contexts')[0]), TRUE));
+ }
+
+}
diff --git a/core/modules/jsonapi/tests/src/Functional/NodeTypeTest.php b/core/modules/jsonapi/tests/src/Functional/NodeTypeTest.php
new file mode 100644
index 0000000000..eeeb4645ae
--- /dev/null
+++ b/core/modules/jsonapi/tests/src/Functional/NodeTypeTest.php
@@ -0,0 +1,113 @@
+grantPermissionsToTestedRole(['administer content types', 'access content']);
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function createEntity() {
+ // Create a "Camelids" node type.
+ $camelids = NodeType::create([
+ 'name' => 'Camelids',
+ 'type' => 'camelids',
+ 'description' => 'Camelids are large, strictly herbivorous animals with slender necks and long legs.',
+ ]);
+
+ $camelids->save();
+
+ return $camelids;
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function getExpectedDocument() {
+ $self_url = Url::fromUri('base:/jsonapi/node_type/node_type/' . $this->entity->uuid())->setAbsolute()->toString(TRUE)->getGeneratedUrl();
+ return [
+ 'jsonapi' => [
+ 'meta' => [
+ 'links' => [
+ 'self' => ['href' => 'http://jsonapi.org/format/1.0/'],
+ ],
+ ],
+ 'version' => '1.0',
+ ],
+ 'links' => [
+ 'self' => ['href' => $self_url],
+ ],
+ 'data' => [
+ 'id' => $this->entity->uuid(),
+ 'type' => 'node_type--node_type',
+ 'links' => [
+ 'self' => ['href' => $self_url],
+ ],
+ 'attributes' => [
+ 'dependencies' => [],
+ 'description' => 'Camelids are large, strictly herbivorous animals with slender necks and long legs.',
+ 'display_submitted' => TRUE,
+ 'help' => NULL,
+ 'langcode' => 'en',
+ 'name' => 'Camelids',
+ 'new_revision' => TRUE,
+ 'preview_mode' => 1,
+ 'status' => TRUE,
+ 'drupal_internal__type' => 'camelids',
+ ],
+ ],
+ ];
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function getPostDocument() {
+ // @todo Update in https://www.drupal.org/node/2300677.
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function getExpectedUnauthorizedAccessMessage($method) {
+ return "The 'access content' permission is required.";
+ }
+
+}
diff --git a/core/modules/jsonapi/tests/src/Functional/RdfMappingTest.php b/core/modules/jsonapi/tests/src/Functional/RdfMappingTest.php
new file mode 100644
index 0000000000..2570e9756e
--- /dev/null
+++ b/core/modules/jsonapi/tests/src/Functional/RdfMappingTest.php
@@ -0,0 +1,148 @@
+grantPermissionsToTestedRole(['administer site configuration']);
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function createEntity() {
+ // Create a "Camelids" node type.
+ $camelids = NodeType::create([
+ 'name' => 'Camelids',
+ 'type' => 'camelids',
+ ]);
+
+ $camelids->save();
+
+ // Create the RDF mapping.
+ $llama = RdfMapping::create([
+ 'targetEntityType' => 'node',
+ 'bundle' => 'camelids',
+ ]);
+ $llama->setBundleMapping([
+ 'types' => ['sioc:Item', 'foaf:Document'],
+ ])
+ ->setFieldMapping('title', [
+ 'properties' => ['dc:title'],
+ ])
+ ->setFieldMapping('created', [
+ 'properties' => ['dc:date', 'dc:created'],
+ 'datatype' => 'xsd:dateTime',
+ 'datatype_callback' => ['callable' => 'Drupal\rdf\CommonDataConverter::dateIso8601Value'],
+ ])
+ ->save();
+
+ return $llama;
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function getExpectedDocument() {
+ $self_url = Url::fromUri('base:/jsonapi/rdf_mapping/rdf_mapping/' . $this->entity->uuid())->setAbsolute()->toString(TRUE)->getGeneratedUrl();
+ return [
+ 'jsonapi' => [
+ 'meta' => [
+ 'links' => [
+ 'self' => ['href' => 'http://jsonapi.org/format/1.0/'],
+ ],
+ ],
+ 'version' => '1.0',
+ ],
+ 'links' => [
+ 'self' => ['href' => $self_url],
+ ],
+ 'data' => [
+ 'id' => $this->entity->uuid(),
+ 'type' => 'rdf_mapping--rdf_mapping',
+ 'links' => [
+ 'self' => ['href' => $self_url],
+ ],
+ 'attributes' => [
+ 'bundle' => 'camelids',
+ 'dependencies' => [
+ 'config' => [
+ 'node.type.camelids',
+ ],
+ 'module' => [
+ 'node',
+ ],
+ ],
+ 'fieldMappings' => [
+ 'title' => [
+ 'properties' => [
+ 'dc:title',
+ ],
+ ],
+ 'created' => [
+ 'properties' => [
+ 'dc:date',
+ 'dc:created',
+ ],
+ 'datatype' => 'xsd:dateTime',
+ 'datatype_callback' => [
+ 'callable' => 'Drupal\rdf\CommonDataConverter::dateIso8601Value',
+ ],
+ ],
+ ],
+ 'langcode' => 'en',
+ 'status' => TRUE,
+ 'targetEntityType' => 'node',
+ 'types' => [
+ 'sioc:Item',
+ 'foaf:Document',
+ ],
+ 'drupal_internal__id' => 'node.camelids',
+ ],
+ ],
+ ];
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function getPostDocument() {
+ // @todo Update in https://www.drupal.org/node/2300677.
+ }
+
+}
diff --git a/core/modules/jsonapi/tests/src/Functional/ResourceResponseTestTrait.php b/core/modules/jsonapi/tests/src/Functional/ResourceResponseTestTrait.php
new file mode 100644
index 0000000000..bc051cc657
--- /dev/null
+++ b/core/modules/jsonapi/tests/src/Functional/ResourceResponseTestTrait.php
@@ -0,0 +1,657 @@
+ 0);
+ $merged_document = [];
+ $merged_cacheability = new CacheableMetadata();
+ foreach ($responses as $response) {
+ $response_document = $response->getResponseData();
+ // If any of the response documents had top-level errors, we should later
+ // expect the merged document to have all errors as omitted links under
+ // the 'meta.omitted' member.
+ if (!empty($response_document['errors'])) {
+ static::addOmittedObject($merged_document, static::errorsToOmittedObject($response_document['errors']));
+ }
+ if (!empty($response_document['meta']['omitted'])) {
+ static::addOmittedObject($merged_document, $response_document['meta']['omitted']);
+ }
+ elseif (isset($response_document['data'])) {
+ $response_data = $response_document['data'];
+ if (!isset($merged_document['data'])) {
+ $merged_document['data'] = static::isResourceIdentifier($response_data) && $is_multiple
+ ? [$response_data]
+ : $response_data;
+ }
+ else {
+ $response_resources = static::isResourceIdentifier($response_data)
+ ? [$response_data]
+ : $response_data;
+ foreach ($response_resources as $response_resource) {
+ $merged_document['data'][] = $response_resource;
+ }
+ }
+ }
+ $merged_cacheability->addCacheableDependency($response->getCacheableMetadata());
+ }
+ $merged_document['jsonapi'] = [
+ 'meta' => [
+ 'links' => [
+ 'self' => ['href' => 'http://jsonapi.org/format/1.0/'],
+ ],
+ ],
+ 'version' => '1.0',
+ ];
+ // Until we can reasonably know what caused an error, we shouldn't include
+ // 'self' links in error documents. For example, a 404 shouldn't have a
+ // 'self' link because HATEOAS links shouldn't point to resources which do
+ // not exist.
+ if (isset($merged_document['errors'])) {
+ unset($merged_document['links']);
+ }
+ else {
+ if (!isset($merged_document['data'])) {
+ $merged_document['data'] = $is_multiple ? [] : NULL;
+ }
+ $merged_document['links'] = [
+ 'self' => [
+ 'href' => $self_link,
+ ],
+ ];
+ }
+ // All collections should be 200, without regard for the status of the
+ // individual resources in those collections, which means any '4xx-response'
+ // cache tags on the individual responses should also be omitted.
+ $merged_cacheability->setCacheTags(array_diff($merged_cacheability->getCacheTags(), ['4xx-response']));
+ return (new ResourceResponse($merged_document, 200))->addCacheableDependency($merged_cacheability);
+ }
+
+ /**
+ * Gets an array of expected ResourceResponses for the given include paths.
+ *
+ * @param array $include_paths
+ * The list of relationship include paths for which to get expected data.
+ * @param array $request_options
+ * Request options to apply.
+ *
+ * @return \Drupal\jsonapi\ResourceResponse
+ * The expected ResourceResponse.
+ *
+ * @see \GuzzleHttp\ClientInterface::request()
+ */
+ protected function getExpectedIncludedResourceResponse(array $include_paths, array $request_options) {
+ $resource_type = $this->resourceType;
+ $resource_data = array_reduce($include_paths, function ($data, $path) use ($request_options, $resource_type) {
+ $field_names = explode('.', $path);
+ /* @var \Drupal\Core\Entity\EntityInterface $entity */
+ $entity = $this->entity;
+ $collected_responses = [];
+ foreach ($field_names as $public_field_name) {
+ $resource_type = $this->container->get('jsonapi.resource_type.repository')->get($entity->getEntityTypeId(), $entity->bundle());
+ $field_name = $resource_type->getInternalName($public_field_name);
+ $field_access = static::entityFieldAccess($entity, $field_name, 'view', $this->account);
+ if (!$field_access->isAllowed()) {
+ if (!$entity->access('view') && $entity->access('view label') && $field_access instanceof AccessResultReasonInterface && empty($field_access->getReason())) {
+ $field_access->setReason("The user only has authorization for the 'view label' operation.");
+ }
+ $via_link = Url::fromRoute(
+ sprintf('jsonapi.%s.%s.related', $entity->getEntityTypeId() . '--' . $entity->bundle(), $public_field_name),
+ ['entity' => $entity->uuid()]
+ );
+ $collected_responses[] = static::getAccessDeniedResponse($entity, $field_access, $via_link, $field_name, 'The current user is not allowed to view this relationship.', $field_name);
+ break;
+ }
+ if ($target_entity = $entity->{$field_name}->entity) {
+ $target_access = static::entityAccess($target_entity, 'view', $this->account);
+ if (!$target_access->isAllowed()) {
+ $target_access = static::entityAccess($target_entity, 'view label', $this->account)->addCacheableDependency($target_access);
+ }
+ if (!$target_access->isAllowed()) {
+ $resource_identifier = static::toResourceIdentifier($target_entity);
+ if (!static::collectionHasResourceIdentifier($resource_identifier, $data['already_checked'])) {
+ $data['already_checked'][] = $resource_identifier;
+ $via_link = Url::fromRoute(
+ sprintf('jsonapi.%s.individual', $resource_identifier['type']),
+ ['entity' => $resource_identifier['id']]
+ );
+ $collected_responses[] = static::getAccessDeniedResponse($entity, $target_access, $via_link, NULL, NULL, '/data');
+ }
+ break;
+ }
+ }
+ $psr_responses = $this->getResponses([static::getRelatedLink(static::toResourceIdentifier($entity), $public_field_name)], $request_options);
+ $collected_responses[] = static::toCollectionResourceResponse(static::toResourceResponses($psr_responses), NULL, TRUE);
+ $entity = $entity->{$field_name}->entity;
+ }
+ if (!empty($collected_responses)) {
+ $data['responses'][$path] = static::toCollectionResourceResponse($collected_responses, NULL, TRUE);
+ }
+ return $data;
+ }, ['responses' => [], 'already_checked' => []]);
+
+ $individual_document = $this->getExpectedDocument();
+
+ $expected_base_url = Url::fromRoute(sprintf('jsonapi.%s.individual', static::$resourceTypeName), ['entity' => $this->entity->uuid()])->setAbsolute();
+ $include_url = clone $expected_base_url;
+ $query = ['include' => implode(',', $include_paths)];
+ $include_url->setOption('query', $query);
+ $individual_document['links']['self']['href'] = $include_url->toString();
+
+ // The test entity reference field should always be present.
+ if (!isset($individual_document['data']['relationships']['field_jsonapi_test_entity_ref'])) {
+ $individual_document['data']['relationships']['field_jsonapi_test_entity_ref'] = [
+ 'data' => [],
+ 'links' => [
+ 'related' => [
+ 'href' => $expected_base_url->toString() . '/field_jsonapi_test_entity_ref',
+ ],
+ 'self' => [
+ 'href' => $expected_base_url->toString() . '/relationships/field_jsonapi_test_entity_ref',
+ ],
+ ],
+ ];
+ }
+
+ $basic_cacheability = (new CacheableMetadata())
+ ->addCacheTags($this->getExpectedCacheTags())
+ ->addCacheContexts($this->getExpectedCacheContexts());
+ return static::decorateExpectedResponseForIncludedFields(ResourceResponse::create($individual_document), $resource_data['responses'])
+ ->addCacheableDependency($basic_cacheability);
+ }
+
+ /**
+ * Maps an array of PSR responses to JSON:API ResourceResponses.
+ *
+ * @param \Psr\Http\Message\ResponseInterface[] $responses
+ * The PSR responses to be mapped.
+ *
+ * @return \Drupal\jsonapi\ResourceResponse[]
+ * The ResourceResponses.
+ */
+ protected static function toResourceResponses(array $responses) {
+ return array_map([self::class, 'toResourceResponse'], $responses);
+ }
+
+ /**
+ * Maps a response object to a JSON:API ResourceResponse.
+ *
+ * This helper can be used to ease comparing, recording and merging
+ * cacheable responses and to have easier access to the JSON:API document as
+ * an array instead of a string.
+ *
+ * @param \Psr\Http\Message\ResponseInterface $response
+ * A PSR response to be mapped.
+ *
+ * @return \Drupal\jsonapi\ResourceResponse
+ * The ResourceResponse.
+ */
+ protected static function toResourceResponse(ResponseInterface $response) {
+ $cacheability = new CacheableMetadata();
+ if ($cache_tags = $response->getHeader('X-Drupal-Cache-Tags')) {
+ $cacheability->addCacheTags(explode(' ', $cache_tags[0]));
+ }
+ if (!empty($response->getHeaderLine('X-Drupal-Cache-Contexts'))) {
+ $cacheability->addCacheContexts(explode(' ', $response->getHeader('X-Drupal-Cache-Contexts')[0]));
+ }
+ if ($dynamic_cache = $response->getHeader('X-Drupal-Dynamic-Cache')) {
+ $cacheability->setCacheMaxAge(($dynamic_cache[0] === 'UNCACHEABLE' && $response->getStatusCode() < 400) ? 0 : Cache::PERMANENT);
+ }
+ $related_document = Json::decode($response->getBody());
+ $resource_response = new ResourceResponse($related_document, $response->getStatusCode());
+ return $resource_response->addCacheableDependency($cacheability);
+ }
+
+ /**
+ * Maps an entity to a resource identifier.
+ *
+ * @param \Drupal\Core\Entity\EntityInterface $entity
+ * The entity to map to a resource identifier.
+ *
+ * @return array
+ * A resource identifier for the given entity.
+ */
+ protected static function toResourceIdentifier(EntityInterface $entity) {
+ return [
+ 'type' => $entity->getEntityTypeId() . '--' . $entity->bundle(),
+ 'id' => $entity->uuid(),
+ ];
+ }
+
+ /**
+ * Checks if a given array is a resource identifier.
+ *
+ * @param array $data
+ * An array to check.
+ *
+ * @return bool
+ * TRUE if the array has a type and ID, FALSE otherwise.
+ */
+ protected static function isResourceIdentifier(array $data) {
+ return array_key_exists('type', $data) && array_key_exists('id', $data);
+ }
+
+ /**
+ * Sorts a collection of resources or resource identifiers.
+ *
+ * This is useful for asserting collections or resources where order cannot
+ * be known in advance.
+ *
+ * @param array $resources
+ * The resource or resource identifier.
+ */
+ protected static function sortResourceCollection(array &$resources) {
+ usort($resources, function ($a, $b) {
+ return strcmp("{$a['type']}:{$a['id']}", "{$b['type']}:{$b['id']}");
+ });
+ }
+
+ /**
+ * Determines if a given resource exists in a list of resources.
+ *
+ * @param array $needle
+ * The resource or resource identifier.
+ * @param array $haystack
+ * The list of resources or resource identifiers to search.
+ *
+ * @return bool
+ * TRUE if the needle exists is present in the haystack, FALSE otherwise.
+ */
+ protected static function collectionHasResourceIdentifier(array $needle, array $haystack) {
+ foreach ($haystack as $resource) {
+ if ($resource['type'] == $needle['type'] && $resource['id'] == $needle['id']) {
+ return TRUE;
+ }
+ }
+ return FALSE;
+ }
+
+ /**
+ * Turns a list of relationship field names into an array of link paths.
+ *
+ * @param array $relationship_field_names
+ * The relationships field names for which to build link paths.
+ * @param string $type
+ * The type of link to get. Either 'relationship' or 'related'.
+ *
+ * @return array
+ * An array of link paths, keyed by relationship field name.
+ */
+ protected static function getLinkPaths(array $relationship_field_names, $type) {
+ assert($type === 'relationship' || $type === 'related');
+ return array_reduce($relationship_field_names, function ($link_paths, $relationship_field_name) use ($type) {
+ $tail = $type === 'relationship' ? 'self' : $type;
+ $link_paths[$relationship_field_name] = "data.relationships.$relationship_field_name.links.$tail.href";
+ return $link_paths;
+ }, []);
+ }
+
+ /**
+ * Extracts links from a document using a list of relationship field names.
+ *
+ * @param array $link_paths
+ * A list of paths to link values keyed by a name.
+ * @param array $document
+ * A JSON:API document.
+ *
+ * @return array
+ * The extracted links, keyed by the original associated key name.
+ */
+ protected static function extractLinks(array $link_paths, array $document) {
+ return array_map(function ($link_path) use ($document) {
+ $link = array_reduce(
+ explode('.', $link_path),
+ 'array_column',
+ [$document]
+ );
+ return ($link) ? reset($link) : NULL;
+ }, $link_paths);
+ }
+
+ /**
+ * Creates individual resource links for a list of resource identifiers.
+ *
+ * @param array $resource_identifiers
+ * A list of resource identifiers for which to create links.
+ *
+ * @return string[]
+ * The resource links.
+ */
+ protected static function getResourceLinks(array $resource_identifiers) {
+ return array_map([static::class, 'getResourceLink'], $resource_identifiers);
+ }
+
+ /**
+ * Creates an individual resource link for a given resource identifier.
+ *
+ * @param array $resource_identifier
+ * A resource identifier for which to create a link.
+ *
+ * @return string
+ * The resource link.
+ */
+ protected static function getResourceLink(array $resource_identifier) {
+ assert(static::isResourceIdentifier($resource_identifier));
+ $resource_type = $resource_identifier['type'];
+ $resource_id = $resource_identifier['id'];
+ $url = Url::fromRoute(sprintf('jsonapi.%s.individual', $resource_type), ['entity' => $resource_id]);
+ return $url->setAbsolute()->toString();
+ }
+
+ /**
+ * Creates a relationship link for a given resource identifier and field.
+ *
+ * @param array $resource_identifier
+ * A resource identifier for which to create a link.
+ * @param string $relationship_field_name
+ * The relationship field for which to create a link.
+ *
+ * @return string
+ * The relationship link.
+ */
+ protected static function getRelationshipLink(array $resource_identifier, $relationship_field_name) {
+ return static::getResourceLink($resource_identifier) . "/relationships/$relationship_field_name";
+ }
+
+ /**
+ * Creates a related resource link for a given resource identifier and field.
+ *
+ * @param array $resource_identifier
+ * A resource identifier for which to create a link.
+ * @param string $relationship_field_name
+ * The relationship field for which to create a link.
+ *
+ * @return string
+ * The related resource link.
+ */
+ protected static function getRelatedLink(array $resource_identifier, $relationship_field_name) {
+ return static::getResourceLink($resource_identifier) . "/$relationship_field_name";
+ }
+
+ /**
+ * Gets an array of related responses for the given field names.
+ *
+ * @param array $relationship_field_names
+ * The list of relationship field names for which to get responses.
+ * @param array $request_options
+ * Request options to apply.
+ * @param \Drupal\Core\Entity\EntityInterface|null $entity
+ * (optional) The entity for which to get expected related responses.
+ *
+ * @return array
+ * The related responses, keyed by relationship field names.
+ *
+ * @see \GuzzleHttp\ClientInterface::request()
+ */
+ protected function getRelatedResponses(array $relationship_field_names, array $request_options, EntityInterface $entity = NULL) {
+ $entity = $entity ?: $this->entity;
+ $links = array_map(function ($relationship_field_name) use ($entity) {
+ return static::getRelatedLink(static::toResourceIdentifier($entity), $relationship_field_name);
+ }, array_combine($relationship_field_names, $relationship_field_names));
+ return $this->getResponses($links, $request_options);
+ }
+
+ /**
+ * Gets an array of relationship responses for the given field names.
+ *
+ * @param array $relationship_field_names
+ * The list of relationship field names for which to get responses.
+ * @param array $request_options
+ * Request options to apply.
+ *
+ * @return array
+ * The relationship responses, keyed by relationship field names.
+ *
+ * @see \GuzzleHttp\ClientInterface::request()
+ */
+ protected function getRelationshipResponses(array $relationship_field_names, array $request_options) {
+ $links = array_map(function ($relationship_field_name) {
+ return static::getRelationshipLink(static::toResourceIdentifier($this->entity), $relationship_field_name);
+ }, array_combine($relationship_field_names, $relationship_field_names));
+ return $this->getResponses($links, $request_options);
+ }
+
+ /**
+ * Gets responses from an array of links.
+ *
+ * @param array $links
+ * A keyed array of links.
+ * @param array $request_options
+ * Request options to apply.
+ *
+ * @return array
+ * The fetched array of responses, keys are preserved.
+ *
+ * @see \GuzzleHttp\ClientInterface::request()
+ */
+ protected function getResponses(array $links, array $request_options) {
+ return array_reduce(array_keys($links), function ($related_responses, $key) use ($links, $request_options) {
+ $related_responses[$key] = $this->request('GET', Url::fromUri($links[$key]), $request_options);
+ return $related_responses;
+ }, []);
+ }
+
+ /**
+ * Gets a generic forbidden response.
+ *
+ * @param \Drupal\Core\Entity\EntityInterface $entity
+ * The entity for which to generate the forbidden response.
+ * @param \Drupal\Core\Access\AccessResultInterface $access
+ * The denied AccessResult. This can carry a reason and cacheability data.
+ * @param \Drupal\Core\Url $via_link
+ * The source URL for the errors of the response.
+ * @param string|null $relationship_field_name
+ * (optional) The field name to which the forbidden result applies. Useful
+ * for testing related/relationship routes and includes.
+ * @param string|null $detail
+ * (optional) Details for the JSON:API error object.
+ * @param string|bool|null $pointer
+ * (optional) Document pointer for the JSON:API error object. FALSE to omit
+ * the pointer.
+ *
+ * @return \Drupal\jsonapi\ResourceResponse
+ * The forbidden ResourceResponse.
+ */
+ protected static function getAccessDeniedResponse(EntityInterface $entity, AccessResultInterface $access, Url $via_link, $relationship_field_name = NULL, $detail = NULL, $pointer = NULL) {
+ $detail = ($detail) ? $detail : 'The current user is not allowed to GET the selected resource.';
+ if ($access instanceof AccessResultReasonInterface && ($reason = $access->getReason())) {
+ $detail .= ' ' . $reason;
+ }
+ $error = [
+ 'status' => 403,
+ 'title' => 'Forbidden',
+ 'detail' => $detail,
+ 'links' => [
+ 'info' => ['href' => HttpExceptionNormalizer::getInfoUrl(403)],
+ ],
+ ];
+ if ($pointer || $pointer !== FALSE && $relationship_field_name) {
+ $error['source']['pointer'] = ($pointer) ? $pointer : $relationship_field_name;
+ }
+ if ($via_link) {
+ $error['links']['via']['href'] = $via_link->setAbsolute()->toString();
+ }
+
+ return (new ResourceResponse([
+ 'jsonapi' => static::$jsonApiMember,
+ 'errors' => [$error],
+ ], 403))
+ ->addCacheableDependency((new CacheableMetadata())->addCacheTags(['4xx-response', 'http_response'])->addCacheContexts(['url.site']))
+ ->addCacheableDependency($access);
+ }
+
+ /**
+ * Gets a generic empty collection response.
+ *
+ * @param int $cardinality
+ * The cardinality of the resource collection. 1 for a to-one related
+ * resource collection; -1 for an unlimited cardinality.
+ * @param string $self_link
+ * The self link for collection ResourceResponse.
+ *
+ * @return \Drupal\jsonapi\ResourceResponse
+ * The empty collection ResourceResponse.
+ */
+ protected function getEmptyCollectionResponse($cardinality, $self_link) {
+ // If the entity type is revisionable, add a resource version cache context.
+ $cache_contexts = Cache::mergeContexts([
+ // Cache contexts for JSON:API URL query parameters.
+ 'url.query_args:fields',
+ 'url.query_args:include',
+ // Drupal defaults.
+ 'url.site',
+ ], $this->entity->getEntityType()->isRevisionable() ? ['url.query_args:resourceVersion'] : []);
+ $cacheability = (new CacheableMetadata())->addCacheContexts($cache_contexts)->addCacheTags(['http_response']);
+ return (new ResourceResponse([
+ // Empty to-one relationships should be NULL and empty to-many
+ // relationships should be an empty array.
+ 'data' => $cardinality === 1 ? NULL : [],
+ 'jsonapi' => static::$jsonApiMember,
+ 'links' => ['self' => ['href' => $self_link]],
+ ]))->addCacheableDependency($cacheability);
+ }
+
+ /**
+ * Add the omitted object to the document or merges it if one already exists.
+ *
+ * @param array $document
+ * The JSON:API response document.
+ * @param array $omitted
+ * The omitted object.
+ */
+ protected static function addOmittedObject(array &$document, array $omitted) {
+ if (isset($document['meta']['omitted'])) {
+ $document['meta']['omitted'] = static::mergeOmittedObjects($document['meta']['omitted'], $omitted);
+ }
+ else {
+ $document['meta']['omitted'] = $omitted;
+ }
+ }
+
+ /**
+ * Maps error objects into an omitted object.
+ *
+ * @param array $errors
+ * An array of error objects.
+ *
+ * @return array
+ * A new omitted object.
+ */
+ protected static function errorsToOmittedObject(array $errors) {
+ $omitted = [
+ 'detail' => 'Some resources have been omitted because of insufficient authorization.',
+ 'links' => [
+ 'help' => [
+ 'href' => 'https://www.drupal.org/docs/8/modules/json-api/filtering#filters-access-control',
+ ],
+ ],
+ ];
+ foreach ($errors as $error) {
+ $omitted['links']['item:' . substr(Crypt::hashBase64($error['links']['via']['href']), 0, 7)] = [
+ 'href' => $error['links']['via']['href'],
+ 'meta' => [
+ 'detail' => $error['detail'],
+ 'rel' => 'item',
+ ],
+ ];
+ }
+ return $omitted;
+ }
+
+ /**
+ * Merges the links of two omitted objects and returns a new omitted object.
+ *
+ * @param array $a
+ * The first omitted object.
+ * @param array $b
+ * The second omitted object.
+ *
+ * @return mixed
+ * A new, merged omitted object.
+ */
+ protected static function mergeOmittedObjects(array $a, array $b) {
+ $merged['detail'] = 'Some resources have been omitted because of insufficient authorization.';
+ $merged['links']['help']['href'] = 'https://www.drupal.org/docs/8/modules/json-api/filtering#filters-access-control';
+ $a_links = array_diff_key($a['links'], array_flip(['help']));
+ $b_links = array_diff_key($b['links'], array_flip(['help']));
+ foreach (array_merge(array_values($a_links), array_values($b_links)) as $link) {
+ $merged['links'][$link['href'] . $link['meta']['detail']] = $link;
+ }
+ static::resetOmittedLinkKeys($merged);
+ return $merged;
+ }
+
+ /**
+ * Sorts an omitted link object array by href.
+ *
+ * @param array $omitted
+ * An array of JSON:API omitted link objects.
+ */
+ protected static function sortOmittedLinks(array &$omitted) {
+ $help = $omitted['links']['help'];
+ $links = array_diff_key($omitted['links'], array_flip(['help']));
+ uasort($links, function ($a, $b) {
+ return strcmp($a['href'], $b['href']);
+ });
+ $omitted['links'] = ['help' => $help] + $links;
+ }
+
+ /**
+ * Resets omitted link keys.
+ *
+ * Omitted link keys are a link relation type + a random string. This string
+ * is meaningless and only serves to differentiate link objects. Given that
+ * these are random, we can't assert their value.
+ *
+ * @param array $omitted
+ * An array of JSON:API omitted link objects.
+ */
+ protected static function resetOmittedLinkKeys(array &$omitted) {
+ $help = $omitted['links']['help'];
+ $reindexed = [];
+ $links = array_diff_key($omitted['links'], array_flip(['help']));
+ foreach (array_values($links) as $index => $link) {
+ $reindexed['item:' . $index] = $link;
+ }
+ $omitted['links'] = ['help' => $help] + $reindexed;
+ }
+
+}
diff --git a/core/modules/jsonapi/tests/src/Functional/ResourceTestBase.php b/core/modules/jsonapi/tests/src/Functional/ResourceTestBase.php
new file mode 100644
index 0000000000..047ddd5972
--- /dev/null
+++ b/core/modules/jsonapi/tests/src/Functional/ResourceTestBase.php
@@ -0,0 +1,3126 @@
+ '1.0',
+ 'meta' => [
+ 'links' => ['self' => ['href' => 'http://jsonapi.org/format/1.0/']],
+ ],
+ ];
+
+ /**
+ * The entity being tested.
+ *
+ * @var \Drupal\Core\Entity\EntityInterface
+ */
+ protected $entity;
+
+ /**
+ * Another entity of the same type used for testing.
+ *
+ * @var \Drupal\Core\Entity\EntityInterface
+ */
+ protected $anotherEntity;
+
+ /**
+ * The account to use for authentication.
+ *
+ * @var null|\Drupal\Core\Session\AccountInterface
+ */
+ protected $account;
+
+ /**
+ * The entity storage.
+ *
+ * @var \Drupal\Core\Entity\EntityStorageInterface
+ */
+ protected $entityStorage;
+
+ /**
+ * The UUID key.
+ *
+ * @var string
+ */
+ protected $uuidKey;
+
+ /**
+ * The serializer service.
+ *
+ * @var \Symfony\Component\Serializer\Serializer
+ */
+ protected $serializer;
+
+ /**
+ * {@inheritdoc}
+ */
+ public function setUp() {
+ parent::setUp();
+
+ $this->serializer = $this->container->get('jsonapi.serializer');
+
+ // Ensure the anonymous user role has no permissions at all.
+ $user_role = Role::load(RoleInterface::ANONYMOUS_ID);
+ foreach ($user_role->getPermissions() as $permission) {
+ $user_role->revokePermission($permission);
+ }
+ $user_role->save();
+ assert([] === $user_role->getPermissions(), 'The anonymous user role has no permissions at all.');
+
+ // Ensure the authenticated user role has no permissions at all.
+ $user_role = Role::load(RoleInterface::AUTHENTICATED_ID);
+ foreach ($user_role->getPermissions() as $permission) {
+ $user_role->revokePermission($permission);
+ }
+ $user_role->save();
+ assert([] === $user_role->getPermissions(), 'The authenticated user role has no permissions at all.');
+
+ // Create an account, which tests will use. Also ensure the @current_user
+ // service this account, to ensure certain access check logic in tests works
+ // as expected.
+ $this->account = $this->createUser();
+ $this->container->get('current_user')->setAccount($this->account);
+
+ // Create an entity.
+ $entity_type_manager = $this->container->get('entity_type.manager');
+ $this->entityStorage = $entity_type_manager->getStorage(static::$entityTypeId);
+ $this->uuidKey = $entity_type_manager->getDefinition(static::$entityTypeId)
+ ->getKey('uuid');
+ $this->entity = $this->setUpFields($this->createEntity(), $this->account);
+
+ $this->resourceType = $this->container->get('jsonapi.resource_type.repository')->getByTypeName(static::$resourceTypeName);
+ }
+
+ /**
+ * Sets up additional fields for testing.
+ *
+ * @param \Drupal\Core\Entity\EntityInterface $entity
+ * The primary test entity.
+ * @param \Drupal\user\UserInterface $account
+ * The primary test user account.
+ *
+ * @return \Drupal\Core\Entity\EntityInterface
+ * The reloaded entity with the new fields attached.
+ *
+ * @throws \Drupal\Core\Entity\EntityStorageException
+ */
+ protected function setUpFields(EntityInterface $entity, UserInterface $account) {
+ if (!$entity instanceof FieldableEntityInterface) {
+ return $entity;
+ }
+
+ $entity_bundle = $entity->bundle();
+ $account_bundle = $account->bundle();
+
+ // Add access-protected field.
+ FieldStorageConfig::create([
+ 'entity_type' => static::$entityTypeId,
+ 'field_name' => 'field_rest_test',
+ 'type' => 'text',
+ ])
+ ->setCardinality(1)
+ ->save();
+ FieldConfig::create([
+ 'entity_type' => static::$entityTypeId,
+ 'field_name' => 'field_rest_test',
+ 'bundle' => $entity_bundle,
+ ])
+ ->setLabel('Test field')
+ ->setTranslatable(FALSE)
+ ->save();
+
+ FieldStorageConfig::create([
+ 'entity_type' => static::$entityTypeId,
+ 'field_name' => 'field_jsonapi_test_entity_ref',
+ 'type' => 'entity_reference',
+ ])
+ ->setSetting('target_type', 'user')
+ ->setCardinality(FieldStorageDefinitionInterface::CARDINALITY_UNLIMITED)
+ ->save();
+
+ FieldConfig::create([
+ 'entity_type' => static::$entityTypeId,
+ 'field_name' => 'field_jsonapi_test_entity_ref',
+ 'bundle' => $entity_bundle,
+ ])
+ ->setTranslatable(FALSE)
+ ->setSetting('handler', 'default')
+ ->setSetting('handler_settings', [
+ 'target_bundles' => NULL,
+ ])
+ ->save();
+
+ // Add multi-value field.
+ FieldStorageConfig::create([
+ 'entity_type' => static::$entityTypeId,
+ 'field_name' => 'field_rest_test_multivalue',
+ 'type' => 'string',
+ ])
+ ->setCardinality(3)
+ ->save();
+ FieldConfig::create([
+ 'entity_type' => static::$entityTypeId,
+ 'field_name' => 'field_rest_test_multivalue',
+ 'bundle' => $entity_bundle,
+ ])
+ ->setLabel('Test field: multi-value')
+ ->setTranslatable(FALSE)
+ ->save();
+
+ \Drupal::service('router.builder')->rebuildIfNeeded();
+
+ // Reload entity so that it has the new field.
+ $reloaded_entity = $this->entityStorage->loadUnchanged($entity->id());
+ // Some entity types are not stored, hence they cannot be reloaded.
+ if ($reloaded_entity !== NULL) {
+ $entity = $reloaded_entity;
+
+ // Set a default value on the fields.
+ $entity->set('field_rest_test', ['value' => 'All the faith he had had had had no effect on the outcome of his life.']);
+ $entity->set('field_jsonapi_test_entity_ref', ['user' => $account->id()]);
+ $entity->set('field_rest_test_multivalue', [['value' => 'One'], ['value' => 'Two']]);
+ $entity->save();
+ }
+
+ return $entity;
+ }
+
+ /**
+ * Sets up a collection of entities of the same type for testing.
+ *
+ * @return \Drupal\Core\Entity\EntityInterface[]
+ * The collection of entities to test.
+ *
+ * @throws \Drupal\Core\Entity\EntityStorageException
+ */
+ protected function getEntityCollection() {
+ if ($this->entityStorage->getQuery()->count()->execute() < 2) {
+ $this->createAnotherEntity('two');
+ }
+ $query = $this->entityStorage->getQuery()->sort($this->entity->getEntityType()->getKey('id'));
+ return $this->entityStorage->loadMultiple($query->execute());
+ }
+
+ /**
+ * Generates a JSON:API normalization for the given entity.
+ *
+ * @param \Drupal\Core\Entity\EntityInterface $entity
+ * The entity to generate a JSON:API normalization for.
+ * @param \Drupal\Core\Url $url
+ * The URL to use as the "self" link.
+ *
+ * @return array
+ * The JSON:API normalization for the given entity.
+ */
+ protected function normalize(EntityInterface $entity, Url $url) {
+ $self_link = new Link(new CacheableMetadata(), $url, ['self']);
+ $resource_type = $this->container->get('jsonapi.resource_type.repository')->getByTypeName(static::$resourceTypeName);
+ $doc = new JsonApiDocumentTopLevel(new ResourceObject($resource_type, $entity), new NullEntityCollection(), new LinkCollection(['self' => $self_link]));
+ return $this->serializer->normalize($doc, 'api_json', [
+ 'resource_type' => $resource_type,
+ 'account' => $this->account,
+ ])->getNormalization();
+ }
+
+ /**
+ * Creates the entity to be tested.
+ *
+ * @return \Drupal\Core\Entity\EntityInterface
+ * The entity to be tested.
+ */
+ abstract protected function createEntity();
+
+ /**
+ * Creates another entity to be tested.
+ *
+ * @param mixed $key
+ * A unique key to be used for the ID and/or label of the duplicated entity.
+ *
+ * @return \Drupal\Core\Entity\EntityInterface
+ * Another entity based on $this->entity.
+ *
+ * @throws \Drupal\Core\Entity\EntityStorageException
+ */
+ protected function createAnotherEntity($key) {
+ $duplicate = $this->getEntityDuplicate($this->entity, $key);
+ // Some entity types are not stored, hence they cannot be reloaded.
+ if (get_class($this->entityStorage) !== ContentEntityNullStorage::class) {
+ $duplicate->set('field_rest_test', 'Second collection entity');
+ }
+ $duplicate->save();
+ return $duplicate;
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function getEntityDuplicate(EntityInterface $original, $key) {
+ $duplicate = $original->createDuplicate();
+ if ($label_key = $original->getEntityType()->getKey('label')) {
+ $duplicate->set($label_key, $original->label() . '_' . $key);
+ }
+ if ($duplicate instanceof ConfigEntityInterface && $id_key = $duplicate->getEntityType()->getKey('id')) {
+ $id = $original->id();
+ $id_key = $duplicate->getEntityType()->getKey('id');
+ $duplicate->set($id_key, $id . '_' . $key);
+ }
+ return $duplicate;
+ }
+
+ /**
+ * Returns the expected JSON:API document for the entity.
+ *
+ * @see ::createEntity()
+ *
+ * @return array
+ * A JSON:API response document.
+ */
+ abstract protected function getExpectedDocument();
+
+ /**
+ * Returns the JSON:API POST document.
+ *
+ * @see ::testPostIndividual()
+ *
+ * @return array
+ * A JSON:API request document.
+ */
+ abstract protected function getPostDocument();
+
+ /**
+ * Returns the JSON:API PATCH document.
+ *
+ * By default, reuses ::getPostDocument(), which works fine for most entity
+ * types. A counter example: the 'comment' entity type.
+ *
+ * @see ::testPatchIndividual()
+ *
+ * @return array
+ * A JSON:API request document.
+ */
+ protected function getPatchDocument() {
+ return NestedArray::mergeDeep(['data' => ['id' => $this->entity->uuid()]], $this->getPostDocument());
+ }
+
+ /**
+ * Returns the expected cacheability for an unauthorized response.
+ *
+ * @return \Drupal\Core\Cache\CacheableMetadata
+ * The expected cacheability.
+ */
+ protected function getExpectedUnauthorizedAccessCacheability() {
+ return (new CacheableMetadata())
+ ->setCacheTags(['4xx-response', 'http_response'])
+ ->setCacheContexts(['url.site', 'user.permissions'])
+ ->addCacheContexts($this->entity->getEntityType()->isRevisionable()
+ ? ['url.query_args:resourceVersion']
+ : []
+ );
+ }
+
+ /**
+ * The expected cache tags for the GET/HEAD response of the test entity.
+ *
+ * @param array|null $sparse_fieldset
+ * If a sparse fieldset is being requested, limit the expected cache tags
+ * for this entity's fields to just these fields.
+ *
+ * @return string[]
+ * A set of cache tags.
+ *
+ * @see ::testGetIndividual()
+ */
+ protected function getExpectedCacheTags(array $sparse_fieldset = NULL) {
+ $expected_cache_tags = [
+ 'http_response',
+ ];
+ return Cache::mergeTags($expected_cache_tags, $this->entity->getCacheTags());
+ }
+
+ /**
+ * The expected cache contexts for the GET/HEAD response of the test entity.
+ *
+ * @param array|null $sparse_fieldset
+ * If a sparse fieldset is being requested, limit the expected cache
+ * contexts for this entity's fields to just these fields.
+ *
+ * @return string[]
+ * A set of cache contexts.
+ *
+ * @see ::testGetIndividual()
+ */
+ protected function getExpectedCacheContexts(array $sparse_fieldset = NULL) {
+ $cache_contexts = [
+ // Cache contexts for JSON:API URL query parameters.
+ 'url.query_args:fields',
+ 'url.query_args:include',
+ // Drupal defaults.
+ 'url.site',
+ 'user.permissions',
+ ];
+ $entity_type = $this->entity->getEntityType();
+ return Cache::mergeContexts($cache_contexts, $entity_type->isRevisionable() ? ['url.query_args:resourceVersion'] : []);
+ }
+
+ /**
+ * Computes the cacheability for a given entity collection.
+ *
+ * @param \Drupal\Core\Session\AccountInterface $account
+ * An account for which cacheability should be computed (cacheability is
+ * dependent on access).
+ * @param \Drupal\Core\Entity\EntityInterface[] $collection
+ * The entities for which cacheability should be computed.
+ * @param array $sparse_fieldset
+ * (optional) If a sparse fieldset is being requested, limit the expected
+ * cacheability for the collection entities' fields to just those in the
+ * fieldset. NULL means all fields.
+ * @param bool $filtered
+ * Whether the collection is filtered or not.
+ *
+ * @return \Drupal\Core\Cache\CacheableMetadata
+ * The expected cacheability for the given entity collection.
+ */
+ protected static function getExpectedCollectionCacheability(AccountInterface $account, array $collection, array $sparse_fieldset = NULL, $filtered = FALSE) {
+ $cacheability = array_reduce($collection, function (CacheableMetadata $cacheability, EntityInterface $entity) use ($sparse_fieldset, $account) {
+ $access_result = static::entityAccess($entity, 'view', $account);
+ if (!$access_result->isAllowed()) {
+ $access_result = static::entityAccess($entity, 'view label', $account)->addCacheableDependency($access_result);
+ }
+ $cacheability->addCacheableDependency($access_result);
+ if ($access_result->isAllowed()) {
+ $cacheability->addCacheableDependency($entity);
+ if ($entity instanceof FieldableEntityInterface) {
+ foreach ($entity as $field_name => $field_item_list) {
+ /* @var \Drupal\Core\Field\FieldItemListInterface $field_item_list */
+ if (is_null($sparse_fieldset) || in_array($field_name, $sparse_fieldset)) {
+ $field_access = static::entityFieldAccess($entity, $field_name, 'view', $account);
+ $cacheability->addCacheableDependency($field_access);
+ if ($field_access->isAllowed()) {
+ foreach ($field_item_list as $field_item) {
+ /* @var \Drupal\Core\Field\FieldItemInterface $field_item */
+ foreach (TypedDataInternalPropertiesHelper::getNonInternalProperties($field_item) as $property) {
+ $cacheability->addCacheableDependency(CacheableMetadata::createFromObject($property));
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ return $cacheability;
+ }, new CacheableMetadata());
+ $entity_type = reset($collection)->getEntityType();
+ $cacheability->addCacheTags(['http_response']);
+ $cacheability->addCacheTags($entity_type->getListCacheTags());
+ $cache_contexts = [
+ // Cache contexts for JSON:API URL query parameters.
+ 'url.query_args:fields',
+ 'url.query_args:filter',
+ 'url.query_args:include',
+ 'url.query_args:page',
+ 'url.query_args:sort',
+ // Drupal defaults.
+ 'url.site',
+ ];
+ // If the entity type is revisionable, add a resource version cache context.
+ $cache_contexts = Cache::mergeContexts($cache_contexts, $entity_type->isRevisionable() ? ['url.query_args:resourceVersion'] : []);
+ $cacheability->addCacheContexts($cache_contexts);
+ return $cacheability;
+ }
+
+ /**
+ * Sets up the necessary authorization.
+ *
+ * In case of a test verifying publicly accessible REST resources: grant
+ * permissions to the anonymous user role.
+ *
+ * In case of a test verifying behavior when using a particular authentication
+ * provider: create a user with a particular set of permissions.
+ *
+ * Because of the $method parameter, it's possible to first set up
+ * authentication for only GET, then add POST, et cetera. This then also
+ * allows for verifying a 403 in case of missing authorization.
+ *
+ * @param string $method
+ * The HTTP method for which to set up authentication.
+ *
+ * @see ::grantPermissionsToAnonymousRole()
+ * @see ::grantPermissionsToAuthenticatedRole()
+ */
+ abstract protected function setUpAuthorization($method);
+
+ /**
+ * Sets up the necessary authorization for handling revisions.
+ *
+ * @param string $method
+ * The HTTP method for which to set up authentication.
+ *
+ * @see ::testRevisions()
+ */
+ protected function setUpRevisionAuthorization($method) {
+ assert($method === 'GET', 'Only read operations on revisions are supported.');
+ $this->setUpAuthorization($method);
+ }
+
+ /**
+ * Return the expected error message.
+ *
+ * @param string $method
+ * The HTTP method (GET, POST, PATCH, DELETE).
+ *
+ * @return string
+ * The error string.
+ */
+ protected function getExpectedUnauthorizedAccessMessage($method) {
+ $permission = $this->entity->getEntityType()->getAdminPermission();
+ if ($permission !== FALSE) {
+ return "The '{$permission}' permission is required.";
+ }
+
+ return NULL;
+ }
+
+ /**
+ * Grants permissions to the authenticated role.
+ *
+ * @param string[] $permissions
+ * Permissions to grant.
+ */
+ protected function grantPermissionsToTestedRole(array $permissions) {
+ $this->grantPermissions(Role::load(RoleInterface::AUTHENTICATED_ID), $permissions);
+ }
+
+ /**
+ * Revokes permissions from the authenticated role.
+ *
+ * @param string[] $permissions
+ * Permissions to revoke.
+ */
+ protected function revokePermissionsFromTestedRole(array $permissions) {
+ $role = Role::load(RoleInterface::AUTHENTICATED_ID);
+ foreach ($permissions as $permission) {
+ $role->revokePermission($permission);
+ }
+ $role->trustData()->save();
+ }
+
+ /**
+ * Asserts that a resource response has the given status code and body.
+ *
+ * @param int $expected_status_code
+ * The expected response status.
+ * @param array|null|false $expected_document
+ * The expected document or NULL if there should not be a response body.
+ * FALSE in case this should not be asserted.
+ * @param \Psr\Http\Message\ResponseInterface $response
+ * The response to assert.
+ * @param string[]|false $expected_cache_tags
+ * (optional) The expected cache tags in the X-Drupal-Cache-Tags response
+ * header, or FALSE if that header should be absent. Defaults to FALSE.
+ * @param string[]|false $expected_cache_contexts
+ * (optional) The expected cache contexts in the X-Drupal-Cache-Contexts
+ * response header, or FALSE if that header should be absent. Defaults to
+ * FALSE.
+ * @param string|false $expected_page_cache_header_value
+ * (optional) The expected X-Drupal-Cache response header value, or FALSE if
+ * that header should be absent. Possible strings: 'MISS', 'HIT'. Defaults
+ * to FALSE.
+ * @param string|false $expected_dynamic_page_cache_header_value
+ * (optional) The expected X-Drupal-Dynamic-Cache response header value, or
+ * FALSE if that header should be absent. Possible strings: 'MISS', 'HIT'.
+ * Defaults to FALSE.
+ */
+ protected function assertResourceResponse($expected_status_code, $expected_document, ResponseInterface $response, $expected_cache_tags = FALSE, $expected_cache_contexts = FALSE, $expected_page_cache_header_value = FALSE, $expected_dynamic_page_cache_header_value = FALSE) {
+ $this->assertSame($expected_status_code, $response->getStatusCode(), var_export(Json::decode((string) $response->getBody()), TRUE));
+ if ($expected_status_code === 204) {
+ // DELETE responses should not include a Content-Type header. But Apache
+ // sets it to 'text/html' by default. We also cannot detect the presence
+ // of Apache either here in the CLI. For now having this documented here
+ // is all we can do.
+ /* $this->assertSame(FALSE, $response->hasHeader('Content-Type')); */
+ $this->assertSame('', (string) $response->getBody());
+ }
+ else {
+ $this->assertSame(['application/vnd.api+json'], $response->getHeader('Content-Type'));
+ if ($expected_document !== FALSE) {
+ $response_document = Json::decode((string) $response->getBody());
+ if ($expected_document === NULL) {
+ $this->assertNull($response_document);
+ }
+ else {
+ $this->assertSameDocument($expected_document, $response_document);
+ }
+ }
+ }
+
+ // Expected cache tags: X-Drupal-Cache-Tags header.
+ $this->assertSame($expected_cache_tags !== FALSE, $response->hasHeader('X-Drupal-Cache-Tags'));
+ if (is_array($expected_cache_tags)) {
+ $this->assertSame($expected_cache_tags, explode(' ', $response->getHeader('X-Drupal-Cache-Tags')[0]));
+ }
+
+ // Expected cache contexts: X-Drupal-Cache-Contexts header.
+ $this->assertSame($expected_cache_contexts !== FALSE, $response->hasHeader('X-Drupal-Cache-Contexts'));
+ if (is_array($expected_cache_contexts)) {
+ $optimized_expected_cache_contexts = \Drupal::service('cache_contexts_manager')->optimizeTokens($expected_cache_contexts);
+ $this->assertSame($optimized_expected_cache_contexts, explode(' ', $response->getHeader('X-Drupal-Cache-Contexts')[0]));
+ }
+
+ // Expected Page Cache header value: X-Drupal-Cache header.
+ if ($expected_page_cache_header_value !== FALSE) {
+ $this->assertTrue($response->hasHeader('X-Drupal-Cache'));
+ $this->assertSame($expected_page_cache_header_value, $response->getHeader('X-Drupal-Cache')[0]);
+ }
+ else {
+ $this->assertFalse($response->hasHeader('X-Drupal-Cache'));
+ }
+
+ // Expected Dynamic Page Cache header value: X-Drupal-Dynamic-Cache header.
+ if ($expected_dynamic_page_cache_header_value !== FALSE) {
+ $this->assertTrue($response->hasHeader('X-Drupal-Dynamic-Cache'));
+ $this->assertSame($expected_dynamic_page_cache_header_value, $response->getHeader('X-Drupal-Dynamic-Cache')[0]);
+ }
+ else {
+ $this->assertFalse($response->hasHeader('X-Drupal-Dynamic-Cache'));
+ }
+ }
+
+ /**
+ * Asserts that an expected document matches the response body.
+ *
+ * @param array $expected_document
+ * The expected JSON:API document.
+ * @param array $actual_document
+ * The actual response document to assert.
+ */
+ protected function assertSameDocument(array $expected_document, array $actual_document) {
+ static::recursiveKsort($expected_document);
+ static::recursiveKsort($actual_document);
+
+ if (!empty($expected_document['included'])) {
+ static::sortResourceCollection($expected_document['included']);
+ static::sortResourceCollection($actual_document['included']);
+ }
+
+ if (isset($actual_document['meta']['omitted']) && isset($expected_document['meta']['omitted'])) {
+ $actual_omitted =& $actual_document['meta']['omitted'];
+ $expected_omitted =& $expected_document['meta']['omitted'];
+ static::sortOmittedLinks($actual_omitted);
+ static::sortOmittedLinks($expected_omitted);
+ static::resetOmittedLinkKeys($actual_omitted);
+ static::resetOmittedLinkKeys($expected_omitted);
+ }
+
+ $expected_keys = array_keys($expected_document);
+ $actual_keys = array_keys($actual_document);
+ $missing_member_names = array_diff($expected_keys, $actual_keys);
+ $extra_member_names = array_diff($actual_keys, $expected_keys);
+ if (!empty($missing_member_names) || !empty($extra_member_names)) {
+ $message_format = "The document members did not match the expected values. Missing: [ %s ]. Unexpected: [ %s ]";
+ $message = sprintf($message_format, implode(', ', $missing_member_names), implode(', ', $extra_member_names));
+ $this->assertSame($expected_document, $actual_document, $message);
+ }
+ foreach ($expected_document as $member_name => $expected_member) {
+ $actual_member = $actual_document[$member_name];
+ $this->assertSame($expected_member, $actual_member, "The '$member_name' member was not as expected.");
+ }
+ }
+
+ /**
+ * Asserts that a resource error response has the given message.
+ *
+ * @param int $expected_status_code
+ * The expected response status.
+ * @param string $expected_message
+ * The expected error message.
+ * @param \Drupal\Core\Url|null $via_link
+ * The source URL for the errors of the response. NULL if the error occurs
+ * for example during entity creation.
+ * @param \Psr\Http\Message\ResponseInterface $response
+ * The error response to assert.
+ * @param string|false $pointer
+ * The expected JSON Pointer to the associated entity in the request
+ * document. See http://jsonapi.org/format/#error-objects.
+ * @param string[]|false $expected_cache_tags
+ * (optional) The expected cache tags in the X-Drupal-Cache-Tags response
+ * header, or FALSE if that header should be absent. Defaults to FALSE.
+ * @param string[]|false $expected_cache_contexts
+ * (optional) The expected cache contexts in the X-Drupal-Cache-Contexts
+ * response header, or FALSE if that header should be absent. Defaults to
+ * FALSE.
+ * @param string|false $expected_page_cache_header_value
+ * (optional) The expected X-Drupal-Cache response header value, or FALSE if
+ * that header should be absent. Possible strings: 'MISS', 'HIT'. Defaults
+ * to FALSE.
+ * @param string|false $expected_dynamic_page_cache_header_value
+ * (optional) The expected X-Drupal-Dynamic-Cache response header value, or
+ * FALSE if that header should be absent. Possible strings: 'MISS', 'HIT'.
+ * Defaults to FALSE.
+ */
+ protected function assertResourceErrorResponse($expected_status_code, $expected_message, $via_link, ResponseInterface $response, $pointer = FALSE, $expected_cache_tags = FALSE, $expected_cache_contexts = FALSE, $expected_page_cache_header_value = FALSE, $expected_dynamic_page_cache_header_value = FALSE) {
+ assert(is_null($via_link) || $via_link instanceof Url);
+ $expected_error = [];
+ if (!empty(Response::$statusTexts[$expected_status_code])) {
+ $expected_error['title'] = Response::$statusTexts[$expected_status_code];
+ }
+ $expected_error['status'] = $expected_status_code;
+ $expected_error['detail'] = $expected_message;
+ if ($via_link) {
+ $expected_error['links']['via']['href'] = $via_link->setAbsolute()->toString();
+ }
+ if ($info_url = HttpExceptionNormalizer::getInfoUrl($expected_status_code)) {
+ $expected_error['links']['info']['href'] = $info_url;
+ }
+ if ($pointer !== FALSE) {
+ $expected_error['source']['pointer'] = $pointer;
+ }
+
+ $expected_document = [
+ 'jsonapi' => static::$jsonApiMember,
+ 'errors' => [
+ 0 => $expected_error,
+ ],
+ ];
+ $this->assertResourceResponse($expected_status_code, $expected_document, $response, $expected_cache_tags, $expected_cache_contexts, $expected_page_cache_header_value, $expected_dynamic_page_cache_header_value);
+ }
+
+ /**
+ * Makes the JSON:API document violate the spec by omitting the resource type.
+ *
+ * @param array $document
+ * A JSON:API document.
+ *
+ * @return array
+ * The same JSON:API document, without its resource type.
+ */
+ protected function removeResourceTypeFromDocument(array $document) {
+ unset($document['data']['type']);
+ return $document;
+ }
+
+ /**
+ * Makes the given JSON:API document invalid.
+ *
+ * @param array $document
+ * A JSON:API document.
+ * @param string $entity_key
+ * The entity key whose normalization to make invalid.
+ *
+ * @return array
+ * The updated JSON:API document, now invalid.
+ */
+ protected function makeNormalizationInvalid(array $document, $entity_key) {
+ $entity_type = $this->entity->getEntityType();
+ switch ($entity_key) {
+ case 'label':
+ // Add a second label to this entity to make it invalid.
+ $label_field = $entity_type->hasKey('label') ? $entity_type->getKey('label') : static::$labelFieldName;
+ $document['data']['attributes'][$label_field] = [
+ 0 => $document['data']['attributes'][$label_field],
+ 1 => 'Second Title',
+ ];
+ break;
+
+ case 'id':
+ $document['data']['attributes'][$entity_type->getKey('id')] = $this->anotherEntity->id();
+ break;
+
+ case 'uuid':
+ $document['data']['id'] = $this->anotherEntity->uuid();
+ break;
+ }
+
+ return $document;
+ }
+
+ /**
+ * Tests GETting an individual resource, plus edge cases to ensure good DX.
+ */
+ public function testGetIndividual() {
+ // The URL and Guzzle request options that will be used in this test. The
+ // request options will be modified/expanded throughout this test:
+ // - to first test all mistakes a developer might make, and assert that the
+ // error responses provide a good DX
+ // - to eventually result in a well-formed request that succeeds.
+ // @todo Remove line below in favor of commented line in https://www.drupal.org/project/jsonapi/issues/2878463.
+ $url = Url::fromRoute(sprintf('jsonapi.%s.individual', static::$resourceTypeName), ['entity' => $this->entity->uuid()]);
+ /* $url = $this->entity->toUrl('jsonapi'); */
+ $request_options = [];
+ $request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
+ $request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions());
+
+ // DX: 403 when unauthorized, or 200 if the 'view label' operation is
+ // supported by the entity type.
+ $response = $this->request('GET', $url, $request_options);
+ if (!static::$anonymousUsersCanViewLabels) {
+ $expected_403_cacheability = $this->getExpectedUnauthorizedAccessCacheability();
+ $reason = $this->getExpectedUnauthorizedAccessMessage('GET');
+ $message = trim("The current user is not allowed to GET the selected resource. $reason");
+ $this->assertResourceErrorResponse(403, $message, $url, $response, '/data', $expected_403_cacheability->getCacheTags(), $expected_403_cacheability->getCacheContexts(), FALSE, 'MISS');
+ $this->assertArrayNotHasKey('Link', $response->getHeaders());
+ }
+ else {
+ $expected_document = $this->getExpectedDocument();
+ $label_field_name = $this->entity->getEntityType()->hasKey('label') ? $this->entity->getEntityType()->getKey('label') : static::$labelFieldName;
+ $expected_document['data']['attributes'] = array_intersect_key($expected_document['data']['attributes'], [$label_field_name => TRUE]);
+ unset($expected_document['data']['relationships']);
+ // MISS or UNCACHEABLE depends on data. It must not be HIT.
+ $dynamic_cache_label_only = !empty(array_intersect(['user', 'session'], $this->getExpectedCacheContexts([$label_field_name]))) ? 'UNCACHEABLE' : 'MISS';
+ $this->assertResourceResponse(200, $expected_document, $response, $this->getExpectedCacheTags(), $this->getExpectedCacheContexts([$label_field_name]), FALSE, $dynamic_cache_label_only);
+ }
+
+ $this->setUpAuthorization('GET');
+
+ // Set body despite that being nonsensical: should be ignored.
+ $request_options[RequestOptions::BODY] = Json::encode($this->getExpectedDocument());
+
+ // 400 for GET request with reserved custom query parameter.
+ $url_reserved_custom_query_parameter = clone $url;
+ $url_reserved_custom_query_parameter = $url_reserved_custom_query_parameter->setOption('query', ['foo' => 'bar']);
+ $response = $this->request('GET', $url_reserved_custom_query_parameter, $request_options);
+ $expected_document = [
+ 'jsonapi' => static::$jsonApiMember,
+ 'errors' => [
+ [
+ 'title' => 'Bad Request',
+ 'status' => 400,
+ 'detail' => "The following query parameters violate the JSON:API spec: 'foo'.",
+ 'links' => [
+ 'info' => ['href' => 'http://jsonapi.org/format/#query-parameters'],
+ 'via' => ['href' => $url_reserved_custom_query_parameter->toString()],
+ ],
+ ],
+ ],
+ ];
+ $this->assertResourceResponse(400, $expected_document, $response, ['4xx-response', 'http_response'], ['url.query_args', 'url.site'], FALSE, 'MISS');
+
+ // 200 for well-formed HEAD request.
+ $response = $this->request('HEAD', $url, $request_options);
+ // MISS or UNCACHEABLE depends on data. It must not be HIT.
+ $dynamic_cache = !empty(array_intersect(['user', 'session'], $this->getExpectedCacheContexts())) ? 'UNCACHEABLE' : 'MISS';
+ $this->assertResourceResponse(200, NULL, $response, $this->getExpectedCacheTags(), $this->getExpectedCacheContexts(), FALSE, $dynamic_cache);
+ $head_headers = $response->getHeaders();
+
+ // 200 for well-formed GET request. Page Cache hit because of HEAD request.
+ // Same for Dynamic Page Cache hit.
+ $response = $this->request('GET', $url, $request_options);
+
+ $this->assertResourceResponse(200, $this->getExpectedDocument(), $response, $this->getExpectedCacheTags(), $this->getExpectedCacheContexts(), FALSE, $dynamic_cache === 'MISS' ? 'HIT' : 'UNCACHEABLE');
+ // Assert that Dynamic Page Cache did not store a ResourceResponse object,
+ // which needs serialization after every cache hit. Instead, it should
+ // contain a flattened response. Otherwise performance suffers.
+ // @see \Drupal\jsonapi\EventSubscriber\ResourceResponseSubscriber::flattenResponse()
+ $cache_items = $this->container->get('database')
+ ->query("SELECT cid, data FROM {cache_dynamic_page_cache} WHERE cid LIKE :pattern", [
+ ':pattern' => '%[route]=jsonapi.%',
+ ])
+ ->fetchAllAssoc('cid');
+ $this->assertTrue(count($cache_items) >= 2);
+ $found_cache_redirect = FALSE;
+ $found_cached_200_response = FALSE;
+ $other_cached_responses_are_4xx = TRUE;
+ foreach ($cache_items as $cid => $cache_item) {
+ $cached_data = unserialize($cache_item->data);
+ if (!isset($cached_data['#cache_redirect'])) {
+ $cached_response = $cached_data['#response'];
+ if ($cached_response->getStatusCode() === 200) {
+ $found_cached_200_response = TRUE;
+ }
+ elseif (!$cached_response->isClientError()) {
+ $other_cached_responses_are_4xx = FALSE;
+ }
+ $this->assertNotInstanceOf(ResourceResponse::class, $cached_response);
+ $this->assertInstanceOf(CacheableResponseInterface::class, $cached_response);
+ }
+ else {
+ $found_cache_redirect = TRUE;
+ }
+ }
+ $this->assertTrue($found_cache_redirect);
+ $this->assertSame($dynamic_cache !== 'UNCACHEABLE' || isset($dynamic_cache_label_only) && $dynamic_cache_label_only !== 'UNCACHEABLE', $found_cached_200_response);
+ $this->assertTrue($other_cached_responses_are_4xx);
+
+ // Not only assert the normalization, also assert deserialization of the
+ // response results in the expected object.
+ $unserialized = $this->serializer->deserialize((string) $response->getBody(), JsonApiDocumentTopLevel::class, 'api_json', [
+ 'target_entity' => static::$entityTypeId,
+ 'resource_type' => $this->container->get('jsonapi.resource_type.repository')->getByTypeName(static::$resourceTypeName),
+ ]);
+ $this->assertSame($unserialized->uuid(), $this->entity->uuid());
+ $get_headers = $response->getHeaders();
+
+ // Verify that the GET and HEAD responses are the same. The only difference
+ // is that there's no body. For this reason the 'Transfer-Encoding' and
+ // 'Vary' headers are also added to the list of headers to ignore, as they
+ // may be added to GET requests, depending on web server configuration. They
+ // are usually 'Transfer-Encoding: chunked' and 'Vary: Accept-Encoding'.
+ $ignored_headers = [
+ 'Date',
+ 'Content-Length',
+ 'X-Drupal-Cache',
+ 'X-Drupal-Dynamic-Cache',
+ 'Transfer-Encoding',
+ 'Vary',
+ ];
+ $header_cleaner = function ($headers) use ($ignored_headers) {
+ foreach ($headers as $header => $value) {
+ if (strpos($header, 'X-Drupal-Assertion-') === 0 || in_array($header, $ignored_headers)) {
+ unset($headers[$header]);
+ }
+ }
+ return $headers;
+ };
+ $get_headers = $header_cleaner($get_headers);
+ $head_headers = $header_cleaner($head_headers);
+ $this->assertSame($get_headers, $head_headers);
+
+ // Feature: Sparse fieldsets.
+ $this->doTestSparseFieldSets($url, $request_options);
+ // Feature: Included.
+ $this->doTestIncluded($url, $request_options);
+
+ // DX: 404 when GETting non-existing entity.
+ $random_uuid = \Drupal::service('uuid')->generate();
+ $url = Url::fromRoute(sprintf('jsonapi.%s.individual', static::$resourceTypeName), ['entity' => $random_uuid]);
+ $response = $this->request('GET', $url, $request_options);
+ $message_url = clone $url;
+ $path = str_replace($random_uuid, '{entity}', $message_url->setAbsolute()->setOptions(['base_url' => '', 'query' => []])->toString());
+ $message = 'The "entity" parameter was not converted for the path "' . $path . '" (route name: "jsonapi.' . static::$resourceTypeName . '.individual")';
+ $this->assertResourceErrorResponse(404, $message, $url, $response, FALSE, ['4xx-response', 'http_response'], ['url.site'], FALSE, 'UNCACHEABLE');
+
+ // DX: when Accept request header is missing, still 404, same response.
+ unset($request_options[RequestOptions::HEADERS]['Accept']);
+ $response = $this->request('GET', $url, $request_options);
+ $this->assertResourceErrorResponse(404, $message, $url, $response, FALSE, ['4xx-response', 'http_response'], ['url.site'], FALSE, 'UNCACHEABLE');
+ }
+
+ /**
+ * Tests GETting a collection of resources.
+ */
+ public function testCollection() {
+ $entity_collection = $this->getEntityCollection();
+ assert(count($entity_collection) > 1, 'A collection must have more that one entity in it.');
+
+ $collection_url = Url::fromRoute(sprintf('jsonapi.%s.collection', static::$resourceTypeName))->setAbsolute(TRUE);
+ $request_options = [];
+ $request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
+ $request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions());
+
+ // This asserts that collections will work without a sort, added by default
+ // below, without actually asserting the content of the response.
+ $expected_response = $this->getExpectedCollectionResponse($entity_collection, $collection_url->toString(), $request_options);
+ $expected_cacheability = $expected_response->getCacheableMetadata();
+ $response = $this->request('HEAD', $collection_url, $request_options);
+ // MISS or UNCACHEABLE depends on the collection data. It must not be HIT.
+ $dynamic_cache = $expected_cacheability->getCacheMaxAge() === 0 ? 'UNCACHEABLE' : 'MISS';
+ $this->assertResourceResponse(200, NULL, $response, $expected_cacheability->getCacheTags(), $expected_cacheability->getCacheContexts(), FALSE, $dynamic_cache);
+
+ // Different databases have different sort orders, so a sort is required so
+ // test expectations do not need to vary per database.
+ $default_sort = ['sort' => 'drupal_internal__' . $this->entity->getEntityType()->getKey('id')];
+ $collection_url->setOption('query', $default_sort);
+
+ // 200 for collections, even when all entities are inaccessible. Access is
+ // on a per-entity basis, which is handled by
+ // self::getExpectedCollectionResponse().
+ $expected_response = $this->getExpectedCollectionResponse($entity_collection, $collection_url->toString(), $request_options);
+ $expected_cacheability = $expected_response->getCacheableMetadata();
+ $expected_document = $expected_response->getResponseData();
+ $response = $this->request('GET', $collection_url, $request_options);
+ $this->assertResourceResponse(200, $expected_document, $response, $expected_cacheability->getCacheTags(), $expected_cacheability->getCacheContexts(), FALSE, $dynamic_cache);
+
+ $this->setUpAuthorization('GET');
+
+ // 200 for well-formed HEAD request.
+ $expected_response = $this->getExpectedCollectionResponse($entity_collection, $collection_url->toString(), $request_options);
+ $expected_cacheability = $expected_response->getCacheableMetadata();
+ $response = $this->request('HEAD', $collection_url, $request_options);
+ $this->assertResourceResponse(200, NULL, $response, $expected_cacheability->getCacheTags(), $expected_cacheability->getCacheContexts(), FALSE, $dynamic_cache);
+
+ // 200 for well-formed GET request.
+ $expected_response = $this->getExpectedCollectionResponse($entity_collection, $collection_url->toString(), $request_options);
+ $expected_cacheability = $expected_response->getCacheableMetadata();
+ $expected_document = $expected_response->getResponseData();
+ $response = $this->request('GET', $collection_url, $request_options);
+ // Dynamic Page Cache HIT unless the HEAD request was UNCACHEABLE.
+ $dynamic_cache = $dynamic_cache === 'UNCACHEABLE' ? 'UNCACHEABLE' : 'HIT';
+ $this->assertResourceResponse(200, $expected_document, $response, $expected_cacheability->getCacheTags(), $expected_cacheability->getCacheContexts(), FALSE, $dynamic_cache);
+
+ if ($this->entity instanceof FieldableEntityInterface) {
+ // 403 for filtering on an unauthorized field on the base resource type.
+ $unauthorized_filter_url = clone $collection_url;
+ $unauthorized_filter_url->setOption('query', [
+ 'filter' => [
+ 'related_author_id' => [
+ 'operator' => '<>',
+ 'path' => 'field_jsonapi_test_entity_ref.status',
+ 'value' => 'doesnt@matter.com',
+ ],
+ ],
+ ]);
+ $response = $this->request('GET', $unauthorized_filter_url, $request_options);
+ $expected_error_message = "The current user is not authorized to filter by the `field_jsonapi_test_entity_ref` field, given in the path `field_jsonapi_test_entity_ref`. The 'field_jsonapi_test_entity_ref view access' permission is required.";
+ $expected_cache_tags = ['4xx-response', 'http_response'];
+ $expected_cache_contexts = [
+ 'url.query_args:filter',
+ 'url.query_args:sort',
+ 'url.site',
+ 'user.permissions',
+ ];
+ $this->assertResourceErrorResponse(403, $expected_error_message, $unauthorized_filter_url, $response, FALSE, $expected_cache_tags, $expected_cache_contexts, FALSE, 'MISS');
+
+ $this->grantPermissionsToTestedRole(['field_jsonapi_test_entity_ref view access']);
+
+ // 403 for filtering on an unauthorized field on a related resource type.
+ $response = $this->request('GET', $unauthorized_filter_url, $request_options);
+ $expected_error_message = "The current user is not authorized to filter by the `status` field, given in the path `field_jsonapi_test_entity_ref.entity:user.status`.";
+ $this->assertResourceErrorResponse(403, $expected_error_message, $unauthorized_filter_url, $response, FALSE, $expected_cache_tags, $expected_cache_contexts, FALSE, 'MISS');
+ }
+
+ // Remove an entity from the collection, then filter it out.
+ $filtered_entity_collection = $entity_collection;
+ $removed = array_shift($filtered_entity_collection);
+ $filtered_collection_url = clone $collection_url;
+ $entity_collection_filter = [
+ 'filter' => [
+ 'ids' => [
+ 'condition' => [
+ 'operator' => '<>',
+ 'path' => 'id',
+ 'value' => $removed->uuid(),
+ ],
+ ],
+ ],
+ ];
+ $filtered_collection_url->setOption('query', $entity_collection_filter + $default_sort);
+ $expected_response = $this->getExpectedCollectionResponse($filtered_entity_collection, $filtered_collection_url->toString(), $request_options, NULL, TRUE);
+ $expected_cacheability = $expected_response->getCacheableMetadata();
+ $expected_document = $expected_response->getResponseData();
+ $response = $this->request('GET', $filtered_collection_url, $request_options);
+ // MISS or UNCACHEABLE depends on the collection data. It must not be HIT.
+ $dynamic_cache = $expected_cacheability->getCacheMaxAge() === 0 || !empty(array_intersect(['user', 'session'], $expected_cacheability->getCacheContexts())) ? 'UNCACHEABLE' : 'MISS';
+ $this->assertResourceResponse(200, $expected_document, $response, $expected_cacheability->getCacheTags(), $expected_cacheability->getCacheContexts(), FALSE, $dynamic_cache);
+
+ // Filtered collection with includes.
+ $relationship_field_names = array_reduce($filtered_entity_collection, function ($relationship_field_names, $entity) {
+ return array_unique(array_merge($relationship_field_names, $this->getRelationshipFieldNames($entity)));
+ }, []);
+ $include = ['include' => implode(',', $relationship_field_names)];
+ $filtered_collection_include_url = clone $collection_url;
+ $filtered_collection_include_url->setOption('query', $entity_collection_filter + $include + $default_sort);
+ $expected_response = $this->getExpectedCollectionResponse($filtered_entity_collection, $filtered_collection_include_url->toString(), $request_options, $relationship_field_names, TRUE);
+ $expected_cacheability = $expected_response->getCacheableMetadata();
+ $expected_cacheability->setCacheTags(array_values(array_diff($expected_cacheability->getCacheTags(), ['4xx-response'])));
+ $expected_document = $expected_response->getResponseData();
+ $response = $this->request('GET', $filtered_collection_include_url, $request_options);
+ // MISS or UNCACHEABLE depends on the included data. It must not be HIT.
+ $dynamic_cache = $expected_cacheability->getCacheMaxAge() === 0 || !empty(array_intersect(['user', 'session'], $expected_cacheability->getCacheContexts())) ? 'UNCACHEABLE' : 'MISS';
+ $this->assertResourceResponse(200, $expected_document, $response, $expected_cacheability->getCacheTags(), $expected_cacheability->getCacheContexts(), FALSE, $dynamic_cache);
+
+ // If the response should vary by a user's authorizations, grant permissions
+ // for the included resources and execute another request.
+ $permission_related_cache_contexts = [
+ 'user',
+ 'user.permissions',
+ 'user.roles',
+ ];
+ if (!empty($relationship_field_names) && !empty(array_intersect($expected_cacheability->getCacheContexts(), $permission_related_cache_contexts))) {
+ $applicable_permissions = array_intersect_key(static::getIncludePermissions(), array_flip($relationship_field_names));
+ $flattened_permissions = array_unique(array_reduce($applicable_permissions, 'array_merge', []));
+ $this->grantPermissionsToTestedRole($flattened_permissions);
+ $expected_response = $this->getExpectedCollectionResponse($filtered_entity_collection, $filtered_collection_include_url->toString(), $request_options, $relationship_field_names, TRUE);
+ $expected_cacheability = $expected_response->getCacheableMetadata();
+ $expected_document = $expected_response->getResponseData();
+ $response = $this->request('GET', $filtered_collection_include_url, $request_options);
+ $requires_include_only_permissions = !empty($flattened_permissions);
+ $uncacheable = $expected_cacheability->getCacheMaxAge() === 0 || !empty(array_intersect(['user', 'session'], $expected_cacheability->getCacheContexts()));
+ $dynamic_cache = !$uncacheable ? $requires_include_only_permissions ? 'MISS' : 'HIT' : 'UNCACHEABLE';
+ $this->assertResourceResponse(200, $expected_document, $response, $expected_cacheability->getCacheTags(), $expected_cacheability->getCacheContexts(), FALSE, $dynamic_cache);
+ }
+
+ // Sorted collection with includes.
+ $sorted_entity_collection = $entity_collection;
+ uasort($sorted_entity_collection, function (EntityInterface $a, EntityInterface $b) {
+ // Sort by ID in reverse order.
+ return strcmp($b->uuid(), $a->uuid());
+ });
+ $sorted_collection_include_url = clone $collection_url;
+ $sorted_collection_include_url->setOption('query', $include + ['sort' => "-id"]);
+ $expected_response = $this->getExpectedCollectionResponse($sorted_entity_collection, $sorted_collection_include_url->toString(), $request_options, $relationship_field_names);
+ $expected_cacheability = $expected_response->getCacheableMetadata();
+ $expected_cacheability->setCacheTags(array_values(array_diff($expected_cacheability->getCacheTags(), ['4xx-response'])));
+ $expected_document = $expected_response->getResponseData();
+ $response = $this->request('GET', $sorted_collection_include_url, $request_options);
+ // MISS or UNCACHEABLE depends on the included data. It must not be HIT.
+ $dynamic_cache = $expected_cacheability->getCacheMaxAge() === 0 ? 'UNCACHEABLE' : 'MISS';
+ $this->assertResourceResponse(200, $expected_document, $response, $expected_cacheability->getCacheTags(), $expected_cacheability->getCacheContexts(), FALSE, $dynamic_cache);
+ }
+
+ /**
+ * Returns a JSON:API collection document for the expected entities.
+ *
+ * @param \Drupal\Core\Entity\EntityInterface[] $collection
+ * The entities for the collection.
+ * @param string $self_link
+ * The self link for the collection response document.
+ * @param array $request_options
+ * Request options to apply.
+ * @param array|null $included_paths
+ * (optional) Any include paths that should be appended to the expected
+ * response.
+ * @param bool $filtered
+ * Whether the collection is filtered or not.
+ *
+ * @return \Drupal\jsonapi\ResourceResponse
+ * A ResourceResponse for the expected entity collection.
+ *
+ * @see \GuzzleHttp\ClientInterface::request()
+ */
+ protected function getExpectedCollectionResponse(array $collection, $self_link, array $request_options, array $included_paths = NULL, $filtered = FALSE) {
+ $resource_identifiers = array_map([static::class, 'toResourceIdentifier'], $collection);
+ $individual_responses = static::toResourceResponses($this->getResponses(static::getResourceLinks($resource_identifiers), $request_options));
+ $merged_response = static::toCollectionResourceResponse($individual_responses, $self_link, TRUE);
+
+ $merged_document = $merged_response->getResponseData();
+ if (!isset($merged_document['data'])) {
+ $merged_document['data'] = [];
+ }
+
+ $cacheability = static::getExpectedCollectionCacheability($this->account, $collection, NULL, $filtered);
+ $cacheability->setCacheMaxAge($merged_response->getCacheableMetadata()->getCacheMaxAge());
+
+ $collection_response = ResourceResponse::create($merged_document);
+ $collection_response->addCacheableDependency($cacheability);
+
+ if (is_null($included_paths)) {
+ return $collection_response;
+ }
+
+ $related_responses = array_reduce($collection, function ($related_responses, EntityInterface $entity) use ($included_paths, $request_options, $self_link) {
+ if (!$entity->access('view', $this->account) && !$entity->access('view label', $this->account)) {
+ return $related_responses;
+ }
+ $expected_related_responses = $this->getExpectedRelatedResponses($included_paths, $request_options, $entity);
+ if (empty($related_responses)) {
+ return $expected_related_responses;
+ }
+ foreach ($included_paths as $included_path) {
+ $both_responses = [$related_responses[$included_path], $expected_related_responses[$included_path]];
+ $related_responses[$included_path] = static::toCollectionResourceResponse($both_responses, $self_link, TRUE);
+ }
+ return $related_responses;
+ }, []);
+
+ return static::decorateExpectedResponseForIncludedFields($collection_response, $related_responses);
+ }
+
+ /**
+ * Tests GETing related resource of an individual resource.
+ *
+ * Expected responses are built by making requests to 'relationship' routes.
+ * Using the fetched resource identifiers, if any, all targeted resources are
+ * fetched individually. These individual responses are then 'merged' into a
+ * single expected ResourceResponse. This is repeated for every relationship
+ * field of the resource type under test.
+ */
+ public function testRelated() {
+ $request_options = [];
+ $request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
+ $request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions());
+ $this->doTestRelated($request_options);
+ $this->setUpAuthorization('GET');
+ $this->doTestRelated($request_options);
+ }
+
+ /**
+ * Tests CRUD of individual resource relationship data.
+ *
+ * Unlike the "related" routes, relationship routes only return information
+ * about the "relationship" itself, not the targeted resources. For JSON:API
+ * with Drupal, relationship routes are like looking at an entity reference
+ * field without loading the entities. It only reveals the type of the
+ * targeted resource and the target resource IDs. These type+ID combos are
+ * referred to as "resource identifiers."
+ */
+ public function testRelationships() {
+ if ($this->entity instanceof ConfigEntityInterface) {
+ $this->markTestSkipped('Configuration entities cannot have relationships.');
+ }
+
+ $request_options = [];
+ $request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
+ $request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions());
+
+ // Test GET.
+ $this->doTestRelationshipGet($request_options);
+ $this->setUpAuthorization('GET');
+ $this->doTestRelationshipGet($request_options);
+
+ // Test POST.
+ $this->doTestRelationshipMutation($request_options);
+ // Grant entity-level edit access.
+ $this->setUpAuthorization('PATCH');
+ $this->doTestRelationshipMutation($request_options);
+ // Field edit access is still forbidden, grant it.
+ $this->grantPermissionsToTestedRole([
+ 'field_jsonapi_test_entity_ref view access',
+ 'field_jsonapi_test_entity_ref edit access',
+ 'field_jsonapi_test_entity_ref update access',
+ ]);
+ $this->doTestRelationshipMutation($request_options);
+ }
+
+ /**
+ * Performs one round of related route testing.
+ *
+ * By putting this behavior in its own method, authorization and other
+ * variations can be done in the calling method around assertions. For
+ * example, it can be run once with an authorized user and again without one.
+ *
+ * @param array $request_options
+ * Request options to apply.
+ *
+ * @see \GuzzleHttp\ClientInterface::request()
+ */
+ protected function doTestRelated(array $request_options) {
+ $relationship_field_names = $this->getRelationshipFieldNames($this->entity);
+ // If there are no relationship fields, we can't test related routes.
+ if (empty($relationship_field_names)) {
+ return;
+ }
+ // Builds an array of expected responses, keyed by relationship field name.
+ $expected_relationship_responses = $this->getExpectedRelatedResponses($relationship_field_names, $request_options);
+ // Fetches actual responses as an array keyed by relationship field name.
+ $related_responses = $this->getRelatedResponses($relationship_field_names, $request_options);
+ foreach ($relationship_field_names as $relationship_field_name) {
+ /* @var \Drupal\jsonapi\ResourceResponse $expected_resource_response */
+ $expected_resource_response = $expected_relationship_responses[$relationship_field_name];
+ /* @var \Psr\Http\Message\ResponseInterface $actual_response */
+ $actual_response = $related_responses[$relationship_field_name];
+ // Dynamic Page Cache miss because cache should vary based on the
+ // 'include' query param.
+ $expected_cacheability = $expected_resource_response->getCacheableMetadata();
+ $this->assertResourceResponse(
+ $expected_resource_response->getStatusCode(),
+ $expected_resource_response->getResponseData(),
+ $actual_response,
+ $expected_cacheability->getCacheTags(),
+ $expected_cacheability->getCacheContexts(),
+ FALSE,
+ $actual_response->getStatusCode() === 200
+ ? ($expected_cacheability->getCacheMaxAge() === 0 ? 'UNCACHEABLE' : 'MISS')
+ : FALSE
+ );
+ }
+ }
+
+ /**
+ * Performs one round of relationship route testing.
+ *
+ * @param array $request_options
+ * Request options to apply.
+ *
+ * @see \GuzzleHttp\ClientInterface::request()
+ * @see ::testRelationships
+ */
+ protected function doTestRelationshipGet(array $request_options) {
+ $relationship_field_names = $this->getRelationshipFieldNames($this->entity);
+ // If there are no relationship fields, we can't test relationship routes.
+ if (empty($relationship_field_names)) {
+ return;
+ }
+
+ // Test GET.
+ $related_responses = $this->getRelationshipResponses($relationship_field_names, $request_options);
+ foreach ($relationship_field_names as $relationship_field_name) {
+ $expected_resource_response = $this->getExpectedGetRelationshipResponse($relationship_field_name);
+ $expected_document = $expected_resource_response->getResponseData();
+ $expected_cacheability = $expected_resource_response->getCacheableMetadata();
+ $actual_response = $related_responses[$relationship_field_name];
+ $this->assertResourceResponse(
+ $expected_resource_response->getStatusCode(),
+ $expected_document,
+ $actual_response,
+ $expected_cacheability->getCacheTags(),
+ $expected_cacheability->getCacheContexts(),
+ FALSE,
+ $expected_resource_response->isSuccessful() ? 'MISS' : FALSE
+ );
+ }
+ }
+
+ /**
+ * Performs one round of relationship POST, PATCH and DELETE route testing.
+ *
+ * @param array $request_options
+ * Request options to apply.
+ *
+ * @see \GuzzleHttp\ClientInterface::request()
+ * @see ::testRelationships
+ */
+ protected function doTestRelationshipMutation(array $request_options) {
+ /* @var \Drupal\Core\Entity\FieldableEntityInterface $resource */
+ $resource = $this->createAnotherEntity('dupe');
+ $resource->set('field_jsonapi_test_entity_ref', NULL);
+ $violations = $resource->validate();
+ assert($violations->count() === 0, (string) $violations);
+ $resource->save();
+ $target_resource = $this->createUser();
+ $violations = $target_resource->validate();
+ assert($violations->count() === 0, (string) $violations);
+ $target_resource->save();
+ $target_identifier = static::toResourceIdentifier($target_resource);
+ $resource_identifier = static::toResourceIdentifier($resource);
+ $relationship_field_name = 'field_jsonapi_test_entity_ref';
+ /* @var \Drupal\Core\Access\AccessResultReasonInterface $update_access */
+ $update_access = static::entityAccess($resource, 'update', $this->account)
+ ->andIf(static::entityFieldAccess($resource, $relationship_field_name, 'edit', $this->account));
+ $url = Url::fromRoute(sprintf("jsonapi.{$resource_identifier['type']}.{$relationship_field_name}.relationship.patch"), [
+ 'entity' => $resource->uuid(),
+ ]);
+
+ // Test POST: missing content-type.
+ $response = $this->request('POST', $url, $request_options);
+ $this->assertSame(415, $response->getStatusCode());
+
+ // Set the JSON:API media type header for all subsequent requests.
+ $request_options[RequestOptions::HEADERS]['Content-Type'] = 'application/vnd.api+json';
+
+ if ($update_access->isAllowed()) {
+ // Test POST: empty body.
+ $response = $this->request('POST', $url, $request_options);
+ $this->assertResourceErrorResponse(400, 'Empty request body.', $url, $response, FALSE);
+ // Test PATCH: empty body.
+ $response = $this->request('PATCH', $url, $request_options);
+ $this->assertResourceErrorResponse(400, 'Empty request body.', $url, $response, FALSE);
+
+ // Test POST: empty data.
+ $request_options[RequestOptions::BODY] = Json::encode(['data' => []]);
+ $response = $this->request('POST', $url, $request_options);
+ $this->assertResourceResponse(204, NULL, $response);
+ // Test PATCH: empty data.
+ $request_options[RequestOptions::BODY] = Json::encode(['data' => []]);
+ $response = $this->request('PATCH', $url, $request_options);
+ $this->assertResourceResponse(204, NULL, $response);
+
+ // Test POST: data as resource identifier, not array of identifiers.
+ $request_options[RequestOptions::BODY] = Json::encode(['data' => $target_identifier]);
+ $response = $this->request('POST', $url, $request_options);
+ $this->assertResourceErrorResponse(400, 'Invalid body payload for the relationship.', $url, $response, FALSE);
+ // Test PATCH: data as resource identifier, not array of identifiers.
+ $request_options[RequestOptions::BODY] = Json::encode(['data' => $target_identifier]);
+ $response = $this->request('PATCH', $url, $request_options);
+ $this->assertResourceErrorResponse(400, 'Invalid body payload for the relationship.', $url, $response, FALSE);
+
+ // Test POST: missing the 'type' field.
+ $request_options[RequestOptions::BODY] = Json::encode(['data' => array_intersect_key($target_identifier, ['id' => 'id'])]);
+ $response = $this->request('POST', $url, $request_options);
+ $this->assertResourceErrorResponse(400, 'Invalid body payload for the relationship.', $url, $response, FALSE);
+ // Test PATCH: missing the 'type' field.
+ $request_options[RequestOptions::BODY] = Json::encode(['data' => array_intersect_key($target_identifier, ['id' => 'id'])]);
+ $response = $this->request('PATCH', $url, $request_options);
+ $this->assertResourceErrorResponse(400, 'Invalid body payload for the relationship.', $url, $response, FALSE);
+
+ // If the base resource type is the same as that of the target's (as it
+ // will be for `user--user`), then the validity error will not be
+ // triggered, needlessly failing this assertion.
+ if (static::$resourceTypeName !== $target_identifier['type']) {
+ // Test POST: invalid target.
+ $request_options[RequestOptions::BODY] = Json::encode(['data' => [$resource_identifier]]);
+ $response = $this->request('POST', $url, $request_options);
+ $this->assertResourceErrorResponse(400, sprintf('The provided type (%s) does not mach the destination resource types (%s).', $resource_identifier['type'], $target_identifier['type']), $url, $response, FALSE);
+ // Test PATCH: invalid target.
+ $request_options[RequestOptions::BODY] = Json::encode(['data' => [$resource_identifier]]);
+ $response = $this->request('POST', $url, $request_options);
+ $this->assertResourceErrorResponse(400, sprintf('The provided type (%s) does not mach the destination resource types (%s).', $resource_identifier['type'], $target_identifier['type']), $url, $response, FALSE);
+ }
+
+ // Test POST: duplicate targets, no arity.
+ $request_options[RequestOptions::BODY] = Json::encode(['data' => [$target_identifier, $target_identifier]]);
+ $response = $this->request('POST', $url, $request_options);
+ $this->assertResourceErrorResponse(400, 'Duplicate relationships are not permitted. Use `meta.arity` to distinguish resource identifiers with matching `type` and `id` values.', $url, $response, FALSE);
+
+ // Test PATCH: duplicate targets, no arity.
+ $request_options[RequestOptions::BODY] = Json::encode(['data' => [$target_identifier, $target_identifier]]);
+ $response = $this->request('PATCH', $url, $request_options);
+ $this->assertResourceErrorResponse(400, 'Duplicate relationships are not permitted. Use `meta.arity` to distinguish resource identifiers with matching `type` and `id` values.', $url, $response, FALSE);
+
+ // Test POST: success.
+ $request_options[RequestOptions::BODY] = Json::encode(['data' => [$target_identifier]]);
+ $response = $this->request('POST', $url, $request_options);
+ $this->assertResourceResponse(204, NULL, $response);
+
+ // Test POST: success, relationship already exists, no arity.
+ $response = $this->request('POST', $url, $request_options);
+ $this->assertResourceResponse(204, NULL, $response);
+
+ // Test POST: success, relationship already exists, new arity.
+ $request_options[RequestOptions::BODY] = Json::encode(['data' => [$target_identifier + ['meta' => ['arity' => 1]]]]);
+ $response = $this->request('POST', $url, $request_options);
+ $resource->set($relationship_field_name, [$target_resource, $target_resource]);
+ $expected_document = $this->getExpectedGetRelationshipDocument($relationship_field_name, $resource);
+ $expected_document['data'][0] += ['meta' => ['arity' => 0]];
+ $expected_document['data'][1] += ['meta' => ['arity' => 1]];
+ $this->assertResourceResponse(200, $expected_document, $response);
+
+ // Test PATCH: success, new value is the same as given value.
+ $request_options[RequestOptions::BODY] = Json::encode([
+ 'data' => [
+ $target_identifier + ['meta' => ['arity' => 0]],
+ $target_identifier + ['meta' => ['arity' => 1]],
+ ],
+ ]);
+ $response = $this->request('PATCH', $url, $request_options);
+ $this->assertResourceResponse(204, NULL, $response);
+
+ // Test POST: success, relationship already exists, new arity.
+ $request_options[RequestOptions::BODY] = Json::encode([
+ 'data' => [
+ $target_identifier + ['meta' => ['arity' => 2]],
+ ],
+ ]);
+ $response = $this->request('POST', $url, $request_options);
+ $resource->set($relationship_field_name, [
+ $target_resource,
+ $target_resource,
+ $target_resource,
+ ]);
+ $expected_document = $this->getExpectedGetRelationshipDocument($relationship_field_name, $resource);
+ $expected_document['data'][0] += ['meta' => ['arity' => 0]];
+ $expected_document['data'][1] += ['meta' => ['arity' => 1]];
+ $expected_document['data'][2] += ['meta' => ['arity' => 2]];
+ // 200 with response body because the request did not include the
+ // existing relationship resource identifier object.
+ $this->assertResourceResponse(200, $expected_document, $response);
+
+ // Test POST: success.
+ $request_options[RequestOptions::BODY] = Json::encode([
+ 'data' => [
+ $target_identifier + ['meta' => ['arity' => 0]],
+ $target_identifier + ['meta' => ['arity' => 1]],
+ ],
+ ]);
+ $response = $this->request('POST', $url, $request_options);
+ // 200 with response body because the request did not include the
+ // resource identifier with arity 2.
+ $this->assertResourceResponse(200, $expected_document, $response);
+
+ // Test PATCH: success.
+ $request_options[RequestOptions::BODY] = Json::encode([
+ 'data' => [
+ $target_identifier + ['meta' => ['arity' => 0]],
+ $target_identifier + ['meta' => ['arity' => 1]],
+ $target_identifier + ['meta' => ['arity' => 2]],
+ ],
+ ]);
+ $response = $this->request('PATCH', $url, $request_options);
+ // 204 no content. PATCH data matches existing data.
+ $this->assertResourceResponse(204, NULL, $response);
+
+ // Test DELETE: three existing relationships, two removed.
+ $request_options[RequestOptions::BODY] = Json::encode([
+ 'data' => [
+ $target_identifier + ['meta' => ['arity' => 0]],
+ $target_identifier + ['meta' => ['arity' => 2]],
+ ],
+ ]);
+ $response = $this->request('DELETE', $url, $request_options);
+ $this->assertResourceResponse(204, NULL, $response);
+ // Subsequent GET should return only one resource identifier, with no
+ // arity.
+ $resource->set($relationship_field_name, [$target_resource]);
+ $expected_document = $this->getExpectedGetRelationshipDocument($relationship_field_name, $resource);
+ $response = $this->request('GET', $url, $request_options);
+ $this->assertSameDocument($expected_document, Json::decode((string) $response->getBody()));
+
+ // Test DELETE: one existing relationship, removed.
+ $request_options[RequestOptions::BODY] = Json::encode(['data' => [$target_identifier]]);
+ $response = $this->request('DELETE', $url, $request_options);
+ $resource->set($relationship_field_name, []);
+ $this->assertResourceResponse(204, NULL, $response);
+ $expected_document = $this->getExpectedGetRelationshipDocument($relationship_field_name, $resource);
+ $response = $this->request('GET', $url, $request_options);
+ $this->assertSameDocument($expected_document, Json::decode((string) $response->getBody()));
+
+ // Test DELETE: no existing relationships, no op, success.
+ $request_options[RequestOptions::BODY] = Json::encode(['data' => [$target_identifier]]);
+ $response = $this->request('DELETE', $url, $request_options);
+ $this->assertResourceResponse(204, NULL, $response);
+ $expected_document = $this->getExpectedGetRelationshipDocument($relationship_field_name, $resource);
+ $response = $this->request('GET', $url, $request_options);
+ $this->assertSameDocument($expected_document, Json::decode((string) $response->getBody()));
+
+ // Test PATCH: success, new value is different than existing value.
+ $request_options[RequestOptions::BODY] = Json::encode([
+ 'data' => [
+ $target_identifier + ['meta' => ['arity' => 2]],
+ $target_identifier + ['meta' => ['arity' => 3]],
+ ],
+ ]);
+ $response = $this->request('PATCH', $url, $request_options);
+ $resource->set($relationship_field_name, [$target_resource, $target_resource]);
+ $expected_document = $this->getExpectedGetRelationshipDocument($relationship_field_name, $resource);
+ $expected_document['data'][0] += ['meta' => ['arity' => 0]];
+ $expected_document['data'][1] += ['meta' => ['arity' => 1]];
+ // 200 with response body because arity values are computed; that means
+ // that the PATCH arity values 2 + 3 will become 0 + 1 if there are not
+ // already resource identifiers with those arity values.
+ $this->assertResourceResponse(200, $expected_document, $response);
+
+ // Test DELETE: two existing relationships, both removed because no arity
+ // was specified.
+ $request_options[RequestOptions::BODY] = Json::encode(['data' => [$target_identifier]]);
+ $response = $this->request('DELETE', $url, $request_options);
+ $resource->set($relationship_field_name, []);
+ $this->assertResourceResponse(204, NULL, $response);
+ $resource->set($relationship_field_name, []);
+ $expected_document = $this->getExpectedGetRelationshipDocument($relationship_field_name, $resource);
+ $response = $this->request('GET', $url, $request_options);
+ $this->assertSameDocument($expected_document, Json::decode((string) $response->getBody()));
+ }
+ else {
+ $request_options[RequestOptions::BODY] = Json::encode(['data' => [$target_identifier]]);
+ $response = $this->request('POST', $url, $request_options);
+ $message = 'The current user is not allowed to edit this relationship.';
+ $message .= ($reason = $update_access->getReason()) ? ' ' . $reason : '';
+ $this->assertResourceErrorResponse(403, $message, $url, $response, FALSE);
+ $response = $this->request('PATCH', $url, $request_options);
+ $this->assertResourceErrorResponse(403, $message, $url, $response, FALSE);
+ $response = $this->request('DELETE', $url, $request_options);
+ $this->assertResourceErrorResponse(403, $message, $url, $response, FALSE);
+ }
+
+ // Remove the test entities that were created.
+ $resource->delete();
+ $target_resource->delete();
+ }
+
+ /**
+ * Gets an expected ResourceResponse for the given relationship.
+ *
+ * @param string $relationship_field_name
+ * The relationship for which to get an expected response.
+ * @param \Drupal\Core\Entity\EntityInterface|null $entity
+ * (optional) The entity for which to get expected relationship response.
+ *
+ * @return \Drupal\jsonapi\ResourceResponse
+ * The expected ResourceResponse.
+ */
+ protected function getExpectedGetRelationshipResponse($relationship_field_name, EntityInterface $entity = NULL) {
+ $entity = $entity ?: $this->entity;
+ $access = AccessResult::neutral()->addCacheContexts($entity->getEntityType()->isRevisionable() ? ['url.query_args:resourceVersion'] : []);
+ $access = $access->orIf(static::entityFieldAccess($entity, $this->resourceType->getInternalName($relationship_field_name), 'view', $this->account));
+ if (!$access->isAllowed()) {
+ $via_link = Url::fromRoute(
+ sprintf('jsonapi.%s.%s.relationship.get', static::$resourceTypeName, $relationship_field_name),
+ ['entity' => $entity->uuid()]
+ );
+ return static::getAccessDeniedResponse($this->entity, $access, $via_link, $relationship_field_name, 'The current user is not allowed to view this relationship.', FALSE);
+ }
+ $expected_document = $this->getExpectedGetRelationshipDocument($relationship_field_name, $entity);
+ $expected_cacheability = (new CacheableMetadata())
+ ->addCacheTags(['http_response'])
+ ->addCacheContexts([
+ 'url.site',
+ 'url.query_args:include',
+ 'url.query_args:fields',
+ ])
+ ->addCacheableDependency($entity)
+ ->addCacheableDependency($access);
+ $status_code = isset($expected_document['errors'][0]['status']) ? $expected_document['errors'][0]['status'] : 200;
+ $resource_response = new ResourceResponse($expected_document, $status_code);
+ $resource_response->addCacheableDependency($expected_cacheability);
+ return $resource_response;
+ }
+
+ /**
+ * Gets an expected document for the given relationship.
+ *
+ * @param string $relationship_field_name
+ * The relationship for which to get an expected response.
+ * @param \Drupal\Core\Entity\EntityInterface|null $entity
+ * (optional) The entity for which to get expected relationship document.
+ *
+ * @return array
+ * The expected document array.
+ */
+ protected function getExpectedGetRelationshipDocument($relationship_field_name, EntityInterface $entity = NULL) {
+ $entity = $entity ?: $this->entity;
+ $entity_type_id = $entity->getEntityTypeId();
+ $bundle = $entity->bundle();
+ $id = $entity->uuid();
+ $self_link = Url::fromUri("base:/jsonapi/$entity_type_id/$bundle/$id/relationships/$relationship_field_name")->setAbsolute()->toString(TRUE)->getGeneratedUrl();
+ $related_link = Url::fromUri("base:/jsonapi/$entity_type_id/$bundle/$id/$relationship_field_name")->setAbsolute()->toString(TRUE)->getGeneratedUrl();
+ $data = $this->getExpectedGetRelationshipDocumentData($relationship_field_name, $entity);
+ return [
+ 'data' => $data,
+ 'jsonapi' => static::$jsonApiMember,
+ 'links' => [
+ 'self' => ['href' => $self_link],
+ 'related' => ['href' => $related_link],
+ ],
+ ];
+ }
+
+ /**
+ * Gets the expected document data for the given relationship.
+ *
+ * @param string $relationship_field_name
+ * The relationship for which to get an expected response.
+ * @param \Drupal\Core\Entity\EntityInterface|null $entity
+ * (optional) The entity for which to get expected relationship data.
+ *
+ * @return mixed
+ * The expected document data.
+ */
+ protected function getExpectedGetRelationshipDocumentData($relationship_field_name, EntityInterface $entity = NULL) {
+ $entity = $entity ?: $this->entity;
+ $internal_field_name = $this->resourceType->getInternalName($relationship_field_name);
+ /* @var \Drupal\Core\Field\FieldItemListInterface $field */
+ $field = $entity->{$internal_field_name};
+ $is_multiple = $field->getFieldDefinition()->getFieldStorageDefinition()->getCardinality() !== 1;
+ if ($field->isEmpty()) {
+ return $is_multiple ? [] : NULL;
+ }
+ if (!$is_multiple) {
+ $target_entity = $field->entity;
+ return is_null($target_entity) ? NULL : static::toResourceIdentifier($target_entity);
+ }
+ else {
+ return array_filter(array_map(function ($item) {
+ $target_entity = $item->entity;
+ return is_null($target_entity) ? NULL : static::toResourceIdentifier($target_entity);
+ }, iterator_to_array($field)));
+ }
+ }
+
+ /**
+ * Builds an array of expected related ResourceResponses, keyed by field name.
+ *
+ * @param array $relationship_field_names
+ * The relationship field names for which to build expected
+ * ResourceResponses.
+ * @param array $request_options
+ * Request options to apply.
+ * @param \Drupal\Core\Entity\EntityInterface|null $entity
+ * (optional) The entity for which to get expected related resources.
+ *
+ * @return \Drupal\jsonapi\ResourceResponse[]
+ * An array of expected ResourceResponses, keyed by their relationship field
+ * name.
+ *
+ * @see \GuzzleHttp\ClientInterface::request()
+ */
+ protected function getExpectedRelatedResponses(array $relationship_field_names, array $request_options, EntityInterface $entity = NULL) {
+ $entity = $entity ?: $this->entity;
+ return array_map(function ($relationship_field_name) use ($entity, $request_options) {
+ return $this->getExpectedRelatedResponse($relationship_field_name, $request_options, $entity);
+ }, array_combine($relationship_field_names, $relationship_field_names));
+ }
+
+ /**
+ * Builds an expected related ResourceResponse for the given field.
+ *
+ * @param string $relationship_field_name
+ * The relationship field name for which to build an expected
+ * ResourceResponse.
+ * @param array $request_options
+ * Request options to apply.
+ * @param \Drupal\Core\Entity\EntityInterface $entity
+ * The entity for which to get expected related resources.
+ *
+ * @return \Drupal\jsonapi\ResourceResponse
+ * An expected ResourceResponse.
+ *
+ * @see \GuzzleHttp\ClientInterface::request()
+ */
+ protected function getExpectedRelatedResponse($relationship_field_name, array $request_options, EntityInterface $entity) {
+ // Get the relationships responses which contain resource identifiers for
+ // every related resource.
+ /* @var \Drupal\jsonapi\ResourceResponse[] $relationship_responses */
+ $base_resource_identifier = static::toResourceIdentifier($entity);
+ $internal_name = $this->resourceType->getInternalName($relationship_field_name);
+ $access = AccessResult::neutral()->addCacheContexts($entity->getEntityType()->isRevisionable() ? ['url.query_args:resourceVersion'] : []);
+ $access = $access->orIf(static::entityFieldAccess($entity, $internal_name, 'view', $this->account));
+ if (!$access->isAllowed()) {
+ $detail = 'The current user is not allowed to view this relationship.';
+ if (!$entity->access('view') && $entity->access('view label') && $access instanceof AccessResultReasonInterface && empty($access->getReason())) {
+ $access->setReason("The user only has authorization for the 'view label' operation.");
+ }
+ $via_link = Url::fromRoute(
+ sprintf('jsonapi.%s.%s.related', $base_resource_identifier['type'], $relationship_field_name),
+ ['entity' => $base_resource_identifier['id']]
+ );
+ $related_response = static::getAccessDeniedResponse($entity, $access, $via_link, $relationship_field_name, $detail, FALSE);
+ }
+ else {
+ $self_link = static::getRelatedLink($base_resource_identifier, $relationship_field_name);
+ $relationship_response = $this->getExpectedGetRelationshipResponse($relationship_field_name, $entity);
+ $relationship_document = $relationship_response->getResponseData();
+ // The relationships may be empty, in which case we shouldn't attempt to
+ // fetch the individual identified resources.
+ if (empty($relationship_document['data'])) {
+ $cache_contexts = Cache::mergeContexts([
+ // Cache contexts for JSON:API URL query parameters.
+ 'url.query_args:fields',
+ 'url.query_args:include',
+ // Drupal defaults.
+ 'url.site',
+ ], $this->entity->getEntityType()->isRevisionable() ? ['url.query_args:resourceVersion'] : []);
+ $cacheability = (new CacheableMetadata())->addCacheContexts($cache_contexts)->addCacheTags(['http_response']);
+ $related_response = isset($relationship_document['errors'])
+ ? $relationship_response
+ : (new ResourceResponse(static::getEmptyCollectionResponse(!is_null($relationship_document['data']), $self_link)->getResponseData()))->addCacheableDependency($cacheability);
+ }
+ else {
+ $is_to_one_relationship = static::isResourceIdentifier($relationship_document['data']);
+ $resource_identifiers = $is_to_one_relationship
+ ? [$relationship_document['data']]
+ : $relationship_document['data'];
+ // Remove any relationships to 'virtual' resources.
+ $resource_identifiers = array_filter($resource_identifiers, function ($resource_identifier) {
+ return $resource_identifier['id'] !== 'virtual';
+ });
+ if (!empty($resource_identifiers)) {
+ $individual_responses = static::toResourceResponses($this->getResponses(static::getResourceLinks($resource_identifiers), $request_options));
+ $related_response = static::toCollectionResourceResponse($individual_responses, $self_link, !$is_to_one_relationship);
+ }
+ else {
+ $related_response = static::getEmptyCollectionResponse(!$is_to_one_relationship, $self_link);
+ }
+ }
+ $related_response->addCacheableDependency($relationship_response->getCacheableMetadata());
+ }
+ return $related_response;
+ }
+
+ /**
+ * Tests POSTing an individual resource, plus edge cases to ensure good DX.
+ */
+ public function testPostIndividual() {
+ // @todo Remove this in https://www.drupal.org/node/2300677.
+ if ($this->entity instanceof ConfigEntityInterface) {
+ $this->assertTrue(TRUE, 'POSTing config entities is not yet supported.');
+ return;
+ }
+
+ // Try with all of the following request bodies.
+ $unparseable_request_body = '!{>}<';
+ $parseable_valid_request_body = Json::encode($this->getPostDocument());
+ /* $parseable_valid_request_body_2 = Json::encode($this->getNormalizedPostEntity()); */
+ $parseable_invalid_request_body_missing_type = Json::encode($this->removeResourceTypeFromDocument($this->getPostDocument(), 'type'));
+ $parseable_invalid_request_body = Json::encode($this->makeNormalizationInvalid($this->getPostDocument(), 'label'));
+ $parseable_invalid_request_body_2 = Json::encode(NestedArray::mergeDeep(['data' => ['id' => $this->randomMachineName(129)]], $this->getPostDocument()));
+ $parseable_invalid_request_body_3 = Json::encode(NestedArray::mergeDeep(['data' => ['attributes' => ['field_rest_test' => $this->randomString()]]], $this->getPostDocument()));
+ $parseable_invalid_request_body_4 = Json::encode(NestedArray::mergeDeep(['data' => ['attributes' => ['field_nonexistent' => $this->randomString()]]], $this->getPostDocument()));
+
+ // The URL and Guzzle request options that will be used in this test. The
+ // request options will be modified/expanded throughout this test:
+ // - to first test all mistakes a developer might make, and assert that the
+ // error responses provide a good DX
+ // - to eventually result in a well-formed request that succeeds.
+ $url = Url::fromRoute(sprintf('jsonapi.%s.collection.post', static::$resourceTypeName));
+ $request_options = [];
+ $request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
+ $request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions());
+
+ // DX: 415 when no Content-Type request header.
+ $response = $this->request('POST', $url, $request_options);
+ $this->assertSame(415, $response->getStatusCode());
+
+ $request_options[RequestOptions::HEADERS]['Content-Type'] = 'application/vnd.api+json';
+
+ // DX: 400 when no request body.
+ $response = $this->request('POST', $url, $request_options);
+ $this->assertResourceErrorResponse(400, 'Empty request body.', $url, $response, FALSE);
+
+ $request_options[RequestOptions::BODY] = $unparseable_request_body;
+
+ // DX: 400 when unparseable request body.
+ $response = $this->request('POST', $url, $request_options);
+ $this->assertResourceErrorResponse(400, 'Syntax error', $url, $response, FALSE);
+
+ $request_options[RequestOptions::BODY] = $parseable_invalid_request_body_missing_type;
+
+ // DX: 400 when invalid JSON:API request body.
+ $response = $this->request('POST', $url, $request_options);
+ $this->assertResourceErrorResponse(400, 'Resource object must include a "type".', $url, $response, FALSE);
+
+ $request_options[RequestOptions::BODY] = $parseable_invalid_request_body;
+
+ // DX: 403 when unauthorized.
+ $response = $this->request('POST', $url, $request_options);
+ $reason = $this->getExpectedUnauthorizedAccessMessage('POST');
+ $this->assertResourceErrorResponse(403, (string) $reason, $url, $response);
+
+ $this->setUpAuthorization('POST');
+
+ // DX: 422 when invalid entity: multiple values sent for single-value field.
+ $response = $this->request('POST', $url, $request_options);
+ $label_field = $this->entity->getEntityType()->hasKey('label') ? $this->entity->getEntityType()->getKey('label') : static::$labelFieldName;
+ $label_field_capitalized = $this->entity->getFieldDefinition($label_field)->getLabel();
+ $this->assertResourceErrorResponse(422, "$label_field: $label_field_capitalized: this field cannot hold more than 1 values.", NULL, $response, '/data/attributes/' . $label_field);
+
+ $request_options[RequestOptions::BODY] = $parseable_invalid_request_body_2;
+
+ // DX: 403 when invalid entity: UUID field too long.
+ // @todo Fix this in https://www.drupal.org/project/drupal/issues/2149851.
+ if ($this->entity->getEntityType()->hasKey('uuid')) {
+ $response = $this->request('POST', $url, $request_options);
+ $this->assertResourceErrorResponse(422, "IDs should be properly generated and formatted UUIDs as described in RFC 4122.", $url, $response);
+ }
+
+ $request_options[RequestOptions::BODY] = $parseable_invalid_request_body_3;
+
+ // DX: 403 when entity contains field without 'edit' access.
+ $response = $this->request('POST', $url, $request_options);
+ $this->assertResourceErrorResponse(403, "The current user is not allowed to POST the selected field (field_rest_test).", $url, $response, '/data/attributes/field_rest_test');
+
+ $request_options[RequestOptions::BODY] = $parseable_invalid_request_body_4;
+
+ // DX: 422 when request document contains non-existent field.
+ $response = $this->request('POST', $url, $request_options);
+ $this->assertResourceErrorResponse(422, sprintf("The attribute field_nonexistent does not exist on the %s resource type.", static::$resourceTypeName), $url, $response, FALSE);
+
+ $request_options[RequestOptions::BODY] = $parseable_valid_request_body;
+
+ $request_options[RequestOptions::HEADERS]['Content-Type'] = 'text/xml';
+
+ // DX: 415 when request body in existing but not allowed format.
+ $response = $this->request('POST', $url, $request_options);
+ $this->assertResourceErrorResponse(415, 'No route found that matches "Content-Type: text/xml"', $url, $response);
+
+ $request_options[RequestOptions::HEADERS]['Content-Type'] = 'application/vnd.api+json';
+
+ // 201 for well-formed request.
+ $response = $this->request('POST', $url, $request_options);
+ $this->assertResourceResponse(201, FALSE, $response);
+ $this->assertFalse($response->hasHeader('X-Drupal-Cache'));
+ // If the entity is stored, perform extra checks.
+ if (get_class($this->entityStorage) !== ContentEntityNullStorage::class) {
+ $uuid = $this->entityStorage->load(static::$firstCreatedEntityId)->uuid();
+ // @todo Remove line below in favor of commented line in https://www.drupal.org/project/jsonapi/issues/2878463.
+ $location = Url::fromRoute(sprintf('jsonapi.%s.individual', static::$resourceTypeName), ['entity' => $uuid])->setAbsolute(TRUE)->toString();
+ /* $location = $this->entityStorage->load(static::$firstCreatedEntityId)->toUrl('jsonapi')->setAbsolute(TRUE)->toString(); */
+ $this->assertSame([$location], $response->getHeader('Location'));
+
+ // Assert that the entity was indeed created, and that the response body
+ // contains the serialized created entity.
+ $created_entity = $this->entityStorage->loadUnchanged(static::$firstCreatedEntityId);
+ $created_entity_document = $this->normalize($created_entity, $url);
+ $decoded_response_body = Json::decode((string) $response->getBody());
+ $this->assertSame($created_entity_document, $decoded_response_body);
+ // Assert that the entity was indeed created using the POSTed values.
+ foreach ($this->getPostDocument()['data']['attributes'] as $field_name => $field_normalization) {
+ // If the value is an array of properties, only verify that the sent
+ // properties are present, the server could be computing additional
+ // properties.
+ if (is_array($field_normalization)) {
+ $this->assertArraySubset($field_normalization, $created_entity_document['data']['attributes'][$field_name]);
+ }
+ else {
+ $this->assertSame($field_normalization, $created_entity_document['data']['attributes'][$field_name]);
+ }
+ }
+ if (isset($this->getPostDocument()['data']['relationships'])) {
+ foreach ($this->getPostDocument()['data']['relationships'] as $field_name => $relationship_field_normalization) {
+ // POSTing relationships: 'data' is required, 'links' is optional.
+ static::recursiveKsort($relationship_field_normalization);
+ static::recursiveKsort($created_entity_document['data']['relationships'][$field_name]);
+ $this->assertSame($relationship_field_normalization, array_diff_key($created_entity_document['data']['relationships'][$field_name], ['links' => TRUE]));
+ }
+ }
+ }
+ else {
+ $this->assertFalse($response->hasHeader('Location'));
+ }
+
+ // 201 for well-formed request that creates another entity.
+ // If the entity is stored, delete the first created entity (in case there
+ // is a uniqueness constraint).
+ if (get_class($this->entityStorage) !== ContentEntityNullStorage::class) {
+ $this->entityStorage->load(static::$firstCreatedEntityId)->delete();
+ }
+ $response = $this->request('POST', $url, $request_options);
+ $this->assertResourceResponse(201, FALSE, $response);
+ $this->assertFalse($response->hasHeader('X-Drupal-Cache'));
+
+ if ($this->entity->getEntityType()->getStorageClass() !== ContentEntityNullStorage::class && $this->entity->getEntityType()->hasKey('uuid')) {
+ $uuid = $this->entityStorage->load(static::$secondCreatedEntityId)->uuid();
+ // @todo Remove line below in favor of commented line in https://www.drupal.org/project/jsonapi/issues/2878463.
+ $location = Url::fromRoute(sprintf('jsonapi.%s.individual', static::$resourceTypeName), ['entity' => $uuid])->setAbsolute(TRUE)->toString();
+ /* $location = $this->entityStorage->load(static::$secondCreatedEntityId)->toUrl('jsonapi')->setAbsolute(TRUE)->toString(); */
+ $this->assertSame([$location], $response->getHeader('Location'));
+
+ // 500 when creating an entity with a duplicate UUID.
+ $doc = $this->getModifiedEntityForPostTesting();
+ $doc['data']['id'] = $uuid;
+ $doc['data']['attributes'][$label_field] = [['value' => $this->randomMachineName()]];
+ $request_options[RequestOptions::BODY] = Json::encode($doc);
+
+ $response = $this->request('POST', $url, $request_options);
+ $this->assertResourceErrorResponse(409, 'Conflict: Entity already exists.', $url, $response, FALSE);
+
+ // 201 when successfully creating an entity with a new UUID.
+ $doc = $this->getModifiedEntityForPostTesting();
+ $new_uuid = \Drupal::service('uuid')->generate();
+ $doc['data']['id'] = $new_uuid;
+ $doc['data']['attributes'][$label_field] = [['value' => $this->randomMachineName()]];
+ $request_options[RequestOptions::BODY] = Json::encode($doc);
+
+ $response = $this->request('POST', $url, $request_options);
+ $this->assertResourceResponse(201, FALSE, $response);
+ $entities = $this->entityStorage->loadByProperties([$this->uuidKey => $new_uuid]);
+ $new_entity = reset($entities);
+ $this->assertNotNull($new_entity);
+ $new_entity->delete();
+ }
+ else {
+ $this->assertFalse($response->hasHeader('Location'));
+ }
+ }
+
+ /**
+ * Tests PATCHing an individual resource, plus edge cases to ensure good DX.
+ */
+ public function testPatchIndividual() {
+ // @todo Remove this in https://www.drupal.org/node/2300677.
+ if ($this->entity instanceof ConfigEntityInterface) {
+ $this->assertTrue(TRUE, 'PATCHing config entities is not yet supported.');
+ return;
+ }
+
+ // Patch testing requires that another entity of the same type exists.
+ $this->anotherEntity = $this->createAnotherEntity('dupe');
+
+ // Try with all of the following request bodies.
+ $unparseable_request_body = '!{>}<';
+ $parseable_valid_request_body = Json::encode($this->getPatchDocument());
+ /* $parseable_valid_request_body_2 = Json::encode($this->getNormalizedPatchEntity()); */
+ $parseable_invalid_request_body = Json::encode($this->makeNormalizationInvalid($this->getPatchDocument(), 'label'));
+ $parseable_invalid_request_body_2 = Json::encode(NestedArray::mergeDeep(['data' => ['attributes' => ['field_rest_test' => $this->randomString()]]], $this->getPatchDocument()));
+ // The 'field_rest_test' field does not allow 'view' access, so does not end
+ // up in the JSON:API document. Even when we explicitly add it to the JSON
+ // API document that we send in a PATCH request, it is considered invalid.
+ $parseable_invalid_request_body_3 = Json::encode(NestedArray::mergeDeep(['data' => ['attributes' => ['field_rest_test' => $this->entity->get('field_rest_test')->getValue()]]], $this->getPatchDocument()));
+ $parseable_invalid_request_body_4 = Json::encode(NestedArray::mergeDeep(['data' => ['attributes' => ['field_nonexistent' => $this->randomString()]]], $this->getPatchDocument()));
+ // It is invalid to PATCH a relationship field under the attributes member.
+ if ($this->entity instanceof FieldableEntityInterface && $this->entity->hasField('field_jsonapi_test_entity_ref')) {
+ $parseable_invalid_request_body_5 = Json::encode(NestedArray::mergeDeep(['data' => ['attributes' => ['field_jsonapi_test_entity_ref' => ['target_id' => $this->randomString()]]]], $this->getPostDocument()));
+ }
+
+ // The URL and Guzzle request options that will be used in this test. The
+ // request options will be modified/expanded throughout this test:
+ // - to first test all mistakes a developer might make, and assert that the
+ // error responses provide a good DX
+ // - to eventually result in a well-formed request that succeeds.
+ // @todo Remove line below in favor of commented line in https://www.drupal.org/project/jsonapi/issues/2878463.
+ $url = Url::fromRoute(sprintf('jsonapi.%s.individual', static::$resourceTypeName), ['entity' => $this->entity->uuid()]);
+ /* $url = $this->entity->toUrl('jsonapi'); */
+ $request_options = [];
+ $request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
+ $request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions());
+
+ // DX: 415 when no Content-Type request header.
+ $response = $this->request('PATCH', $url, $request_options);
+ $this->assertsame(415, $response->getStatusCode());
+
+ $request_options[RequestOptions::HEADERS]['Content-Type'] = 'application/vnd.api+json';
+
+ // DX: 400 when no request body.
+ $response = $this->request('PATCH', $url, $request_options);
+ $this->assertResourceErrorResponse(400, 'Empty request body.', $url, $response, FALSE);
+
+ $request_options[RequestOptions::BODY] = $unparseable_request_body;
+
+ // DX: 400 when unparseable request body.
+ $response = $this->request('PATCH', $url, $request_options);
+ $this->assertResourceErrorResponse(400, 'Syntax error', $url, $response, FALSE);
+
+ $request_options[RequestOptions::BODY] = $parseable_invalid_request_body;
+
+ // DX: 403 when unauthorized.
+ $response = $this->request('PATCH', $url, $request_options);
+ $reason = $this->getExpectedUnauthorizedAccessMessage('PATCH');
+ $this->assertResourceErrorResponse(403, (string) $reason, $url, $response);
+
+ $this->setUpAuthorization('PATCH');
+
+ // DX: 422 when invalid entity: multiple values sent for single-value field.
+ $response = $this->request('PATCH', $url, $request_options);
+ $label_field = $this->entity->getEntityType()->hasKey('label') ? $this->entity->getEntityType()->getKey('label') : static::$labelFieldName;
+ $label_field_capitalized = $this->entity->getFieldDefinition($label_field)->getLabel();
+ $this->assertResourceErrorResponse(422, "$label_field: $label_field_capitalized: this field cannot hold more than 1 values.", NULL, $response, '/data/attributes/' . $label_field);
+
+ $request_options[RequestOptions::BODY] = $parseable_invalid_request_body_2;
+
+ // DX: 403 when entity contains field without 'edit' access.
+ $response = $this->request('PATCH', $url, $request_options);
+ $this->assertResourceErrorResponse(403, "The current user is not allowed to PATCH the selected field (field_rest_test).", $url, $response, '/data/attributes/field_rest_test');
+
+ // DX: 403 when entity trying to update an entity's ID field.
+ $request_options[RequestOptions::BODY] = Json::encode($this->makeNormalizationInvalid($this->getPatchDocument(), 'id'));
+ $response = $this->request('PATCH', $url, $request_options);
+ $id_field_name = $this->entity->getEntityType()->getKey('id');
+ $this->assertResourceErrorResponse(403, "The current user is not allowed to PATCH the selected field ($id_field_name). The entity ID cannot be changed.", $url, $response, "/data/attributes/$id_field_name");
+
+ if ($this->entity->getEntityType()->hasKey('uuid')) {
+ // DX: 400 when entity trying to update an entity's UUID field.
+ $request_options[RequestOptions::BODY] = Json::encode($this->makeNormalizationInvalid($this->getPatchDocument(), 'uuid'));
+ $response = $this->request('PATCH', $url, $request_options);
+ $this->assertResourceErrorResponse(400, sprintf("The selected entity (%s) does not match the ID in the payload (%s).", $this->entity->uuid(), $this->anotherEntity->uuid()), $url, $response, FALSE);
+ }
+
+ $request_options[RequestOptions::BODY] = $parseable_invalid_request_body_3;
+
+ // DX: 403 when entity contains field without 'edit' nor 'view' access, even
+ // when the value for that field matches the current value. This is allowed
+ // in principle, but leads to information disclosure.
+ $response = $this->request('PATCH', $url, $request_options);
+ $this->assertResourceErrorResponse(403, "The current user is not allowed to PATCH the selected field (field_rest_test).", $url, $response, '/data/attributes/field_rest_test');
+
+ // DX: 403 when sending PATCH request with updated read-only fields.
+ list($modified_entity, $original_values) = static::getModifiedEntityForPatchTesting($this->entity);
+ // Send PATCH request by serializing the modified entity, assert the error
+ // response, change the modified entity field that caused the error response
+ // back to its original value, repeat.
+ foreach (static::$patchProtectedFieldNames as $patch_protected_field_name => $reason) {
+ $request_options[RequestOptions::BODY] = Json::encode($this->normalize($modified_entity, $url));
+ $response = $this->request('PATCH', $url, $request_options);
+ $this->assertResourceErrorResponse(403, "The current user is not allowed to PATCH the selected field (" . $patch_protected_field_name . ")." . ($reason !== NULL ? ' ' . $reason : ''), $url->setAbsolute(), $response, '/data/attributes/' . $patch_protected_field_name);
+ $modified_entity->get($patch_protected_field_name)->setValue($original_values[$patch_protected_field_name]);
+ }
+
+ $request_options[RequestOptions::BODY] = $parseable_invalid_request_body_4;
+
+ // DX: 422 when request document contains non-existent field.
+ $response = $this->request('PATCH', $url, $request_options);
+ $this->assertResourceErrorResponse(422, sprintf("The attribute field_nonexistent does not exist on the %s resource type.", static::$resourceTypeName), $url, $response, FALSE);
+
+ // DX: 422 when updating a relationship field under attributes.
+ if (isset($parseable_invalid_request_body_5)) {
+ $request_options[RequestOptions::BODY] = $parseable_invalid_request_body_5;
+ $response = $this->request('PATCH', $url, $request_options);
+ $this->assertResourceErrorResponse(422, "The following relationship fields were provided as attributes: [ field_jsonapi_test_entity_ref ]", $url, $response, FALSE);
+ }
+
+ // 200 for well-formed PATCH request that sends all fields (even including
+ // read-only ones, but with unchanged values).
+ $valid_request_body = NestedArray::mergeDeep($this->normalize($this->entity, $url), $this->getPatchDocument());
+ $request_options[RequestOptions::BODY] = Json::encode($valid_request_body);
+ $response = $this->request('PATCH', $url, $request_options);
+ $this->assertResourceResponse(200, FALSE, $response);
+
+ $request_options[RequestOptions::BODY] = $parseable_valid_request_body;
+ $request_options[RequestOptions::HEADERS]['Content-Type'] = 'text/xml';
+
+ // DX: 415 when request body in existing but not allowed format.
+ $response = $this->request('PATCH', $url, $request_options);
+ $this->assertSame(415, $response->getStatusCode());
+
+ $request_options[RequestOptions::HEADERS]['Content-Type'] = 'application/vnd.api+json';
+
+ // 200 for well-formed request.
+ $response = $this->request('PATCH', $url, $request_options);
+ $this->assertResourceResponse(200, FALSE, $response);
+ $this->assertFalse($response->hasHeader('X-Drupal-Cache'));
+ // Assert that the entity was indeed updated, and that the response body
+ // contains the serialized updated entity.
+ $updated_entity = $this->entityStorage->loadUnchanged($this->entity->id());
+ $updated_entity_document = $this->normalize($updated_entity, $url);
+ $this->assertSame($updated_entity_document, Json::decode((string) $response->getBody()));
+ // Assert that the entity was indeed created using the PATCHed values.
+ foreach ($this->getPatchDocument()['data']['attributes'] as $field_name => $field_normalization) {
+ // If the value is an array of properties, only verify that the sent
+ // properties are present, the server could be computing additional
+ // properties.
+ if (is_array($field_normalization)) {
+ $this->assertArraySubset($field_normalization, $updated_entity_document['data']['attributes'][$field_name]);
+ }
+ else {
+ $this->assertSame($field_normalization, $updated_entity_document['data']['attributes'][$field_name]);
+ }
+ }
+ if (isset($this->getPatchDocument()['data']['relationships'])) {
+ foreach ($this->getPatchDocument()['data']['relationships'] as $field_name => $relationship_field_normalization) {
+ // POSTing relationships: 'data' is required, 'links' is optional.
+ static::recursiveKsort($relationship_field_normalization);
+ static::recursiveKsort($updated_entity_document['data']['relationships'][$field_name]);
+ $this->assertSame($relationship_field_normalization, array_diff_key($updated_entity_document['data']['relationships'][$field_name], ['links' => TRUE]));
+ }
+ }
+
+ // Ensure that fields do not get deleted if they're not present in the PATCH
+ // request. Test this using the configurable field that we added, but which
+ // is not sent in the PATCH request.
+ $this->assertSame('All the faith he had had had had no effect on the outcome of his life.', $updated_entity->get('field_rest_test')->value);
+
+ // Multi-value field: remove item 0. Then item 1 becomes item 0.
+ $doc_multi_value_tests = $this->getPatchDocument();
+ $doc_multi_value_tests['data']['attributes']['field_rest_test_multivalue'] = $this->entity->get('field_rest_test_multivalue')->getValue();
+ $doc_remove_item = $doc_multi_value_tests;
+ unset($doc_remove_item['data']['attributes']['field_rest_test_multivalue'][0]);
+ $request_options[RequestOptions::BODY] = Json::encode($doc_remove_item, 'api_json');
+ $response = $this->request('PATCH', $url, $request_options);
+ $this->assertResourceResponse(200, FALSE, $response);
+ $this->assertSame([0 => ['value' => 'Two']], $this->entityStorage->loadUnchanged($this->entity->id())->get('field_rest_test_multivalue')->getValue());
+
+ // Multi-value field: add one item before the existing one, and one after.
+ $doc_add_items = $doc_multi_value_tests;
+ $doc_add_items['data']['attributes']['field_rest_test_multivalue'][2] = ['value' => 'Three'];
+ $request_options[RequestOptions::BODY] = Json::encode($doc_add_items);
+ $response = $this->request('PATCH', $url, $request_options);
+ $this->assertResourceResponse(200, FALSE, $response);
+ $expected_document = [
+ 0 => ['value' => 'One'],
+ 1 => ['value' => 'Two'],
+ 2 => ['value' => 'Three'],
+ ];
+ $this->assertSame($expected_document, $this->entityStorage->loadUnchanged($this->entity->id())->get('field_rest_test_multivalue')->getValue());
+ }
+
+ /**
+ * Tests DELETEing an individual resource, plus edge cases to ensure good DX.
+ */
+ public function testDeleteIndividual() {
+ // @todo Remove this in https://www.drupal.org/node/2300677.
+ if ($this->entity instanceof ConfigEntityInterface) {
+ $this->assertTrue(TRUE, 'DELETEing config entities is not yet supported.');
+ return;
+ }
+
+ // The URL and Guzzle request options that will be used in this test. The
+ // request options will be modified/expanded throughout this test:
+ // - to first test all mistakes a developer might make, and assert that the
+ // error responses provide a good DX
+ // - to eventually result in a well-formed request that succeeds.
+ // @todo Remove line below in favor of commented line in https://www.drupal.org/project/jsonapi/issues/2878463.
+ $url = Url::fromRoute(sprintf('jsonapi.%s.individual', static::$resourceTypeName), ['entity' => $this->entity->uuid()]);
+ /* $url = $this->entity->toUrl('jsonapi'); */
+ $request_options = [];
+ $request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
+ $request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions());
+
+ // DX: 403 when unauthorized.
+ $response = $this->request('DELETE', $url, $request_options);
+ $reason = $this->getExpectedUnauthorizedAccessMessage('DELETE');
+ $this->assertResourceErrorResponse(403, (string) $reason, $url, $response, FALSE);
+
+ $this->setUpAuthorization('DELETE');
+
+ // 204 for well-formed request.
+ $response = $this->request('DELETE', $url, $request_options);
+ $this->assertResourceResponse(204, NULL, $response);
+
+ // DX: 404 when non-existent.
+ $response = $this->request('DELETE', $url, $request_options);
+ $this->assertSame(404, $response->getStatusCode());
+ }
+
+ /**
+ * Recursively sorts an array by key.
+ *
+ * @param array $array
+ * An array to sort.
+ */
+ protected static function recursiveKsort(array &$array) {
+ // First, sort the main array.
+ ksort($array);
+
+ // Then check for child arrays.
+ foreach ($array as $key => &$value) {
+ if (is_array($value)) {
+ static::recursiveKsort($value);
+ }
+ }
+ }
+
+ /**
+ * Returns Guzzle request options for authentication.
+ *
+ * @return array
+ * Guzzle request options to use for authentication.
+ *
+ * @see \GuzzleHttp\ClientInterface::request()
+ */
+ protected function getAuthenticationRequestOptions() {
+ return [
+ 'headers' => [
+ 'Authorization' => 'Basic ' . base64_encode($this->account->name->value . ':' . $this->account->passRaw),
+ ],
+ ];
+ }
+
+ /**
+ * Clones the given entity and modifies all PATCH-protected fields.
+ *
+ * @param \Drupal\Core\Entity\EntityInterface $entity
+ * The entity being tested and to modify.
+ *
+ * @return array
+ * Contains two items:
+ * 1. The modified entity object.
+ * 2. The original field values, keyed by field name.
+ *
+ * @internal
+ */
+ protected static function getModifiedEntityForPatchTesting(EntityInterface $entity) {
+ $modified_entity = clone $entity;
+ $original_values = [];
+ foreach (array_keys(static::$patchProtectedFieldNames) as $field_name) {
+ $field = $modified_entity->get($field_name);
+ $original_values[$field_name] = $field->getValue();
+ switch ($field->getItemDefinition()->getClass()) {
+ case BooleanItem::class:
+ // BooleanItem::generateSampleValue() picks either 0 or 1. So a 50%
+ // chance of not picking a different value.
+ $field->value = ((int) $field->value) === 1 ? '0' : '1';
+ break;
+
+ case PathItem::class:
+ // PathItem::generateSampleValue() doesn't set a PID, which causes
+ // PathItem::postSave() to fail. Keep the PID (and other properties),
+ // just modify the alias.
+ $field->alias = str_replace(' ', '-', strtolower((new Random())->sentences(3)));
+ break;
+
+ default:
+ $original_field = clone $field;
+ while ($field->equals($original_field)) {
+ $field->generateSampleItems();
+ }
+ break;
+ }
+ }
+
+ return [$modified_entity, $original_values];
+ }
+
+ /**
+ * Gets the normalized POST entity with random values for its unique fields.
+ *
+ * @see ::testPostIndividual
+ * @see ::getPostDocument
+ *
+ * @return array
+ * An array structure as returned by ::getNormalizedPostEntity().
+ */
+ protected function getModifiedEntityForPostTesting() {
+ $document = $this->getPostDocument();
+
+ // Ensure that all the unique fields of the entity type get a new random
+ // value.
+ foreach (static::$uniqueFieldNames as $field_name) {
+ $field_definition = $this->entity->getFieldDefinition($field_name);
+ $field_type_class = $field_definition->getItemDefinition()->getClass();
+ $document['data']['attributes'][$field_name] = $field_type_class::generateSampleValue($field_definition);
+ }
+
+ return $document;
+ }
+
+ /**
+ * Tests sparse field sets.
+ *
+ * @param \Drupal\Core\Url $url
+ * The base URL with which to test includes.
+ * @param array $request_options
+ * Request options to apply.
+ *
+ * @see \GuzzleHttp\ClientInterface::request()
+ */
+ protected function doTestSparseFieldSets(Url $url, array $request_options) {
+ $field_sets = $this->getSparseFieldSets();
+ $expected_cacheability = new CacheableMetadata();
+ foreach ($field_sets as $type => $field_set) {
+ if ($type === 'all') {
+ assert($this->getExpectedCacheTags($field_set) === $this->getExpectedCacheTags());
+ assert($this->getExpectedCacheContexts($field_set) === $this->getExpectedCacheContexts());
+ }
+ $query = ['fields[' . static::$resourceTypeName . ']' => implode(',', $field_set)];
+ $expected_document = $this->getExpectedDocument();
+ $expected_cacheability->setCacheTags($this->getExpectedCacheTags($field_set));
+ $expected_cacheability->setCacheContexts($this->getExpectedCacheContexts($field_set));
+ // This tests sparse field sets on included entities.
+ if (strpos($type, 'nested') === 0) {
+ $this->grantPermissionsToTestedRole(['access user profiles']);
+ $query['fields[user--user]'] = implode(',', $field_set);
+ $query['include'] = 'uid';
+ $owner = $this->entity->getOwner();
+ $owner_resource = static::toResourceIdentifier($owner);
+ foreach ($field_set as $field_name) {
+ $owner_resource['attributes'][$field_name] = $this->serializer->normalize($owner->get($field_name)[0]->get('value'), 'api_json');
+ }
+ $owner_resource['links']['self']['href'] = static::getResourceLink($owner_resource);
+ $expected_document['included'] = [$owner_resource];
+ $expected_cacheability->addCacheableDependency($owner);
+ $expected_cacheability->addCacheableDependency(static::entityAccess($owner, 'view', $this->account));
+ }
+ // Remove fields not in the sparse field set.
+ foreach (['attributes', 'relationships'] as $member) {
+ if (!empty($expected_document['data'][$member])) {
+ $remaining = array_intersect_key(
+ $expected_document['data'][$member],
+ array_flip($field_set)
+ );
+ if (empty($remaining)) {
+ unset($expected_document['data'][$member]);
+ }
+ else {
+ $expected_document['data'][$member] = $remaining;
+ }
+ }
+ }
+ $url->setOption('query', $query);
+ // 'self' link should include the 'fields' query param.
+ $expected_document['links']['self']['href'] = $url->setAbsolute()->toString();
+
+ $response = $this->request('GET', $url, $request_options);
+ // Dynamic Page Cache MISS because cache should vary based on the 'field'
+ // query param. (Or uncacheable if expensive cache context.)
+ $dynamic_cache = !empty(array_intersect(['user', 'session'], $expected_cacheability->getCacheContexts())) ? 'UNCACHEABLE' : 'MISS';
+ $this->assertResourceResponse(
+ 200,
+ $expected_document,
+ $response,
+ $expected_cacheability->getCacheTags(),
+ $expected_cacheability->getCacheContexts(),
+ FALSE,
+ $dynamic_cache
+ );
+ }
+ // Test Dynamic Page Cache HIT for a query with the same field set (unless
+ // expensive cache context is present).
+ $response = $this->request('GET', $url, $request_options);
+ $this->assertResourceResponse(200, FALSE, $response, $expected_cacheability->getCacheTags(), $expected_cacheability->getCacheContexts(), FALSE, $dynamic_cache === 'MISS' ? 'HIT' : 'UNCACHEABLE');
+ }
+
+ /**
+ * Tests included resources.
+ *
+ * @param \Drupal\Core\Url $url
+ * The base URL with which to test includes.
+ * @param array $request_options
+ * Request options to apply.
+ *
+ * @see \GuzzleHttp\ClientInterface::request()
+ */
+ protected function doTestIncluded(Url $url, array $request_options) {
+ $relationship_field_names = $this->getRelationshipFieldNames($this->entity);
+ // If there are no relationship fields, we can't include anything.
+ if (empty($relationship_field_names)) {
+ return;
+ }
+
+ $field_sets = [
+ 'empty' => [],
+ 'all' => $relationship_field_names,
+ ];
+ if (count($relationship_field_names) > 1) {
+ $about_half_the_fields = floor(count($relationship_field_names) / 2);
+ $field_sets['some'] = array_slice($relationship_field_names, $about_half_the_fields);
+
+ $nested_includes = $this->getNestedIncludePaths();
+ if (!empty($nested_includes) && !in_array($nested_includes, $field_sets)) {
+ $field_sets['nested'] = $nested_includes;
+ }
+ }
+
+ foreach ($field_sets as $type => $included_paths) {
+ $this->grantIncludedPermissions($included_paths);
+ $query = ['include' => implode(',', $included_paths)];
+ $url->setOption('query', $query);
+ $actual_response = $this->request('GET', $url, $request_options);
+ $expected_response = $this->getExpectedIncludedResourceResponse($included_paths, $request_options);
+ $expected_document = $expected_response->getResponseData();
+ // Dynamic Page Cache miss because cache should vary based on the
+ // 'include' query param.
+ $expected_cacheability = $expected_response->getCacheableMetadata();
+ // MISS or UNCACHEABLE depends on data. It must not be HIT.
+ $dynamic_cache = ($expected_cacheability->getCacheMaxAge() === 0 || !empty(array_intersect(['user', 'session'], $this->getExpectedCacheContexts()))) ? 'UNCACHEABLE' : 'MISS';
+ $this->assertResourceResponse(
+ 200,
+ $expected_document,
+ $actual_response,
+ $expected_cacheability->getCacheTags(),
+ $expected_cacheability->getCacheContexts(),
+ FALSE,
+ $dynamic_cache
+ );
+ }
+ }
+
+ /**
+ * Tests individual and collection revisions.
+ */
+ public function testRevisions() {
+ if (!$this->entity->getEntityType()->isRevisionable() || !$this->entity instanceof FieldableEntityInterface) {
+ return;
+ }
+ assert($this->entity instanceof RevisionableInterface);
+
+ // JSON:API will only support node and media revisions until Drupal core has
+ // a generic revision access API.
+ if (!in_array($this->entity->getEntityTypeId(), ['node', 'media'])) {
+ $this->setUpRevisionAuthorization('GET');
+ $url = Url::fromRoute(sprintf('jsonapi.%s.individual', static::$resourceTypeName), ['entity' => $this->entity->uuid()])->setAbsolute();
+ $url->setOption('query', ['resourceVersion' => 'id:' . $this->entity->getRevisionId()]);
+ $request_options = [];
+ $request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
+ $request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions());
+ $response = $this->request('GET', $url, $request_options);
+ $detail = 'JSON:API does not yet support resource versioning for this resource type.';
+ $detail .= ' For context, see https://www.drupal.org/project/jsonapi/issues/2992833#comment-12818258.';
+ $detail .= ' To contribute, see https://www.drupal.org/project/drupal/issues/2350939 and https://www.drupal.org/project/drupal/issues/2809177.';
+ $expected_cache_contexts = [
+ 'url.path',
+ 'url.query_args:resourceVersion',
+ 'url.site',
+ ];
+ $this->assertResourceErrorResponse(501, $detail, $url, $response, FALSE, ['http_response'], $expected_cache_contexts);
+ return;
+ }
+
+ // Add a field to modify in order to test revisions.
+ FieldStorageConfig::create([
+ 'entity_type' => static::$entityTypeId,
+ 'field_name' => 'field_revisionable_number',
+ 'type' => 'integer',
+ ])->setCardinality(1)->save();
+ FieldConfig::create([
+ 'entity_type' => static::$entityTypeId,
+ 'field_name' => 'field_revisionable_number',
+ 'bundle' => $this->entity->bundle(),
+ ])->setLabel('Revisionable text field')->setTranslatable(FALSE)->save();
+
+ // Reload entity so that it has the new field.
+ $entity = $this->entityStorage->loadUnchanged($this->entity->id());
+
+ // Set up test data.
+ /* @var \Drupal\Core\Entity\FieldableEntityInterface $entity */
+ $entity->set('field_revisionable_number', 42);
+ $entity->save();
+ $original_revision_id = (int) $entity->getRevisionId();
+
+ $entity->set('field_revisionable_number', 99);
+ $entity->setNewRevision();
+ $entity->save();
+ $latest_revision_id = (int) $entity->getRevisionId();
+
+ // @todo Remove line below in favor of commented line in https://www.drupal.org/project/jsonapi/issues/2878463.
+ $url = Url::fromRoute(sprintf('jsonapi.%s.individual', static::$resourceTypeName), ['entity' => $this->entity->uuid()])->setAbsolute();
+ /* $url = $this->entity->toUrl('jsonapi'); */
+ $collection_url = Url::fromRoute(sprintf('jsonapi.%s.collection', static::$resourceTypeName))->setAbsolute();
+ $relationship_url = Url::fromRoute(sprintf('jsonapi.%s.%s.relationship.get', static::$resourceTypeName, 'field_jsonapi_test_entity_ref'), ['entity' => $this->entity->uuid()])->setAbsolute();
+ $related_url = Url::fromRoute(sprintf('jsonapi.%s.%s.related', static::$resourceTypeName, 'field_jsonapi_test_entity_ref'), ['entity' => $this->entity->uuid()])->setAbsolute();
+ $original_revision_id_url = clone $url;
+ $original_revision_id_url->setOption('query', ['resourceVersion' => "id:$original_revision_id"]);
+ $original_revision_id_relationship_url = clone $relationship_url;
+ $original_revision_id_relationship_url->setOption('query', ['resourceVersion' => "id:$original_revision_id"]);
+ $original_revision_id_related_url = clone $related_url;
+ $original_revision_id_related_url->setOption('query', ['resourceVersion' => "id:$original_revision_id"]);
+ $latest_revision_id_url = clone $url;
+ $latest_revision_id_url->setOption('query', ['resourceVersion' => "id:$latest_revision_id"]);
+ $latest_revision_id_relationship_url = clone $relationship_url;
+ $latest_revision_id_relationship_url->setOption('query', ['resourceVersion' => "id:$latest_revision_id"]);
+ $latest_revision_id_related_url = clone $related_url;
+ $latest_revision_id_related_url->setOption('query', ['resourceVersion' => "id:$latest_revision_id"]);
+ $rel_latest_version_url = clone $url;
+ $rel_latest_version_url->setOption('query', ['resourceVersion' => 'rel:latest-version']);
+ $rel_latest_version_relationship_url = clone $relationship_url;
+ $rel_latest_version_relationship_url->setOption('query', ['resourceVersion' => 'rel:latest-version']);
+ $rel_latest_version_related_url = clone $related_url;
+ $rel_latest_version_related_url->setOption('query', ['resourceVersion' => 'rel:latest-version']);
+ $rel_latest_version_collection_url = clone $collection_url;
+ $rel_latest_version_collection_url->setOption('query', ['resourceVersion' => 'rel:latest-version']);
+ $rel_working_copy_url = clone $url;
+ $rel_working_copy_url->setOption('query', ['resourceVersion' => 'rel:working-copy']);
+ $rel_working_copy_relationship_url = clone $relationship_url;
+ $rel_working_copy_relationship_url->setOption('query', ['resourceVersion' => 'rel:working-copy']);
+ $rel_working_copy_related_url = clone $related_url;
+ $rel_working_copy_related_url->setOption('query', ['resourceVersion' => 'rel:working-copy']);
+ $rel_working_copy_collection_url = clone $collection_url;
+ $rel_working_copy_collection_url->setOption('query', ['resourceVersion' => 'rel:working-copy']);
+ $rel_invalid_collection_url = clone $collection_url;
+ $rel_invalid_collection_url->setOption('query', ['resourceVersion' => 'rel:invalid']);
+ $revision_id_key = 'drupal_internal__' . $this->entity->getEntityType()->getKey('revision');
+ $published_key = $this->entity->getEntityType()->getKey('published');
+ $revision_translation_affected_key = $this->entity->getEntityType()->getKey('revision_translation_affected');
+
+ $request_options = [];
+ $request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
+ $request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions());
+
+ // Ensure 403 forbidden on typical GET.
+ $actual_response = $this->request('GET', $url, $request_options);
+ $expected_cacheability = $this->getExpectedUnauthorizedAccessCacheability();
+ $result = $entity->access('view', $this->account, TRUE);
+ $detail = 'The current user is not allowed to GET the selected resource.';
+ if ($result instanceof AccessResultReasonInterface && ($reason = $result->getReason()) && !empty($reason)) {
+ $detail .= ' ' . $reason;
+ }
+ $this->assertResourceErrorResponse(403, $detail, $url, $actual_response, '/data', $expected_cacheability->getCacheTags(), $expected_cacheability->getCacheContexts(), FALSE, 'MISS');
+
+ // Ensure that targeting a revision does not bypass access.
+ $actual_response = $this->request('GET', $original_revision_id_url, $request_options);
+ $expected_cacheability = $this->getExpectedUnauthorizedAccessCacheability();
+ $detail = 'The current user is not allowed to GET the selected resource. The user does not have access to the requested version.';
+ if ($result instanceof AccessResultReasonInterface && ($reason = $result->getReason()) && !empty($reason)) {
+ $detail .= ' ' . $reason;
+ }
+ $this->assertResourceErrorResponse(403, $detail, $url, $actual_response, '/data', $expected_cacheability->getCacheTags(), $expected_cacheability->getCacheContexts(), FALSE, 'MISS');
+
+ $this->setUpRevisionAuthorization('GET');
+
+ // Ensure that the URL without a `resourceVersion` query parameter returns
+ // the default revision. This is always the latest revision when
+ // content_moderation is not installed.
+ $actual_response = $this->request('GET', $url, $request_options);
+ $expected_document = $this->getExpectedDocument();
+ // Resource objects always link to their specific revision by revision ID.
+ $expected_document['data']['attributes'][$revision_id_key] = $latest_revision_id;
+ $expected_document['data']['attributes']['field_revisionable_number'] = 99;
+ $expected_cache_tags = $this->getExpectedCacheTags();
+ $expected_cache_contexts = $this->getExpectedCacheContexts();
+ $this->assertResourceResponse(200, $expected_document, $actual_response, $expected_cache_tags, $expected_cache_contexts, FALSE, 'MISS');
+ // Fetch the same revision using its revision ID.
+ $actual_response = $this->request('GET', $latest_revision_id_url, $request_options);
+ // The top-level document object's `self` link should always link to the
+ // request URL.
+ $expected_document['links']['self']['href'] = $latest_revision_id_url->setAbsolute()->toString();
+ $this->assertResourceResponse(200, $expected_document, $actual_response, $expected_cache_tags, $expected_cache_contexts, FALSE, 'MISS');
+ // Ensure dynamic cache HIT on second request when using a version
+ // negotiator.
+ $actual_response = $this->request('GET', $latest_revision_id_url, $request_options);
+ $this->assertResourceResponse(200, $expected_document, $actual_response, $expected_cache_tags, $expected_cache_contexts, FALSE, 'HIT');
+ // Fetch the same revision using the `latest-version` link relation type
+ // negotiator. Without content_moderation, this is always the most recent
+ // revision.
+ $actual_response = $this->request('GET', $rel_latest_version_url, $request_options);
+ $expected_document['links']['self']['href'] = $rel_latest_version_url->setAbsolute()->toString();
+ $this->assertResourceResponse(200, $expected_document, $actual_response, $expected_cache_tags, $expected_cache_contexts, FALSE, 'MISS');
+ // Fetch the same revision using the `working-copy` link relation type
+ // negotiator. Without content_moderation, this is always the most recent
+ // revision.
+ $actual_response = $this->request('GET', $rel_working_copy_url, $request_options);
+ $expected_document['links']['self']['href'] = $rel_working_copy_url->setAbsolute()->toString();
+ $this->assertResourceResponse(200, $expected_document, $actual_response, $expected_cache_tags, $expected_cache_contexts, FALSE, 'MISS');
+
+ // Fetch the prior revision.
+ $actual_response = $this->request('GET', $original_revision_id_url, $request_options);
+ $expected_document['data']['attributes'][$revision_id_key] = $original_revision_id;
+ $expected_document['data']['attributes']['field_revisionable_number'] = 42;
+ $expected_document['links']['self']['href'] = $original_revision_id_url->setAbsolute()->toString();
+ $this->assertResourceResponse(200, $expected_document, $actual_response, $expected_cache_tags, $expected_cache_contexts, FALSE, 'MISS');
+
+ // Install content_moderation module.
+ $this->assertTrue($this->container->get('module_installer')->install(['content_moderation'], TRUE), 'Installed modules.');
+
+ // Set up an editorial workflow.
+ $workflow = $this->createEditorialWorkflow();
+ $workflow->getTypePlugin()->addEntityTypeAndBundle(static::$entityTypeId, $this->entity->bundle());
+ $workflow->save();
+
+ // Ensure the test entity has content_moderation fields attached to it.
+ /* @var \Drupal\Core\Entity\FieldableEntityInterface|\Drupal\Core\Entity\TranslatableRevisionableInterface $entity */
+ $entity = $this->entityStorage->load($entity->id());
+
+ // Set the published moderation state on the test entity.
+ $entity->set('moderation_state', 'published');
+ $entity->setNewRevision();
+ $entity->save();
+ $published_revision_id = (int) $entity->getRevisionId();
+
+ // Fetch the published revision by using the `rel` version negotiator and
+ // the `latest-version` version argument. With content_moderation, this is
+ // now the most recent revision where the moderation state was the 'default'
+ // one.
+ $actual_response = $this->request('GET', $rel_latest_version_url, $request_options);
+ $expected_document['data']['attributes'][$revision_id_key] = $published_revision_id;
+ $expected_document['data']['attributes']['moderation_state'] = 'published';
+ $expected_document['data']['attributes'][$published_key] = TRUE;
+ $expected_document['data']['attributes']['field_revisionable_number'] = 99;
+ $expected_document['links']['self']['href'] = $rel_latest_version_url->toString();
+ $expected_document['data']['attributes'][$revision_translation_affected_key] = $entity->isRevisionTranslationAffected();
+ $this->assertResourceResponse(200, $expected_document, $actual_response, $expected_cache_tags, $expected_cache_contexts, FALSE, 'MISS');
+ // Fetch the collection URL using the `latest-version` version argument.
+ $actual_response = $this->request('GET', $rel_latest_version_collection_url, $request_options);
+ $expected_response = $this->getExpectedCollectionResponse([$entity], $rel_latest_version_collection_url->toString(), $request_options);
+ $expected_collection_document = $expected_response->getResponseData();
+ $expected_cacheability = $expected_response->getCacheableMetadata();
+ $this->assertResourceResponse(200, $expected_collection_document, $actual_response, $expected_cacheability->getCacheTags(), $expected_cacheability->getCacheContexts(), FALSE, 'MISS');
+ // Fetch the published revision by using the `working-copy` version
+ // argument. With content_moderation, this is always the most recent
+ // revision regardless of moderation state.
+ $actual_response = $this->request('GET', $rel_working_copy_url, $request_options);
+ $expected_document['links']['self']['href'] = $rel_working_copy_url->toString();
+ $this->assertResourceResponse(200, $expected_document, $actual_response, $expected_cache_tags, $expected_cache_contexts, FALSE, 'MISS');
+ // Fetch the collection URL using the `working-copy` version argument.
+ $actual_response = $this->request('GET', $rel_working_copy_collection_url, $request_options);
+ $expected_collection_document['links']['self']['href'] = $rel_working_copy_collection_url->toString();
+ $this->assertResourceResponse(200, $expected_collection_document, $actual_response, $expected_cacheability->getCacheTags(), $expected_cacheability->getCacheContexts(), FALSE, 'MISS');
+ // @todo: remove the next assertion when Drupal core supports entity query access control on revisions.
+ $rel_working_copy_collection_url_filtered = clone $rel_working_copy_collection_url;
+ $rel_working_copy_collection_url_filtered->setOption('query', ['filter[foo]' => 'bar'] + $rel_working_copy_collection_url->getOption('query'));
+ $actual_response = $this->request('GET', $rel_working_copy_collection_url_filtered, $request_options);
+ $filtered_collection_expected_cache_contexts = [
+ 'url.path',
+ 'url.query_args:filter',
+ 'url.query_args:resourceVersion',
+ 'url.site',
+ ];
+ $this->assertResourceErrorResponse(501, 'JSON:API does not support filtering on revisions other than the latest version because a secure Drupal core API does not yet exist to do so.', $rel_working_copy_collection_url_filtered, $actual_response, FALSE, ['http_response'], $filtered_collection_expected_cache_contexts);
+ // Fetch the collection URL using an invalid version identifier.
+ $actual_response = $this->request('GET', $rel_invalid_collection_url, $request_options);
+ $invalid_version_expected_cache_contexts = [
+ 'url.path',
+ 'url.query_args:resourceVersion',
+ 'url.site',
+ ];
+ $this->assertResourceErrorResponse(400, 'Collection resources only support the following resource version identifiers: rel:latest-version, rel:working-copy', $rel_invalid_collection_url, $actual_response, FALSE, ['4xx-response', 'http_response'], $invalid_version_expected_cache_contexts);
+
+ // Move the entity to its draft moderation state.
+ $entity->set('field_revisionable_number', 42);
+ // Change a relationship field so revisions can be tested on related and
+ // relationship routes.
+ $new_user = $this->createUser();
+ $new_user->save();
+ $entity->set('field_jsonapi_test_entity_ref', ['target_id' => $new_user->id()]);
+ $entity->set('moderation_state', 'draft');
+ $entity->setNewRevision();
+ $entity->save();
+ $draft_revision_id = (int) $entity->getRevisionId();
+
+ // The `latest-version` link should *still* reference the same revision
+ // since a draft is not a default revision.
+ $actual_response = $this->request('GET', $rel_latest_version_url, $request_options);
+ $expected_document['links']['self']['href'] = $rel_latest_version_url->toString();
+ $this->assertResourceResponse(200, $expected_document, $actual_response, $expected_cache_tags, $expected_cache_contexts, FALSE, 'MISS');
+ // And the same should be true for collections.
+ $actual_response = $this->request('GET', $rel_latest_version_collection_url, $request_options);
+ $expected_collection_document['data'][0] = $expected_document['data'];
+ $expected_collection_document['links']['self']['href'] = $rel_latest_version_collection_url->toString();
+ $this->assertResourceResponse(200, $expected_collection_document, $actual_response, $expected_cacheability->getCacheTags(), $expected_cacheability->getCacheContexts(), FALSE, 'MISS');
+ // Ensure that the `latest-version` response is same as the default link,
+ // aside from the document's `self` link.
+ $actual_response = $this->request('GET', $url, $request_options);
+ $expected_document['links']['self']['href'] = $url->toString();
+ $this->assertResourceResponse(200, $expected_document, $actual_response, $expected_cache_tags, $expected_cache_contexts, FALSE, 'MISS');
+ // And the same should be true for collections.
+ $actual_response = $this->request('GET', $collection_url, $request_options);
+ $expected_collection_document['links']['self']['href'] = $collection_url->toString();
+ $this->assertResourceResponse(200, $expected_collection_document, $actual_response, $expected_cacheability->getCacheTags(), $expected_cacheability->getCacheContexts(), FALSE, 'MISS');
+ // Now, the `working-copy` link should reference the draft revision. This
+ // is significant because without content_moderation, the two responses
+ // would still been the same.
+ //
+ // Access is checked before any special permissions are granted. This
+ // asserts a 403 forbidden if the user is not allowed to see unpublished
+ // content.
+ $result = $entity->access('view', $this->account, TRUE);
+ if (!$result->isAllowed()) {
+ $actual_response = $this->request('GET', $rel_working_copy_url, $request_options);
+ $expected_cacheability = $this->getExpectedUnauthorizedAccessCacheability();
+ $expected_cache_tags = Cache::mergeTags($expected_cacheability->getCacheTags(), $entity->getCacheTags());
+ $expected_cache_contexts = $expected_cacheability->getCacheContexts();
+ $detail = 'The current user is not allowed to GET the selected resource. The user does not have access to the requested version.';
+ $message = $result instanceof AccessResultReasonInterface ? trim($detail . ' ' . $result->getReason()) : $detail;
+ $this->assertResourceErrorResponse(403, $message, $url, $actual_response, '/data', $expected_cache_tags, $expected_cache_contexts, FALSE, 'MISS');
+ // On the collection URL, we should expect to see the draft omitted from
+ // the collection.
+ $actual_response = $this->request('GET', $rel_working_copy_collection_url, $request_options);
+ $expected_response = static::getExpectedCollectionResponse([$entity], $rel_working_copy_collection_url->toString(), $request_options);
+ $expected_collection_document = $expected_response->getResponseData();
+ $expected_collection_document['data'] = [];
+ $expected_cacheability = $expected_response->getCacheableMetadata();
+ $access_denied_response = static::getAccessDeniedResponse($entity, $result, $url, NULL, $detail)->getResponseData();
+ static::addOmittedObject($expected_collection_document, static::errorsToOmittedObject($access_denied_response['errors']));
+ $this->assertResourceResponse(200, $expected_collection_document, $actual_response, $expected_cacheability->getCacheTags(), $expected_cacheability->getCacheContexts(), FALSE, 'MISS');
+ }
+
+ // Since additional permissions are required to see 'draft' entities,
+ // grant those permissions.
+ $this->grantPermissionsToTestedRole($this->getEditorialPermissions());
+
+ // Now, the `working-copy` link should be latest revision and be accessible.
+ $actual_response = $this->request('GET', $rel_working_copy_url, $request_options);
+ $expected_document['data']['attributes'][$revision_id_key] = $draft_revision_id;
+ $expected_document['data']['attributes']['moderation_state'] = 'draft';
+ $expected_document['data']['attributes'][$published_key] = FALSE;
+ $expected_document['data']['attributes']['field_revisionable_number'] = 42;
+ $expected_document['links']['self']['href'] = $rel_working_copy_url->setAbsolute()->toString();
+ $expected_document['data']['attributes'][$revision_translation_affected_key] = $entity->isRevisionTranslationAffected();
+ $expected_cache_tags = $this->getExpectedCacheTags();
+ $expected_cache_contexts = $this->getExpectedCacheContexts();
+ $this->assertResourceResponse(200, $expected_document, $actual_response, $expected_cache_tags, $expected_cache_contexts, FALSE, 'MISS');
+ // And the collection response should also have the latest revision.
+ $actual_response = $this->request('GET', $rel_working_copy_collection_url, $request_options);
+ $expected_response = static::getExpectedCollectionResponse([$entity], $rel_working_copy_collection_url->toString(), $request_options);
+ $expected_collection_document = $expected_response->getResponseData();
+ $expected_collection_document['data'] = [$expected_document['data']];
+ $expected_cacheability = $expected_response->getCacheableMetadata();
+ $this->assertResourceResponse(200, $expected_collection_document, $actual_response, $expected_cacheability->getCacheTags(), $expected_cacheability->getCacheContexts(), FALSE, 'MISS');
+
+ // Test relationship responses.
+ // Fetch the prior revision's relationship URL.
+ $test_relationship_urls = [
+ [
+ NULL,
+ $relationship_url,
+ $related_url,
+ ],
+ [
+ $original_revision_id,
+ $original_revision_id_relationship_url,
+ $original_revision_id_related_url,
+ ],
+ [
+ $latest_revision_id,
+ $latest_revision_id_relationship_url,
+ $latest_revision_id_related_url,
+ ],
+ [
+ $published_revision_id,
+ $rel_latest_version_relationship_url,
+ $rel_latest_version_related_url,
+ ],
+ [
+ $draft_revision_id,
+ $rel_working_copy_relationship_url,
+ $rel_working_copy_related_url,
+ ],
+ ];
+ foreach ($test_relationship_urls as $revision_case) {
+ list($revision_id, $relationship_url, $related_url) = $revision_case;
+ // Load the revision that will be requested.
+ $this->entityStorage->resetCache([$entity->id()]);
+ $revision = is_null($revision_id)
+ ? $this->entityStorage->load($entity->id())
+ : $this->entityStorage->loadRevision($revision_id);
+ // Request the relationship resource without access to the relationship
+ // field.
+ $actual_response = $this->request('GET', $relationship_url, $request_options);
+ $expected_response = $this->getExpectedGetRelationshipResponse('field_jsonapi_test_entity_ref', $revision);
+ $expected_document = $expected_response->getResponseData();
+ $expected_cacheability = $expected_response->getCacheableMetadata();
+ $expected_document['errors'][0]['links']['via']['href'] = $relationship_url->toString();
+ $this->assertResourceResponse(403, $expected_document, $actual_response, $expected_cacheability->getCacheTags(), $expected_cacheability->getCacheContexts());
+ // Request the related route.
+ $actual_response = $this->request('GET', $related_url, $request_options);
+ // @todo: refactor self::getExpectedRelatedResponses() into a function which returns a single response.
+ $expected_response = $this->getExpectedRelatedResponses(['field_jsonapi_test_entity_ref'], $request_options, $revision)['field_jsonapi_test_entity_ref'];
+ $expected_document = $expected_response->getResponseData();
+ $expected_cacheability = $expected_response->getCacheableMetadata();
+ $expected_document['errors'][0]['links']['via']['href'] = $related_url->toString();
+ $this->assertResourceResponse(403, $expected_document, $actual_response, $expected_cacheability->getCacheTags(), $expected_cacheability->getCacheContexts());
+ }
+ $this->grantPermissionsToTestedRole(['field_jsonapi_test_entity_ref view access']);
+ foreach ($test_relationship_urls as $revision_case) {
+ list($revision_id, $relationship_url, $related_url) = $revision_case;
+ // Load the revision that will be requested.
+ $this->entityStorage->resetCache([$entity->id()]);
+ $revision = is_null($revision_id)
+ ? $this->entityStorage->load($entity->id())
+ : $this->entityStorage->loadRevision($revision_id);
+ // Request the relationship resource after granting access to the
+ // relationship field.
+ $actual_response = $this->request('GET', $relationship_url, $request_options);
+ $expected_response = $this->getExpectedGetRelationshipResponse('field_jsonapi_test_entity_ref', $revision);
+ $expected_document = $expected_response->getResponseData();
+ $expected_cacheability = $expected_response->getCacheableMetadata();
+ $this->assertResourceResponse(200, $expected_document, $actual_response, $expected_cacheability->getCacheTags(), $expected_cacheability->getCacheContexts(), FALSE, 'MISS');
+ // Request the related route.
+ $actual_response = $this->request('GET', $related_url, $request_options);
+ $expected_response = $this->getExpectedRelatedResponse('field_jsonapi_test_entity_ref', $request_options, $revision);
+ $expected_document = $expected_response->getResponseData();
+ $expected_cacheability = $expected_response->getCacheableMetadata();
+ $expected_document['links']['self']['href'] = $related_url->toString();
+ // MISS or UNCACHEABLE depends on data. It must not be HIT.
+ $dynamic_cache = !empty(array_intersect(['user', 'session'], $expected_cacheability->getCacheContexts())) ? 'UNCACHEABLE' : 'MISS';
+ $this->assertResourceResponse(200, $expected_document, $actual_response, $expected_cacheability->getCacheTags(), $expected_cacheability->getCacheContexts(), FALSE, $dynamic_cache);
+ }
+ }
+
+ /**
+ * Decorates the expected response with included data and cache metadata.
+ *
+ * This adds the expected includes to the expected document and also builds
+ * the expected cacheability for those includes. It does so based of responses
+ * from the related routes for individual relationships.
+ *
+ * @param \Drupal\jsonapi\ResourceResponse $expected_response
+ * The expected ResourceResponse.
+ * @param \Drupal\jsonapi\ResourceResponse[] $related_responses
+ * The related ResourceResponses, keyed by relationship field names.
+ *
+ * @return \Drupal\jsonapi\ResourceResponse
+ * The decorated ResourceResponse.
+ */
+ protected static function decorateExpectedResponseForIncludedFields(ResourceResponse $expected_response, array $related_responses) {
+ $expected_document = $expected_response->getResponseData();
+ $expected_cacheability = $expected_response->getCacheableMetadata();
+ foreach ($related_responses as $related_response) {
+ $related_document = $related_response->getResponseData();
+ $expected_cacheability->addCacheableDependency($related_response->getCacheableMetadata());
+ $expected_cacheability->setCacheTags(array_values(array_diff($expected_cacheability->getCacheTags(), ['4xx-response'])));
+ // If any of the related response documents had omitted items or errors,
+ // we should later expect the document to have omitted items as well.
+ if (!empty($related_document['errors'])) {
+ static::addOmittedObject($expected_document, static::errorsToOmittedObject($related_document['errors']));
+ }
+ if (!empty($related_document['meta']['omitted'])) {
+ static::addOmittedObject($expected_document, $related_document['meta']['omitted']);
+ }
+ if (isset($related_document['data'])) {
+ $related_data = $related_document['data'];
+ $related_resources = (static::isResourceIdentifier($related_data))
+ ? [$related_data]
+ : $related_data;
+ foreach ($related_resources as $related_resource) {
+ if (empty($expected_document['included']) || !static::collectionHasResourceIdentifier($related_resource, $expected_document['included'])) {
+ $expected_document['included'][] = $related_resource;
+ }
+ }
+ }
+ }
+ return (new ResourceResponse($expected_document))->addCacheableDependency($expected_cacheability);
+ }
+
+ /**
+ * Gets the expected individual ResourceResponse for GET.
+ *
+ * @return \Drupal\jsonapi\ResourceResponse
+ * The expected individual ResourceResponse.
+ */
+ protected function getExpectedGetIndividualResourceResponse($status_code = 200) {
+ $resource_response = new ResourceResponse($this->getExpectedDocument(), $status_code);
+ $cacheability = new CacheableMetadata();
+ $cacheability->setCacheContexts($this->getExpectedCacheContexts());
+ $cacheability->setCacheTags($this->getExpectedCacheTags());
+ return $resource_response->addCacheableDependency($cacheability);
+ }
+
+ /**
+ * Returns an array of sparse fields sets to test.
+ *
+ * @return array
+ * An array of sparse field sets (an array of field names), keyed by a label
+ * for the field set.
+ */
+ protected function getSparseFieldSets() {
+ $field_names = array_keys($this->entity->toArray());
+ $field_sets = [
+ 'empty' => [],
+ 'some' => array_slice($field_names, floor(count($field_names) / 2)),
+ 'all' => $field_names,
+ ];
+ if ($this->entity instanceof EntityOwnerInterface) {
+ $field_sets['nested_empty_fieldset'] = $field_sets['empty'];
+ $field_sets['nested_fieldset_with_owner_fieldset'] = ['name', 'created'];
+ }
+ return $field_sets;
+ }
+
+ /**
+ * Gets a list of public relationship names for the resource type under test.
+ *
+ * @param \Drupal\Core\Entity\EntityInterface|null $entity
+ * (optional) The entity for which to get relationship field names.
+ *
+ * @return array
+ * An array of relationship field names.
+ */
+ protected function getRelationshipFieldNames(EntityInterface $entity = NULL) {
+ $entity = $entity ?: $this->entity;
+ // Only content entity types can have relationships.
+ $fields = $entity instanceof ContentEntityInterface
+ ? iterator_to_array($entity)
+ : [];
+ return array_reduce($fields, function ($field_names, $field) {
+ /* @var \Drupal\Core\Field\FieldItemListInterface $field */
+ if (static::isReferenceFieldDefinition($field->getFieldDefinition())) {
+ $field_names[] = $this->resourceType->getPublicName($field->getName());
+ }
+ return $field_names;
+ }, []);
+ }
+
+ /**
+ * Authorize the user under test with additional permissions to view includes.
+ *
+ * @return array
+ * An array of special permissions to be granted for certain relationship
+ * paths where the keys are relationships paths and values are an array of
+ * permissions.
+ */
+ protected static function getIncludePermissions() {
+ return [];
+ }
+
+ /**
+ * Gets an array of permissions required to view and update any tested entity.
+ *
+ * @return string[]
+ * An array of permission names.
+ */
+ protected function getEditorialPermissions() {
+ return ['view latest version', "view any unpublished content"];
+ }
+
+ /**
+ * Checks access for the given operation on the given entity.
+ *
+ * @param \Drupal\Core\Entity\EntityInterface $entity
+ * The entity for which to check field access.
+ * @param string $operation
+ * The operation for which to check access.
+ * @param \Drupal\Core\Session\AccountInterface $account
+ * The account for which to check access.
+ *
+ * @return \Drupal\Core\Access\AccessResultInterface
+ * The AccessResult.
+ */
+ protected static function entityAccess(EntityInterface $entity, $operation, AccountInterface $account) {
+ // The default entity access control handler assumes that permissions do not
+ // change during the lifetime of a request and caches access results.
+ // However, we're changing permissions during a test run and need fresh
+ // results, so reset the cache.
+ \Drupal::entityTypeManager()->getAccessControlHandler($entity->getEntityTypeId())->resetCache();
+ return $entity->access($operation, $account, TRUE);
+ }
+
+ /**
+ * Checks access for the given field operation on the given entity.
+ *
+ * @param \Drupal\Core\Entity\EntityInterface $entity
+ * The entity for which to check field access.
+ * @param string $field_name
+ * The field for which to check access.
+ * @param string $operation
+ * The operation for which to check access.
+ * @param \Drupal\Core\Session\AccountInterface $account
+ * The account for which to check access.
+ *
+ * @return \Drupal\Core\Access\AccessResultInterface
+ * The AccessResult.
+ */
+ protected static function entityFieldAccess(EntityInterface $entity, $field_name, $operation, AccountInterface $account) {
+ $entity_access = static::entityAccess($entity, $operation === 'edit' ? 'update' : 'view', $account);
+ $field_access = $entity->{$field_name}->access($operation, $account, TRUE);
+ return $entity_access->andIf($field_access);
+ }
+
+ /**
+ * Gets an array of of all nested include paths to be tested.
+ *
+ * @param int $depth
+ * (optional) The maximum depth to which included paths should be nested.
+ *
+ * @return array
+ * An array of nested include paths.
+ */
+ protected function getNestedIncludePaths($depth = 3) {
+ $get_nested_relationship_field_names = function (EntityInterface $entity, $depth, $path = "") use (&$get_nested_relationship_field_names) {
+ $relationship_field_names = $this->getRelationshipFieldNames($entity);
+ if ($depth > 0) {
+ $paths = [];
+ foreach ($relationship_field_names as $field_name) {
+ $next = ($path) ? "$path.$field_name" : $field_name;
+ $internal_field_name = $this->resourceType->getInternalName($field_name);
+ if ($target_entity = $entity->{$internal_field_name}->entity) {
+ $deep = $get_nested_relationship_field_names($target_entity, $depth - 1, $next);
+ $paths = array_merge($paths, $deep);
+ }
+ else {
+ $paths[] = $next;
+ }
+ }
+ return $paths;
+ }
+ return array_map(function ($target_name) use ($path) {
+ return "$path.$target_name";
+ }, $relationship_field_names);
+ };
+ return $get_nested_relationship_field_names($this->entity, $depth);
+ }
+
+ /**
+ * Determines if a given field definition is a reference field.
+ *
+ * @param \Drupal\Core\Field\FieldDefinitionInterface $field_definition
+ * The field definition to inspect.
+ *
+ * @return bool
+ * TRUE if the field definition is found to be a reference field. FALSE
+ * otherwise.
+ */
+ protected static function isReferenceFieldDefinition(FieldDefinitionInterface $field_definition) {
+ /* @var \Drupal\Core\Field\TypedData\FieldItemDataDefinition $item_definition */
+ $item_definition = $field_definition->getItemDefinition();
+ $main_property = $item_definition->getMainPropertyName();
+ $property_definition = $item_definition->getPropertyDefinition($main_property);
+ return $property_definition instanceof DataReferenceTargetDefinition;
+ }
+
+ /**
+ * Grants authorization to view includes.
+ *
+ * @param string[] $include_paths
+ * An array of include paths for which to grant access.
+ */
+ protected function grantIncludedPermissions(array $include_paths = []) {
+ $applicable_permissions = array_intersect_key(static::getIncludePermissions(), array_flip($include_paths));
+ $flattened_permissions = array_unique(array_reduce($applicable_permissions, 'array_merge', []));
+ // Always grant access to 'view' the test entity reference field.
+ $flattened_permissions[] = 'field_jsonapi_test_entity_ref view access';
+ $this->grantPermissionsToTestedRole($flattened_permissions);
+ }
+
+}
diff --git a/core/modules/jsonapi/tests/src/Functional/ResponsiveImageStyleTest.php b/core/modules/jsonapi/tests/src/Functional/ResponsiveImageStyleTest.php
new file mode 100644
index 0000000000..298dc48d00
--- /dev/null
+++ b/core/modules/jsonapi/tests/src/Functional/ResponsiveImageStyleTest.php
@@ -0,0 +1,142 @@
+grantPermissionsToTestedRole(['administer responsive images']);
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function createEntity() {
+ // Create a "Camelids" responsive image style.
+ $camelids = ResponsiveImageStyle::create([
+ 'id' => 'camelids',
+ 'label' => 'Camelids',
+ ]);
+ $camelids->setBreakpointGroup('test_group');
+ $camelids->setFallbackImageStyle('fallback');
+ $camelids->addImageStyleMapping('test_breakpoint', '1x', [
+ 'image_mapping_type' => 'image_style',
+ 'image_mapping' => 'small',
+ ]);
+ $camelids->addImageStyleMapping('test_breakpoint', '2x', [
+ 'image_mapping_type' => 'sizes',
+ 'image_mapping' => [
+ 'sizes' => '(min-width:700px) 700px, 100vw',
+ 'sizes_image_styles' => [
+ 'medium' => 'medium',
+ 'large' => 'large',
+ ],
+ ],
+ ]);
+ $camelids->save();
+
+ return $camelids;
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function getExpectedDocument() {
+ $self_url = Url::fromUri('base:/jsonapi/responsive_image_style/responsive_image_style/' . $this->entity->uuid())->setAbsolute()->toString(TRUE)->getGeneratedUrl();
+ return [
+ 'jsonapi' => [
+ 'meta' => [
+ 'links' => [
+ 'self' => ['href' => 'http://jsonapi.org/format/1.0/'],
+ ],
+ ],
+ 'version' => '1.0',
+ ],
+ 'links' => [
+ 'self' => ['href' => $self_url],
+ ],
+ 'data' => [
+ 'id' => $this->entity->uuid(),
+ 'type' => 'responsive_image_style--responsive_image_style',
+ 'links' => [
+ 'self' => ['href' => $self_url],
+ ],
+ 'attributes' => [
+ 'breakpoint_group' => 'test_group',
+ 'dependencies' => [
+ 'config' => [
+ 'image.style.large',
+ 'image.style.medium',
+ ],
+ ],
+ 'fallback_image_style' => 'fallback',
+ 'image_style_mappings' => [
+ 0 => [
+ 'breakpoint_id' => 'test_breakpoint',
+ 'image_mapping' => 'small',
+ 'image_mapping_type' => 'image_style',
+ 'multiplier' => '1x',
+ ],
+ 1 => [
+ 'breakpoint_id' => 'test_breakpoint',
+ 'image_mapping' => [
+ 'sizes' => '(min-width:700px) 700px, 100vw',
+ 'sizes_image_styles' => [
+ 'large' => 'large',
+ 'medium' => 'medium',
+ ],
+ ],
+ 'image_mapping_type' => 'sizes',
+ 'multiplier' => '2x',
+ ],
+ ],
+ 'label' => 'Camelids',
+ 'langcode' => 'en',
+ 'status' => TRUE,
+ 'drupal_internal__id' => 'camelids',
+ ],
+ ],
+ ];
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function getPostDocument() {
+ // @todo Update in https://www.drupal.org/node/2300677.
+ }
+
+}
diff --git a/core/modules/jsonapi/tests/src/Functional/RestExportJsonApiUnsupported.php b/core/modules/jsonapi/tests/src/Functional/RestExportJsonApiUnsupported.php
new file mode 100644
index 0000000000..5e83877119
--- /dev/null
+++ b/core/modules/jsonapi/tests/src/Functional/RestExportJsonApiUnsupported.php
@@ -0,0 +1,50 @@
+drupalLogin($this->drupalCreateUser(['administer views']));
+ }
+
+ /**
+ * Tests that 'api_json' is not a RestExport format option.
+ */
+ public function testFormatOptions() {
+ $this->assertSame(['json' => 'serialization', 'xml' => 'serialization'], $this->container->getParameter('serializer.format_providers'));
+
+ $this->drupalGet('admin/structure/views/nojs/display/test_serializer_display_entity/rest_export_1/style_options');
+ $this->assertSession()->fieldExists('style_options[formats][json]');
+ $this->assertSession()->fieldExists('style_options[formats][xml]');
+ $this->assertSession()->fieldNotExists('style_options[formats][api_json]');
+ }
+
+}
diff --git a/core/modules/jsonapi/tests/src/Functional/RestJsonApiUnsupported.php b/core/modules/jsonapi/tests/src/Functional/RestJsonApiUnsupported.php
new file mode 100644
index 0000000000..87c0f61b2c
--- /dev/null
+++ b/core/modules/jsonapi/tests/src/Functional/RestJsonApiUnsupported.php
@@ -0,0 +1,128 @@
+grantPermissionsToTestedRole(['access content']);
+ break;
+
+ default:
+ throw new \UnexpectedValueException();
+ }
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function setUp() {
+ parent::setUp();
+
+ // Set up a HTTP client that accepts relative URLs.
+ $this->httpClient = $this->container->get('http_client_factory')
+ ->fromOptions(['base_uri' => $this->baseUrl]);
+
+ // Create a "Camelids" node type.
+ NodeType::create([
+ 'name' => 'Camelids',
+ 'type' => 'camelids',
+ ])->save();
+
+ // Create a "Llama" node.
+ $node = Node::create(['type' => 'camelids']);
+ $node->setTitle('Llama')
+ ->setOwnerId(0)
+ ->setPublished()
+ ->save();
+ }
+
+ /**
+ * Deploying a REST resource using api_json format results in 400 responses.
+ *
+ * @see \Drupal\jsonapi\EventSubscriber\JsonApiRequestValidator::validateQueryParams()
+ */
+ public function testApiJsonNotSupportedInRest() {
+ $this->assertSame(['json', 'xml'], $this->container->getParameter('serializer.formats'));
+
+ $this->provisionResource(['api_json'], []);
+ $this->setUpAuthorization('GET');
+
+ $url = Node::load(1)->toUrl()
+ ->setOption('query', ['_format' => 'api_json']);
+ $request_options = [];
+
+ $response = $this->request('GET', $url, $request_options);
+ $this->assertResourceErrorResponse(
+ 400,
+ FALSE,
+ $response,
+ ['4xx-response', 'config:user.role.anonymous', 'http_response', 'node:1'],
+ ['url.query_args:_format', 'url.site', 'user.permissions'],
+ 'MISS',
+ 'MISS'
+ );
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function assertNormalizationEdgeCases($method, Url $url, array $request_options) {}
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function getExpectedUnauthorizedAccessMessage($method) {}
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function getExpectedUnauthorizedAccessCacheability() {}
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function getExpectedBcUnauthorizedAccessMessage($method) {}
+
+}
diff --git a/core/modules/jsonapi/tests/src/Functional/RestResourceConfigTest.php b/core/modules/jsonapi/tests/src/Functional/RestResourceConfigTest.php
new file mode 100644
index 0000000000..f44ebd0dec
--- /dev/null
+++ b/core/modules/jsonapi/tests/src/Functional/RestResourceConfigTest.php
@@ -0,0 +1,126 @@
+grantPermissionsToTestedRole(['administer rest resources']);
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function createEntity() {
+ $rest_resource_config = RestResourceConfig::create([
+ 'id' => 'llama',
+ 'plugin_id' => 'dblog',
+ 'granularity' => 'method',
+ 'configuration' => [
+ 'GET' => [
+ 'supported_formats' => [
+ 'json',
+ ],
+ 'supported_auth' => [
+ 'cookie',
+ ],
+ ],
+ ],
+ ]);
+ $rest_resource_config->save();
+
+ return $rest_resource_config;
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function getExpectedDocument() {
+ $self_url = Url::fromUri('base:/jsonapi/rest_resource_config/rest_resource_config/' . $this->entity->uuid())->setAbsolute()->toString(TRUE)->getGeneratedUrl();
+ return [
+ 'jsonapi' => [
+ 'meta' => [
+ 'links' => [
+ 'self' => ['href' => 'http://jsonapi.org/format/1.0/'],
+ ],
+ ],
+ 'version' => '1.0',
+ ],
+ 'links' => [
+ 'self' => ['href' => $self_url],
+ ],
+ 'data' => [
+ 'id' => $this->entity->uuid(),
+ 'type' => 'rest_resource_config--rest_resource_config',
+ 'links' => [
+ 'self' => ['href' => $self_url],
+ ],
+ 'attributes' => [
+ 'langcode' => 'en',
+ 'status' => TRUE,
+ 'dependencies' => [
+ 'module' => [
+ 'dblog',
+ 'serialization',
+ 'user',
+ ],
+ ],
+ 'plugin_id' => 'dblog',
+ 'granularity' => 'method',
+ 'configuration' => [
+ 'GET' => [
+ 'supported_formats' => [
+ 'json',
+ ],
+ 'supported_auth' => [
+ 'cookie',
+ ],
+ ],
+ ],
+ 'drupal_internal__id' => 'llama',
+ ],
+ ],
+ ];
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function getPostDocument() {
+ // @todo Update in https://www.drupal.org/node/2300677.
+ }
+
+}
diff --git a/core/modules/jsonapi/tests/src/Functional/RoleTest.php b/core/modules/jsonapi/tests/src/Functional/RoleTest.php
new file mode 100644
index 0000000000..4f8d609a22
--- /dev/null
+++ b/core/modules/jsonapi/tests/src/Functional/RoleTest.php
@@ -0,0 +1,102 @@
+grantPermissionsToTestedRole(['administer permissions']);
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function createEntity() {
+ $role = Role::create([
+ 'id' => 'llama',
+ 'name' => $this->randomString(),
+ ]);
+ $role->save();
+
+ return $role;
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function getExpectedDocument() {
+ $self_url = Url::fromUri('base:/jsonapi/user_role/user_role/' . $this->entity->uuid())->setAbsolute()->toString(TRUE)->getGeneratedUrl();
+ return [
+ 'jsonapi' => [
+ 'meta' => [
+ 'links' => [
+ 'self' => ['href' => 'http://jsonapi.org/format/1.0/'],
+ ],
+ ],
+ 'version' => '1.0',
+ ],
+ 'links' => [
+ 'self' => ['href' => $self_url],
+ ],
+ 'data' => [
+ 'id' => $this->entity->uuid(),
+ 'type' => 'user_role--user_role',
+ 'links' => [
+ 'self' => ['href' => $self_url],
+ ],
+ 'attributes' => [
+ 'weight' => 2,
+ 'langcode' => 'en',
+ 'status' => TRUE,
+ 'dependencies' => [],
+ 'label' => NULL,
+ 'is_admin' => NULL,
+ 'permissions' => [],
+ 'drupal_internal__id' => 'llama',
+ ],
+ ],
+ ];
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function getPostDocument() {
+ // @todo Update in https://www.drupal.org/node/2300677.
+ }
+
+}
diff --git a/core/modules/jsonapi/tests/src/Functional/SearchPageTest.php b/core/modules/jsonapi/tests/src/Functional/SearchPageTest.php
new file mode 100644
index 0000000000..4f741d6335
--- /dev/null
+++ b/core/modules/jsonapi/tests/src/Functional/SearchPageTest.php
@@ -0,0 +1,141 @@
+grantPermissionsToTestedRole(['access content']);
+ break;
+
+ case 'POST':
+ case 'PATCH':
+ case 'DELETE':
+ $this->grantPermissionsToTestedRole(['administer search']);
+ break;
+ }
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function createEntity() {
+ $search_page = SearchPage::create([
+ 'id' => 'hinode_search',
+ 'plugin' => 'node_search',
+ 'label' => 'Search of magnetic activity of the Sun',
+ 'path' => 'sun',
+ ]);
+ $search_page->save();
+ return $search_page;
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function getExpectedDocument() {
+ $self_url = Url::fromUri('base:/jsonapi/search_page/search_page/' . $this->entity->uuid())->setAbsolute()->toString(TRUE)->getGeneratedUrl();
+ return [
+ 'jsonapi' => [
+ 'meta' => [
+ 'links' => [
+ 'self' => ['href' => 'http://jsonapi.org/format/1.0/'],
+ ],
+ ],
+ 'version' => '1.0',
+ ],
+ 'links' => [
+ 'self' => ['href' => $self_url],
+ ],
+ 'data' => [
+ 'id' => $this->entity->uuid(),
+ 'type' => 'search_page--search_page',
+ 'links' => [
+ 'self' => ['href' => $self_url],
+ ],
+ 'attributes' => [
+ 'configuration' => [
+ 'rankings' => [],
+ ],
+ 'dependencies' => [
+ 'module' => [
+ 'node',
+ ],
+ ],
+ 'label' => 'Search of magnetic activity of the Sun',
+ 'langcode' => 'en',
+ 'path' => 'sun',
+ 'plugin' => 'node_search',
+ 'status' => TRUE,
+ 'weight' => 0,
+ 'drupal_internal__id' => 'hinode_search',
+ ],
+ ],
+ ];
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function getPostDocument() {
+ // @todo Update in https://www.drupal.org/node/2300677.
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function getExpectedUnauthorizedAccessMessage($method) {
+ switch ($method) {
+ case 'GET':
+ return "The 'access content' permission is required.";
+
+ default:
+ return parent::getExpectedUnauthorizedAccessMessage($method);
+ }
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function getExpectedUnauthorizedAccessCacheability() {
+ // @see \Drupal\search\SearchPageAccessControlHandler::checkAccess()
+ return parent::getExpectedUnauthorizedAccessCacheability()
+ ->addCacheTags(['config:search.page.hinode_search']);
+ }
+
+}
diff --git a/core/modules/jsonapi/tests/src/Functional/ShortcutSetTest.php b/core/modules/jsonapi/tests/src/Functional/ShortcutSetTest.php
new file mode 100644
index 0000000000..0ab41a38b0
--- /dev/null
+++ b/core/modules/jsonapi/tests/src/Functional/ShortcutSetTest.php
@@ -0,0 +1,123 @@
+grantPermissionsToTestedRole(['access shortcuts']);
+ break;
+
+ case 'POST':
+ case 'PATCH':
+ $this->grantPermissionsToTestedRole(['access shortcuts', 'customize shortcut links']);
+ break;
+
+ case 'DELETE':
+ $this->grantPermissionsToTestedRole(['administer shortcuts']);
+ break;
+ }
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function getExpectedUnauthorizedAccessMessage($method) {
+ switch ($method) {
+ case 'GET':
+ return "The 'access shortcuts' permission is required.";
+
+ default:
+ return parent::getExpectedUnauthorizedAccessMessage($method);
+ }
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function createEntity() {
+ $set = ShortcutSet::create([
+ 'id' => 'llama_set',
+ 'label' => 'Llama Set',
+ ]);
+ $set->save();
+ return $set;
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function getExpectedDocument() {
+ $self_url = Url::fromUri('base:/jsonapi/shortcut_set/shortcut_set/' . $this->entity->uuid())->setAbsolute()->toString(TRUE)->getGeneratedUrl();
+ return [
+ 'jsonapi' => [
+ 'meta' => [
+ 'links' => [
+ 'self' => ['href' => 'http://jsonapi.org/format/1.0/'],
+ ],
+ ],
+ 'version' => '1.0',
+ ],
+ 'links' => [
+ 'self' => ['href' => $self_url],
+ ],
+ 'data' => [
+ 'id' => $this->entity->uuid(),
+ 'type' => 'shortcut_set--shortcut_set',
+ 'links' => [
+ 'self' => ['href' => $self_url],
+ ],
+ 'attributes' => [
+ 'label' => 'Llama Set',
+ 'status' => TRUE,
+ 'langcode' => 'en',
+ 'dependencies' => [],
+ 'drupal_internal__id' => 'llama_set',
+ ],
+ ],
+ ];
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function getPostDocument() {
+ // @todo Update in https://www.drupal.org/node/2300677.
+ }
+
+}
diff --git a/core/modules/jsonapi/tests/src/Functional/ShortcutTest.php b/core/modules/jsonapi/tests/src/Functional/ShortcutTest.php
new file mode 100644
index 0000000000..9fc53b988e
--- /dev/null
+++ b/core/modules/jsonapi/tests/src/Functional/ShortcutTest.php
@@ -0,0 +1,220 @@
+grantPermissionsToTestedRole(['access shortcuts', 'customize shortcut links']);
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function createEntity() {
+ $shortcut = Shortcut::create([
+ 'shortcut_set' => 'default',
+ 'title' => t('Comments'),
+ 'weight' => -20,
+ 'link' => [
+ 'uri' => 'internal:/user/logout',
+ ],
+ ]);
+ $shortcut->save();
+
+ return $shortcut;
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function getExpectedDocument() {
+ $self_url = Url::fromUri('base:/jsonapi/shortcut/default/' . $this->entity->uuid())->setAbsolute()->toString(TRUE)->getGeneratedUrl();
+ return [
+ 'jsonapi' => [
+ 'meta' => [
+ 'links' => [
+ 'self' => ['href' => 'http://jsonapi.org/format/1.0/'],
+ ],
+ ],
+ 'version' => '1.0',
+ ],
+ 'links' => [
+ 'self' => ['href' => $self_url],
+ ],
+ 'data' => [
+ 'id' => $this->entity->uuid(),
+ 'type' => 'shortcut--default',
+ 'links' => [
+ 'self' => ['href' => $self_url],
+ ],
+ 'attributes' => [
+ 'title' => 'Comments',
+ 'link' => [
+ 'uri' => 'internal:/user/logout',
+ 'title' => NULL,
+ 'options' => [],
+ ],
+ 'langcode' => 'en',
+ 'default_langcode' => TRUE,
+ 'weight' => -20,
+ 'drupal_internal__id' => (int) $this->entity->id(),
+ ],
+ 'relationships' => [
+ 'shortcut_set' => [
+ 'data' => [
+ 'type' => 'shortcut_set--shortcut_set',
+ 'id' => ShortcutSet::load('default')->uuid(),
+ ],
+ 'links' => [
+ 'related' => ['href' => $self_url . '/shortcut_set'],
+ 'self' => ['href' => $self_url . '/relationships/shortcut_set'],
+ ],
+ ],
+ ],
+ ],
+ ];
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function getPostDocument() {
+ return [
+ 'data' => [
+ 'type' => 'shortcut--default',
+ 'attributes' => [
+ 'title' => 'Comments',
+ 'link' => [
+ 'uri' => 'internal:/',
+ ],
+ ],
+ ],
+ ];
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function getExpectedUnauthorizedAccessMessage($method) {
+ return "The shortcut set must be the currently displayed set for the user and the user must have 'access shortcuts' AND 'customize shortcut links' permissions.";
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function testPostIndividual() {
+ $this->markTestSkipped('Disabled until https://www.drupal.org/project/drupal/issues/2982060 is fixed.');
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function testRelationships() {
+ $this->markTestSkipped('Disabled until https://www.drupal.org/project/drupal/issues/2982060 is fixed.');
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function testPatchIndividual() {
+ $this->markTestSkipped('Disabled until https://www.drupal.org/project/drupal/issues/2982060 is fixed.');
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function testCollectionFilterAccess() {
+ $label_field_name = 'title';
+ // Verify the expected behavior in the common case: default shortcut set.
+ $this->grantPermissionsToTestedRole(['customize shortcut links']);
+ $this->doTestCollectionFilterAccessBasedOnPermissions($label_field_name, 'access shortcuts');
+
+ $alternate_shortcut_set = ShortcutSet::create([
+ 'id' => 'alternate',
+ 'label' => 'Alternate',
+ ]);
+ $alternate_shortcut_set->save();
+ $this->entity->shortcut_set = $alternate_shortcut_set->id();
+ $this->entity->save();
+
+ $collection_url = Url::fromRoute('jsonapi.entity_test--bar.collection');
+ $collection_filter_url = $collection_url->setOption('query', ["filter[spotlight.$label_field_name]" => $this->entity->label()]);
+ $request_options = [];
+ $request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
+ $request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions());
+
+ // No results because the current user does not have access to shortcuts
+ // not in the user's assigned set or the default set.
+ $response = $this->request('GET', $collection_filter_url, $request_options);
+ $doc = Json::decode((string) $response->getBody());
+ $this->assertCount(0, $doc['data']);
+
+ // Assign the alternate shortcut set to the current user.
+ $this->container->get('entity_type.manager')->getStorage('shortcut_set')->assignUser($alternate_shortcut_set, $this->account);
+
+ // 1 result because the alternate shortcut set is now assigned to the
+ // current user.
+ $response = $this->request('GET', $collection_filter_url, $request_options);
+ $doc = Json::decode((string) $response->getBody());
+ $this->assertCount(1, $doc['data']);
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected static function getExpectedCollectionCacheability(AccountInterface $account, array $collection, array $sparse_fieldset = NULL, $filtered = FALSE) {
+ $cacheability = parent::getExpectedCollectionCacheability($account, $collection, $sparse_fieldset, $filtered);
+ if ($filtered) {
+ $cacheability->addCacheContexts(['user']);
+ }
+ return $cacheability;
+ }
+
+}
diff --git a/core/modules/jsonapi/tests/src/Functional/TermTest.php b/core/modules/jsonapi/tests/src/Functional/TermTest.php
new file mode 100644
index 0000000000..a8b79a139d
--- /dev/null
+++ b/core/modules/jsonapi/tests/src/Functional/TermTest.php
@@ -0,0 +1,457 @@
+ NULL,
+ ];
+
+ /**
+ * {@inheritdoc}
+ *
+ * @var \Drupal\taxonomy\TermInterface
+ */
+ protected $entity;
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function setUpAuthorization($method) {
+ switch ($method) {
+ case 'GET':
+ $this->grantPermissionsToTestedRole(['access content']);
+ break;
+
+ case 'POST':
+ $this->grantPermissionsToTestedRole(['create terms in camelids']);
+ break;
+
+ case 'PATCH':
+ // Grant the 'create url aliases' permission to test the case when
+ // the path field is accessible, see
+ // \Drupal\Tests\rest\Functional\EntityResource\Node\NodeResourceTestBase
+ // for a negative test.
+ $this->grantPermissionsToTestedRole(['edit terms in camelids', 'create url aliases']);
+ break;
+
+ case 'DELETE':
+ $this->grantPermissionsToTestedRole(['delete terms in camelids']);
+ break;
+ }
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function createEntity() {
+ $vocabulary = Vocabulary::load('camelids');
+ if (!$vocabulary) {
+ // Create a "Camelids" vocabulary.
+ $vocabulary = Vocabulary::create([
+ 'name' => 'Camelids',
+ 'vid' => 'camelids',
+ ]);
+ $vocabulary->save();
+ }
+
+ // Create a "Llama" taxonomy term.
+ $term = Term::create(['vid' => $vocabulary->id()])
+ ->setName('Llama')
+ ->setDescription("It is a little known fact that llamas cannot count higher than seven.")
+ ->setChangedTime(123456789)
+ ->set('path', '/llama');
+ $term->save();
+
+ return $term;
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function getExpectedDocument() {
+ $self_url = Url::fromUri('base:/jsonapi/taxonomy_term/camelids/' . $this->entity->uuid())->setAbsolute()->toString(TRUE)->getGeneratedUrl();
+
+ // We test with multiple parent terms, and combinations thereof.
+ // @see ::createEntity()
+ // @see ::testGetIndividual()
+ // @see ::testGetIndividualTermWithParent()
+ // @see ::providerTestGetIndividualTermWithParent()
+ $parent_term_ids = [];
+ for ($i = 0; $i < $this->entity->get('parent')->count(); $i++) {
+ $parent_term_ids[$i] = (int) $this->entity->get('parent')[$i]->target_id;
+ }
+
+ $expected_parent_normalization = FALSE;
+ switch ($parent_term_ids) {
+ case [0]:
+ $expected_parent_normalization = [
+ 'data' => [
+ [
+ 'id' => 'virtual',
+ 'type' => 'taxonomy_term--camelids',
+ 'meta' => [
+ 'links' => [
+ 'help' => [
+ 'href' => 'https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual',
+ 'meta' => [
+ 'about' => "Usage and meaning of the 'virtual' resource identifier.",
+ ],
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'links' => [
+ 'related' => ['href' => $self_url . '/parent'],
+ 'self' => ['href' => $self_url . '/relationships/parent'],
+ ],
+ ];
+ break;
+
+ case [2]:
+ $expected_parent_normalization = [
+ 'data' => [
+ [
+ 'id' => Term::load(2)->uuid(),
+ 'type' => 'taxonomy_term--camelids',
+ ],
+ ],
+ 'links' => [
+ 'related' => ['href' => $self_url . '/parent'],
+ 'self' => ['href' => $self_url . '/relationships/parent'],
+ ],
+ ];
+ break;
+
+ case [0, 2]:
+ $expected_parent_normalization = [
+ 'data' => [
+ [
+ 'id' => 'virtual',
+ 'type' => 'taxonomy_term--camelids',
+ 'meta' => [
+ 'links' => [
+ 'help' => [
+ 'href' => 'https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual',
+ 'meta' => [
+ 'about' => "Usage and meaning of the 'virtual' resource identifier.",
+ ],
+ ],
+ ],
+ ],
+ ],
+ [
+ 'id' => Term::load(2)->uuid(),
+ 'type' => 'taxonomy_term--camelids',
+ ],
+ ],
+ 'links' => [
+ 'related' => ['href' => $self_url . '/parent'],
+ 'self' => ['href' => $self_url . '/relationships/parent'],
+ ],
+ ];
+ break;
+
+ case [3, 2]:
+ $expected_parent_normalization = [
+ 'data' => [
+ [
+ 'id' => Term::load(3)->uuid(),
+ 'type' => 'taxonomy_term--camelids',
+ ],
+ [
+ 'id' => Term::load(2)->uuid(),
+ 'type' => 'taxonomy_term--camelids',
+ ],
+ ],
+ 'links' => [
+ 'related' => ['href' => $self_url . '/parent'],
+ 'self' => ['href' => $self_url . '/relationships/parent'],
+ ],
+ ];
+ break;
+ }
+
+ return [
+ 'jsonapi' => [
+ 'meta' => [
+ 'links' => [
+ 'self' => ['href' => 'http://jsonapi.org/format/1.0/'],
+ ],
+ ],
+ 'version' => '1.0',
+ ],
+ 'links' => [
+ 'self' => ['href' => $self_url],
+ ],
+ 'data' => [
+ 'id' => $this->entity->uuid(),
+ 'type' => 'taxonomy_term--camelids',
+ 'links' => [
+ 'self' => ['href' => $self_url],
+ ],
+ 'attributes' => [
+ 'changed' => (new \DateTime())->setTimestamp($this->entity->getChangedTime())->setTimezone(new \DateTimeZone('UTC'))->format(\DateTime::RFC3339),
+ 'default_langcode' => TRUE,
+ 'description' => [
+ 'value' => 'It is a little known fact that llamas cannot count higher than seven.',
+ 'format' => NULL,
+ 'processed' => "It is a little known fact that llamas cannot count higher than seven.
\n",
+ ],
+ 'langcode' => 'en',
+ 'name' => 'Llama',
+ 'path' => [
+ 'alias' => '/llama',
+ 'pid' => 1,
+ 'langcode' => 'en',
+ ],
+ 'weight' => 0,
+ 'drupal_internal__tid' => 1,
+ 'status' => TRUE,
+ ],
+ 'relationships' => [
+ 'parent' => $expected_parent_normalization,
+ 'vid' => [
+ 'data' => [
+ 'id' => Vocabulary::load('camelids')->uuid(),
+ 'type' => 'taxonomy_vocabulary--taxonomy_vocabulary',
+ ],
+ 'links' => [
+ 'related' => ['href' => $self_url . '/vid'],
+ 'self' => ['href' => $self_url . '/relationships/vid'],
+ ],
+ ],
+ ],
+ ],
+ ];
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function getExpectedGetRelationshipDocumentData($relationship_field_name, EntityInterface $entity = NULL) {
+ $data = parent::getExpectedGetRelationshipDocumentData($relationship_field_name, $entity);
+ if ($relationship_field_name === 'parent') {
+ $data = [
+ 0 => [
+ 'id' => 'virtual',
+ 'type' => 'taxonomy_term--camelids',
+ 'meta' => [
+ 'links' => [
+ 'help' => [
+ 'href' => 'https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual',
+ 'meta' => [
+ 'about' => "Usage and meaning of the 'virtual' resource identifier.",
+ ],
+ ],
+ ],
+ ],
+ ],
+ ];
+ }
+ return $data;
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function getPostDocument() {
+ return [
+ 'data' => [
+ 'type' => 'taxonomy_term--camelids',
+ 'attributes' => [
+ 'name' => 'Dramallama',
+ 'description' => [
+ 'value' => 'Dramallamas are the coolest camelids.',
+ 'format' => NULL,
+ ],
+ ],
+ ],
+ ];
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function getExpectedUnauthorizedAccessMessage($method) {
+ switch ($method) {
+ case 'GET':
+ return "The 'access content' permission is required and the taxonomy term must be published.";
+
+ case 'POST':
+ return "The following permissions are required: 'create terms in camelids' OR 'administer taxonomy'.";
+
+ case 'PATCH':
+ return "The following permissions are required: 'edit terms in camelids' OR 'administer taxonomy'.";
+
+ case 'DELETE':
+ return "The following permissions are required: 'delete terms in camelids' OR 'administer taxonomy'.";
+
+ default:
+ return parent::getExpectedUnauthorizedAccessMessage($method);
+ }
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function getExpectedUnauthorizedAccessCacheability() {
+ $cacheability = parent::getExpectedUnauthorizedAccessCacheability();
+ $cacheability->addCacheableDependency($this->entity);
+ return $cacheability;
+ }
+
+ /**
+ * Tests PATCHing a term's path.
+ *
+ * For a negative test, see the similar test coverage for Node.
+ *
+ * @see \Drupal\Tests\jsonapi\Functional\NodeTest::testPatchPath()
+ * @see \Drupal\Tests\rest\Functional\EntityResource\Node\NodeResourceTestBase::testPatchPath()
+ */
+ public function testPatchPath() {
+ $this->setUpAuthorization('GET');
+ $this->setUpAuthorization('PATCH');
+
+ // @todo Remove line below in favor of commented line in https://www.drupal.org/project/jsonapi/issues/2878463.
+ $url = Url::fromRoute(sprintf('jsonapi.%s.individual', static::$resourceTypeName), ['entity' => $this->entity->uuid()]);
+ /* $url = $this->entity->toUrl('jsonapi'); */
+ $request_options = [];
+ $request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
+ $request_options[RequestOptions::HEADERS]['Content-Type'] = 'application/vnd.api+json';
+ $request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions());
+
+ // GET term's current normalization.
+ $response = $this->request('GET', $url, $request_options);
+ $normalization = Json::decode((string) $response->getBody());
+
+ // Change term's path alias.
+ $normalization['data']['attributes']['path']['alias'] .= 's-rule-the-world';
+
+ // Create term PATCH request.
+ $request_options[RequestOptions::BODY] = Json::encode($normalization);
+
+ // PATCH request: 200.
+ $response = $this->request('PATCH', $url, $request_options);
+ $this->assertResourceResponse(200, FALSE, $response);
+ $updated_normalization = Json::decode((string) $response->getBody());
+ $this->assertSame($normalization['data']['attributes']['path']['alias'], $updated_normalization['data']['attributes']['path']['alias']);
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function getExpectedCacheTags(array $sparse_fieldset = NULL) {
+ $tags = parent::getExpectedCacheTags($sparse_fieldset);
+ if ($sparse_fieldset === NULL || in_array('description', $sparse_fieldset)) {
+ $tags = Cache::mergeTags($tags, ['config:filter.format.plain_text', 'config:filter.settings']);
+ }
+ return $tags;
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function getExpectedCacheContexts(array $sparse_fieldset = NULL) {
+ $contexts = parent::getExpectedCacheContexts($sparse_fieldset);
+ if ($sparse_fieldset === NULL || in_array('description', $sparse_fieldset)) {
+ $contexts = Cache::mergeContexts($contexts, ['languages:language_interface', 'theme']);
+ }
+ return $contexts;
+ }
+
+ /**
+ * Tests GETting a term with a parent term other than the default (0).
+ *
+ * @see ::getExpectedNormalizedEntity()
+ *
+ * @dataProvider providerTestGetIndividualTermWithParent
+ */
+ public function testGetIndividualTermWithParent(array $parent_term_ids) {
+ // Create all possible parent terms.
+ Term::create(['vid' => Vocabulary::load('camelids')->id()])
+ ->setName('Lamoids')
+ ->save();
+ Term::create(['vid' => Vocabulary::load('camelids')->id()])
+ ->setName('Wimoids')
+ ->save();
+
+ // Modify the entity under test to use the provided parent terms.
+ $this->entity->set('parent', $parent_term_ids)->save();
+
+ // @todo Remove line below in favor of commented line in https://www.drupal.org/project/jsonapi/issues/2878463.
+ $url = Url::fromRoute(sprintf('jsonapi.%s.individual', static::$resourceTypeName), ['entity' => $this->entity->uuid()]);
+ /* $url = $this->entity->toUrl('jsonapi'); */
+ $request_options = [];
+ $request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
+ $request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions());
+ $this->setUpAuthorization('GET');
+ $response = $this->request('GET', $url, $request_options);
+ $this->assertSameDocument($this->getExpectedDocument(), Json::decode($response->getBody()));
+ }
+
+ /**
+ * Data provider for ::testGetIndividualTermWithParent().
+ */
+ public function providerTestGetIndividualTermWithParent() {
+ return [
+ 'root parent: [0] (= no parent)' => [
+ [0],
+ ],
+ 'non-root parent: [2]' => [
+ [2],
+ ],
+ 'multiple parents: [0,2] (root + non-root parent)' => [
+ [0, 2],
+ ],
+ 'multiple parents: [3,2] (both non-root parents)' => [
+ [3, 2],
+ ],
+ ];
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function testCollectionFilterAccess() {
+ $this->doTestCollectionFilterAccessBasedOnPermissions('name', 'access content');
+ }
+
+}
diff --git a/core/modules/jsonapi/tests/src/Functional/TestCoverageTest.php b/core/modules/jsonapi/tests/src/Functional/TestCoverageTest.php
new file mode 100644
index 0000000000..217d3d0d93
--- /dev/null
+++ b/core/modules/jsonapi/tests/src/Functional/TestCoverageTest.php
@@ -0,0 +1,116 @@
+origin === 'core'
+ && empty($module->info['hidden'])
+ && $module->status == FALSE
+ && $module->info['package'] !== 'Testing'
+ && $module->info['package'] !== 'Core (Experimental)';
+ });
+
+ $this->container->get('module_installer')->install(array_keys($stable_core_modules));
+ $this->rebuildContainer();
+
+ $this->definitions = $this->container->get('entity_type.manager')->getDefinitions();
+
+ // Entity types marked as "internal" are not exposed by JSON:API and hence
+ // also don't need test coverage.
+ $this->definitions = array_filter($this->definitions, function (EntityTypeInterface $entity_type) {
+ return !$entity_type->isInternal();
+ });
+ }
+
+ /**
+ * Tests that all core entity types have JSON:API test coverage.
+ */
+ public function testEntityTypeRestTestCoverage() {
+ $problems = [];
+ foreach ($this->definitions as $entity_type_id => $info) {
+ $class_name_full = $info->getClass();
+ $parts = explode('\\', $class_name_full);
+ $class_name = end($parts);
+ $module_name = $parts[1];
+
+ $possible_paths = [
+ 'Drupal\Tests\jsonapi\Functional\CLASSTest',
+ '\Drupal\Tests\\' . $module_name . '\Functional\Jsonapi\CLASSTest',
+ ];
+ foreach ($possible_paths as $path) {
+ $missing_tests = [];
+ $class = str_replace('CLASS', $class_name, $path);
+ if (class_exists($class)) {
+ continue 2;
+ }
+ $missing_tests[] = $class;
+ }
+ if (!empty($missing_tests)) {
+ $missing_tests_list = implode(', ', $missing_tests);
+ $problems[] = "$entity_type_id: $class_name ($class_name_full) (expected tests: $missing_tests_list)";
+ }
+ }
+
+ $all = count($this->definitions);
+ $good = $all - count($problems);
+ $this->assertSame([], $problems, $this->getLlamaMessage($good, $all));
+ }
+
+ /**
+ * Message from Llama.
+ *
+ * @param int $g
+ * A count of entities with test coverage.
+ * @param int $a
+ * A count of all entities.
+ *
+ * @return string
+ * An information about progress of REST test coverage.
+ */
+ protected function getLlamaMessage($g, $a) {
+ return "
+☼
+ _________________________
+ / Hi! \\
+ | It's llame to not have |
+ | complete JSON:API tests! |
+ | |
+ | Progress: $g/$a. |
+ | _________________________/
+ |/
+// o
+l'>
+ll
+llama
+|| ||
+'' ''
+";
+ }
+
+}
diff --git a/core/modules/jsonapi/tests/src/Functional/TourTest.php b/core/modules/jsonapi/tests/src/Functional/TourTest.php
new file mode 100644
index 0000000000..e6d3488778
--- /dev/null
+++ b/core/modules/jsonapi/tests/src/Functional/TourTest.php
@@ -0,0 +1,142 @@
+grantPermissionsToTestedRole(['access tour']);
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function createEntity() {
+ $tour = Tour::create([
+ 'id' => 'tour-llama',
+ 'label' => 'Llama tour',
+ 'langcode' => 'en',
+ 'module' => 'tour',
+ 'routes' => [
+ [
+ 'route_name' => '',
+ ],
+ ],
+ 'tips' => [
+ 'tour-llama-1' => [
+ 'id' => 'tour-llama-1',
+ 'plugin' => 'text',
+ 'label' => 'Llama',
+ 'body' => 'Who handle the awesomeness of llamas?',
+ 'weight' => 100,
+ 'attributes' => [
+ 'data-id' => 'tour-llama-1',
+ ],
+ ],
+ ],
+ ]);
+ $tour->save();
+
+ return $tour;
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function getExpectedDocument() {
+ $self_url = Url::fromUri('base:/jsonapi/tour/tour/' . $this->entity->uuid())->setAbsolute()->toString(TRUE)->getGeneratedUrl();
+ return [
+ 'jsonapi' => [
+ 'meta' => [
+ 'links' => [
+ 'self' => ['href' => 'http://jsonapi.org/format/1.0/'],
+ ],
+ ],
+ 'version' => '1.0',
+ ],
+ 'links' => [
+ 'self' => ['href' => $self_url],
+ ],
+ 'data' => [
+ 'id' => $this->entity->uuid(),
+ 'type' => 'tour--tour',
+ 'links' => [
+ 'self' => ['href' => $self_url],
+ ],
+ 'attributes' => [
+ 'dependencies' => [],
+ 'label' => 'Llama tour',
+ 'langcode' => 'en',
+ 'module' => 'tour',
+ 'routes' => [
+ [
+ 'route_name' => '',
+ ],
+ ],
+ 'status' => TRUE,
+ 'tips' => [
+ 'tour-llama-1' => [
+ 'id' => 'tour-llama-1',
+ 'plugin' => 'text',
+ 'label' => 'Llama',
+ 'body' => 'Who handle the awesomeness of llamas?',
+ 'weight' => 100,
+ 'attributes' => [
+ 'data-id' => 'tour-llama-1',
+ ],
+ ],
+ ],
+ 'drupal_internal__id' => 'tour-llama',
+ ],
+ ],
+ ];
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function getPostDocument() {
+ // @todo Update in https://www.drupal.org/node/2300677.
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function getExpectedUnauthorizedAccessMessage($method) {
+ return "The following permissions are required: 'access tour' OR 'administer site configuration'.";
+ }
+
+}
diff --git a/core/modules/jsonapi/tests/src/Functional/UserTest.php b/core/modules/jsonapi/tests/src/Functional/UserTest.php
new file mode 100644
index 0000000000..8b99779411
--- /dev/null
+++ b/core/modules/jsonapi/tests/src/Functional/UserTest.php
@@ -0,0 +1,546 @@
+ NULL,
+ ];
+
+ /**
+ * {@inheritdoc}
+ */
+ protected static $anonymousUsersCanViewLabels = TRUE;
+
+ /**
+ * {@inheritdoc}
+ *
+ * @var \Drupal\taxonomy\TermInterface
+ */
+ protected $entity;
+
+ /**
+ * {@inheritdoc}
+ */
+ protected static $labelFieldName = 'name';
+
+ /**
+ * {@inheritdoc}
+ */
+ protected static $firstCreatedEntityId = 4;
+
+ /**
+ * {@inheritdoc}
+ */
+ protected static $secondCreatedEntityId = 5;
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function setUpAuthorization($method) {
+ // @todo Remove this in
+ $this->grantPermissionsToTestedRole(['access content']);
+
+ switch ($method) {
+ case 'GET':
+ $this->grantPermissionsToTestedRole(['access user profiles']);
+ break;
+
+ case 'POST':
+ case 'PATCH':
+ case 'DELETE':
+ $this->grantPermissionsToTestedRole(['administer users']);
+ break;
+ }
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function createEntity() {
+ // Create a "Llama" user.
+ $user = User::create(['created' => 123456789]);
+ $user->setUsername('Llama')
+ ->setChangedTime(123456789)
+ ->activate()
+ ->save();
+
+ return $user;
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function createAnotherEntity($key) {
+ /** @var \Drupal\user\UserInterface $user */
+ $user = $this->getEntityDuplicate($this->entity, $key);
+ $user->setUsername($user->label() . '_' . $key);
+ $user->setEmail("$key@example.com");
+ $user->save();
+ return $user;
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function getExpectedDocument() {
+ $self_url = Url::fromUri('base:/jsonapi/user/user/' . $this->entity->uuid())->setAbsolute()->toString(TRUE)->getGeneratedUrl();
+ return [
+ 'jsonapi' => [
+ 'meta' => [
+ 'links' => [
+ 'self' => ['href' => 'http://jsonapi.org/format/1.0/'],
+ ],
+ ],
+ 'version' => '1.0',
+ ],
+ 'links' => [
+ 'self' => ['href' => $self_url],
+ ],
+ 'data' => [
+ 'id' => $this->entity->uuid(),
+ 'type' => 'user--user',
+ 'links' => [
+ 'self' => ['href' => $self_url],
+ ],
+ 'attributes' => [
+ 'created' => '1973-11-29T21:33:09+00:00',
+ 'changed' => (new \DateTime())->setTimestamp($this->entity->getChangedTime())->setTimezone(new \DateTimeZone('UTC'))->format(\DateTime::RFC3339),
+ 'default_langcode' => TRUE,
+ 'langcode' => 'en',
+ 'name' => 'Llama',
+ 'drupal_internal__uid' => 3,
+ ],
+ ],
+ ];
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function getExpectedCacheContexts(array $sparse_fieldset = NULL) {
+ $cache_contexts = parent::getExpectedCacheContexts($sparse_fieldset);
+ if ($sparse_fieldset === NULL || in_array('mail', $sparse_fieldset)) {
+ if (floatval(\Drupal::VERSION) >= 8.7) {
+ $cache_contexts = Cache::mergeContexts($cache_contexts, ['user']);
+ }
+ }
+ return $cache_contexts;
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function getPostDocument() {
+ return [
+ 'data' => [
+ 'type' => 'user--user',
+ 'attributes' => [
+ 'name' => 'Dramallama',
+ ],
+ ],
+ ];
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function getExpectedUnauthorizedAccessMessage($method) {
+ switch ($method) {
+ case 'GET':
+ return "The 'access user profiles' permission is required and the user must be active.";
+
+ case 'PATCH':
+ return "Users can only update their own account, unless they have the 'administer users' permission.";
+
+ case 'DELETE':
+ return "The 'cancel account' permission is required.";
+
+ default:
+ return parent::getExpectedUnauthorizedAccessMessage($method);
+ }
+ }
+
+ /**
+ * Tests PATCHing security-sensitive base fields of the logged in account.
+ */
+ public function testPatchDxForSecuritySensitiveBaseFields() {
+ // @todo Remove line below in favor of commented line in https://www.drupal.org/project/jsonapi/issues/2878463.
+ $url = Url::fromRoute(sprintf('jsonapi.user--user.individual'), ['entity' => $this->account->uuid()]);
+ /* $url = $this->account->toUrl('jsonapi'); */
+
+ $original_normalization = $this->normalize($this->account, $url);
+ // @todo Remove the array_diff_key() call in https://www.drupal.org/node/2821077.
+ $original_normalization['data']['attributes'] = array_diff_key(
+ $original_normalization['data']['attributes'],
+ ['created' => TRUE, 'changed' => TRUE, 'name' => TRUE]
+ );
+
+ // Since this test must be performed by the user that is being modified,
+ // we must use $this->account, not $this->entity.
+ $request_options = [];
+ $request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
+ $request_options[RequestOptions::HEADERS]['Content-Type'] = 'application/vnd.api+json';
+ $request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions());
+
+ // Test case 1: changing email.
+ $normalization = $original_normalization;
+ $normalization['data']['attributes']['mail'] = 'new-email@example.com';
+ $request_options[RequestOptions::BODY] = Json::encode($normalization);
+
+ // DX: 422 when changing email without providing the password.
+ $response = $this->request('PATCH', $url, $request_options);
+ $this->assertResourceErrorResponse(422, 'mail: Your current password is missing or incorrect; it\'s required to change the Email.', NULL, $response, '/data/attributes/mail');
+
+ $normalization['data']['attributes']['pass']['existing'] = 'wrong';
+ $request_options[RequestOptions::BODY] = Json::encode($normalization);
+
+ // DX: 422 when changing email while providing a wrong password.
+ $response = $this->request('PATCH', $url, $request_options);
+ $this->assertResourceErrorResponse(422, 'mail: Your current password is missing or incorrect; it\'s required to change the Email.', NULL, $response, '/data/attributes/mail');
+
+ $normalization['data']['attributes']['pass']['existing'] = $this->account->passRaw;
+ $request_options[RequestOptions::BODY] = Json::encode($normalization);
+
+ // 200 for well-formed request.
+ $response = $this->request('PATCH', $url, $request_options);
+ $this->assertResourceResponse(200, FALSE, $response);
+
+ // Test case 2: changing password.
+ $normalization = $original_normalization;
+ $normalization['data']['attributes']['mail'] = 'new-email@example.com';
+ $new_password = $this->randomString();
+ $normalization['data']['attributes']['pass']['value'] = $new_password;
+ $request_options[RequestOptions::BODY] = Json::encode($normalization);
+
+ // DX: 422 when changing password without providing the current password.
+ $response = $this->request('PATCH', $url, $request_options);
+ $this->assertResourceErrorResponse(422, 'pass: Your current password is missing or incorrect; it\'s required to change the Password.', NULL, $response, '/data/attributes/pass');
+
+ $normalization['data']['attributes']['pass']['existing'] = $this->account->passRaw;
+ $request_options[RequestOptions::BODY] = Json::encode($normalization);
+
+ // 200 for well-formed request.
+ $response = $this->request('PATCH', $url, $request_options);
+ $this->assertResourceResponse(200, FALSE, $response);
+
+ // Verify that we can log in with the new password.
+ $this->assertRpcLogin($this->account->getAccountName(), $new_password);
+
+ // Update password in $this->account, prepare for future requests.
+ $this->account->passRaw = $new_password;
+ $request_options = [];
+ $request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
+ $request_options[RequestOptions::HEADERS]['Content-Type'] = 'application/vnd.api+json';
+ $request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions());
+
+ // Test case 3: changing name.
+ $normalization = $original_normalization;
+ $normalization['data']['attributes']['mail'] = 'new-email@example.com';
+ $normalization['data']['attributes']['pass']['existing'] = $new_password;
+ $normalization['data']['attributes']['name'] = 'Cooler Llama';
+ $request_options[RequestOptions::BODY] = Json::encode($normalization);
+
+ // DX: 403 when modifying username without required permission.
+ $response = $this->request('PATCH', $url, $request_options);
+ $this->assertResourceErrorResponse(403, 'The current user is not allowed to PATCH the selected field (name).', $url, $response, '/data/attributes/name');
+
+ $this->grantPermissionsToTestedRole(['change own username']);
+
+ // 200 for well-formed request.
+ $response = $this->request('PATCH', $url, $request_options);
+ $this->assertResourceResponse(200, FALSE, $response);
+
+ // Verify that we can log in with the new username.
+ $this->assertRpcLogin('Cooler Llama', $new_password);
+ }
+
+ /**
+ * Verifies that logging in with the given username and password works.
+ *
+ * @param string $username
+ * The username to log in with.
+ * @param string $password
+ * The password to log in with.
+ */
+ protected function assertRpcLogin($username, $password) {
+ $request_body = [
+ 'name' => $username,
+ 'pass' => $password,
+ ];
+ $request_options = [
+ RequestOptions::HEADERS => [],
+ RequestOptions::BODY => Json::encode($request_body),
+ ];
+ $response = $this->request('POST', Url::fromRoute('user.login.http')->setRouteParameter('_format', 'json'), $request_options);
+ $this->assertSame(200, $response->getStatusCode());
+ }
+
+ /**
+ * Tests PATCHing security-sensitive base fields to change other users.
+ */
+ public function testPatchSecurityOtherUser() {
+ // @todo Remove line below in favor of commented line in https://www.drupal.org/project/jsonapi/issues/2878463.
+ $url = Url::fromRoute(sprintf('jsonapi.user--user.individual'), ['entity' => $this->account->uuid()]);
+ /* $url = $this->account->toUrl('jsonapi'); */
+
+ $original_normalization = $this->normalize($this->account, $url);
+
+ // Since this test must be performed by the user that is being modified,
+ // we must use $this->account, not $this->entity.
+ $request_options = [];
+ $request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
+ $request_options[RequestOptions::HEADERS]['Content-Type'] = 'application/vnd.api+json';
+ $request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions());
+
+ $normalization = $original_normalization;
+ $normalization['data']['attributes']['mail'] = 'new-email@example.com';
+ $request_options[RequestOptions::BODY] = Json::encode($normalization);
+
+ // Try changing user 1's email.
+ $user1 = $original_normalization;
+ $user1['data']['attributes']['mail'] = 'another_email_address@example.com';
+ $user1['data']['attributes']['uid'] = 1;
+ $user1['data']['attributes']['name'] = 'another_user_name';
+ $user1['data']['attributes']['pass']['existing'] = $this->account->passRaw;
+ $request_options[RequestOptions::BODY] = Json::encode($user1);
+ $response = $this->request('PATCH', $url, $request_options);
+ // Ensure the email address has not changed.
+ $this->assertEquals('admin@example.com', $this->entityStorage->loadUnchanged(1)->getEmail());
+ $this->assertResourceErrorResponse(403, 'The current user is not allowed to PATCH the selected field (uid). The entity ID cannot be changed.', $url, $response, '/data/attributes/uid');
+ }
+
+ /**
+ * Tests GETting privacy-sensitive base fields.
+ */
+ public function testGetMailFieldOnlyVisibleToOwner() {
+ // Create user B, with the same roles (and hence permissions) as user A.
+ $user_a = $this->account;
+ $pass = user_password();
+ $user_b = User::create([
+ 'name' => 'sibling-of-' . $user_a->getAccountName(),
+ 'mail' => 'sibling-of-' . $user_a->getAccountName() . '@example.com',
+ 'pass' => $pass,
+ 'status' => 1,
+ 'roles' => $user_a->getRoles(),
+ ]);
+ $user_b->save();
+ $user_b->passRaw = $pass;
+
+ // Grant permission to role that both users use.
+ $this->grantPermissionsToTestedRole(['access user profiles']);
+
+ $collection_url = Url::fromRoute('jsonapi.user--user.collection', [], ['query' => ['sort' => 'drupal_internal__uid']]);
+ // @todo Remove line below in favor of commented line in https://www.drupal.org/project/jsonapi/issues/2878463.
+ $user_a_url = Url::fromRoute(sprintf('jsonapi.user--user.individual'), ['entity' => $user_a->uuid()]);
+ /* $user_a_url = $user_a->toUrl('jsonapi'); */
+ $request_options = [];
+ $request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
+ $request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions());
+
+ // Viewing user A as user A: "mail" field is accessible.
+ $response = $this->request('GET', $user_a_url, $request_options);
+ $doc = Json::decode((string) $response->getBody());
+ $this->assertArrayHasKey('mail', $doc['data']['attributes']);
+ // Also when looking at the collection.
+ $response = $this->request('GET', $collection_url, $request_options);
+ $doc = Json::decode((string) $response->getBody());
+ $this->assertSame($user_a->uuid(), $doc['data']['2']['id']);
+ $this->assertArrayHasKey('mail', $doc['data'][2]['attributes'], "Own user--user resource's 'mail' field is visible.");
+ $this->assertSame($user_b->uuid(), $doc['data'][count($doc['data']) - 1]['id']);
+ $this->assertArrayNotHasKey('mail', $doc['data'][count($doc['data']) - 1]['attributes']);
+
+ // Now request the same URLs, but as user B (same roles/permissions).
+ $this->account = $user_b;
+ $request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions());
+ // Viewing user A as user B: "mail" field should be inaccessible.
+ $response = $this->request('GET', $user_a_url, $request_options);
+ $doc = Json::decode((string) $response->getBody());
+ $this->assertArrayNotHasKey('mail', $doc['data']['attributes']);
+ // Also when looking at the collection.
+ $response = $this->request('GET', $collection_url, $request_options);
+ $doc = Json::decode((string) $response->getBody());
+ $this->assertSame($user_a->uuid(), $doc['data']['2']['id']);
+ $this->assertArrayNotHasKey('mail', $doc['data'][2]['attributes']);
+ $this->assertSame($user_b->uuid(), $doc['data'][count($doc['data']) - 1]['id']);
+ $this->assertArrayHasKey('mail', $doc['data'][count($doc['data']) - 1]['attributes']);
+ }
+
+ /**
+ * Test good error DX when trying to filter users by role.
+ */
+ public function testQueryInvolvingRoles() {
+ $this->setUpAuthorization('GET');
+
+ $collection_url = Url::fromRoute('jsonapi.user--user.collection', [], ['query' => ['filter[roles.id][value]' => 'e9b1de3f-9517-4c27-bef0-0301229de792']]);
+ $request_options = [];
+ $request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
+ $request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions());
+
+ // The 'administer users' permission is required to filter by role entities.
+ $this->grantPermissionsToTestedRole(['administer users']);
+
+ $response = $this->request('GET', $collection_url, $request_options);
+ $expected_cache_contexts = ['url.path', 'url.query_args:filter', 'url.site'];
+ $this->assertResourceErrorResponse(400, "Filtering on config entities is not supported by Drupal's entity API. You tried to filter on a Role config entity.", $collection_url, $response, FALSE, ['4xx-response', 'http_response'], $expected_cache_contexts, FALSE, 'MISS');
+ }
+
+ /**
+ * Tests that the collection contains the anonymous user.
+ */
+ public function testCollectionContainsAnonymousUser() {
+ $url = Url::fromRoute('jsonapi.user--user.collection', [], ['query' => ['sort' => 'drupal_internal__uid']]);
+ $request_options = [];
+ $request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
+ $request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions());
+
+ $response = $this->request('GET', $url, $request_options);
+ $doc = Json::decode((string) $response->getBody());
+
+ $this->assertCount(4, $doc['data']);
+ $this->assertSame(User::load(0)->uuid(), $doc['data'][0]['id']);
+ $this->assertSame('Anonymous', $doc['data'][0]['attributes']['name']);
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function testCollectionFilterAccess() {
+ // Set up data model.
+ $this->assertTrue($this->container->get('module_installer')->install(['node'], TRUE), 'Installed modules.');
+ FieldStorageConfig::create([
+ 'entity_type' => static::$entityTypeId,
+ 'field_name' => 'field_favorite_animal',
+ 'type' => 'string',
+ ])
+ ->setCardinality(1)
+ ->save();
+ FieldConfig::create([
+ 'entity_type' => static::$entityTypeId,
+ 'field_name' => 'field_favorite_animal',
+ 'bundle' => 'user',
+ ])
+ ->setLabel('Test field')
+ ->setTranslatable(FALSE)
+ ->save();
+ $this->drupalCreateContentType(['type' => 'x']);
+ $this->rebuildAll();
+ $this->grantPermissionsToTestedRole(['access content']);
+
+ // Create data.
+ $user_a = User::create([])->setUsername('A')->activate();
+ $user_a->save();
+ $user_b = User::create([])->setUsername('B')->set('field_favorite_animal', 'stegosaurus')->block();
+ $user_b->save();
+ $node_a = Node::create(['type' => 'x'])->setTitle('Owned by A')->setOwner($user_a);
+ $node_a->save();
+ $node_b = Node::create(['type' => 'x'])->setTitle('Owned by B')->setOwner($user_b);
+ $node_b->save();
+ $node_anon_1 = Node::create(['type' => 'x'])->setTitle('Owned by anon #1')->setOwnerId(0);
+ $node_anon_1->save();
+ $node_anon_2 = Node::create(['type' => 'x'])->setTitle('Owned by anon #2')->setOwnerId(0);
+ $node_anon_2->save();
+ $node_auth_1 = Node::create(['type' => 'x'])->setTitle('Owned by auth #1')->setOwner($this->account);
+ $node_auth_1->save();
+
+ $favorite_animal_test_url = Url::fromRoute('jsonapi.user--user.collection')->setOption('query', ['filter[field_favorite_animal]' => 'stegosaurus']);
+
+ // Test.
+ $collection_url = Url::fromRoute('jsonapi.node--x.collection');
+ $request_options = [];
+ $request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
+ $request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions());
+ // ?filter[uid.id]=OWN_UUID requires no permissions: 1 result.
+ $response = $this->request('GET', $collection_url->setOption('query', ['filter[uid.id]' => $this->account->uuid()]), $request_options);
+ $this->assertSession()->responseHeaderContains('X-Drupal-Cache-Contexts', 'user.permissions');
+ $doc = Json::decode((string) $response->getBody());
+ $this->assertCount(1, $doc['data']);
+ $this->assertSame($node_auth_1->uuid(), $doc['data'][0]['id']);
+ // ?filter[uid.id]=ANONYMOUS_UUID: 0 results.
+ $response = $this->request('GET', $collection_url->setOption('query', ['filter[uid.id]' => User::load(0)->uuid()]), $request_options);
+ $this->assertSession()->responseHeaderContains('X-Drupal-Cache-Contexts', 'user.permissions');
+ $doc = Json::decode((string) $response->getBody());
+ $this->assertCount(0, $doc['data']);
+ // ?filter[uid.name]=A: 0 results.
+ $response = $this->request('GET', $collection_url->setOption('query', ['filter[uid.name]' => 'A']), $request_options);
+ $doc = Json::decode((string) $response->getBody());
+ $this->assertCount(0, $doc['data']);
+ // /jsonapi/user/user?filter[field_favorite_animal]: 0 results.
+ $response = $this->request('GET', $favorite_animal_test_url, $request_options);
+ $this->assertSame(200, $response->getStatusCode());
+ $doc = Json::decode((string) $response->getBody());
+ $this->assertCount(0, $doc['data']);
+ // Grant "view" permission.
+ $this->grantPermissionsToTestedRole(['access user profiles']);
+ // ?filter[uid.id]=ANONYMOUS_UUID: 0 results.
+ $response = $this->request('GET', $collection_url->setOption('query', ['filter[uid.id]' => User::load(0)->uuid()]), $request_options);
+ $this->assertSession()->responseHeaderContains('X-Drupal-Cache-Contexts', 'user.permissions');
+ $doc = Json::decode((string) $response->getBody());
+ $this->assertCount(0, $doc['data']);
+ // ?filter[uid.name]=A: 1 result since user A is active.
+ $response = $this->request('GET', $collection_url->setOption('query', ['filter[uid.name]' => 'A']), $request_options);
+ $this->assertSession()->responseHeaderContains('X-Drupal-Cache-Contexts', 'user.permissions');
+ $doc = Json::decode((string) $response->getBody());
+ $this->assertCount(1, $doc['data']);
+ $this->assertSame($node_a->uuid(), $doc['data'][0]['id']);
+ // ?filter[uid.name]=B: 0 results since user B is blocked.
+ $response = $this->request('GET', $collection_url->setOption('query', ['filter[uid.name]' => 'B']), $request_options);
+ $this->assertSession()->responseHeaderContains('X-Drupal-Cache-Contexts', 'user.permissions');
+ $doc = Json::decode((string) $response->getBody());
+ $this->assertCount(0, $doc['data']);
+ // /jsonapi/user/user?filter[field_favorite_animal]: 0 results.
+ $response = $this->request('GET', $favorite_animal_test_url, $request_options);
+ $this->assertSame(200, $response->getStatusCode());
+ $doc = Json::decode((string) $response->getBody());
+ $this->assertCount(0, $doc['data']);
+ // Grant "admin" permission.
+ $this->grantPermissionsToTestedRole(['administer users']);
+ // ?filter[uid.name]=B: 1 result.
+ $response = $this->request('GET', $collection_url->setOption('query', ['filter[uid.name]' => 'B']), $request_options);
+ $this->assertSession()->responseHeaderContains('X-Drupal-Cache-Contexts', 'user.permissions');
+ $doc = Json::decode((string) $response->getBody());
+ $this->assertCount(1, $doc['data']);
+ $this->assertSame($node_b->uuid(), $doc['data'][0]['id']);
+ // /jsonapi/user/user?filter[field_favorite_animal]: 1 result.
+ $response = $this->request('GET', $favorite_animal_test_url, $request_options);
+ $this->assertSame(200, $response->getStatusCode());
+ $doc = Json::decode((string) $response->getBody());
+ $this->assertCount(1, $doc['data']);
+ $this->assertSame($user_b->uuid(), $doc['data'][0]['id']);
+ }
+
+}
diff --git a/core/modules/jsonapi/tests/src/Functional/ViewTest.php b/core/modules/jsonapi/tests/src/Functional/ViewTest.php
new file mode 100644
index 0000000000..acd8f86cb2
--- /dev/null
+++ b/core/modules/jsonapi/tests/src/Functional/ViewTest.php
@@ -0,0 +1,122 @@
+grantPermissionsToTestedRole(['administer views']);
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function createEntity() {
+ $view = View::create([
+ 'id' => 'test_rest',
+ 'label' => 'Test REST',
+ ]);
+ $view->save();
+ return $view;
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function getExpectedDocument() {
+ $self_url = Url::fromUri('base:/jsonapi/view/view/' . $this->entity->uuid())->setAbsolute()->toString(TRUE)->getGeneratedUrl();
+ return [
+ 'jsonapi' => [
+ 'meta' => [
+ 'links' => [
+ 'self' => ['href' => 'http://jsonapi.org/format/1.0/'],
+ ],
+ ],
+ 'version' => '1.0',
+ ],
+ 'links' => [
+ 'self' => ['href' => $self_url],
+ ],
+ 'data' => [
+ 'id' => $this->entity->uuid(),
+ 'type' => 'view--view',
+ 'links' => [
+ 'self' => ['href' => $self_url],
+ ],
+ 'attributes' => [
+ 'base_field' => 'nid',
+ 'base_table' => 'node',
+ 'core' => '8.x',
+ 'dependencies' => [],
+ 'description' => '',
+ 'display' => [
+ 'default' => [
+ 'display_plugin' => 'default',
+ 'id' => 'default',
+ 'display_title' => 'Master',
+ 'position' => 0,
+ 'display_options' => [
+ 'display_extenders' => [],
+ ],
+ 'cache_metadata' => [
+ 'max-age' => -1,
+ 'contexts' => [
+ 'languages:language_interface',
+ 'url.query_args',
+ ],
+ 'tags' => [],
+ ],
+ ],
+ ],
+ 'label' => 'Test REST',
+ 'langcode' => 'en',
+ 'module' => 'views',
+ 'status' => TRUE,
+ 'tag' => '',
+ 'drupal_internal__id' => 'test_rest',
+ ],
+ ],
+ ];
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function getPostDocument() {
+ // @todo Update in https://www.drupal.org/node/2300677.
+ }
+
+}
diff --git a/core/modules/jsonapi/tests/src/Functional/VocabularyTest.php b/core/modules/jsonapi/tests/src/Functional/VocabularyTest.php
new file mode 100644
index 0000000000..61ecdc811a
--- /dev/null
+++ b/core/modules/jsonapi/tests/src/Functional/VocabularyTest.php
@@ -0,0 +1,110 @@
+grantPermissionsToTestedRole(['administer taxonomy']);
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function createEntity() {
+ $vocabulary = Vocabulary::create([
+ 'name' => 'Llama',
+ 'vid' => 'llama',
+ ]);
+ $vocabulary->save();
+
+ return $vocabulary;
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function getExpectedDocument() {
+ $self_url = Url::fromUri('base:/jsonapi/taxonomy_vocabulary/taxonomy_vocabulary/' . $this->entity->uuid())->setAbsolute()->toString(TRUE)->getGeneratedUrl();
+ return [
+ 'jsonapi' => [
+ 'meta' => [
+ 'links' => [
+ 'self' => ['href' => 'http://jsonapi.org/format/1.0/'],
+ ],
+ ],
+ 'version' => '1.0',
+ ],
+ 'links' => [
+ 'self' => ['href' => $self_url],
+ ],
+ 'data' => [
+ 'id' => $this->entity->uuid(),
+ 'type' => 'taxonomy_vocabulary--taxonomy_vocabulary',
+ 'links' => [
+ 'self' => ['href' => $self_url],
+ ],
+ 'attributes' => [
+ 'langcode' => 'en',
+ 'status' => TRUE,
+ 'dependencies' => [],
+ 'name' => 'Llama',
+ 'description' => NULL,
+ 'weight' => 0,
+ 'drupal_internal__vid' => 'llama',
+ ],
+ ],
+ ];
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function getPostDocument() {
+ // @todo Update in https://www.drupal.org/node/2300677.
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function getExpectedUnauthorizedAccessMessage($method) {
+ if ($method === 'GET') {
+ return "The following permissions are required: 'access taxonomy overview' OR 'administer taxonomy'.";
+ }
+ return parent::getExpectedUnauthorizedAccessMessage($method);
+ }
+
+}
diff --git a/core/modules/jsonapi/tests/src/Functional/WorkflowTest.php b/core/modules/jsonapi/tests/src/Functional/WorkflowTest.php
new file mode 100644
index 0000000000..6ad93d50f7
--- /dev/null
+++ b/core/modules/jsonapi/tests/src/Functional/WorkflowTest.php
@@ -0,0 +1,126 @@
+grantPermissionsToTestedRole(['administer workflows']);
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function createEntity() {
+ $workflow = Workflow::create([
+ 'id' => 'rest_workflow',
+ 'label' => 'REST Worklow',
+ 'type' => 'workflow_type_complex_test',
+ ]);
+ $workflow
+ ->getTypePlugin()
+ ->addState('draft', 'Draft')
+ ->addState('published', 'Published');
+ $configuration = $workflow->getTypePlugin()->getConfiguration();
+ $configuration['example_setting'] = 'foo';
+ $configuration['states']['draft']['extra'] = 'bar';
+ $workflow->getTypePlugin()->setConfiguration($configuration);
+ $workflow->save();
+ return $workflow;
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function getExpectedDocument() {
+ $self_url = Url::fromUri('base:/jsonapi/workflow/workflow/' . $this->entity->uuid())->setAbsolute()->toString(TRUE)->getGeneratedUrl();
+ return [
+ 'jsonapi' => [
+ 'meta' => [
+ 'links' => [
+ 'self' => ['href' => 'http://jsonapi.org/format/1.0/'],
+ ],
+ ],
+ 'version' => '1.0',
+ ],
+ 'links' => [
+ 'self' => ['href' => $self_url],
+ ],
+ 'data' => [
+ 'id' => $this->entity->uuid(),
+ 'type' => 'workflow--workflow',
+ 'links' => [
+ 'self' => ['href' => $self_url],
+ ],
+ 'attributes' => [
+ 'dependencies' => [
+ 'module' => [
+ 'workflow_type_test',
+ ],
+ ],
+ 'label' => 'REST Worklow',
+ 'langcode' => 'en',
+ 'status' => TRUE,
+ 'workflow_type' => 'workflow_type_complex_test',
+ 'type_settings' => [
+ 'states' => [
+ 'draft' => [
+ 'extra' => 'bar',
+ 'label' => 'Draft',
+ 'weight' => 0,
+ ],
+ 'published' => [
+ 'label' => 'Published',
+ 'weight' => 1,
+ ],
+ ],
+ 'transitions' => [],
+ 'example_setting' => 'foo',
+ ],
+ 'drupal_internal__id' => 'rest_workflow',
+ ],
+ ],
+ ];
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function getPostDocument() {
+ // @todo Update in https://www.drupal.org/node/2300677.
+ }
+
+}
diff --git a/core/modules/jsonapi/tests/src/Kernel/Context/FieldResolverTest.php b/core/modules/jsonapi/tests/src/Kernel/Context/FieldResolverTest.php
new file mode 100644
index 0000000000..50aae4a82e
--- /dev/null
+++ b/core/modules/jsonapi/tests/src/Kernel/Context/FieldResolverTest.php
@@ -0,0 +1,371 @@
+sut = \Drupal::service('jsonapi.field_resolver');
+
+ $this->makeBundle('bundle1');
+ $this->makeBundle('bundle2');
+ $this->makeBundle('bundle3');
+
+ $this->makeField('string', 'field_test1', 'entity_test_with_bundle', ['bundle1']);
+ $this->makeField('string', 'field_test2', 'entity_test_with_bundle', ['bundle1']);
+ $this->makeField('string', 'field_test3', 'entity_test_with_bundle', ['bundle2', 'bundle3']);
+
+ // Provides entity reference fields.
+ $settings = ['target_type' => 'entity_test_with_bundle'];
+ $this->makeField('entity_reference', 'field_test_ref1', 'entity_test_with_bundle', ['bundle1'], $settings, [
+ 'handler_settings' => [
+ 'target_bundles' => ['bundle2', 'bundle3'],
+ ],
+ ]);
+ $this->makeField('entity_reference', 'field_test_ref2', 'entity_test_with_bundle', ['bundle1'], $settings);
+ $this->makeField('entity_reference', 'field_test_ref3', 'entity_test_with_bundle', ['bundle2', 'bundle3'], $settings);
+
+ // Add a field with multiple properties.
+ $this->makeField('text', 'field_test_text', 'entity_test_with_bundle', ['bundle1', 'bundle2']);
+
+ $this->resourceTypeRepository = $this->container->get('jsonapi.resource_type.repository');
+ }
+
+ /**
+ * @covers ::resolveInternalEntityQueryPath
+ * @dataProvider resolveInternalIncludePathProvider
+ */
+ public function testResolveInternalIncludePath($expect, $external_path, $entity_type_id = 'entity_test_with_bundle', $bundle = 'bundle1') {
+ $path_parts = explode('.', $external_path);
+ $resource_type = $this->resourceTypeRepository->get($entity_type_id, $bundle);
+ $this->assertEquals($expect, $this->sut->resolveInternalIncludePath($resource_type, $path_parts));
+ }
+
+ /**
+ * Provides test cases for resolveInternalEntityQueryPath.
+ */
+ public function resolveInternalIncludePathProvider() {
+ return [
+ 'entity reference' => [[['field_test_ref2']], 'field_test_ref2'],
+ 'entity reference with multi target bundles' => [[['field_test_ref1']], 'field_test_ref1'],
+ 'entity reference then another entity reference' => [
+ [['field_test_ref1', 'field_test_ref3']],
+ 'field_test_ref1.field_test_ref3',
+ ],
+ ];
+ }
+
+ /**
+ * Expects an error when an invalid field is provided for include.
+ *
+ * @param string $entity_type
+ * The entity type for which to test field resolution.
+ * @param string $bundle
+ * The entity bundle for which to test field resolution.
+ * @param string $external_path
+ * The external field path to resolve.
+ * @param string $expected_message
+ * (optional) An expected exception message.
+ *
+ * @covers ::resolveInternalIncludePath
+ * @dataProvider resolveInternalIncludePathErrorProvider
+ */
+ public function testResolveInternalIncludePathError($entity_type, $bundle, $external_path, $expected_message = '') {
+ $path_parts = explode('.', $external_path);
+ $this->setExpectedException(CacheableBadRequestHttpException::class, $expected_message);
+ $resource_type = $this->resourceTypeRepository->get($entity_type, $bundle);
+ $this->sut->resolveInternalIncludePath($resource_type, $path_parts);
+ }
+
+ /**
+ * Provides test cases for ::testResolveInternalIncludePathError.
+ */
+ public function resolveInternalIncludePathErrorProvider() {
+ return [
+ // Should fail because none of these bundles have these fields.
+ ['entity_test_with_bundle', 'bundle1', 'host.fail!!.deep'],
+ ['entity_test_with_bundle', 'bundle2', 'field_test_ref2'],
+ ['entity_test_with_bundle', 'bundle1', 'field_test_ref3'],
+ // Should fail because the nested fields don't exist on the targeted
+ // resource types.
+ ['entity_test_with_bundle', 'bundle1', 'field_test_ref1.field_test1'],
+ ['entity_test_with_bundle', 'bundle1', 'field_test_ref1.field_test2'],
+ ['entity_test_with_bundle', 'bundle1', 'field_test_ref1.field_test_ref1'],
+ ['entity_test_with_bundle', 'bundle1', 'field_test_ref1.field_test_ref2'],
+ // Should fail because the nested fields is not a valid relationship
+ // field name.
+ [
+ 'entity_test_with_bundle', 'bundle1', 'field_test1',
+ '`field_test1` is not a valid relationship field name.',
+ ],
+ // Should fail because the nested fields is not a valid include path.
+ [
+ 'entity_test_with_bundle', 'bundle1', 'field_test_ref1.field_test3',
+ '`field_test_ref1.field_test3` is not a valid include path.',
+ ],
+ ];
+ }
+
+ /**
+ * @covers ::resolveInternalEntityQueryPath
+ * @dataProvider resolveInternalEntityQueryPathProvider
+ */
+ public function testResolveInternalEntityQueryPath($expect, $external_path, $entity_type_id = 'entity_test_with_bundle', $bundle = 'bundle1') {
+ $this->assertEquals($expect, $this->sut->resolveInternalEntityQueryPath($entity_type_id, $bundle, $external_path));
+ }
+
+ /**
+ * Provides test cases for ::testResolveInternalEntityQueryPath.
+ */
+ public function resolveInternalEntityQueryPathProvider() {
+ return [
+ 'config entity as base' => [
+ 'uuid', 'id', 'entity_test_bundle', 'entity_test_bundle',
+ ],
+ 'config entity as target' => ['type.entity:entity_test_bundle.uuid', 'type.id'],
+
+ 'primitive field; variation A' => ['field_test1', 'field_test1'],
+ 'primitive field; variation B' => ['field_test2', 'field_test2'],
+
+ 'entity reference then a primitive field; variation A' => ['field_test_ref2.entity:entity_test_with_bundle.field_test1', 'field_test_ref2.field_test1'],
+ 'entity reference then a primitive field; variation B' => ['field_test_ref2.entity:entity_test_with_bundle.field_test2', 'field_test_ref2.field_test2'],
+
+ 'entity reference then a complex field with property specifier `value`' => ['field_test_ref2.entity:entity_test_with_bundle.field_test_text.value', 'field_test_ref2.field_test_text.value'],
+ 'entity reference then a complex field with property specifier `format`' => ['field_test_ref2.entity:entity_test_with_bundle.field_test_text.format', 'field_test_ref2.field_test_text.format'],
+
+ 'entity reference then no delta with property specifier `id`' => ['field_test_ref1.entity:entity_test_with_bundle.uuid', 'field_test_ref1.id'],
+ 'entity reference then delta 0 with property specifier `id`' => ['field_test_ref1.0.entity:entity_test_with_bundle.uuid', 'field_test_ref1.0.id'],
+ 'entity reference then delta 1 with property specifier `id`' => ['field_test_ref1.1.entity:entity_test_with_bundle.uuid', 'field_test_ref1.1.id'],
+
+ 'entity reference then no reference property and a complex field with property specifier `value`' => ['field_test_ref1.entity:entity_test_with_bundle.field_test_text.value', 'field_test_ref1.field_test_text.value'],
+ 'entity reference then a reference property and a complex field with property specifier `value`' => ['field_test_ref1.entity.field_test_text.value', 'field_test_ref1.entity.field_test_text.value'],
+ 'entity reference then no reference property and a complex field with property specifier `format`' => ['field_test_ref1.entity:entity_test_with_bundle.field_test_text.format', 'field_test_ref1.field_test_text.format'],
+ 'entity reference then a reference property and a complex field with property specifier `format`' => ['field_test_ref1.entity.field_test_text.format', 'field_test_ref1.entity.field_test_text.format'],
+
+ 'entity reference then property specifier `entity:entity_test_with_bundle` then a complex field with property specifier `value`' => ['field_test_ref1.entity:entity_test_with_bundle.field_test_text.value', 'field_test_ref1.entity:entity_test_with_bundle.field_test_text.value'],
+
+ 'entity reference with a delta and no reference property then a complex field and property specifier `value`' => ['field_test_ref1.0.entity:entity_test_with_bundle.field_test_text.value', 'field_test_ref1.0.field_test_text.value'],
+ 'entity reference with a delta and a reference property then a complex field and property specifier `value`' => ['field_test_ref1.0.entity.field_test_text.value', 'field_test_ref1.0.entity.field_test_text.value'],
+
+ 'entity reference with no reference property then another entity reference with no reference property a complex field with property specifier `value`' => ['field_test_ref1.entity:entity_test_with_bundle.field_test_ref3.entity:entity_test_with_bundle.field_test_text.value', 'field_test_ref1.field_test_ref3.field_test_text.value'],
+ 'entity reference with a reference property then another entity reference with no reference property a complex field with property specifier `value`' => ['field_test_ref1.entity.field_test_ref3.entity:entity_test_with_bundle.field_test_text.value', 'field_test_ref1.entity.field_test_ref3.field_test_text.value'],
+ 'entity reference with no reference property then another entity reference with a reference property a complex field with property specifier `value`' => ['field_test_ref1.entity:entity_test_with_bundle.field_test_ref3.entity.field_test_text.value', 'field_test_ref1.field_test_ref3.entity.field_test_text.value'],
+ 'entity reference with a reference property then another entity reference with a reference property a complex field with property specifier `value`' => ['field_test_ref1.entity.field_test_ref3.entity.field_test_text.value', 'field_test_ref1.entity.field_test_ref3.entity.field_test_text.value'],
+
+ 'entity reference with target bundles then property specifier `entity:entity_test_with_bundle` then a primitive field on multiple bundles' => [
+ 'field_test_ref1.entity:entity_test_with_bundle.field_test3',
+ 'field_test_ref1.entity:entity_test_with_bundle.field_test3',
+ ],
+ 'entity reference without target bundles then property specifier `entity:entity_test_with_bundle` then a primitive field on a single bundle' => [
+ 'field_test_ref2.entity:entity_test_with_bundle.field_test1',
+ 'field_test_ref2.entity:entity_test_with_bundle.field_test1',
+ ],
+ 'entity reference without target bundles then property specifier `entity:entity_test_with_bundle` then a primitive field on multiple bundles' => [
+ 'field_test_ref3.entity:entity_test_with_bundle.field_test3',
+ 'field_test_ref3.entity:entity_test_with_bundle.field_test3',
+ 'entity_test_with_bundle', 'bundle2',
+ ],
+ 'entity reference without target bundles then property specifier `entity:entity_test_with_bundle` then a primitive field on a single bundle starting from a different resource type' => [
+ 'field_test_ref3.entity:entity_test_with_bundle.field_test2',
+ 'field_test_ref3.entity:entity_test_with_bundle.field_test2',
+ 'entity_test_with_bundle', 'bundle3',
+ ],
+
+ 'entity reference then property specifier `entity:entity_test_with_bundle` then another entity reference before a primitive field' => ['field_test_ref1.entity:entity_test_with_bundle.field_test_ref3.entity:entity_test_with_bundle.field_test2', 'field_test_ref1.entity:entity_test_with_bundle.field_test_ref3.field_test2'],
+ ];
+ }
+
+ /**
+ * Expects an error when an invalid field is provided for filter and sort.
+ *
+ * @param string $entity_type
+ * The entity type for which to test field resolution.
+ * @param string $bundle
+ * The entity bundle for which to test field resolution.
+ * @param string $external_path
+ * The external field path to resolve.
+ * @param string $expected_message
+ * (optional) An expected exception message.
+ *
+ * @covers ::resolveInternalEntityQueryPath
+ * @dataProvider resolveInternalEntityQueryPathErrorProvider
+ */
+ public function testResolveInternalEntityQueryPathError($entity_type, $bundle, $external_path, $expected_message = '') {
+ $this->setExpectedException(CacheableBadRequestHttpException::class, $expected_message);
+ $this->sut->resolveInternalEntityQueryPath($entity_type, $bundle, $external_path);
+ }
+
+ /**
+ * Provides test cases for ::testResolveInternalEntityQueryPathError.
+ */
+ public function resolveInternalEntityQueryPathErrorProvider() {
+ return [
+ 'nested fields' => [
+ 'entity_test_with_bundle', 'bundle1', 'none.of.these.exist',
+ ],
+ 'field does not exist on bundle' => [
+ 'entity_test_with_bundle', 'bundle2', 'field_test_ref2',
+ ],
+ 'field does not exist on different bundle' => [
+ 'entity_test_with_bundle', 'bundle1', 'field_test_ref3',
+ ],
+ 'field does not exist on targeted bundle' => [
+ 'entity_test_with_bundle', 'bundle1', 'field_test_ref1.field_test1',
+ ],
+ 'different field does not exist on same targeted bundle' => [
+ 'entity_test_with_bundle', 'bundle1', 'field_test_ref1.field_test2',
+ ],
+ 'entity reference field does not exist on targeted bundle' => [
+ 'entity_test_with_bundle', 'bundle1', 'field_test_ref1.field_test_ref1',
+ ],
+ 'different entity reference field does not exist on same targeted bundle' => [
+ 'entity_test_with_bundle', 'bundle1', 'field_test_ref1.field_test_ref2',
+ ],
+ 'message correctly identifies missing field' => [
+ 'entity_test_with_bundle', 'bundle1',
+ 'field_test_ref1.entity:entity_test_with_bundle.field_test1',
+ 'Invalid nested filtering. The field `field_test1`, given in the path `field_test_ref1.entity:entity_test_with_bundle.field_test1`, does not exist.',
+ ],
+ 'message correctly identifies different missing field' => [
+ 'entity_test_with_bundle', 'bundle1',
+ 'field_test_ref1.entity:entity_test_with_bundle.field_test2',
+ 'Invalid nested filtering. The field `field_test2`, given in the path `field_test_ref1.entity:entity_test_with_bundle.field_test2`, does not exist.',
+ ],
+ 'message correctly identifies missing entity reference field' => [
+ 'entity_test_with_bundle', 'bundle2',
+ 'field_test_ref1.entity:entity_test_with_bundle.field_test2',
+ 'Invalid nested filtering. The field `field_test_ref1`, given in the path `field_test_ref1.entity:entity_test_with_bundle.field_test2`, does not exist.',
+ ],
+
+ 'entity reference then a complex field with no property specifier' => [
+ 'entity_test_with_bundle', 'bundle1',
+ 'field_test_ref2.field_test_text',
+ 'Invalid nested filtering. The field `field_test_text`, given in the path `field_test_ref2.field_test_text` is incomplete, it must end with one of the following specifiers: `value`, `format`, `processed`.',
+ ],
+
+ 'entity reference then no delta with property specifier `target_id`' => [
+ 'entity_test_with_bundle', 'bundle1',
+ 'field_test_ref1.target_id',
+ 'Invalid nested filtering. The property `target_id`, given in the path `field_test_ref1.target_id`, does not exist. Filter by `field_test_ref1`, not `field_test_ref1.target_id` (the JSON:API module elides property names from single-property fields).',
+ ],
+ 'entity reference then delta 0 with property specifier `target_id`' => [
+ 'entity_test_with_bundle', 'bundle1',
+ 'field_test_ref1.0.target_id',
+ 'Invalid nested filtering. The property `target_id`, given in the path `field_test_ref1.0.target_id`, does not exist. Filter by `field_test_ref1.0`, not `field_test_ref1.0.target_id` (the JSON:API module elides property names from single-property fields).',
+ ],
+ 'entity reference then delta 1 with property specifier `target_id`' => [
+ 'entity_test_with_bundle', 'bundle1',
+ 'field_test_ref1.1.target_id',
+ 'Invalid nested filtering. The property `target_id`, given in the path `field_test_ref1.1.target_id`, does not exist. Filter by `field_test_ref1.1`, not `field_test_ref1.1.target_id` (the JSON:API module elides property names from single-property fields).',
+ ],
+
+ 'entity reference then no reference property then a complex field' => [
+ 'entity_test_with_bundle', 'bundle1',
+ 'field_test_ref1.field_test_text',
+ 'Invalid nested filtering. The field `field_test_text`, given in the path `field_test_ref1.field_test_text` is incomplete, it must end with one of the following specifiers: `value`, `format`, `processed`.',
+
+ ],
+ 'entity reference then reference property then a complex field' => [
+ 'entity_test_with_bundle', 'bundle1',
+ 'field_test_ref1.entity.field_test_text',
+ 'Invalid nested filtering. The field `field_test_text`, given in the path `field_test_ref1.entity.field_test_text` is incomplete, it must end with one of the following specifiers: `value`, `format`, `processed`.',
+ ],
+
+ 'entity reference then property specifier `entity:entity_test_with_bundle` then a complex field' => [
+ 'entity_test_with_bundle', 'bundle1',
+ 'field_test_ref1.entity:entity_test_with_bundle.field_test_text',
+ 'Invalid nested filtering. The field `field_test_text`, given in the path `field_test_ref1.entity:entity_test_with_bundle.field_test_text` is incomplete, it must end with one of the following specifiers: `value`, `format`, `processed`.',
+ ],
+ ];
+ }
+
+ /**
+ * Create a simple bundle.
+ *
+ * @param string $name
+ * The name of the bundle to create.
+ */
+ protected function makeBundle($name) {
+ EntityTestBundle::create([
+ 'id' => $name,
+ ])->save();
+ }
+
+ /**
+ * Creates a field for a specified entity type/bundle.
+ *
+ * @param string $type
+ * The field type.
+ * @param string $name
+ * The name of the field to create.
+ * @param string $entity_type
+ * The entity type to which the field will be attached.
+ * @param string[] $bundles
+ * The entity bundles to which the field will be attached.
+ * @param array $storage_settings
+ * Custom storage settings for the field.
+ * @param array $config_settings
+ * Custom configuration settings for the field.
+ */
+ protected function makeField($type, $name, $entity_type, array $bundles, array $storage_settings = [], array $config_settings = []) {
+ $storage_config = [
+ 'field_name' => $name,
+ 'type' => $type,
+ 'entity_type' => $entity_type,
+ 'settings' => $storage_settings,
+ ];
+
+ FieldStorageConfig::create($storage_config)->save();
+
+ foreach ($bundles as $bundle) {
+ FieldConfig::create([
+ 'field_name' => $name,
+ 'entity_type' => $entity_type,
+ 'bundle' => $bundle,
+ 'settings' => $config_settings,
+ ])->save();
+ }
+ }
+
+}
diff --git a/core/modules/jsonapi/tests/src/Kernel/Controller/EntityResourceTest.php b/core/modules/jsonapi/tests/src/Kernel/Controller/EntityResourceTest.php
new file mode 100644
index 0000000000..ae39d812f7
--- /dev/null
+++ b/core/modules/jsonapi/tests/src/Kernel/Controller/EntityResourceTest.php
@@ -0,0 +1,690 @@
+ '83bc47ad-2c58-45e3-9136-abcdef111111',
+ 2 => '83bc47ad-2c58-45e3-9136-abcdef222222',
+ 3 => '83bc47ad-2c58-45e3-9136-abcdef333333',
+ 4 => '83bc47ad-2c58-45e3-9136-abcdef444444',
+ ];
+
+ /**
+ * {@inheritdoc}
+ */
+ public static $modules = [
+ 'node',
+ 'field',
+ 'jsonapi',
+ 'serialization',
+ 'system',
+ 'user',
+ ];
+
+ /**
+ * The user.
+ *
+ * @var \Drupal\user\Entity\User
+ */
+ protected $user;
+
+ /**
+ * The node.
+ *
+ * @var \Drupal\node\Entity\Node
+ */
+ protected $node;
+
+ /**
+ * The other node.
+ *
+ * @var \Drupal\node\Entity\Node
+ */
+ protected $node2;
+
+ /**
+ * An unpublished node.
+ *
+ * @var \Drupal\node\Entity\Node
+ */
+ protected $node3;
+
+ /**
+ * A fake request.
+ *
+ * @var \Symfony\Component\HttpFoundation\Request
+ */
+ protected $request;
+
+ /**
+ * The EntityResource under test.
+ *
+ * @var \Drupal\jsonapi\Controller\EntityResource
+ */
+ protected $entityResource;
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function setUp() {
+ parent::setUp();
+ // Add the entity schemas.
+ $this->installEntitySchema('node');
+ $this->installEntitySchema('user');
+ // Add the additional table schemas.
+ $this->installSchema('system', ['sequences']);
+ $this->installSchema('node', ['node_access']);
+ $this->installSchema('user', ['users_data']);
+ NodeType::create([
+ 'type' => 'lorem',
+ ])->save();
+ $type = NodeType::create([
+ 'type' => 'article',
+ ]);
+ $type->save();
+ $this->user = User::create([
+ 'name' => 'user1',
+ 'mail' => 'user@localhost',
+ 'status' => 1,
+ 'roles' => ['test_role_one', 'test_role_two'],
+ ]);
+ $this->createEntityReferenceField('node', 'article', 'field_relationships', 'Relationship', 'node', 'default', ['target_bundles' => ['article']], FieldStorageDefinitionInterface::CARDINALITY_UNLIMITED);
+ $this->user->save();
+
+ $this->node = Node::create([
+ 'title' => 'dummy_title',
+ 'type' => 'article',
+ 'uid' => $this->user->id(),
+ 'uuid' => static::$nodeUuid[1],
+ ]);
+ $this->node->save();
+
+ $this->node2 = Node::create([
+ 'type' => 'article',
+ 'title' => 'Another test node',
+ 'uid' => $this->user->id(),
+ 'uuid' => static::$nodeUuid[2],
+ ]);
+ $this->node2->save();
+
+ $this->node3 = Node::create([
+ 'type' => 'article',
+ 'title' => 'Unpublished test node',
+ 'uid' => $this->user->id(),
+ 'status' => 0,
+ 'uuid' => static::$nodeUuid[3],
+ ]);
+ $this->node3->save();
+
+ $this->node4 = Node::create([
+ 'type' => 'article',
+ 'title' => 'Test node with related nodes',
+ 'uid' => $this->user->id(),
+ 'field_relationships' => [
+ ['target_id' => $this->node->id()],
+ ['target_id' => $this->node2->id()],
+ ['target_id' => $this->node3->id()],
+ ],
+ 'uuid' => static::$nodeUuid[4],
+ ]);
+ $this->node4->save();
+
+ // Give anonymous users permission to view user profiles, so that we can
+ // verify the cache tags of cached versions of user profile pages.
+ array_map(function ($role_id) {
+ Role::create([
+ 'id' => $role_id,
+ 'permissions' => [
+ 'access user profiles',
+ 'access content',
+ ],
+ ])->save();
+ }, [RoleInterface::ANONYMOUS_ID, 'test_role_one', 'test_role_two']);
+
+ $this->entityResource = new EntityResource(
+ $this->container->get('entity_type.manager'),
+ $this->container->get('entity_field.manager'),
+ $this->container->get('jsonapi.link_manager'),
+ $this->container->get('jsonapi.resource_type.repository'),
+ $this->container->get('renderer'),
+ $this->container->get('entity.repository'),
+ $this->container->get('jsonapi.include_resolver'),
+ $this->container->get('jsonapi.entity_access_checker'),
+ $this->container->get('jsonapi.field_resolver')
+ );
+ }
+
+ /**
+ * @covers ::getIndividual
+ */
+ public function testGetIndividual() {
+ $response = $this->entityResource->getIndividual($this->node, Request::create('/jsonapi/node/article'));
+ $this->assertInstanceOf(JsonApiDocumentTopLevel::class, $response->getResponseData());
+ $this->assertEquals($this->node->uuid(), $response->getResponseData()->getData()->getId());
+ }
+
+ /**
+ * @covers ::getIndividual
+ */
+ public function testGetIndividualDenied() {
+ $role = Role::load(RoleInterface::ANONYMOUS_ID);
+ $role->revokePermission('access content');
+ $role->save();
+ $this->setExpectedException(EntityAccessDeniedHttpException::class);
+ $this->entityResource->getIndividual($this->node, Request::create('/jsonapi/node/article'));
+ }
+
+ /**
+ * @covers ::getCollection
+ */
+ public function testGetCollection() {
+ $request = Request::create('/jsonapi/node/article');
+ $request->query = new ParameterBag(['sort' => 'nid']);
+
+ // Get the response.
+ $resource_type = new ResourceType('node', 'article', NULL);
+ $response = $this->entityResource->getCollection($resource_type, $request);
+
+ // Assertions.
+ $this->assertInstanceOf(JsonApiDocumentTopLevel::class, $response->getResponseData());
+ $this->assertInstanceOf(EntityCollection::class, $response->getResponseData()->getData());
+ $this->assertEquals($this->node->uuid(), $response->getResponseData()->getData()->getIterator()->current()->getId());
+ $this->assertEquals([
+ 'node:1',
+ 'node:2',
+ 'node:3',
+ 'node:4',
+ 'node_list',
+ ], $response->getCacheableMetadata()->getCacheTags());
+ }
+
+ /**
+ * @covers ::getCollection
+ */
+ public function testGetFilteredCollection() {
+ $request = Request::create('/jsonapi/node/article');
+ $request->query = new ParameterBag(['filter' => ['type' => 'article']]);
+
+ $entity_resource = new EntityResource(
+ $this->container->get('entity_type.manager'),
+ $this->container->get('entity_field.manager'),
+ $this->container->get('jsonapi.link_manager'),
+ $this->container->get('jsonapi.resource_type.repository'),
+ $this->container->get('renderer'),
+ $this->container->get('entity.repository'),
+ $this->container->get('jsonapi.include_resolver'),
+ $this->container->get('jsonapi.entity_access_checker'),
+ $this->container->get('jsonapi.field_resolver')
+ );
+
+ // Get the response.
+ $resource_type = $this->container->get('jsonapi.resource_type.repository')->get('node_type', 'node_type');
+ $response = $entity_resource->getCollection($resource_type, $request);
+
+ // Assertions.
+ $this->assertInstanceOf(JsonApiDocumentTopLevel::class, $response->getResponseData());
+ $this->assertInstanceOf(EntityCollection::class, $response->getResponseData()->getData());
+ $this->assertCount(1, $response->getResponseData()->getData());
+ $expected_cache_tags = [
+ 'config:node.type.article',
+ 'config:node_type_list',
+ ];
+ $this->assertSame($expected_cache_tags, $response->getCacheableMetadata()->getCacheTags());
+ }
+
+ /**
+ * @covers ::getCollection
+ */
+ public function testGetSortedCollection() {
+ $request = Request::create('/jsonapi/node/article');
+ $request->query = new ParameterBag(['sort' => '-type']);
+
+ $entity_resource = new EntityResource(
+ $this->container->get('entity_type.manager'),
+ $this->container->get('entity_field.manager'),
+ $this->container->get('jsonapi.link_manager'),
+ $this->container->get('jsonapi.resource_type.repository'),
+ $this->container->get('renderer'),
+ $this->container->get('entity.repository'),
+ $this->container->get('jsonapi.include_resolver'),
+ $this->container->get('jsonapi.entity_access_checker'),
+ $this->container->get('jsonapi.field_resolver')
+ );
+
+ // Get the response.
+ $resource_type = $this->container->get('jsonapi.resource_type.repository')->get('node_type', 'node_type');
+ $response = $entity_resource->getCollection($resource_type, $request);
+
+ // Assertions.
+ $this->assertInstanceOf(JsonApiDocumentTopLevel::class, $response->getResponseData());
+ $this->assertInstanceOf(EntityCollection::class, $response->getResponseData()->getData());
+ $this->assertCount(2, $response->getResponseData()->getData());
+ // `drupal_internal__type` is the alias for a node_type entity's ID field.
+ $this->assertEquals($response->getResponseData()->getData()->toArray()[0]->getField('drupal_internal__type'), 'lorem');
+ $expected_cache_tags = [
+ 'config:node.type.article',
+ 'config:node.type.lorem',
+ 'config:node_type_list',
+ ];
+ $this->assertSame($expected_cache_tags, $response->getCacheableMetadata()->getCacheTags());
+ }
+
+ /**
+ * @covers ::getCollection
+ */
+ public function testGetPagedCollection() {
+ $request = Request::create('/jsonapi/node/article');
+ $request->query = new ParameterBag([
+ 'sort' => 'nid',
+ 'page' => [
+ 'offset' => 1,
+ 'limit' => 1,
+ ],
+ ]);
+
+ $entity_resource = new EntityResource(
+ $this->container->get('entity_type.manager'),
+ $this->container->get('entity_field.manager'),
+ $this->container->get('jsonapi.link_manager'),
+ $this->container->get('jsonapi.resource_type.repository'),
+ $this->container->get('renderer'),
+ $this->container->get('entity.repository'),
+ $this->container->get('jsonapi.include_resolver'),
+ $this->container->get('jsonapi.entity_access_checker'),
+ $this->container->get('jsonapi.field_resolver')
+ );
+
+ // Get the response.
+ $resource_type = $this->container->get('jsonapi.resource_type.repository')->get('node', 'article');
+ $response = $entity_resource->getCollection($resource_type, $request);
+
+ // Assertions.
+ $this->assertInstanceOf(JsonApiDocumentTopLevel::class, $response->getResponseData());
+ $this->assertInstanceOf(EntityCollection::class, $response->getResponseData()->getData());
+ $data = $response->getResponseData()->getData();
+ $this->assertCount(1, $data);
+ $this->assertEquals($this->node2->uuid(), $data->toArray()[0]->getId());
+ $this->assertEquals(['node:2', 'node_list'], $response->getCacheableMetadata()->getCacheTags());
+ }
+
+ /**
+ * @covers ::getCollection
+ */
+ public function testGetEmptyCollection() {
+ $request = Request::create('/jsonapi/node/article');
+ $request->query = new ParameterBag(['filter' => ['id' => 'invalid']]);
+
+ // Get the response.
+ $resource_type = new ResourceType('node', 'article', NULL);
+ $response = $this->entityResource->getCollection($resource_type, $request);
+
+ // Assertions.
+ $this->assertInstanceOf(JsonApiDocumentTopLevel::class, $response->getResponseData());
+ $this->assertInstanceOf(EntityCollection::class, $response->getResponseData()->getData());
+ $this->assertEquals(0, $response->getResponseData()->getData()->count());
+ $this->assertEquals(['node_list'], $response->getCacheableMetadata()->getCacheTags());
+ }
+
+ /**
+ * @covers ::getRelated
+ */
+ public function testGetRelated() {
+ // to-one relationship.
+ $resource_type = new ResourceType('node', 'article', NULL);
+ $resource_type->setRelatableResourceTypes([
+ 'uid' => [new ResourceType('user', 'user', NULL)],
+ 'roles' => [new ResourceType('user_role', 'user_role', NULL)],
+ 'field_relationships' => [new ResourceType('node', 'article', NULL)],
+ ]);
+ $response = $this->entityResource->getRelated($resource_type, $this->node, 'uid', Request::create('/jsonapi/node/article/' . $this->node->uuid(), '/uid'));
+ $this->assertInstanceOf(JsonApiDocumentTopLevel::class, $response->getResponseData());
+ $this->assertInstanceOf(ResourceObject::class, $response->getResponseData()->getData()->toArray()[0]);
+ $this->assertEquals($this->user->uuid(), $response->getResponseData()->getData()->toArray()[0]->getId());
+ $this->assertEquals(['node:1'], $response->getCacheableMetadata()->getCacheTags());
+ // to-many relationship.
+ $response = $this->entityResource->getRelated($resource_type, $this->node4, 'field_relationships', Request::create('/jsonapi/node/article/' . $this->node4->uuid(), '/field_relationships'));
+ $this->assertInstanceOf(JsonApiDocumentTopLevel::class, $response
+ ->getResponseData());
+ $this->assertInstanceOf(EntityCollection::class, $response
+ ->getResponseData()
+ ->getData());
+ $this->assertEquals(['node:4'], $response->getCacheableMetadata()->getCacheTags());
+ }
+
+ /**
+ * @covers ::getRelationship
+ */
+ public function testGetRelationship() {
+ // to-one relationship.
+ $resource_type = new ResourceType('node', 'article', NULL);
+ $resource_type->setRelatableResourceTypes([
+ 'uid' => [new ResourceType('user', 'user', NULL)],
+ ]);
+ $response = $this->entityResource->getRelationship($resource_type, $this->node, 'uid', Request::create('/jsonapi/node/article/' . $this->node->uuid() . '/relationships/uid'));
+ $this->assertInstanceOf(JsonApiDocumentTopLevel::class, $response->getResponseData());
+ $this->assertInstanceOf(
+ EntityReferenceFieldItemListInterface::class,
+ $response->getResponseData()->getData()
+ );
+ $this->assertEquals(1, $response
+ ->getResponseData()
+ ->getData()
+ ->getEntity()
+ ->id()
+ );
+ $this->assertEquals('node', $response
+ ->getResponseData()
+ ->getData()
+ ->getEntity()
+ ->getEntityTypeId()
+ );
+ }
+
+ /**
+ * @covers ::createIndividual
+ */
+ public function testCreateIndividual() {
+ $node = Node::create([
+ 'type' => 'article',
+ 'title' => 'Lorem ipsum',
+ ]);
+ Role::load(Role::ANONYMOUS_ID)
+ ->grantPermission('create article content')
+ ->save();
+ $resource_type = new ResourceType('node', 'article', NULL);
+ $response = $this->entityResource->createIndividual($resource_type, $node, Request::create('/jsonapi/node/article'));
+ // As a side effect, the node will also be saved.
+ $this->assertNotEmpty($node->id());
+ $this->assertInstanceOf(JsonApiDocumentTopLevel::class, $response->getResponseData());
+ $this->assertEquals($node->uuid(), $response->getResponseData()->getData()->getId());
+ $this->assertEquals(201, $response->getStatusCode());
+ }
+
+ /**
+ * @covers ::createIndividual
+ */
+ public function testCreateIndividualWithMissingRequiredData() {
+ $node = Node::create([
+ 'type' => 'article',
+ // No title specified, even if its required.
+ ]);
+ Role::load(Role::ANONYMOUS_ID)
+ ->grantPermission('create article content')
+ ->save();
+ $this->setExpectedException(HttpException::class, 'Unprocessable Entity: validation failed.');
+ $resource_type = new ResourceType('node', 'article', NULL);
+ $this->entityResource->createIndividual($resource_type, $node, Request::create('/jsonapi/node/article'));
+ }
+
+ /**
+ * @covers ::createIndividual
+ */
+ public function testCreateIndividualDuplicateError() {
+ Role::load(Role::ANONYMOUS_ID)
+ ->grantPermission('create article content')
+ ->save();
+
+ $node = Node::create([
+ 'type' => 'article',
+ 'title' => 'Lorem ipsum',
+ ]);
+ $node->save();
+ $node->enforceIsNew();
+
+ $this->setExpectedException(ConflictHttpException::class, 'Conflict: Entity already exists.');
+ $resource_type = new ResourceType('node', 'article', NULL);
+ $this->entityResource->createIndividual($resource_type, $node, Request::create('/jsonapi/node/article'));
+ }
+
+ /**
+ * @covers ::patchIndividual
+ * @dataProvider patchIndividualProvider
+ */
+ public function testPatchIndividual($values) {
+ $parsed_node = Node::create($values);
+ Role::load(Role::ANONYMOUS_ID)
+ ->grantPermission('edit any article content')
+ ->save();
+ $payload = Json::encode([
+ 'data' => [
+ 'type' => 'article',
+ 'id' => $this->node->uuid(),
+ 'attributes' => [
+ 'title' => '',
+ 'field_relationships' => '',
+ ],
+ ],
+ ]);
+ $request = Request::create('/jsonapi/node/article/' . $this->node->uuid(), 'PATCH', [], [], [], [], $payload);
+
+ // Create a new EntityResource that uses uuid.
+ $resource_type = new ResourceType('node', 'article', NULL);
+ $response = $this->entityResource->patchIndividual($resource_type, $this->node, $parsed_node, $request);
+
+ // As a side effect, the node will also be saved.
+ $this->assertInstanceOf(JsonApiDocumentTopLevel::class, $response->getResponseData());
+ $updated_node = $response->getResponseData()->getData();
+ $this->assertInstanceOf(ResourceObject::class, $updated_node);
+ $this->assertSame($values['title'], $this->node->getTitle());
+ $this->assertSame($values['field_relationships'], $this->node->get('field_relationships')->getValue());
+ $this->assertEquals(200, $response->getStatusCode());
+ }
+
+ /**
+ * Provides data for the testPatchIndividual.
+ *
+ * @return array
+ * The input data for the test function.
+ */
+ public function patchIndividualProvider() {
+ return [
+ [
+ [
+ 'type' => 'article',
+ 'title' => 'PATCHED',
+ 'field_relationships' => [['target_id' => 1]],
+ ],
+ ],
+ ];
+ }
+
+ /**
+ * @covers ::deleteIndividual
+ */
+ public function testDeleteIndividual() {
+ $node = Node::create([
+ 'type' => 'article',
+ 'title' => 'Lorem ipsum',
+ ]);
+ $nid = $node->id();
+ $node->save();
+ Role::load(Role::ANONYMOUS_ID)
+ ->grantPermission('delete own article content')
+ ->save();
+ $response = $this->entityResource->deleteIndividual($node);
+ // As a side effect, the node will also be deleted.
+ $count = $this->container->get('entity_type.manager')
+ ->getStorage('node')
+ ->getQuery()
+ ->condition('nid', $nid)
+ ->count()
+ ->execute();
+ $this->assertEquals(0, $count);
+ $this->assertNull($response->getResponseData());
+ $this->assertEquals(204, $response->getStatusCode());
+ }
+
+ /**
+ * @covers ::addToRelationshipData
+ */
+ public function testAddToRelationshipData() {
+ $resource_identifiers = [new ResourceIdentifier('node--article', $this->node->uuid())];
+ Role::load(Role::ANONYMOUS_ID)
+ ->grantPermission('edit any article content')
+ ->save();
+
+ $resource_type = new ResourceType('node', 'article', NULL);
+ $resource_type->setRelatableResourceTypes([
+ 'field_relationships' => [new ResourceType('node', 'article', NULL)],
+ ]);
+ $request = Request::create('/jsonapi/node/article/' . $this->node->uuid() . '/relationships/field_relationships', 'POST');
+ $response = $this->entityResource->addToRelationshipData($resource_type, $this->node, 'field_relationships', $resource_identifiers, $request);
+
+ // As a side effect, the node will also be saved.
+ $this->assertNotEmpty($this->node->id());
+ $this->assertInstanceOf(JsonApiDocumentTopLevel::class, $response->getResponseData());
+ $field_list = $response->getResponseData()->getData();
+ $this->assertInstanceOf(EntityReferenceFieldItemListInterface::class, $field_list);
+ $this->assertSame('field_relationships', $field_list->getName());
+ $this->assertEquals([['target_id' => 1]], $field_list->getValue());
+ $this->assertEquals(204, $response->getStatusCode());
+ }
+
+ /**
+ * @covers ::replaceRelationshipData
+ * @dataProvider replaceRelationshipDataProvider
+ */
+ public function testReplaceRelationshipData($relationships) {
+ $this->node->field_relationships->appendItem(['target_id' => $this->node->id()]);
+ $this->node->save();
+ Role::load(Role::ANONYMOUS_ID)
+ ->grantPermission('edit any article content')
+ ->save();
+
+ $resource_type = new ResourceType('node', 'article', NULL);
+ $resource_type->setRelatableResourceTypes([
+ 'field_relationships' => [new ResourceType('node', 'article', NULL)],
+ ]);
+ $request = Request::create('/jsonapi/node/article/' . $this->node->uuid() . '/relationships/field_relationships', 'PATCH');
+ $response = $this->entityResource->replaceRelationshipData($resource_type, $this->node, 'field_relationships', $relationships, $request);
+
+ // As a side effect, the node will also be saved.
+ $this->assertNotEmpty($this->node->id());
+ $this->assertInstanceOf(JsonApiDocumentTopLevel::class, $response->getResponseData());
+ $field_list = $response->getResponseData()->getData();
+ $this->assertInstanceOf(EntityReferenceFieldItemListInterface::class, $field_list);
+ $this->assertSame('field_relationships', $field_list->getName());
+ $this->assertEquals(
+ array_map(function (ResourceIdentifier $identifier) {
+ return $identifier->getId();
+ }, $relationships),
+ array_map(function (EntityInterface $entity) {
+ return $entity->uuid();
+ }, $field_list->referencedEntities())
+ );
+ $this->assertEquals(204, $response->getStatusCode());
+ }
+
+ /**
+ * Provides data for the testPatchRelationship.
+ *
+ * @return array
+ * The input data for the test function.
+ */
+ public function replaceRelationshipDataProvider() {
+ return [
+ // Replace relationships.
+ [
+ [
+ new ResourceIdentifier('node--article', static::$nodeUuid[1]),
+ new ResourceIdentifier('node--article', static::$nodeUuid[2]),
+ ],
+ ],
+ // Remove relationships.
+ [[]],
+ ];
+ }
+
+ /**
+ * @covers ::removeFromRelationshipData
+ * @dataProvider removeFromRelationshipDataProvider
+ */
+ public function testRemoveFromRelationshipData($deleted_rels, $kept_rels) {
+ $this->node->field_relationships->appendItem(['target_id' => $this->node->id()]);
+ $this->node->field_relationships->appendItem(['target_id' => $this->node2->id()]);
+ $this->node->save();
+ Role::load(Role::ANONYMOUS_ID)
+ ->grantPermission('edit any article content')
+ ->save();
+
+ $resource_type = new ResourceType('node', 'article', NULL);
+ $resource_type->setRelatableResourceTypes([
+ 'field_relationships' => [new ResourceType('node', 'article', NULL)],
+ ]);
+ $request = Request::create('/jsonapi/node/article/' . $this->node->uuid() . '/relationships/field_relationships', 'DELETE');
+ $response = $this->entityResource->removeFromRelationshipData($resource_type, $this->node, 'field_relationships', $deleted_rels, $request);
+
+ // As a side effect, the node will also be saved.
+ $this->assertInstanceOf(JsonApiDocumentTopLevel::class, $response->getResponseData());
+ $field_list = $response->getResponseData()->getData();
+ $this->assertInstanceOf(EntityReferenceFieldItemListInterface::class, $field_list);
+ $this->assertSame('field_relationships', $field_list->getName());
+ $this->assertEquals($kept_rels, $field_list->getValue());
+ $this->assertEquals(204, $response->getStatusCode());
+ }
+
+ /**
+ * Provides data for the testDeleteRelationship.
+ *
+ * @return array
+ * The input data for the test function.
+ */
+ public function removeFromRelationshipDataProvider() {
+ return [
+ // Remove one relationship.
+ [
+ [
+ new ResourceIdentifier('node--article', static::$nodeUuid[1]),
+ ],
+ [['target_id' => 2]],
+ ],
+ // Remove all relationships.
+ [
+ [
+ new ResourceIdentifier('node--article', static::$nodeUuid[2]),
+ new ResourceIdentifier('node--article', static::$nodeUuid[1]),
+ ],
+ [],
+ ],
+ // Remove no relationship.
+ [[], [['target_id' => 1], ['target_id' => 2]]],
+ ];
+ }
+
+}
diff --git a/core/modules/jsonapi/tests/src/Kernel/JsonapiKernelTestBase.php b/core/modules/jsonapi/tests/src/Kernel/JsonapiKernelTestBase.php
new file mode 100644
index 0000000000..e53c43dc03
--- /dev/null
+++ b/core/modules/jsonapi/tests/src/Kernel/JsonapiKernelTestBase.php
@@ -0,0 +1,109 @@
+ $field_name,
+ 'type' => 'entity_reference',
+ 'entity_type' => $entity_type,
+ 'cardinality' => $cardinality,
+ 'settings' => [
+ 'target_type' => $target_entity_type,
+ ],
+ ])->save();
+ }
+ if (!FieldConfig::loadByName($entity_type, $bundle, $field_name)) {
+ FieldConfig::create([
+ 'field_name' => $field_name,
+ 'entity_type' => $entity_type,
+ 'bundle' => $bundle,
+ 'label' => $field_label,
+ 'settings' => [
+ 'handler' => $selection_handler,
+ 'handler_settings' => $handler_settings,
+ ],
+ ])->save();
+ }
+ }
+
+ /**
+ * Creates a field of an entity reference field storage on the bundle.
+ *
+ * @param string $entity_type
+ * The type of entity the field will be attached to.
+ * @param string $bundle
+ * The bundle name of the entity the field will be attached to.
+ * @param string $field_name
+ * The name of the field; if it exists, a new instance of the existing.
+ * field will be created.
+ * @param string $field_label
+ * The label of the field.
+ * @param int $cardinality
+ * The cardinality of the field.
+ *
+ * @see \Drupal\Core\Entity\Plugin\EntityReferenceSelection\SelectionBase::buildConfigurationForm()
+ */
+ protected function createTextField($entity_type, $bundle, $field_name, $field_label, $cardinality = 1) {
+ // Look for or add the specified field to the requested entity bundle.
+ if (!FieldStorageConfig::loadByName($entity_type, $field_name)) {
+ FieldStorageConfig::create([
+ 'field_name' => $field_name,
+ 'type' => 'text',
+ 'entity_type' => $entity_type,
+ 'cardinality' => $cardinality,
+ ])->save();
+ }
+ if (!FieldConfig::loadByName($entity_type, $bundle, $field_name)) {
+ FieldConfig::create([
+ 'field_name' => $field_name,
+ 'entity_type' => $entity_type,
+ 'bundle' => $bundle,
+ 'label' => $field_label,
+ ])->save();
+ }
+ }
+
+}
diff --git a/core/modules/jsonapi/tests/src/Kernel/Normalizer/EntityReferenceFieldNormalizerTest.php b/core/modules/jsonapi/tests/src/Kernel/Normalizer/EntityReferenceFieldNormalizerTest.php
new file mode 100644
index 0000000000..131e1122ae
--- /dev/null
+++ b/core/modules/jsonapi/tests/src/Kernel/Normalizer/EntityReferenceFieldNormalizerTest.php
@@ -0,0 +1,328 @@
+installEntitySchema('node');
+ $this->installEntitySchema('user');
+ $this->installEntitySchema('file');
+
+ // Add the additional table schemas.
+ $this->installSchema('system', ['sequences']);
+ $this->installSchema('node', ['node_access']);
+ $this->installSchema('file', ['file_usage']);
+ NodeType::create([
+ 'type' => 'referencer',
+ ])->save();
+ $this->createEntityReferenceField('node', 'referencer', 'field_user', 'User', 'user', 'default', ['target_bundles' => NULL], 1);
+ $this->createEntityReferenceField('node', 'referencer', 'field_users', 'Users', 'user', 'default', ['target_bundles' => NULL], FieldStorageDefinitionInterface::CARDINALITY_UNLIMITED);
+ $field_storage_config = [
+ 'type' => 'image',
+ 'entity_type' => 'node',
+ ];
+ FieldStorageConfig::create(['field_name' => 'field_image', 'cardinality' => 1] + $field_storage_config)->save();
+ FieldStorageConfig::create(['field_name' => 'field_images', 'cardinality' => FieldStorageDefinitionInterface::CARDINALITY_UNLIMITED] + $field_storage_config)->save();
+ $field_config = [
+ 'entity_type' => 'node',
+ 'bundle' => 'referencer',
+ ];
+ FieldConfig::create(['field_name' => 'field_image', 'label' => 'Image'] + $field_config)->save();
+ FieldConfig::create(['field_name' => 'field_images', 'label' => 'Images'] + $field_config)->save();
+
+ // Set up the test data.
+ $this->account = $this->prophesize(AccountInterface::class)->reveal();
+ $this->user1 = User::create([
+ 'name' => $this->randomMachineName(),
+ 'mail' => $this->randomMachineName() . '@example.com',
+ 'uuid' => static::$userIds[0],
+ ]);
+ $this->user1->save();
+ $this->user2 = User::create([
+ 'name' => $this->randomMachineName(),
+ 'mail' => $this->randomMachineName() . '@example.com',
+ 'uuid' => static::$userIds[1],
+ ]);
+ $this->user2->save();
+
+ $this->image1 = File::create([
+ 'uri' => 'public:/image1.png',
+ 'uuid' => static::$imageIds[0],
+ ]);
+ $this->image1->save();
+ $this->image2 = File::create([
+ 'uri' => 'public:/image2.png',
+ 'uuid' => static::$imageIds[1],
+ ]);
+ $this->image2->save();
+
+ // Create the node from which all the previously created entities will be
+ // referenced.
+ $this->referencer = Node::create([
+ 'title' => 'Referencing node',
+ 'type' => 'referencer',
+ 'status' => 1,
+ 'uuid' => static::$referencerId,
+ ]);
+ $this->referencer->save();
+
+ // Set up the test dependencies.
+ $this->referencingResourceType = $this->container->get('jsonapi.resource_type.repository')->get('node', 'referencer');
+ $this->normalizer = new EntityReferenceFieldNormalizer(
+ $this->container->get('jsonapi.link_manager')
+ );
+ $this->normalizer->setSerializer($this->container->get('jsonapi.serializer'));
+ }
+
+ /**
+ * @covers ::normalize
+ * @dataProvider normalizeProvider
+ */
+ public function testNormalize($entity_property_names, $field_name, $expected) {
+ // Links cannot be generated in the test provider because the container
+ // has not yet been set.
+ $expected['links'] = [
+ 'self' => ['href' => Url::fromUri('base:/jsonapi/node/referencer/' . static::$referencerId . "/relationships/$field_name")->setAbsolute()->toString()],
+ 'related' => ['href' => Url::fromUri('base:/jsonapi/node/referencer/' . static::$referencerId . "/$field_name")->setAbsolute()->toString()],
+ ];
+ // Set up different field values.
+ $this->referencer->{$field_name} = array_map(function ($entity_property_name) {
+ $value = ['target_id' => $this->{$entity_property_name === 'image1a' ? 'image1' : $entity_property_name}->id()];
+ switch ($entity_property_name) {
+ case 'image1':
+ $value['alt'] = 'Cute llama';
+ $value['title'] = 'My spirit animal';
+ break;
+
+ case 'image1a':
+ $value['alt'] = 'Ugly llama';
+ $value['title'] = 'My alter ego';
+ break;
+
+ case 'image2':
+ $value['alt'] = 'Adorable llama';
+ $value['title'] = 'My spirit animal 😍';
+ break;
+ }
+ return $value;
+ }, $entity_property_names);
+ // Normalize.
+ $actual = $this->normalizer->normalize($this->referencer->{$field_name}, 'api_json', [
+ 'account' => $this->account,
+ 'resource_object' => new ResourceObject($this->referencingResourceType, $this->referencer),
+ ]);
+ // Assert.
+ assert($actual instanceof CacheableNormalization);
+ $this->assertEquals($expected, $actual->getNormalization());
+ }
+
+ /**
+ * Data provider for testNormalize.
+ */
+ public function normalizeProvider() {
+ return [
+ 'single cardinality' => [
+ ['user1'],
+ 'field_user',
+ [
+ 'data' => ['type' => 'user--user', 'id' => static::$userIds[0]],
+ ],
+ ],
+ 'multiple cardinality' => [
+ ['user1', 'user2'], 'field_users', [
+ 'data' => [
+ ['type' => 'user--user', 'id' => static::$userIds[0]],
+ ['type' => 'user--user', 'id' => static::$userIds[1]],
+ ],
+ ],
+ ],
+ 'multiple cardinality, all same values' => [
+ ['user1', 'user1'], 'field_users', [
+ 'data' => [
+ [
+ 'type' => 'user--user',
+ 'id' => static::$userIds[0],
+ 'meta' => ['arity' => 0],
+ ],
+ [
+ 'type' => 'user--user',
+ 'id' => static::$userIds[0],
+ 'meta' => ['arity' => 1],
+ ],
+ ],
+ ],
+ ],
+ 'multiple cardinality, some same values' => [
+ ['user1', 'user2', 'user1'], 'field_users', [
+ 'data' => [
+ [
+ 'type' => 'user--user',
+ 'id' => static::$userIds[0],
+ 'meta' => ['arity' => 0],
+ ],
+ [
+ 'type' => 'user--user',
+ 'id' => static::$userIds[1],
+ ],
+ [
+ 'type' => 'user--user',
+ 'id' => static::$userIds[0],
+ 'meta' => ['arity' => 1],
+ ],
+ ],
+ ],
+ ],
+ 'single cardinality, with meta' => [
+ ['image1'], 'field_image', [
+ 'data' => [
+ 'type' => 'file--file',
+ 'id' => static::$imageIds[0],
+ 'meta' => [
+ 'alt' => 'Cute llama',
+ 'title' => 'My spirit animal',
+ 'width' => NULL,
+ 'height' => NULL,
+ ],
+ ],
+ ],
+ ],
+ 'multiple cardinality, all same values, with meta' => [
+ ['image1', 'image1'], 'field_images', [
+ 'data' => [
+ [
+ 'type' => 'file--file',
+ 'id' => static::$imageIds[0],
+ 'meta' => [
+ 'alt' => 'Cute llama',
+ 'title' => 'My spirit animal',
+ 'width' => NULL,
+ 'height' => NULL,
+ 'arity' => 0,
+ ],
+ ],
+ [
+ 'type' => 'file--file',
+ 'id' => static::$imageIds[0],
+ 'meta' => [
+ 'alt' => 'Cute llama',
+ 'title' => 'My spirit animal',
+ 'width' => NULL,
+ 'height' => NULL,
+ 'arity' => 1,
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'multiple cardinality, some same values with same values but different meta' => [
+ ['image1', 'image1', 'image1a'], 'field_images', [
+ 'data' => [
+ [
+ 'type' => 'file--file',
+ 'id' => static::$imageIds[0],
+ 'meta' => [
+ 'alt' => 'Cute llama',
+ 'title' => 'My spirit animal',
+ 'width' => NULL,
+ 'height' => NULL,
+ 'arity' => 0,
+ ],
+ ],
+ [
+ 'type' => 'file--file',
+ 'id' => static::$imageIds[0],
+ 'meta' => [
+ 'alt' => 'Cute llama',
+ 'title' => 'My spirit animal',
+ 'width' => NULL,
+ 'height' => NULL,
+ 'arity' => 1,
+ ],
+ ],
+ [
+ 'type' => 'file--file',
+ 'id' => static::$imageIds[0],
+ 'meta' => [
+ 'alt' => 'Ugly llama',
+ 'title' => 'My alter ego',
+ 'width' => NULL,
+ 'height' => NULL,
+ 'arity' => 2,
+ ],
+ ],
+ ],
+ ],
+ ],
+ ];
+ }
+
+}
diff --git a/core/modules/jsonapi/tests/src/Kernel/Normalizer/JsonApiDocumentTopLevelNormalizerTest.php b/core/modules/jsonapi/tests/src/Kernel/Normalizer/JsonApiDocumentTopLevelNormalizerTest.php
new file mode 100644
index 0000000000..9b0c39ddfa
--- /dev/null
+++ b/core/modules/jsonapi/tests/src/Kernel/Normalizer/JsonApiDocumentTopLevelNormalizerTest.php
@@ -0,0 +1,765 @@
+installEntitySchema('node');
+ $this->installEntitySchema('user');
+ $this->installEntitySchema('taxonomy_term');
+ $this->installEntitySchema('file');
+ // Add the additional table schemas.
+ $this->installSchema('system', ['sequences']);
+ $this->installSchema('node', ['node_access']);
+ $this->installSchema('user', ['users_data']);
+ $this->installSchema('file', ['file_usage']);
+ $type = NodeType::create([
+ 'type' => 'article',
+ ]);
+ $type->save();
+ $this->createEntityReferenceField(
+ 'node',
+ 'article',
+ 'field_tags',
+ 'Tags',
+ 'taxonomy_term',
+ 'default',
+ ['target_bundles' => ['tags']],
+ FieldStorageDefinitionInterface::CARDINALITY_UNLIMITED
+ );
+ $this->createTextField('node', 'article', 'body', 'Body');
+
+ $this->createImageField('field_image', 'article');
+
+ $this->user = User::create([
+ 'name' => 'user1',
+ 'mail' => 'user@localhost',
+ ]);
+ $this->user2 = User::create([
+ 'name' => 'user2',
+ 'mail' => 'user2@localhost',
+ ]);
+
+ $this->user->save();
+ $this->user2->save();
+
+ $this->vocabulary = Vocabulary::create(['name' => 'Tags', 'vid' => 'tags']);
+ $this->vocabulary->save();
+
+ $this->term1 = Term::create([
+ 'name' => 'term1',
+ 'vid' => $this->vocabulary->id(),
+ ]);
+ $this->term2 = Term::create([
+ 'name' => 'term2',
+ 'vid' => $this->vocabulary->id(),
+ ]);
+
+ $this->term1->save();
+ $this->term2->save();
+
+ $this->file = File::create([
+ 'uri' => 'public://example.png',
+ 'filename' => 'example.png',
+ ]);
+ $this->file->save();
+
+ $this->node = Node::create([
+ 'title' => 'dummy_title',
+ 'type' => 'article',
+ 'uid' => 1,
+ 'body' => [
+ 'format' => 'plain_text',
+ 'value' => $this->randomStringValidate(42),
+ ],
+ 'field_tags' => [
+ ['target_id' => $this->term1->id()],
+ ['target_id' => $this->term2->id()],
+ ],
+ 'field_image' => [
+ [
+ 'target_id' => $this->file->id(),
+ 'alt' => 'test alt',
+ 'title' => 'test title',
+ 'width' => 10,
+ 'height' => 11,
+ ],
+ ],
+ ]);
+
+ $this->node->save();
+
+ $link_manager = $this->prophesize(LinkManager::class);
+ $link_manager
+ ->getEntityLink(Argument::any(), Argument::any(), Argument::type('array'), Argument::type('string'))
+ ->willReturn('dummy_entity_link');
+ $this->container->set('jsonapi.link_manager', $link_manager->reveal());
+
+ $this->nodeType = NodeType::load('article');
+
+ Role::create([
+ 'id' => RoleInterface::ANONYMOUS_ID,
+ 'permissions' => [
+ 'access content',
+ ],
+ ])->save();
+
+ $this->includeResolver = $this->container->get('jsonapi.include_resolver');
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function tearDown() {
+ if ($this->node) {
+ $this->node->delete();
+ }
+ if ($this->term1) {
+ $this->term1->delete();
+ }
+ if ($this->term2) {
+ $this->term2->delete();
+ }
+ if ($this->vocabulary) {
+ $this->vocabulary->delete();
+ }
+ if ($this->user) {
+ $this->user->delete();
+ }
+ if ($this->user2) {
+ $this->user2->delete();
+ }
+ }
+
+ /**
+ * @covers ::normalize
+ */
+ public function testNormalize() {
+ list($request, $resource_type) = $this->generateProphecies('node', 'article');
+
+ $resource_object = new ResourceObject($resource_type, $this->node);
+ $includes = $this->includeResolver->resolve($resource_object, 'uid,field_tags,field_image');
+
+ $jsonapi_doc_object = $this
+ ->getNormalizer()
+ ->normalize(
+ new JsonApiDocumentTopLevel($resource_object, $includes, new LinkCollection([])),
+ 'api_json',
+ [
+ 'resource_type' => $resource_type,
+ 'account' => NULL,
+ 'sparse_fieldset' => [
+ 'node--article' => [
+ 'title',
+ 'node_type',
+ 'uid',
+ 'field_tags',
+ 'field_image',
+ ],
+ 'user--user' => [
+ 'name',
+ ],
+ ],
+ 'include' => [
+ 'uid',
+ 'field_tags',
+ 'field_image',
+ ],
+ ]
+ );
+ $normalized = $jsonapi_doc_object->getNormalization();
+
+ // @see http://jsonapi.org/format/#document-jsonapi-object
+ $this->assertEquals($normalized['jsonapi']['version'], '1.0');
+ $this->assertEquals($normalized['jsonapi']['meta']['links']['self']['href'], 'http://jsonapi.org/format/1.0/');
+
+ $this->assertSame($normalized['data']['attributes']['title'], 'dummy_title');
+ $this->assertEquals($normalized['data']['id'], $this->node->uuid());
+ $this->assertSame([
+ 'data' => [
+ 'type' => 'node_type--node_type',
+ 'id' => NodeType::load('article')->uuid(),
+ ],
+ 'links' => [
+ 'self' => ['href' => 'dummy_entity_link'],
+ 'related' => ['href' => 'dummy_entity_link'],
+ ],
+ ], $normalized['data']['relationships']['node_type']);
+ $this->assertTrue(!isset($normalized['data']['attributes']['created']));
+ $this->assertEquals([
+ 'alt' => 'test alt',
+ 'title' => 'test title',
+ 'width' => 10,
+ 'height' => 11,
+ ], $normalized['data']['relationships']['field_image']['data']['meta']);
+ $this->assertSame('node--article', $normalized['data']['type']);
+ $this->assertEquals([
+ 'data' => [
+ 'type' => 'user--user',
+ 'id' => $this->user->uuid(),
+ ],
+ 'links' => [
+ 'self' => ['href' => 'dummy_entity_link'],
+ 'related' => ['href' => 'dummy_entity_link'],
+ ],
+ ], $normalized['data']['relationships']['uid']);
+ $this->assertTrue(empty($normalized['meta']['omitted']));
+ $this->assertSame($this->user->uuid(), $normalized['included'][0]['id']);
+ $this->assertSame('user--user', $normalized['included'][0]['type']);
+ $this->assertSame('user1', $normalized['included'][0]['attributes']['name']);
+ $this->assertCount(1, $normalized['included'][0]['attributes']);
+ $this->assertSame($this->term1->uuid(), $normalized['included'][1]['id']);
+ $this->assertSame('taxonomy_term--tags', $normalized['included'][1]['type']);
+ $this->assertSame($this->term1->label(), $normalized['included'][1]['attributes']['name']);
+ $this->assertCount(8, $normalized['included'][1]['attributes']);
+ $this->assertTrue(!isset($normalized['included'][1]['attributes']['created']));
+ // Make sure that the cache tags for the includes and the requested entities
+ // are bubbling as expected.
+ $this->assertArraySubset(
+ ['file:1', 'node:1', 'taxonomy_term:1', 'taxonomy_term:2', 'user:1'],
+ $jsonapi_doc_object->getCacheTags()
+ );
+ $this->assertSame(
+ Cache::PERMANENT,
+ $jsonapi_doc_object->getCacheMaxAge()
+ );
+ }
+
+ /**
+ * @covers ::normalize
+ */
+ public function testNormalizeRelated() {
+ $this->markTestIncomplete('This fails and should be fixed by https://www.drupal.org/project/jsonapi/issues/2922121');
+
+ list($request, $resource_type) = $this->generateProphecies('node', 'article', 'uid');
+ $request->query = new ParameterBag([
+ 'fields' => [
+ 'user--user' => 'name,roles',
+ ],
+ 'include' => 'roles',
+ ]);
+ $document_wrapper = $this->prophesize(JsonApiDocumentTopLevel::class);
+ $author = $this->node->get('uid')->entity;
+ $document_wrapper->getData()->willReturn($author);
+
+ $jsonapi_doc_object = $this
+ ->getNormalizer()
+ ->normalize(
+ $document_wrapper->reveal(),
+ 'api_json',
+ [
+ 'resource_type' => $resource_type,
+ 'account' => NULL,
+ ]
+ );
+ $normalized = $jsonapi_doc_object->getNormalization();
+ $this->assertSame($normalized['data']['attributes']['name'], 'user1');
+ $this->assertEquals($normalized['data']['id'], User::load(1)->uuid());
+ $this->assertEquals($normalized['data']['type'], 'user--user');
+ // Make sure that the cache tags for the includes and the requested entities
+ // are bubbling as expected.
+ $this->assertSame(['user:1'], $jsonapi_doc_object->getCacheTags());
+ $this->assertSame(Cache::PERMANENT, $jsonapi_doc_object->getCacheMaxAge());
+ }
+
+ /**
+ * @covers ::normalize
+ */
+ public function testNormalizeUuid() {
+ list($request, $resource_type) = $this->generateProphecies('node', 'article', 'uuid');
+ $resource_object = new ResourceObject($resource_type, $this->node);
+ $include_param = 'uid,field_tags';
+ $includes = $this->includeResolver->resolve($resource_object, $include_param);
+ $document_wrapper = new JsonApiDocumentTopLevel($resource_object, $includes, new LinkCollection([]));
+
+ $request->query = new ParameterBag([
+ 'fields' => [
+ 'node--article' => 'title,node_type,uid,field_tags',
+ 'user--user' => 'name',
+ ],
+ 'include' => $include_param,
+ ]);
+
+ $jsonapi_doc_object = $this
+ ->getNormalizer()
+ ->normalize(
+ $document_wrapper,
+ 'api_json',
+ [
+ 'resource_type' => $resource_type,
+ 'account' => NULL,
+ 'include' => [
+ 'uid',
+ 'field_tags',
+ ],
+ ]
+ );
+ $normalized = $jsonapi_doc_object->getNormalization();
+ $this->assertStringMatchesFormat($this->node->uuid(), $normalized['data']['id']);
+ $this->assertEquals($this->node->type->entity->uuid(), $normalized['data']['relationships']['node_type']['data']['id']);
+ $this->assertEquals($this->user->uuid(), $normalized['data']['relationships']['uid']['data']['id']);
+ $this->assertFalse(empty($normalized['included'][0]['id']));
+ $this->assertTrue(empty($normalized['meta']['omitted']));
+ $this->assertEquals($this->user->uuid(), $normalized['included'][0]['id']);
+ $this->assertCount(1, $normalized['included'][0]['attributes']);
+ $this->assertCount(8, $normalized['included'][1]['attributes']);
+ // Make sure that the cache tags for the includes and the requested entities
+ // are bubbling as expected.
+ $this->assertArraySubset(
+ ['node:1', 'taxonomy_term:1', 'taxonomy_term:2', 'user:1'],
+ $jsonapi_doc_object->getCacheTags()
+ );
+ }
+
+ /**
+ * @covers ::normalize
+ */
+ public function testNormalizeException() {
+ $normalized = $this
+ ->container
+ ->get('jsonapi.serializer')
+ ->normalize(
+ new JsonApiDocumentTopLevel(new ErrorCollection([new BadRequestHttpException('Lorem')]), new NullEntityCollection(), new LinkCollection([])),
+ 'api_json',
+ []
+ )->getNormalization();
+ $this->assertNotEmpty($normalized['errors']);
+ $this->assertArrayNotHasKey('data', $normalized);
+ $this->assertEquals(400, $normalized['errors'][0]['status']);
+ $this->assertEquals('Lorem', $normalized['errors'][0]['detail']);
+ $this->assertEquals([
+ 'info' => [
+ 'href' => 'http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.1',
+ ],
+ 'via' => ['href' => 'http://localhost/'],
+ ], $normalized['errors'][0]['links']);
+ }
+
+ /**
+ * @covers ::normalize
+ */
+ public function testNormalizeConfig() {
+ list($request, $resource_type) = $this->generateProphecies('node_type', 'node_type', 'id');
+ $resource_object = new ResourceObject($resource_type, $this->nodeType);
+ $document_wrapper = new JsonApiDocumentTopLevel($resource_object, new NullEntityCollection(), new LinkCollection([]));
+
+ $jsonapi_doc_object = $this
+ ->getNormalizer()
+ ->normalize($document_wrapper, 'api_json', [
+ 'resource_type' => $resource_type,
+ 'account' => NULL,
+ 'sparse_fieldset' => [
+ 'node_type--node_type' => [
+ 'description',
+ 'display_submitted',
+ ],
+ ],
+ ]);
+ $normalized = $jsonapi_doc_object->getNormalization();
+ $this->assertSame(['description', 'display_submitted'], array_keys($normalized['data']['attributes']));
+ $this->assertSame($normalized['data']['id'], NodeType::load('article')->uuid());
+ $this->assertSame($normalized['data']['type'], 'node_type--node_type');
+ // Make sure that the cache tags for the includes and the requested entities
+ // are bubbling as expected.
+ $this->assertSame(['config:node.type.article'], $jsonapi_doc_object->getCacheTags());
+ }
+
+ /**
+ * Try to POST a node and check if it exists afterwards.
+ *
+ * @covers ::denormalize
+ */
+ public function testDenormalize() {
+ $payload = '{"data":{"type":"article","attributes":{"title":"Testing article"}}}';
+
+ list($request, $resource_type) = $this->generateProphecies('node', 'article', 'id');
+ $node = $this
+ ->getNormalizer()
+ ->denormalize(Json::decode($payload), NULL, 'api_json', [
+ 'resource_type' => $resource_type,
+ ]);
+ $this->assertInstanceOf(Node::class, $node);
+ $this->assertSame('Testing article', $node->getTitle());
+ }
+
+ /**
+ * Try to POST a node and check if it exists afterwards.
+ *
+ * @covers ::denormalize
+ */
+ public function testDenormalizeUuid() {
+ $configurations = [
+ // Good data.
+ [
+ [
+ [$this->term2->uuid(), $this->term1->uuid()],
+ $this->user2->uuid(),
+ ],
+ [
+ [$this->term2->id(), $this->term1->id()],
+ $this->user2->id(),
+ ],
+ ],
+ // Good data, without any tags.
+ [
+ [
+ [],
+ $this->user2->uuid(),
+ ],
+ [
+ [],
+ $this->user2->id(),
+ ],
+ ],
+ // Bad data in first tag.
+ [
+ [
+ ['invalid-uuid', $this->term1->uuid()],
+ $this->user2->uuid(),
+ ],
+ [
+ [$this->term1->id()],
+ $this->user2->id(),
+ ],
+ 'taxonomy_term--tags:invalid-uuid',
+ ],
+ // Bad data in user and first tag.
+ [
+ [
+ ['invalid-uuid', $this->term1->uuid()],
+ 'also-invalid-uuid',
+ ],
+ [
+ [$this->term1->id()],
+ NULL,
+ ],
+ 'user--user:also-invalid-uuid',
+ ],
+ ];
+
+ foreach ($configurations as $configuration) {
+ list($payload_data, $expected) = $this->denormalizeUuidProviderBuilder($configuration);
+ $payload = Json::encode($payload_data);
+
+ list($request, $resource_type) = $this->generateProphecies('node', 'article');
+ $this->container->get('request_stack')->push($request);
+ try {
+ $node = $this
+ ->getNormalizer()
+ ->denormalize(Json::decode($payload), NULL, 'api_json', [
+ 'resource_type' => $resource_type,
+ ]);
+ }
+ catch (NotFoundHttpException $e) {
+ $non_existing_resource_identifier = $configuration[2];
+ $this->assertEquals("The resource identified by `$non_existing_resource_identifier` (given as a relationship item) could not be found.", $e->getMessage());
+ continue;
+ }
+
+ /* @var \Drupal\node\Entity\Node $node */
+ $this->assertInstanceOf(Node::class, $node);
+ $this->assertSame('Testing article', $node->getTitle());
+ if (!empty($expected['user_id'])) {
+ $owner = $node->getOwner();
+ $this->assertEquals($expected['user_id'], $owner->id());
+ }
+ $tags = $node->get('field_tags')->getValue();
+ if (!empty($expected['tag_ids'][0])) {
+ $this->assertEquals($expected['tag_ids'][0], $tags[0]['target_id']);
+ }
+ else {
+ $this->assertArrayNotHasKey(0, $tags);
+ }
+ if (!empty($expected['tag_ids'][1])) {
+ $this->assertEquals($expected['tag_ids'][1], $tags[1]['target_id']);
+ }
+ else {
+ $this->assertArrayNotHasKey(1, $tags);
+ }
+ }
+ }
+
+ /**
+ * Tests denormalization for related resources with missing or invalid types.
+ */
+ public function testDenormalizeInvalidTypeAndNoType() {
+ $payload_data = [
+ 'data' => [
+ 'type' => 'node--article',
+ 'attributes' => [
+ 'title' => 'Testing article',
+ 'id' => '33095485-70D2-4E51-A309-535CC5BC0115',
+ ],
+ 'relationships' => [
+ 'uid' => [
+ 'data' => [
+ 'type' => 'user--user',
+ 'id' => $this->user2->uuid(),
+ ],
+ ],
+ 'field_tags' => [
+ 'data' => [
+ [
+ 'type' => 'foobar',
+ 'id' => $this->term1->uuid(),
+ ],
+ ],
+ ],
+ ],
+ ],
+ ];
+
+ // Test relationship member with invalid type.
+ $payload = Json::encode($payload_data);
+ list($request, $resource_type) = $this->generateProphecies('node', 'article');
+ $this->container->get('request_stack')->push($request);
+ try {
+ $this
+ ->getNormalizer()
+ ->denormalize(Json::decode($payload), NULL, 'api_json', [
+ 'resource_type' => $resource_type,
+ ]);
+
+ $this->fail('No assertion thrown for invalid type');
+ }
+ catch (BadRequestHttpException $e) {
+ $this->assertEquals("Invalid type specified for related resource: 'foobar'", $e->getMessage());
+ }
+
+ // Test relationship member with no type.
+ unset($payload_data['data']['relationships']['field_tags']['data'][0]['type']);
+
+ $payload = Json::encode($payload_data);
+ list($request, $resource_type) = $this->generateProphecies('node', 'article');
+ $this->container->get('request_stack')->push($request);
+ try {
+ $this->container->get('jsonapi_test_normalizers_kernel.jsonapi_document_toplevel')
+ ->denormalize(Json::decode($payload), NULL, 'api_json', [
+ 'resource_type' => $resource_type,
+ ]);
+
+ $this->fail('No assertion thrown for missing type');
+ }
+ catch (BadRequestHttpException $e) {
+ $this->assertEquals("No type specified for related resource", $e->getMessage());
+ }
+ }
+
+ /**
+ * We cannot use a PHPUnit data provider because our data depends on $this.
+ *
+ * @param array $options
+ * Options for how to construct test data.
+ *
+ * @return array
+ * The test data.
+ */
+ protected function denormalizeUuidProviderBuilder(array $options) {
+ list($input, $expected) = $options;
+ list($input_tag_uuids, $input_user_uuid) = $input;
+ list($expected_tag_ids, $expected_user_id) = $expected;
+
+ $node = [
+ [
+ 'data' => [
+ 'type' => 'node--article',
+ 'attributes' => [
+ 'title' => 'Testing article',
+ ],
+ 'relationships' => [
+ 'uid' => [
+ 'data' => [
+ 'type' => 'user--user',
+ 'id' => $input_user_uuid,
+ ],
+ ],
+ 'field_tags' => [
+ 'data' => [],
+ ],
+ ],
+ ],
+ ],
+ [
+ 'tag_ids' => $expected_tag_ids,
+ 'user_id' => $expected_user_id,
+ ],
+ ];
+
+ if (isset($input_tag_uuids[0])) {
+ $node[0]['data']['relationships']['field_tags']['data'][0] = [
+ 'type' => 'taxonomy_term--tags',
+ 'id' => $input_tag_uuids[0],
+ ];
+ }
+ if (isset($input_tag_uuids[1])) {
+ $node[0]['data']['relationships']['field_tags']['data'][1] = [
+ 'type' => 'taxonomy_term--tags',
+ 'id' => $input_tag_uuids[1],
+ ];
+ }
+ return $node;
+ }
+
+ /**
+ * Ensure that cacheability metadata is properly added.
+ *
+ * @param \Drupal\Core\Cache\CacheableMetadata $expected_metadata
+ * The expected cacheable metadata.
+ * @param array|null $fields
+ * Fields to include in the response, keyed by resource type.
+ * @param array|null $includes
+ * Resources paths to include in the response.
+ *
+ * @dataProvider testCacheableMetadataProvider
+ */
+ public function testCacheableMetadata(CacheableMetadata $expected_metadata, $fields = NULL, $includes = NULL) {
+ list($request, $resource_type) = $this->generateProphecies('node', 'article');
+ $resource_object = new ResourceObject($resource_type, $this->node);
+ $context = [
+ 'resource_type' => $resource_type,
+ 'account' => NULL,
+ ];
+ $jsonapi_doc_object = $this->getNormalizer()->normalize(new JsonApiDocumentTopLevel($resource_object, new NullEntityCollection(), new LinkCollection([])), 'api_json', $context);
+ $this->assertArraySubset($expected_metadata->getCacheTags(), $jsonapi_doc_object->getCacheTags());
+ $this->assertArraySubset($expected_metadata->getCacheContexts(), $jsonapi_doc_object->getCacheContexts());
+ $this->assertSame($expected_metadata->getCacheMaxAge(), $jsonapi_doc_object->getCacheMaxAge());
+ }
+
+ /**
+ * Provides test cases for asserting cacheable metadata behavior.
+ */
+ public function testCacheableMetadataProvider() {
+ $cacheable_metadata = function ($metadata) {
+ return CacheableMetadata::createFromRenderArray(['#cache' => $metadata]);
+ };
+
+ return [
+ [
+ $cacheable_metadata(['contexts' => ['languages:language_interface']]),
+ ['node--article' => 'body'],
+ ],
+ ];
+ }
+
+ /**
+ * Decorates a request with sparse fieldsets and includes.
+ */
+ protected function decorateRequest(Request $request, array $fields = NULL, array $includes = NULL) {
+ $parameters = new ParameterBag();
+ $parameters->add($fields ? ['fields' => $fields] : []);
+ $parameters->add($includes ? ['include' => $includes] : []);
+ $request->query = $parameters;
+ return $request;
+ }
+
+ /**
+ * Helper to load the normalizer.
+ */
+ protected function getNormalizer() {
+ $normalizer_service = $this->container->get('jsonapi_test_normalizers_kernel.jsonapi_document_toplevel');
+ // Simulate what happens when this normalizer service is used via the
+ // serializer service, as it is meant to be used.
+ $normalizer_service->setSerializer($this->container->get('jsonapi.serializer'));
+ return $normalizer_service;
+ }
+
+ /**
+ * Generates the prophecies for the mocked entity request.
+ *
+ * @param string $entity_type_id
+ * The ID of the entity type. Ex: node.
+ * @param string $bundle
+ * The bundle. Ex: article.
+ *
+ * @return array
+ * A numeric array containing the request and the ResourceType.
+ *
+ * @throws \Exception
+ */
+ protected function generateProphecies($entity_type_id, $bundle) {
+ $resource_type = $this->container->get('jsonapi.resource_type.repository')->get($entity_type_id, $bundle);
+
+ return [new Request(), $resource_type];
+ }
+
+}
diff --git a/core/modules/jsonapi/tests/src/Kernel/Query/FilterTest.php b/core/modules/jsonapi/tests/src/Kernel/Query/FilterTest.php
new file mode 100644
index 0000000000..3c1e3820b1
--- /dev/null
+++ b/core/modules/jsonapi/tests/src/Kernel/Query/FilterTest.php
@@ -0,0 +1,407 @@
+setUpSchemas();
+
+ $this->savePaintingType();
+
+ // ((RED or CIRCLE) or (YELLOW and SQUARE))
+ $this->savePaintings([
+ ['colors' => ['red'], 'shapes' => ['triangle'], 'title' => 'FIND'],
+ ['colors' => ['orange'], 'shapes' => ['circle'], 'title' => 'FIND'],
+ ['colors' => ['orange'], 'shapes' => ['triangle'], 'title' => 'DONT_FIND'],
+ ['colors' => ['yellow'], 'shapes' => ['square'], 'title' => 'FIND'],
+ ['colors' => ['yellow'], 'shapes' => ['triangle'], 'title' => 'DONT_FIND'],
+ ['colors' => ['orange'], 'shapes' => ['square'], 'title' => 'DONT_FIND'],
+ ]);
+
+ $this->nodeStorage = $this->container->get('entity_type.manager')->getStorage('node');
+ $this->fieldResolver = $this->container->get('jsonapi.field_resolver');
+ }
+
+ /**
+ * @covers ::queryCondition
+ */
+ public function testInvalidFilterPathDueToMissingPropertyName() {
+ $this->setExpectedException(CacheableBadRequestHttpException::class, 'Invalid nested filtering. The field `colors`, given in the path `colors` is incomplete, it must end with one of the following specifiers: `value`, `format`, `processed`.');
+ $resource_type = new ResourceType('node', 'painting', NULL);
+ Filter::createFromQueryParameter(['colors' => ''], $resource_type, $this->fieldResolver);
+ }
+
+ /**
+ * @covers ::queryCondition
+ */
+ public function testInvalidFilterPathDueToMissingPropertyNameReferenceFieldWithMetaProperties() {
+ $this->setExpectedException(CacheableBadRequestHttpException::class, 'Invalid nested filtering. The field `photo`, given in the path `photo` is incomplete, it must end with one of the following specifiers: `id`, `meta.alt`, `meta.title`, `meta.width`, `meta.height`.');
+ $resource_type = new ResourceType('node', 'painting', NULL);
+ Filter::createFromQueryParameter(['photo' => ''], $resource_type, $this->fieldResolver);
+ }
+
+ /**
+ * @covers ::queryCondition
+ */
+ public function testInvalidFilterPathDueMissingMetaPrefixReferenceFieldWithMetaProperties() {
+ $this->setExpectedException(CacheableBadRequestHttpException::class, 'Invalid nested filtering. The property `alt`, given in the path `photo.alt` belongs to the meta object of a relationship and must be preceded by `meta`.');
+ $resource_type = new ResourceType('node', 'painting', NULL);
+ Filter::createFromQueryParameter(['photo.alt' => ''], $resource_type, $this->fieldResolver);
+ }
+
+ /**
+ * @covers ::queryCondition
+ */
+ public function testInvalidFilterPathDueToMissingPropertyNameReferenceFieldWithoutMetaProperties() {
+ $this->setExpectedException(CacheableBadRequestHttpException::class, 'Invalid nested filtering. The field `uid`, given in the path `uid` is incomplete, it must end with one of the following specifiers: `id`.');
+ $resource_type = new ResourceType('node', 'painting', NULL);
+ Filter::createFromQueryParameter(['uid' => ''], $resource_type, $this->fieldResolver);
+ }
+
+ /**
+ * @covers ::queryCondition
+ */
+ public function testInvalidFilterPathDueToNonexistentProperty() {
+ $this->setExpectedException(CacheableBadRequestHttpException::class, 'Invalid nested filtering. The property `foobar`, given in the path `colors.foobar`, does not exist. Must be one of the following property names: `value`, `format`, `processed`.');
+ $resource_type = new ResourceType('node', 'painting', NULL);
+ Filter::createFromQueryParameter(['colors.foobar' => ''], $resource_type, $this->fieldResolver);
+ }
+
+ /**
+ * @covers ::queryCondition
+ */
+ public function testInvalidFilterPathDueToElidedSoleProperty() {
+ $this->setExpectedException(CacheableBadRequestHttpException::class, 'Invalid nested filtering. The property `value`, given in the path `promote.value`, does not exist. Filter by `promote`, not `promote.value` (the JSON:API module elides property names from single-property fields).');
+ $resource_type = new ResourceType('node', 'painting', NULL);
+ Filter::createFromQueryParameter(['promote.value' => ''], $resource_type, $this->fieldResolver);
+ }
+
+ /**
+ * @covers ::queryCondition
+ */
+ public function testQueryCondition() {
+ // Can't use a data provider because we need access to the container.
+ $data = $this->queryConditionData();
+
+ $get_sql_query_for_entity_query = function ($entity_query) {
+ // Expose parts of \Drupal\Core\Entity\Query\Sql\Query::execute().
+ $o = new \ReflectionObject($entity_query);
+ $m1 = $o->getMethod('prepare');
+ $m1->setAccessible(TRUE);
+ $m2 = $o->getMethod('compile');
+ $m2->setAccessible(TRUE);
+
+ // The private property computed by the two previous private calls, whose
+ // value we need to inspect.
+ $p = $o->getProperty('sqlQuery');
+ $p->setAccessible(TRUE);
+
+ $m1->invoke($entity_query);
+ $m2->invoke($entity_query);
+ return (string) $p->getValue($entity_query);
+ };
+
+ $resource_type = new ResourceType('node', 'painting', NULL);
+ foreach ($data as $case) {
+ $parameter = $case[0];
+ $expected_query = $case[1];
+ $filter = Filter::createFromQueryParameter($parameter, $resource_type, $this->fieldResolver);
+
+ $query = $this->nodeStorage->getQuery();
+
+ // Get the query condition parsed from the input.
+ $condition = $filter->queryCondition($query);
+
+ // Apply it to the query.
+ $query->condition($condition);
+
+ // Verify the SQL query is exactly the same.
+ $expected_sql_query = $get_sql_query_for_entity_query($expected_query);
+ $actual_sql_query = $get_sql_query_for_entity_query($query);
+ $this->assertSame($expected_sql_query, $actual_sql_query);
+
+ // Compare the results.
+ $this->assertEquals($expected_query->execute(), $query->execute());
+ }
+ }
+
+ /**
+ * Simply provides test data to keep the actual test method tidy.
+ */
+ protected function queryConditionData() {
+ // ((RED or CIRCLE) or (YELLOW and SQUARE))
+ $query = $this->nodeStorage->getQuery();
+
+ $or_group = $query->orConditionGroup();
+
+ $nested_or_group = $query->orConditionGroup();
+ $nested_or_group->condition('colors', 'red', 'CONTAINS');
+ $nested_or_group->condition('shapes', 'circle', 'CONTAINS');
+ $or_group->condition($nested_or_group);
+
+ $nested_and_group = $query->andConditionGroup();
+ $nested_and_group->condition('colors', 'yellow', 'CONTAINS');
+ $nested_and_group->condition('shapes', 'square', 'CONTAINS');
+ $nested_and_group->notExists('photo.alt');
+ $or_group->condition($nested_and_group);
+
+ $query->condition($or_group);
+
+ return [
+ [
+ [
+ 'or-group' => ['group' => ['conjunction' => 'OR']],
+ 'nested-or-group' => ['group' => ['conjunction' => 'OR', 'memberOf' => 'or-group']],
+ 'nested-and-group' => ['group' => ['conjunction' => 'AND', 'memberOf' => 'or-group']],
+ 'condition-0' => [
+ 'condition' => [
+ 'path' => 'colors.value',
+ 'value' => 'red',
+ 'operator' => 'CONTAINS',
+ 'memberOf' => 'nested-or-group',
+ ],
+ ],
+ 'condition-1' => [
+ 'condition' => [
+ 'path' => 'shapes.value',
+ 'value' => 'circle',
+ 'operator' => 'CONTAINS',
+ 'memberOf' => 'nested-or-group',
+ ],
+ ],
+ 'condition-2' => [
+ 'condition' => [
+ 'path' => 'colors.value',
+ 'value' => 'yellow',
+ 'operator' =>
+ 'CONTAINS',
+ 'memberOf' => 'nested-and-group',
+ ],
+ ],
+ 'condition-3' => [
+ 'condition' => [
+ 'path' => 'shapes.value',
+ 'value' => 'square',
+ 'operator' => 'CONTAINS',
+ 'memberOf' => 'nested-and-group',
+ ],
+ ],
+ 'condition-4' => [
+ 'condition' => [
+ 'path' => 'photo.meta.alt',
+ 'operator' => 'IS NULL',
+ 'memberOf' => 'nested-and-group',
+ ],
+ ],
+ ],
+ $query,
+ ],
+ ];
+ }
+
+ /**
+ * Sets up the schemas.
+ */
+ protected function setUpSchemas() {
+ $this->installSchema('system', ['sequences']);
+ $this->installSchema('node', ['node_access']);
+ $this->installSchema('user', ['users_data']);
+
+ $this->installSchema('user', []);
+ foreach (['user', 'node'] as $entity_type_id) {
+ $this->installEntitySchema($entity_type_id);
+ }
+ }
+
+ /**
+ * Creates a painting node type.
+ */
+ protected function savePaintingType() {
+ NodeType::create([
+ 'type' => 'painting',
+ ])->save();
+ $this->createTextField(
+ 'node', 'painting',
+ 'colors', 'Colors',
+ FieldStorageDefinitionInterface::CARDINALITY_UNLIMITED
+ );
+ $this->createTextField(
+ 'node', 'painting',
+ 'shapes', 'Shapes',
+ FieldStorageDefinitionInterface::CARDINALITY_UNLIMITED
+ );
+ $this->createImageField('photo', 'painting');
+ }
+
+ /**
+ * Creates painting nodes.
+ */
+ protected function savePaintings($paintings) {
+ foreach ($paintings as $painting) {
+ Node::create(array_merge([
+ 'type' => 'painting',
+ ], $painting))->save();
+ }
+ }
+
+ /**
+ * @covers ::createFromQueryParameter
+ * @dataProvider parameterProvider
+ */
+ public function testCreateFromQueryParameter($case, $expected) {
+ $resource_type = new ResourceType('foo', 'bar', NULL);
+ $actual = Filter::createFromQueryParameter($case, $resource_type, $this->getFieldResolverMock($resource_type));
+ $conditions = $actual->root()->members();
+ for ($i = 0; $i < count($case); $i++) {
+ $this->assertEquals($expected[$i]['path'], $conditions[$i]->field());
+ $this->assertEquals($expected[$i]['value'], $conditions[$i]->value());
+ $this->assertEquals($expected[$i]['operator'], $conditions[$i]->operator());
+ }
+ }
+
+ /**
+ * Data provider for testCreateFromQueryParameter.
+ */
+ public function parameterProvider() {
+ return [
+ 'shorthand' => [
+ ['uid' => ['value' => 1]],
+ [['path' => 'uid', 'value' => 1, 'operator' => '=']],
+ ],
+ 'extreme shorthand' => [
+ ['uid' => 1],
+ [['path' => 'uid', 'value' => 1, 'operator' => '=']],
+ ],
+ ];
+ }
+
+ /**
+ * @covers ::createFromQueryParameter
+ */
+ public function testCreateFromQueryParameterNested() {
+ $parameter = [
+ 'or-group' => ['group' => ['conjunction' => 'OR']],
+ 'nested-or-group' => [
+ 'group' => ['conjunction' => 'OR', 'memberOf' => 'or-group'],
+ ],
+ 'nested-and-group' => [
+ 'group' => ['conjunction' => 'AND', 'memberOf' => 'or-group'],
+ ],
+ 'condition-0' => [
+ 'condition' => [
+ 'path' => 'field0',
+ 'value' => 'value0',
+ 'memberOf' => 'nested-or-group',
+ ],
+ ],
+ 'condition-1' => [
+ 'condition' => [
+ 'path' => 'field1',
+ 'value' => 'value1',
+ 'memberOf' => 'nested-or-group',
+ ],
+ ],
+ 'condition-2' => [
+ 'condition' => [
+ 'path' => 'field2',
+ 'value' => 'value2',
+ 'memberOf' => 'nested-and-group',
+ ],
+ ],
+ 'condition-3' => [
+ 'condition' => [
+ 'path' => 'field3',
+ 'value' => 'value3',
+ 'memberOf' => 'nested-and-group',
+ ],
+ ],
+ ];
+ $resource_type = new ResourceType('foo', 'bar', NULL);
+ $filter = Filter::createFromQueryParameter($parameter, $resource_type, $this->getFieldResolverMock($resource_type));
+ $root = $filter->root();
+
+ // Make sure the implicit root group was added.
+ $this->assertEquals($root->conjunction(), 'AND');
+
+ // Ensure the or-group and the and-group were added correctly.
+ $members = $root->members();
+
+ // Ensure the OR group was added.
+ $or_group = $members[0];
+ $this->assertEquals($or_group->conjunction(), 'OR');
+ $or_group_members = $or_group->members();
+
+ // Make sure the nested OR group was added with the right conditions.
+ $nested_or_group = $or_group_members[0];
+ $this->assertEquals($nested_or_group->conjunction(), 'OR');
+ $nested_or_group_members = $nested_or_group->members();
+ $this->assertEquals($nested_or_group_members[0]->field(), 'field0');
+ $this->assertEquals($nested_or_group_members[1]->field(), 'field1');
+
+ // Make sure the nested AND group was added with the right conditions.
+ $nested_and_group = $or_group_members[1];
+ $this->assertEquals($nested_and_group->conjunction(), 'AND');
+ $nested_and_group_members = $nested_and_group->members();
+ $this->assertEquals($nested_and_group_members[0]->field(), 'field2');
+ $this->assertEquals($nested_and_group_members[1]->field(), 'field3');
+ }
+
+ /**
+ * Provides a mock field resolver.
+ */
+ protected function getFieldResolverMock(ResourceType $resource_type) {
+ $field_resolver = $this->prophesize(FieldResolver::class);
+ $field_resolver->resolveInternalEntityQueryPath($resource_type->getEntityTypeId(), $resource_type->getBundle(), Argument::any())->willReturnArgument(2);
+ return $field_resolver->reveal();
+ }
+
+}
diff --git a/core/modules/jsonapi/tests/src/Kernel/ResourceType/RelatedResourceTypesTest.php b/core/modules/jsonapi/tests/src/Kernel/ResourceType/RelatedResourceTypesTest.php
new file mode 100644
index 0000000000..3ca39f855f
--- /dev/null
+++ b/core/modules/jsonapi/tests/src/Kernel/ResourceType/RelatedResourceTypesTest.php
@@ -0,0 +1,182 @@
+installEntitySchema('node');
+ $this->installEntitySchema('user');
+
+ // Add the additional table schemas.
+ $this->installSchema('system', ['sequences']);
+ $this->installSchema('node', ['node_access']);
+ $this->installSchema('user', ['users_data']);
+
+ NodeType::create([
+ 'type' => 'foo',
+ ])->save();
+
+ NodeType::create([
+ 'type' => 'bar',
+ ])->save();
+
+ $this->createEntityReferenceField(
+ 'node',
+ 'foo',
+ 'field_ref_bar',
+ 'Bar Reference',
+ 'node',
+ 'default',
+ ['target_bundles' => ['bar']]
+ );
+
+ $this->createEntityReferenceField(
+ 'node',
+ 'foo',
+ 'field_ref_foo',
+ 'Foo Reference',
+ 'node',
+ 'default',
+ // Important to test self-referencing resource types.
+ ['target_bundles' => ['foo']]
+ );
+
+ $this->createEntityReferenceField(
+ 'node',
+ 'foo',
+ 'field_ref_any',
+ 'Any Bundle Reference',
+ 'node',
+ 'default',
+ // This should result in a reference to any bundle.
+ ['target_bundles' => NULL]
+ );
+
+ $this->resourceTypeRepository = $this->container->get('jsonapi.resource_type.repository');
+ }
+
+ /**
+ * @covers ::getRelatableResourceTypes
+ * @dataProvider getRelatableResourceTypesProvider
+ */
+ public function testGetRelatableResourceTypes($resource_type_name, $relatable_type_names) {
+ // We're only testing the fields that we set up.
+ $test_fields = [
+ 'field_ref_foo',
+ 'field_ref_bar',
+ 'field_ref_any',
+ ];
+
+ $resource_type = $this->resourceTypeRepository->getByTypeName($resource_type_name);
+
+ // This extracts just the relationship fields under test.
+ $subjects = array_intersect_key(
+ $resource_type->getRelatableResourceTypes(),
+ array_flip($test_fields)
+ );
+
+ // Map the related resource type to their type name so we can just compare
+ // the type names rather that the whole object.
+ foreach ($test_fields as $field_name) {
+ if (isset($subjects[$field_name])) {
+ $subjects[$field_name] = array_map(function ($resource_type) {
+ return $resource_type->getTypeName();
+ }, $subjects[$field_name]);
+ }
+ }
+
+ $this->assertArraySubset($relatable_type_names, $subjects);
+ }
+
+ /**
+ * @covers ::getRelatableResourceTypes
+ * @dataProvider getRelatableResourceTypesProvider
+ */
+ public function getRelatableResourceTypesProvider() {
+ return [
+ [
+ 'node--foo',
+ [
+ 'field_ref_foo' => ['node--foo'],
+ 'field_ref_bar' => ['node--bar'],
+ 'field_ref_any' => ['node--foo', 'node--bar'],
+ ],
+ ],
+ ['node--bar', []],
+ ];
+ }
+
+ /**
+ * @covers ::getRelatableResourceTypesByField
+ * @dataProvider getRelatableResourceTypesByFieldProvider
+ */
+ public function testGetRelatableResourceTypesByField($entity_type_id, $bundle, $field) {
+ $resource_type = $this->resourceTypeRepository->get($entity_type_id, $bundle);
+ $relatable_types = $resource_type->getRelatableResourceTypes();
+ $this->assertSame(
+ $relatable_types[$field],
+ $resource_type->getRelatableResourceTypesByField($field)
+ );
+ }
+
+ /**
+ * Provides cases to test getRelatableTypesByField.
+ */
+ public function getRelatableResourceTypesByFieldProvider() {
+ return [
+ ['node', 'foo', 'field_ref_foo'],
+ ['node', 'foo', 'field_ref_bar'],
+ ['node', 'foo', 'field_ref_any'],
+ ];
+ }
+
+}
diff --git a/core/modules/jsonapi/tests/src/Kernel/ResourceType/ResourceTypeRepositoryTest.php b/core/modules/jsonapi/tests/src/Kernel/ResourceType/ResourceTypeRepositoryTest.php
new file mode 100644
index 0000000000..34da1445a7
--- /dev/null
+++ b/core/modules/jsonapi/tests/src/Kernel/ResourceType/ResourceTypeRepositoryTest.php
@@ -0,0 +1,100 @@
+installEntitySchema('node');
+ $this->installEntitySchema('user');
+ // Add the additional table schemas.
+ $this->installSchema('system', ['sequences']);
+ $this->installSchema('node', ['node_access']);
+ $this->installSchema('user', ['users_data']);
+ NodeType::create([
+ 'type' => 'article',
+ ])->save();
+ NodeType::create([
+ 'type' => 'page',
+ ])->save();
+
+ $this->resourceTypeRepository = $this->container->get('jsonapi.resource_type.repository');
+ }
+
+ /**
+ * @covers ::all
+ */
+ public function testAll() {
+ // Make sure that there are resources being created.
+ $all = $this->resourceTypeRepository->all();
+ $this->assertNotEmpty($all);
+ array_walk($all, function (ResourceType $resource_type) {
+ $this->assertNotEmpty($resource_type->getDeserializationTargetClass());
+ $this->assertNotEmpty($resource_type->getEntityTypeId());
+ $this->assertNotEmpty($resource_type->getTypeName());
+ });
+ }
+
+ /**
+ * @covers ::get
+ * @dataProvider getProvider
+ */
+ public function testGet($entity_type_id, $bundle, $entity_class) {
+ // Make sure that there are resources being created.
+ $resource_type = $this->resourceTypeRepository->get($entity_type_id, $bundle);
+ $this->assertInstanceOf(ResourceType::class, $resource_type);
+ $this->assertSame($entity_class, $resource_type->getDeserializationTargetClass());
+ $this->assertSame($entity_type_id, $resource_type->getEntityTypeId());
+ $this->assertSame($bundle, $resource_type->getBundle());
+ $this->assertSame($entity_type_id . '--' . $bundle, $resource_type->getTypeName());
+ }
+
+ /**
+ * Data provider for testGet.
+ *
+ * @returns array
+ * The data for the test method.
+ */
+ public function getProvider() {
+ return [
+ ['node', 'article', 'Drupal\node\Entity\Node'],
+ ['node_type', 'node_type', 'Drupal\node\Entity\NodeType'],
+ ['menu', 'menu', 'Drupal\system\Entity\Menu'],
+ ];
+ }
+
+}
diff --git a/core/modules/jsonapi/tests/src/Kernel/Revisions/VersionNegotiatorTest.php b/core/modules/jsonapi/tests/src/Kernel/Revisions/VersionNegotiatorTest.php
new file mode 100644
index 0000000000..e432e8ff9f
--- /dev/null
+++ b/core/modules/jsonapi/tests/src/Kernel/Revisions/VersionNegotiatorTest.php
@@ -0,0 +1,168 @@
+installEntitySchema('node');
+ $this->installEntitySchema('user');
+ // Add the additional table schemas.
+ $this->installSchema('system', ['sequences']);
+ $this->installSchema('node', ['node_access']);
+ $this->installSchema('user', ['users_data']);
+ $type = NodeType::create([
+ 'type' => 'dummy',
+ 'new_revision' => TRUE,
+ ]);
+ $type->save();
+
+ $this->user = User::create([
+ 'name' => 'user1',
+ 'mail' => 'user@localhost',
+ 'status' => 1,
+ ]);
+ $this->user->save();
+
+ $this->node = Node::create([
+ 'title' => 'dummy_title',
+ 'type' => 'dummy',
+ 'uid' => $this->user->id(),
+ ]);
+ $this->node->save();
+
+ $this->nodePreviousRevisionId = $this->node->getRevisionId();
+
+ $this->node->setNewRevision();
+ $this->node->setTitle('revised_dummy_title');
+ $this->node->save();
+
+ $this->node2 = Node::create([
+ 'type' => 'dummy',
+ 'title' => 'Another test node',
+ 'uid' => $this->user->id(),
+ ]);
+ $this->node2->save();
+
+ $entity_type_manager = \Drupal::entityTypeManager();
+ $version_negotiator = new VersionNegotiator();
+ $version_negotiator->addVersionNegotiator(new VersionById($entity_type_manager), 'id');
+ $version_negotiator->addVersionNegotiator(new VersionByRel($entity_type_manager), 'rel');
+ $this->versionNegotiator = $version_negotiator;
+
+ }
+
+ /**
+ * @covers \Drupal\jsonapi\Revisions\VersionById::getRevision
+ */
+ public function testOldRevision() {
+ $revision = $this->versionNegotiator->getRevision($this->node, 'id:' . $this->nodePreviousRevisionId);
+ $this->assertEquals($this->node->id(), $revision->id());
+ $this->assertEquals($this->nodePreviousRevisionId, $revision->getRevisionId());
+ }
+
+ /**
+ * @covers \Drupal\jsonapi\Revisions\VersionById::getRevision
+ */
+ public function testInvalidRevisionId() {
+ $this->setExpectedException(CacheableNotFoundHttpException::class, sprintf('The requested version, identified by `id:%s`, could not be found.', $this->node2->getRevisionId()));
+ $this->versionNegotiator->getRevision($this->node, 'id:' . $this->node2->getRevisionId());
+ }
+
+ /**
+ * @covers \Drupal\jsonapi\Revisions\VersionByRel::getRevision
+ */
+ public function testLatestVersion() {
+ $revision = $this->versionNegotiator->getRevision($this->node, 'rel:' . VersionByRel::LATEST_VERSION);
+ $this->assertEquals($this->node->id(), $revision->id());
+ $this->assertEquals($this->node->getRevisionId(), $revision->getRevisionId());
+ }
+
+ /**
+ * @covers \Drupal\jsonapi\Revisions\VersionByRel::getRevision
+ */
+ public function testCurrentVersion() {
+ $revision = $this->versionNegotiator->getRevision($this->node, 'rel:' . VersionByRel::WORKING_COPY);
+ $this->assertEquals($this->node->id(), $revision->id());
+ $this->assertEquals($this->node->id(), $revision->id());
+ $this->assertEquals($this->node->getRevisionId(), $revision->getRevisionId());
+ }
+
+ /**
+ * @covers \Drupal\jsonapi\Revisions\VersionByRel::getRevision
+ */
+ public function testInvalidRevisionRel() {
+ $this->setExpectedException(CacheableBadRequestHttpException::class, 'An invalid resource version identifier, `rel:erroneous-revision-name`, was provided.');
+ $this->versionNegotiator->getRevision($this->node, 'rel:erroneous-revision-name');
+ }
+
+}
diff --git a/core/modules/jsonapi/tests/src/Kernel/Serializer/SerializerTest.php b/core/modules/jsonapi/tests/src/Kernel/Serializer/SerializerTest.php
new file mode 100644
index 0000000000..97f0c06be4
--- /dev/null
+++ b/core/modules/jsonapi/tests/src/Kernel/Serializer/SerializerTest.php
@@ -0,0 +1,117 @@
+installEntitySchema('node');
+ $this->installEntitySchema('user');
+ // Add the additional table schemas.
+ $this->installSchema('system', ['sequences']);
+ $this->installSchema('node', ['node_access']);
+ $this->installSchema('user', ['users_data']);
+ $this->user = User::create([
+ 'name' => $this->randomString(),
+ 'status' => 1,
+ ]);
+ $this->user->save();
+ NodeType::create([
+ 'type' => 'foo',
+ ])->save();
+ $this->createTextField('node', 'foo', 'field_text', 'Text');
+ $this->node = Node::create([
+ 'title' => 'Test Node',
+ 'type' => 'foo',
+ 'field_text' => [
+ 'value' => 'This is some text.',
+ 'format' => 'text_plain',
+ ],
+ 'uid' => $this->user->id(),
+ ]);
+ $this->node->save();
+ $this->container->setAlias('sut', 'jsonapi.serializer');
+ $this->sut = $this->container->get('sut');
+ }
+
+ /**
+ * @covers \Drupal\jsonapi\Serializer\Serializer::normalize
+ */
+ public function testFallbackNormalizer() {
+ $context = ['account' => $this->user];
+
+ $value = $this->sut->normalize($this->node->field_text, 'api_json', $context);
+ $this->assertTrue($value instanceof CacheableNormalization);
+
+ $nested_field = [
+ $this->node->field_text,
+ ];
+
+ // When an object implements \IteratorAggregate and has corresponding
+ // fallback normalizer, it should be normalized by fallback normalizer.
+ $traversableObject = new TraversableObject();
+ $value = $this->sut->normalize($traversableObject, 'api_json', $context);
+ $this->assertEquals($traversableObject->property, $value);
+
+ // When wrapped in an array, we should still be using the JSON:API
+ // serializer.
+ $value = $this->sut->normalize($nested_field, 'api_json', $context);
+ $this->assertTrue($value[0] instanceof CacheableNormalization);
+
+ // Continue to use the fallback normalizer when we need it.
+ $data = Markup::create('Test Markup
');
+ $value = $this->sut->normalize($data, 'api_json', $context);
+
+ $this->assertEquals('Test Markup
', $value);
+ }
+
+}
diff --git a/core/modules/jsonapi/tests/src/Traits/CommonCollectionFilterAccessTestPatternsTrait.php b/core/modules/jsonapi/tests/src/Traits/CommonCollectionFilterAccessTestPatternsTrait.php
new file mode 100644
index 0000000000..8ac8a39ec6
--- /dev/null
+++ b/core/modules/jsonapi/tests/src/Traits/CommonCollectionFilterAccessTestPatternsTrait.php
@@ -0,0 +1,172 @@
+assertTrue($this->container->get('module_installer')->install(['entity_test'], TRUE), 'Installed modules.');
+ entity_test_create_bundle('bar', NULL, 'entity_test');
+ $this->createEntityReferenceField(
+ 'entity_test',
+ 'bar',
+ 'spotlight',
+ NULL,
+ static::$entityTypeId,
+ 'default',
+ [
+ 'target_bundles' => [
+ $this->entity->bundle() => $this->entity->bundle(),
+ ],
+ ]
+ );
+ $this->rebuildAll();
+ $this->grantPermissionsToTestedRole(['view test entity']);
+
+ // Create data.
+ $referencing_entity = EntityTest::create([
+ 'name' => 'Camelids',
+ 'type' => 'bar',
+ 'spotlight' => [
+ 'target_id' => $this->entity->id(),
+ ],
+ ]);
+ $referencing_entity->save();
+
+ // Test.
+ $collection_url = Url::fromRoute('jsonapi.entity_test--bar.collection');
+ // Specifying a delta exercises TemporaryQueryGaurd more thoroughly.
+ $filter_path = "spotlight.0.$label_field_name";
+ $collection_filter_url = $collection_url->setOption('query', ["filter[$filter_path]" => $this->entity->label()]);
+ $request_options = [];
+ $request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
+ $request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions());
+ if ($view_permission !== NULL) {
+ // ?filter[spotlight.LABEL]: 0 results.
+ $response = $this->request('GET', $collection_filter_url, $request_options);
+ $doc = Json::decode((string) $response->getBody());
+ $this->assertCount(0, $doc['data']);
+ // Grant "view" permission.
+ $this->grantPermissionsToTestedRole([$view_permission]);
+ }
+ // ?filter[spotlight.LABEL]: 1 result.
+ $response = $this->request('GET', $collection_filter_url, $request_options);
+ $doc = Json::decode((string) $response->getBody());
+ $this->assertCount(1, $doc['data']);
+ $this->assertSame($referencing_entity->uuid(), $doc['data'][0]['id']);
+
+ // ?filter[spotlight.LABEL]: 1 result.
+ $response = $this->request('GET', $collection_filter_url, $request_options);
+ $doc = Json::decode((string) $response->getBody());
+ $this->assertCount(1, $doc['data']);
+ $this->assertSame($referencing_entity->uuid(), $doc['data'][0]['id']);
+
+ // Install the jsonapi_test_field_filter_access module, which contains a
+ // hook_jsonapi_entity_field_filter_access() implementation that forbids
+ // access to the spotlight field if the 'filter by spotlight field'
+ // permission is not granted.
+ $this->assertTrue($this->container->get('module_installer')->install(['jsonapi_test_field_filter_access'], TRUE), 'Installed modules.');
+ $this->rebuildAll();
+
+ // Ensure that a 403 response is generated for attempting to filter by a
+ // field that is forbidden by an implementation of
+ // hook_jsonapi_entity_field_filter_access() .
+ $response = $this->request('GET', $collection_filter_url, $request_options);
+ $message = "The current user is not authorized to filter by the `spotlight` field, given in the path `spotlight`.";
+ $expected_cache_tags = ['4xx-response', 'http_response'];
+ $expected_cache_contexts = [
+ 'url.query_args:filter',
+ 'url.query_args:sort',
+ 'url.site',
+ 'user.permissions',
+ ];
+ $this->assertResourceErrorResponse(403, $message, $collection_filter_url, $response, FALSE, $expected_cache_tags, $expected_cache_contexts, FALSE, 'MISS');
+ // And ensure the it is allowed when the proper permission is granted.
+ $this->grantPermissionsToTestedRole(['filter by spotlight field']);
+ $response = $this->request('GET', $collection_filter_url, $request_options);
+ $doc = Json::decode((string) $response->getBody());
+ $this->assertCount(1, $doc['data']);
+ $this->assertSame($referencing_entity->uuid(), $doc['data'][0]['id']);
+ $this->revokePermissionsFromTestedRole(['filter by spotlight field']);
+
+ $this->assertTrue($this->container->get('module_installer')->uninstall(['jsonapi_test_field_filter_access'], TRUE), 'Uninstalled modules.');
+
+ return $referencing_entity;
+ }
+
+ /**
+ * Implements ::testCollectionFilterAccess() for permission + status access.
+ *
+ * @param string $label_field_name
+ * The entity type's label field name.
+ * @param string $view_permission
+ * The entity type's permission that grants 'view' access (for published
+ * entities of this type).
+ * @param string $admin_permission
+ * The entity type's permission that grants 'view' access (for unpublished
+ * entities of this type).
+ *
+ * @return \Drupal\Core\Entity\EntityInterface
+ * The referencing entity.
+ */
+ public function doTestCollectionFilterAccessForPublishableEntities($label_field_name, $view_permission, $admin_permission) {
+ assert($this->entity instanceof EntityPublishedInterface);
+ $this->assertTrue($this->entity->isPublished());
+
+ $referencing_entity = $this->doTestCollectionFilterAccessBasedOnPermissions($label_field_name, $view_permission);
+
+ $collection_url = Url::fromRoute('jsonapi.entity_test--bar.collection');
+ $collection_filter_url = $collection_url->setOption('query', ["filter[spotlight.$label_field_name]" => $this->entity->label()]);
+ $request_options = [];
+ $request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
+ $request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions());
+
+ // Unpublish.
+ $this->entity->setUnpublished()->save();
+ // ?filter[spotlight.LABEL]: no result because the test entity is
+ // unpublished. This proves that appropriate cache tags are bubbled.
+ $response = $this->request('GET', $collection_filter_url, $request_options);
+ $doc = Json::decode((string) $response->getBody());
+ $this->assertCount(0, $doc['data']);
+ // Grant admin permission.
+ $this->grantPermissionsToTestedRole([$admin_permission]);
+ // ?filter[spotlight.LABEL]: 1 result despite the test entity being
+ // unpublished, thanks to the admin permission. This proves that the
+ // appropriate cache contexts are bubbled.
+ $response = $this->request('GET', $collection_filter_url, $request_options);
+ $doc = Json::decode((string) $response->getBody());
+ $this->assertCount(1, $doc['data']);
+ $this->assertSame($referencing_entity->uuid(), $doc['data'][0]['id']);
+
+ return $referencing_entity;
+ }
+
+}
diff --git a/core/modules/jsonapi/tests/src/Unit/EventSubscriber/ResourceResponseValidatorTest.php b/core/modules/jsonapi/tests/src/Unit/EventSubscriber/ResourceResponseValidatorTest.php
new file mode 100644
index 0000000000..7e79c187fc
--- /dev/null
+++ b/core/modules/jsonapi/tests/src/Unit/EventSubscriber/ResourceResponseValidatorTest.php
@@ -0,0 +1,247 @@
+fail('The JSON Schema validator is missing. You can install it with `composer require justinrainbow/json-schema`.');
+ }
+
+ $module_handler = $this->prophesize(ModuleHandlerInterface::class);
+ $module = $this->prophesize(Extension::class);
+ $module_path = dirname(dirname(dirname(dirname(__DIR__))));
+ $module->getPath()->willReturn($module_path);
+ $module_handler->getModule('jsonapi')->willReturn($module->reveal());
+ $encoders = [new JsonEncoder()];
+ if (class_exists(JsonSchemaEncoder::class)) {
+ $encoders[] = new JsonSchemaEncoder();
+ }
+ $subscriber = new ResourceResponseValidator(
+ new Serializer([], $encoders),
+ $this->prophesize(LoggerInterface::class)->reveal(),
+ $module_handler->reveal(),
+ ''
+ );
+ $subscriber->setValidator();
+ $this->subscriber = $subscriber;
+ }
+
+ /**
+ * @covers ::doValidateResponse
+ */
+ public function testDoValidateResponse() {
+ $request = $this->createRequest(
+ 'jsonapi.node--article.individual',
+ new ResourceType('node', 'article', NULL)
+ );
+
+ $response = $this->createResponse('{"data":null}');
+
+ // Capture the default assert settings.
+ $zend_assertions_default = ini_get('zend.assertions');
+ $assert_active_default = assert_options(ASSERT_ACTIVE);
+
+ // The validator *should* be called when asserts are active.
+ $validator = $this->prophesize(Validator::class);
+ $validator->check(Argument::any(), Argument::any())->shouldBeCalled('Validation should be run when asserts are active.');
+ $validator->isValid()->willReturn(TRUE);
+ $this->subscriber->setValidator($validator->reveal());
+
+ // Ensure asset is active.
+ ini_set('zend.assertions', 1);
+ assert_options(ASSERT_ACTIVE, 1);
+ $this->subscriber->doValidateResponse($response, $request);
+
+ // The validator should *not* be called when asserts are inactive.
+ $validator = $this->prophesize(Validator::class);
+ $validator->check(Argument::any(), Argument::any())->shouldNotBeCalled('Validation should not be run when asserts are not active.');
+ $this->subscriber->setValidator($validator->reveal());
+
+ // Ensure asset is inactive.
+ ini_set('zend.assertions', 0);
+ assert_options(ASSERT_ACTIVE, 0);
+ $this->subscriber->doValidateResponse($response, $request);
+
+ // Reset the original assert values.
+ ini_set('zend.assertions', $zend_assertions_default);
+ assert_options(ASSERT_ACTIVE, $assert_active_default);
+ }
+
+ /**
+ * @covers ::validateResponse
+ * @dataProvider validateResponseProvider
+ */
+ public function testValidateResponse($request, $response, $expected, $description) {
+ // Expose protected ResourceResponseSubscriber::validateResponse() method.
+ $object = new \ReflectionObject($this->subscriber);
+ $method = $object->getMethod('validateResponse');
+ $method->setAccessible(TRUE);
+
+ $this->assertSame($expected, $method->invoke($this->subscriber, $response, $request), $description);
+ }
+
+ /**
+ * Provides test cases for testValidateResponse.
+ *
+ * @return array
+ * An array of test cases.
+ */
+ public function validateResponseProvider() {
+ $defaults = [
+ 'route_name' => 'jsonapi.node--article.individual',
+ 'resource_type' => new ResourceType('node', 'article', NULL),
+ ];
+
+ $test_data = [
+ // Test validation success.
+ [
+ 'json' => <<<'EOD'
+{
+ "data": {
+ "type": "node--article",
+ "id": "4f342419-e668-4b76-9f87-7ce20c436169",
+ "attributes": {
+ "nid": "1",
+ "uuid": "4f342419-e668-4b76-9f87-7ce20c436169"
+ }
+ }
+}
+EOD
+ ,
+ 'expected' => TRUE,
+ 'description' => 'Response validation flagged a valid response.',
+ ],
+ // Test validation failure: no "type" in "data".
+ [
+ 'json' => <<<'EOD'
+{
+ "data": {
+ "id": "4f342419-e668-4b76-9f87-7ce20c436169",
+ "attributes": {
+ "nid": "1",
+ "uuid": "4f342419-e668-4b76-9f87-7ce20c436169"
+ }
+ }
+}
+EOD
+ ,
+ 'expected' => FALSE,
+ 'description' => 'Response validation failed to flag an invalid response.',
+ ],
+ // Test validation failure: "errors" at the root level.
+ [
+ 'json' => <<<'EOD'
+{
+ "data": {
+ "type": "node--article",
+ "id": "4f342419-e668-4b76-9f87-7ce20c436169",
+ "attributes": {
+ "nid": "1",
+ "uuid": "4f342419-e668-4b76-9f87-7ce20c436169"
+ }
+ },
+ "errors": [{}]
+}
+EOD
+ ,
+ 'expected' => FALSE,
+ 'description' => 'Response validation failed to flag an invalid response.',
+ ],
+ // Test validation of an empty response passes.
+ [
+ 'json' => NULL,
+ 'expected' => TRUE,
+ 'description' => 'Response validation flagged a valid empty response.',
+ ],
+ // Test validation fails on empty object.
+ [
+ 'json' => '{}',
+ 'expected' => FALSE,
+ 'description' => 'Response validation flags empty array as invalid.',
+ ],
+ ];
+
+ $test_cases = array_map(function ($input) use ($defaults) {
+ list($json, $expected, $description, $route_name, $resource_type) = array_values($input + $defaults);
+ return [
+ $this->createRequest($route_name, $resource_type),
+ $this->createResponse($json),
+ $expected,
+ $description,
+ ];
+ }, $test_data);
+
+ return $test_cases;
+ }
+
+ /**
+ * Helper method to create a request object.
+ *
+ * @param string $route_name
+ * The route name with which to construct a request.
+ * @param \Drupal\jsonapi\ResourceType\ResourceType $resource_type
+ * The resource type for the requested route.
+ *
+ * @return \Symfony\Component\HttpFoundation\Request
+ * The mock request object.
+ */
+ protected function createRequest($route_name, ResourceType $resource_type) {
+ $request = new Request();
+ $request->attributes->set(RouteObjectInterface::ROUTE_NAME, $route_name);
+ $request->attributes->set(Routes::RESOURCE_TYPE_KEY, $resource_type);
+ return $request;
+ }
+
+ /**
+ * Helper method to create a resource response from arbitrary JSON.
+ *
+ * @param string|null $json
+ * The JSON with which to create a mock response.
+ *
+ * @return \Drupal\rest\ResourceResponse
+ * The mock response object.
+ */
+ protected function createResponse($json = NULL) {
+ $response = new ResourceResponse();
+ if ($json) {
+ $response->setContent($json);
+ }
+ return $response;
+ }
+
+}
diff --git a/core/modules/jsonapi/tests/src/Unit/JsonApiSpecTest.php b/core/modules/jsonapi/tests/src/Unit/JsonApiSpecTest.php
new file mode 100644
index 0000000000..a55c09641d
--- /dev/null
+++ b/core/modules/jsonapi/tests/src/Unit/JsonApiSpecTest.php
@@ -0,0 +1,126 @@
+assertSame($expected, JsonApiSpec::isValidMemberName($member_name));
+ }
+
+ /**
+ * Data provider for testIsValidMemberName.
+ */
+ public function providerTestIsValidMemberName() {
+ // Copied from http://jsonapi.org/format/upcoming/#document-member-names.
+ $data = [];
+ $data['alphanumeric-lowercase'] = ['12kittens', TRUE];
+ $data['alphanumeric-uppercase'] = ['12KITTENS', TRUE];
+ $data['alphanumeric-mixed'] = ['12KiTtEnS', TRUE];
+ $data['unicode-above-u+0080'] = ['12🐱🐱', TRUE];
+ $data['hyphen-start'] = ['-kittens', FALSE];
+ $data['hyphen-middle'] = ['kitt-ens', TRUE];
+ $data['hyphen-end'] = ['kittens-', FALSE];
+ $data['lowline-start'] = ['_kittens', FALSE];
+ $data['lowline-middle'] = ['kitt_ens', TRUE];
+ $data['lowline-end'] = ['kittens_', FALSE];
+ $data['space-start'] = [' kittens', FALSE];
+ $data['space-middle'] = ['kitt ens', TRUE];
+ $data['space-end'] = ['kittens ', FALSE];
+
+ // Additional test cases.
+ // @todo When D8 requires PHP >= 7, convert to \u{10FFFF}.
+ $data['unicode-above-u+0080-highest-allowed'] = ["12", TRUE];
+ $data['single-character'] = ['a', TRUE];
+
+ $unsafe_chars = [
+ '+',
+ ',',
+ '.',
+ '[',
+ ']',
+ '!',
+ '"',
+ '#',
+ '$',
+ '%',
+ '&',
+ '\'',
+ '(',
+ ')',
+ '*',
+ '/',
+ ':',
+ ';',
+ '<',
+ '=',
+ '>',
+ '?',
+ '@',
+ '\\',
+ '^',
+ '`',
+ '{',
+ '|',
+ '}',
+ '~',
+ ];
+ foreach ($unsafe_chars as $unsafe_char) {
+ $data['unsafe-' . $unsafe_char] = ['kitt' . $unsafe_char . 'ens', FALSE];
+ }
+
+ // The ASCII control characters are in the range 0x00 to 0x1F plus 0x7F.
+ for ($ascii = 0; $ascii <= 0x1F; $ascii++) {
+ $data['unsafe-ascii-control-' . $ascii] = ['kitt' . chr($ascii) . 'ens', FALSE];
+ }
+ $data['unsafe-ascii-control-' . 0x7F] = ['kitt' . chr(0x7F) . 'ens', FALSE];
+
+ return $data;
+ }
+
+ /**
+ * Provides test cases.
+ *
+ * @dataProvider providerTestIsValidCustomQueryParameter
+ * @covers ::isValidCustomQueryParameter
+ * @covers ::isValidMemberName
+ */
+ public function testIsValidCustomQueryParameter($custom_query_parameter, $expected) {
+ $this->assertSame($expected, JsonApiSpec::isValidCustomQueryParameter($custom_query_parameter));
+ }
+
+ /**
+ * Data provider for testIsValidCustomQueryParameter.
+ */
+ public function providerTestIsValidCustomQueryParameter() {
+ $data = $this->providerTestIsValidMemberName();
+
+ // All valid member names are also valid custom query parameters, except for
+ // single-character ones.
+ $data['single-character'][1] = FALSE;
+
+ // Custom query parameter test cases.
+ $data['custom-query-parameter-lowercase'] = ['foobar', FALSE];
+ $data['custom-query-parameter-dash'] = ['foo-bar', TRUE];
+ $data['custom-query-parameter-underscore'] = ['foo_bar', TRUE];
+ $data['custom-query-parameter-camelcase'] = ['fooBar', TRUE];
+
+ return $data;
+ }
+
+}
diff --git a/core/modules/jsonapi/tests/src/Unit/LinkManager/LinkManagerTest.php b/core/modules/jsonapi/tests/src/Unit/LinkManager/LinkManagerTest.php
new file mode 100644
index 0000000000..5706f99293
--- /dev/null
+++ b/core/modules/jsonapi/tests/src/Unit/LinkManager/LinkManagerTest.php
@@ -0,0 +1,218 @@
+prophesize(UrlGeneratorInterface::class);
+ $url_generator->generateFromRoute(Argument::cetera())->willReturnArgument(2);
+ $this->linkManager = new LinkManager($url_generator->reveal());
+ }
+
+ /**
+ * @covers ::getPagerLinks
+ * @dataProvider getPagerLinksProvider
+ */
+ public function testGetPagerLinks($offset, $size, $has_next_page, $total, $include_count, array $pages) {
+ $assembler = $this->prophesize(UnroutedUrlAssemblerInterface::class);
+ $assembler->assemble(Argument::type('string'), Argument::type('array'), TRUE)
+ ->will(function ($args) {
+ return (new GeneratedUrl())->setGeneratedUrl($args[0] . '?' . UrlHelper::buildQuery($args[1]['query']));
+ });
+
+ $cache_contexts_manager = $this->getMockBuilder('Drupal\Core\Cache\Context\CacheContextsManager')
+ ->disableOriginalConstructor()
+ ->getMock();
+ $cache_contexts_manager->method('assertValidTokens')->willReturn(TRUE);
+
+ $container = new ContainerBuilder();
+ $container->set('cache_contexts_manager', $cache_contexts_manager);
+ $container->set('unrouted_url_assembler', $assembler->reveal());
+ \Drupal::setContainer($container);
+
+ // Add the extra stuff to the expected query.
+ $pages = array_filter($pages);
+ $pages = array_map(function ($page) {
+ return [
+ 'href' => 'https://example.com/drupal/jsonapi/node/article/07c870e9-491b-4173-8e2b-4e059400af72?amet=pax&page%5Boffset%5D=' . $page['offset'] . '&page%5Blimit%5D=' . $page['limit'],
+ ];
+ }, $pages);
+
+ $request = $this->prophesize(Request::class);
+ $request->getUri()->willReturn('https://example.com/drupal/jsonapi/node/article/07c870e9-491b-4173-8e2b-4e059400af72?amet=pax');
+ $request->getBaseUrl()->willReturn('/drupal');
+ $request->getPathInfo()->willReturn('');
+ $request->getSchemeAndHttpHost()->willReturn('https://example.com');
+ $request->getBaseUrl()->willReturn('/drupal');
+ $request->getPathInfo()->willReturn('/jsonapi/node/article/07c870e9-491b-4173-8e2b-4e059400af72');
+ $request->query = new ParameterBag(['amet' => 'pax']);
+
+ $context = ['has_next_page' => $has_next_page];
+ if ($include_count) {
+ $context['total_count'] = $total;
+ }
+
+ $pager_links = $this->linkManager->getPagerLinks($request->reveal(), new OffsetPage($offset, $size), $context);
+ $mock_context = $this->prophesize(JsonApiDocumentTopLevel::class)->reveal();
+ $links = array_map(function ($links) {
+ return ['href' => reset($links)->getHref()];
+ }, iterator_to_array($pager_links->withContext($mock_context)));
+ ksort($pages);
+ ksort($links);
+ $this->assertSame($pages, $links);
+ }
+
+ /**
+ * Data provider for testGetPagerLinks.
+ *
+ * @return array
+ * The data for the test method.
+ */
+ public function getPagerLinksProvider() {
+ return [
+ [1, 4, TRUE, 8, TRUE, [
+ 'first' => ['offset' => 0, 'limit' => 4],
+ 'prev' => ['offset' => 0, 'limit' => 4],
+ 'next' => ['offset' => 5, 'limit' => 4],
+ 'last' => ['offset' => 4, 'limit' => 4],
+ ],
+ ],
+ [6, 4, FALSE, 4, TRUE, [
+ 'first' => ['offset' => 0, 'limit' => 4],
+ 'prev' => ['offset' => 2, 'limit' => 4],
+ 'next' => NULL,
+ ],
+ ],
+ [7, 4, FALSE, 5, FALSE, [
+ 'first' => ['offset' => 0, 'limit' => 4],
+ 'prev' => ['offset' => 3, 'limit' => 4],
+ 'next' => NULL,
+ ],
+ ],
+ [10, 4, FALSE, 20, FALSE, [
+ 'first' => ['offset' => 0, 'limit' => 4],
+ 'prev' => ['offset' => 6, 'limit' => 4],
+ 'next' => NULL,
+ ],
+ ],
+ [5, 4, TRUE, 30, FALSE, [
+ 'first' => ['offset' => 0, 'limit' => 4],
+ 'prev' => ['offset' => 1, 'limit' => 4],
+ 'next' => ['offset' => 9, 'limit' => 4],
+ ],
+ ],
+ [0, 4, TRUE, 100, TRUE, [
+ 'first' => NULL,
+ 'prev' => NULL,
+ 'next' => ['offset' => 4, 'limit' => 4],
+ 'last' => ['offset' => 96, 'limit' => 4],
+ ],
+ ],
+ [0, 1, FALSE, 1, FALSE, [
+ 'first' => NULL,
+ 'prev' => NULL,
+ 'next' => NULL,
+ ],
+ ],
+ [0, 1, FALSE, 2, FALSE, [
+ 'first' => NULL,
+ 'prev' => NULL,
+ 'next' => NULL,
+ ],
+ ],
+ ];
+ }
+
+ /**
+ * Test errors.
+ *
+ * @covers ::getPagerLinks
+ * @dataProvider getPagerLinksErrorProvider
+ */
+ public function testGetPagerLinksError($offset, $size, $has_next_page, $total, $include_count, array $pages) {
+ $this->setExpectedException(CacheableBadRequestHttpException::class);
+ $this->testGetPagerLinks($offset, $size, $has_next_page, $total, $include_count, $pages);
+ }
+
+ /**
+ * Data provider for testGetPagerLinksError.
+ *
+ * @return array
+ * The data for the test method.
+ */
+ public function getPagerLinksErrorProvider() {
+ return [
+ [0, -5, FALSE, 10, TRUE, [
+ 'first' => NULL,
+ 'prev' => NULL,
+ 'last' => NULL,
+ 'next' => NULL,
+ ],
+ ],
+ ];
+ }
+
+ /**
+ * @covers ::getRequestLink
+ */
+ public function testGetRequestLink() {
+ $assembler = $this->prophesize(UnroutedUrlAssemblerInterface::class);
+ $return = function ($query) {
+ return function ($args) use ($query) {
+ return $args[0] . $query;
+ };
+ };
+ $assembler->assemble(Argument::type('string'), ['external' => TRUE, 'query' => ['dolor' => 'sid']], FALSE)->will($return('?dolor=sid'))->shouldBeCalled();
+ $assembler->assemble(Argument::type('string'), ['external' => TRUE], FALSE)->will($return(''))->shouldBeCalled();
+
+ $container = new ContainerBuilder();
+ $container->set('unrouted_url_assembler', $assembler->reveal());
+ \Drupal::setContainer($container);
+
+ $request = $this->prophesize(Request::class);
+ $request->getUri()->willReturn('https://example.com/drupal/jsonapi/node/article/07c870e9-491b-4173-8e2b-4e059400af72?amet=pax');
+ $request->getBaseUrl()->willReturn('/drupal');
+ $request->getPathInfo()->willReturn('');
+ $request->getSchemeAndHttpHost()->willReturn('https://example.com');
+ $request->getBaseUrl()->willReturn('/drupal');
+ $request->getPathInfo()->willReturn('/jsonapi/node/article/07c870e9-491b-4173-8e2b-4e059400af72');
+
+ $this->assertSame('https://example.com/drupal/jsonapi/node/article/07c870e9-491b-4173-8e2b-4e059400af72?dolor=sid', $this->linkManager->getRequestLink($request->reveal(), ['dolor' => 'sid'])->toString());
+
+ // Get the default query from the request object.
+ $this->assertSame('https://example.com/drupal/jsonapi/node/article/07c870e9-491b-4173-8e2b-4e059400af72?amet=pax', $this->linkManager->getRequestLink($request->reveal())->toString());
+ }
+
+}
diff --git a/core/modules/jsonapi/tests/src/Unit/Normalizer/HttpExceptionNormalizerTest.php b/core/modules/jsonapi/tests/src/Unit/Normalizer/HttpExceptionNormalizerTest.php
new file mode 100644
index 0000000000..b85f58e10e
--- /dev/null
+++ b/core/modules/jsonapi/tests/src/Unit/Normalizer/HttpExceptionNormalizerTest.php
@@ -0,0 +1,56 @@
+prophesize(RequestStack::class);
+ $request_stack->getCurrentRequest()->willReturn(Request::create('http://localhost/'));
+ $container = $this->prophesize(ContainerInterface::class);
+ $container->get('request_stack')->willReturn($request_stack->reveal());
+ \Drupal::setContainer($container->reveal());
+ $exception = new AccessDeniedHttpException('lorem', NULL, 13);
+ $current_user = $this->prophesize(AccountInterface::class);
+ $current_user->hasPermission('access site reports')->willReturn(TRUE);
+ $normalizer = new HttpExceptionNormalizer($current_user->reveal());
+ $normalized = $normalizer->normalize($exception, 'api_json');
+ $normalized = $normalized->getNormalization();
+ $error = $normalized[0];
+ $this->assertNotEmpty($error['meta']);
+ $this->assertNotEmpty($error['source']);
+ $this->assertEquals(13, $error['code']);
+ $this->assertEquals(403, $error['status']);
+ $this->assertEquals('Forbidden', $error['title']);
+ $this->assertEquals('lorem', $error['detail']);
+ $this->assertArrayHasKey('trace', $error['meta']);
+ $this->assertNotEmpty($error['meta']['trace']);
+
+ $current_user = $this->prophesize(AccountInterface::class);
+ $current_user->hasPermission('access site reports')->willReturn(FALSE);
+ $normalizer = new HttpExceptionNormalizer($current_user->reveal());
+ $normalized = $normalizer->normalize($exception, 'api_json');
+ $normalized = $normalized->getNormalization();
+ $error = $normalized[0];
+ $this->assertTrue(empty($error['meta']));
+ $this->assertTrue(empty($error['source']));
+ }
+
+}
diff --git a/core/modules/jsonapi/tests/src/Unit/Normalizer/JsonApiDocumentTopLevelNormalizerTest.php b/core/modules/jsonapi/tests/src/Unit/Normalizer/JsonApiDocumentTopLevelNormalizerTest.php
new file mode 100644
index 0000000000..a30b1f6a18
--- /dev/null
+++ b/core/modules/jsonapi/tests/src/Unit/Normalizer/JsonApiDocumentTopLevelNormalizerTest.php
@@ -0,0 +1,255 @@
+prophesize(ResourceTypeRepository::class);
+ $field_resolver = $this->prophesize(FieldResolver::class);
+
+ $resource_type_repository
+ ->getByTypeName(Argument::any())
+ ->willReturn(new ResourceType('node', 'article', NULL));
+
+ $entity_storage = $this->prophesize(EntityStorageInterface::class);
+ $self = $this;
+ $uuid_to_id = [
+ '76dd5c18-ea1b-4150-9e75-b21958a2b836' => 1,
+ 'fcce1b61-258e-4054-ae36-244d25a9e04c' => 2,
+ ];
+ $entity_storage->loadByProperties(Argument::type('array'))
+ ->will(function ($args) use ($self, $uuid_to_id) {
+ $result = [];
+ foreach ($args[0]['uuid'] as $uuid) {
+ $entity = $self->prophesize(EntityInterface::class);
+ $entity->uuid()->willReturn($uuid);
+ $entity->id()->willReturn($uuid_to_id[$uuid]);
+ $result[$uuid] = $entity->reveal();
+ }
+ return $result;
+ });
+ $entity_type_manager = $this->prophesize(EntityTypeManagerInterface::class);
+ $entity_type_manager->getStorage('node')->willReturn($entity_storage->reveal());
+ $entity_type = $this->prophesize(EntityTypeInterface::class);
+ $entity_type->getKey('uuid')->willReturn('uuid');
+ $entity_type_manager->getDefinition('node')->willReturn($entity_type->reveal());
+
+ $this->normalizer = new JsonApiDocumentTopLevelNormalizer(
+ $entity_type_manager->reveal(),
+ $resource_type_repository->reveal(),
+ $field_resolver->reveal()
+ );
+
+ $serializer = $this->prophesize(DenormalizerInterface::class);
+ $serializer->willImplement(SerializerInterface::class);
+ $serializer->denormalize(
+ Argument::type('array'),
+ Argument::type('string'),
+ Argument::type('string'),
+ Argument::type('array')
+ )->willReturnArgument(0);
+
+ $this->normalizer->setSerializer($serializer->reveal());
+ }
+
+ /**
+ * @covers ::denormalize
+ * @dataProvider denormalizeProvider
+ */
+ public function testDenormalize($input, $expected) {
+ $resource_type = new ResourceType('node', 'article', FieldableEntityInterface::class);
+ $resource_type->setRelatableResourceTypes([]);
+ $context = ['resource_type' => $resource_type];
+ $denormalized = $this->normalizer->denormalize($input, NULL, 'api_json', $context);
+ $this->assertSame($expected, $denormalized);
+ }
+
+ /**
+ * Data provider for the denormalize test.
+ *
+ * @return array
+ * The data for the test method.
+ */
+ public function denormalizeProvider() {
+ return [
+ [
+ [
+ 'data' => [
+ 'type' => 'lorem',
+ 'id' => 'e1a613f6-f2b9-4e17-9d33-727eb6509d8b',
+ 'attributes' => ['title' => 'dummy_title'],
+ ],
+ ],
+ [
+ 'title' => 'dummy_title',
+ 'uuid' => 'e1a613f6-f2b9-4e17-9d33-727eb6509d8b',
+ ],
+ ],
+ [
+ [
+ 'data' => [
+ 'type' => 'lorem',
+ 'id' => '0676d1bf-55b3-4bbc-9fbc-3df10f4599d5',
+ 'relationships' => ['field_dummy' => ['data' => ['type' => 'node', 'id' => '76dd5c18-ea1b-4150-9e75-b21958a2b836']]],
+ ],
+ ],
+ [
+ 'uuid' => '0676d1bf-55b3-4bbc-9fbc-3df10f4599d5',
+ 'field_dummy' => [
+ [
+ 'target_id' => 1,
+ ],
+ ],
+ ],
+ ],
+ [
+ [
+ 'data' => [
+ 'type' => 'lorem',
+ 'id' => '535ba297-8d79-4fc1-b0d6-dc2f047765a1',
+ 'relationships' => [
+ 'field_dummy' => [
+ 'data' => [
+ [
+ 'type' => 'node',
+ 'id' => '76dd5c18-ea1b-4150-9e75-b21958a2b836',
+ ],
+ [
+ 'type' => 'node',
+ 'id' => 'fcce1b61-258e-4054-ae36-244d25a9e04c',
+ ],
+ ],
+ ],
+ ],
+ ],
+ ],
+ [
+ 'uuid' => '535ba297-8d79-4fc1-b0d6-dc2f047765a1',
+ 'field_dummy' => [
+ ['target_id' => 1],
+ ['target_id' => 2],
+ ],
+ ],
+ ],
+ [
+ [
+ 'data' => [
+ 'type' => 'lorem',
+ 'id' => '535ba297-8d79-4fc1-b0d6-dc2f047765a1',
+ 'relationships' => [
+ 'field_dummy' => [
+ 'data' => [
+ [
+ 'type' => 'node',
+ 'id' => '76dd5c18-ea1b-4150-9e75-b21958a2b836',
+ 'meta' => ['foo' => 'bar'],
+ ],
+ [
+ 'type' => 'node',
+ 'id' => 'fcce1b61-258e-4054-ae36-244d25a9e04c',
+ ],
+ ],
+ ],
+ ],
+ ],
+ ],
+ [
+ 'uuid' => '535ba297-8d79-4fc1-b0d6-dc2f047765a1',
+ 'field_dummy' => [
+ [
+ 'target_id' => 1,
+ 'foo' => 'bar',
+ ],
+ ['target_id' => 2],
+ ],
+ ],
+ ],
+ ];
+ }
+
+ /**
+ * Ensures only valid UUIDs can be specified.
+ *
+ * @param string $id
+ * The input UUID. May be invalid.
+ * @param bool $expect_exception
+ * Whether to expect an exception.
+ *
+ * @covers ::denormalize
+ * @dataProvider denormalizeUuidProvider
+ */
+ public function testDenormalizeUuid($id, $expect_exception) {
+ $data['data'] = (isset($id)) ?
+ ['type' => 'node--article', 'id' => $id] :
+ ['type' => 'node--article'];
+
+ if ($expect_exception) {
+ $this->setExpectedException(
+ UnprocessableEntityHttpException::class,
+ 'IDs should be properly generated and formatted UUIDs as described in RFC 4122.'
+ );
+ }
+
+ $denormalized = $this->normalizer->denormalize($data, NULL, 'api_json', [
+ 'resource_type' => new ResourceType(
+ 'node',
+ 'article',
+ FieldableEntityInterface::class
+ ),
+ ]);
+
+ if (isset($id)) {
+ $this->assertSame($id, $denormalized['uuid']);
+ }
+ else {
+ $this->assertArrayNotHasKey('uuid', $denormalized);
+ }
+ }
+
+ /**
+ * Provides test cases for testDenormalizeUuid.
+ */
+ public function denormalizeUuidProvider() {
+ return [
+ 'valid' => ['76dd5c18-ea1b-4150-9e75-b21958a2b836', FALSE],
+ 'missing' => [NULL, FALSE],
+ 'invalid_empty' => ['', TRUE],
+ 'invalid_alpha' => ['invalid', TRUE],
+ 'invalid_numeric' => [1234, TRUE],
+ 'invalid_alphanumeric' => ['abc123', TRUE],
+ ];
+ }
+
+}
diff --git a/core/modules/jsonapi/tests/src/Unit/Normalizer/ResourceIdentifierNormalizerTest.php b/core/modules/jsonapi/tests/src/Unit/Normalizer/ResourceIdentifierNormalizerTest.php
new file mode 100644
index 0000000000..a2af02e820
--- /dev/null
+++ b/core/modules/jsonapi/tests/src/Unit/Normalizer/ResourceIdentifierNormalizerTest.php
@@ -0,0 +1,198 @@
+resourceType = new ResourceType('fake_entity_type', 'dummy_bundle', NULL);
+ $this->resourceType->setRelatableResourceTypes([
+ 'field_dummy' => [$target_resource_type],
+ 'field_dummy_single' => [$target_resource_type],
+ ]);
+
+ $field_manager = $this->prophesize(EntityFieldManagerInterface::class);
+ $field_definition = $this->prophesize(FieldConfig::class);
+ $item_definition = $this->prophesize(FieldItemDataDefinition::class);
+ $item_definition->getMainPropertyName()->willReturn('bunny');
+ $item_definition->getSetting('target_type')->willReturn('fake_entity_type');
+ $item_definition->getSetting('handler_settings')->willReturn([
+ 'target_bundles' => ['dummy_bundle'],
+ ]);
+ $field_definition->getItemDefinition()
+ ->willReturn($item_definition->reveal());
+ $storage_definition = $this->prophesize(FieldStorageDefinitionInterface::class);
+ $storage_definition->isMultiple()->willReturn(TRUE);
+ $field_definition->getFieldStorageDefinition()->willReturn($storage_definition->reveal());
+
+ $field_definition2 = $this->prophesize(FieldConfig::class);
+ $field_definition2->getItemDefinition()
+ ->willReturn($item_definition->reveal());
+ $storage_definition2 = $this->prophesize(FieldStorageDefinitionInterface::class);
+ $storage_definition2->isMultiple()->willReturn(FALSE);
+ $field_definition2->getFieldStorageDefinition()->willReturn($storage_definition2->reveal());
+
+ $field_manager->getFieldDefinitions('fake_entity_type', 'dummy_bundle')
+ ->willReturn([
+ 'field_dummy' => $field_definition->reveal(),
+ 'field_dummy_single' => $field_definition2->reveal(),
+ ]);
+ $plugin_manager = $this->prophesize(FieldTypePluginManagerInterface::class);
+ $plugin_manager->createFieldItemList(
+ Argument::type(FieldableEntityInterface::class),
+ Argument::type('string'),
+ Argument::type('array')
+ )->willReturnArgument(2);
+ $resource_type_repository = $this->prophesize(ResourceTypeRepository::class);
+ $resource_type_repository->get('fake_entity_type', 'dummy_bundle')->willReturn($this->resourceType);
+
+ $entity = $this->prophesize(EntityInterface::class);
+ $entity->uuid()->willReturn('4e6cb61d-4f04-437f-99fe-42c002393658');
+ $entity->id()->willReturn(42);
+ $entity_repository = $this->prophesize(EntityRepositoryInterface::class);
+ $entity_repository->loadEntityByUuid('lorem', '4e6cb61d-4f04-437f-99fe-42c002393658')
+ ->willReturn($entity->reveal());
+
+ $this->normalizer = new ResourceIdentifierNormalizer(
+ $field_manager->reveal()
+ );
+ }
+
+ /**
+ * @covers ::denormalize
+ * @dataProvider denormalizeProvider
+ */
+ public function testDenormalize($input, $field_name, $expected) {
+ $entity = $this->prophesize(FieldableEntityInterface::class);
+ $context = [
+ 'resource_type' => $this->resourceType,
+ 'related' => $field_name,
+ 'target_entity' => $entity->reveal(),
+ ];
+ $denormalized = $this->normalizer->denormalize($input, NULL, 'api_json', $context);
+ $this->assertEquals($expected, $denormalized);
+ }
+
+ /**
+ * Data provider for the denormalize test.
+ *
+ * @return array
+ * The data for the test method.
+ */
+ public function denormalizeProvider() {
+ return [
+ [
+ ['data' => [['type' => 'lorem--dummy_bundle', 'id' => '4e6cb61d-4f04-437f-99fe-42c002393658']]],
+ 'field_dummy',
+ [new ResourceIdentifier('lorem--dummy_bundle', '4e6cb61d-4f04-437f-99fe-42c002393658')],
+ ],
+ [
+ ['data' => []],
+ 'field_dummy',
+ [],
+ ],
+ [
+ ['data' => NULL],
+ 'field_dummy_single',
+ [],
+ ],
+ ];
+ }
+
+ /**
+ * @covers ::denormalize
+ * @dataProvider denormalizeInvalidResourceProvider
+ */
+ public function testDenormalizeInvalidResource($data, $field_name) {
+ $context = [
+ 'resource_type' => $this->resourceType,
+ 'related' => $field_name,
+ 'target_entity' => $this->prophesize(FieldableEntityInterface::class)->reveal(),
+ ];
+ $this->setExpectedException(BadRequestHttpException::class);
+ $this->normalizer->denormalize($data, NULL, 'api_json', $context);
+ }
+
+ /**
+ * Data provider for the denormalize test.
+ *
+ * @return array
+ * The input data for the test method.
+ */
+ public function denormalizeInvalidResourceProvider() {
+ return [
+ [
+ [
+ 'data' => [
+ [
+ 'type' => 'invalid',
+ 'id' => '4e6cb61d-4f04-437f-99fe-42c002393658',
+ ],
+ ],
+ ],
+ 'field_dummy',
+ ],
+ [
+ [
+ 'data' => [
+ 'type' => 'lorem',
+ 'id' => '4e6cb61d-4f04-437f-99fe-42c002393658',
+ ],
+ ],
+ 'field_dummy',
+ ],
+ [
+ [
+ 'data' => [
+ [
+ 'type' => 'lorem',
+ 'id' => '4e6cb61d-4f04-437f-99fe-42c002393658',
+ ],
+ ],
+ ],
+ 'field_dummy_single',
+ ],
+ ];
+ }
+
+}
diff --git a/core/modules/jsonapi/tests/src/Unit/Query/EntityConditionGroupTest.php b/core/modules/jsonapi/tests/src/Unit/Query/EntityConditionGroupTest.php
new file mode 100644
index 0000000000..67c4d8c207
--- /dev/null
+++ b/core/modules/jsonapi/tests/src/Unit/Query/EntityConditionGroupTest.php
@@ -0,0 +1,50 @@
+assertEquals($case['conjunction'], $group->conjunction());
+
+ foreach ($group->members() as $key => $condition) {
+ $this->assertEquals($case['members'][$key]['path'], $condition->field());
+ $this->assertEquals($case['members'][$key]['value'], $condition->value());
+ }
+ }
+
+ /**
+ * @covers ::__construct
+ */
+ public function testConstructException() {
+ $this->setExpectedException(\InvalidArgumentException::class);
+ new EntityConditionGroup('NOT_ALLOWED', []);
+ }
+
+ /**
+ * Data provider for testConstruct.
+ */
+ public function constructProvider() {
+ return [
+ [['conjunction' => 'AND', 'members' => []]],
+ [['conjunction' => 'OR', 'members' => []]],
+ ];
+ }
+
+}
diff --git a/core/modules/jsonapi/tests/src/Unit/Query/EntityConditionTest.php b/core/modules/jsonapi/tests/src/Unit/Query/EntityConditionTest.php
new file mode 100644
index 0000000000..c8b8b02bea
--- /dev/null
+++ b/core/modules/jsonapi/tests/src/Unit/Query/EntityConditionTest.php
@@ -0,0 +1,136 @@
+prophesize(CacheContextsManager::class);
+ $cache_context_manager->assertValidTokens(Argument::any())
+ ->willReturn(TRUE);
+ $container->set('cache_contexts_manager', $cache_context_manager->reveal());
+ \Drupal::setContainer($container);
+ }
+
+ /**
+ * @covers ::createFromQueryParameter
+ * @dataProvider queryParameterProvider
+ */
+ public function testCreateFromQueryParameter($case) {
+ $condition = EntityCondition::createFromQueryParameter($case);
+ $this->assertEquals($case['path'], $condition->field());
+ $this->assertEquals($case['value'], $condition->value());
+ if (isset($case['operator'])) {
+ $this->assertEquals($case['operator'], $condition->operator());
+ }
+ }
+
+ /**
+ * Data provider for testDenormalize.
+ */
+ public function queryParameterProvider() {
+ return [
+ [['path' => 'some_field', 'value' => NULL, 'operator' => '=']],
+ [['path' => 'some_field', 'operator' => '=', 'value' => 'some_string']],
+ [['path' => 'some_field', 'operator' => '<>', 'value' => 'some_string']],
+ [
+ [
+ 'path' => 'some_field',
+ 'operator' => 'NOT BETWEEN',
+ 'value' => 'some_string',
+ ],
+ ],
+ [
+ [
+ 'path' => 'some_field',
+ 'operator' => 'BETWEEN',
+ 'value' => ['some_string'],
+ ],
+ ],
+ ];
+ }
+
+ /**
+ * @covers ::validate
+ * @dataProvider validationProvider
+ */
+ public function testValidation($input, $exception) {
+ if ($exception) {
+ $this->setExpectedException(get_class($exception), $exception->getMessage());
+ }
+ EntityCondition::createFromQueryParameter($input);
+ $this->assertTrue(is_null($exception), 'No exception was expected.');
+ }
+
+ /**
+ * Data provider for testValidation.
+ */
+ public function validationProvider() {
+ return [
+ [['path' => 'some_field', 'value' => 'some_value'], NULL],
+ [
+ ['path' => 'some_field', 'value' => 'some_value', 'operator' => '='],
+ NULL,
+ ],
+ [['path' => 'some_field', 'operator' => 'IS NULL'], NULL],
+ [['path' => 'some_field', 'operator' => 'IS NOT NULL'], NULL],
+ [
+ ['path' => 'some_field', 'operator' => 'IS', 'value' => 'some_value'],
+ new BadRequestHttpException("The 'IS' operator is not allowed in a filter parameter."),
+ ],
+ [
+ [
+ 'path' => 'some_field',
+ 'operator' => 'NOT_ALLOWED',
+ 'value' => 'some_value',
+ ],
+ new BadRequestHttpException("The 'NOT_ALLOWED' operator is not allowed in a filter parameter."),
+ ],
+ [
+ [
+ 'path' => 'some_field',
+ 'operator' => 'IS NULL',
+ 'value' => 'should_not_be_here',
+ ],
+ new BadRequestHttpException("Filters using the 'IS NULL' operator should not provide a value."),
+ ],
+ [
+ [
+ 'path' => 'some_field',
+ 'operator' => 'IS NOT NULL',
+ 'value' => 'should_not_be_here',
+ ],
+ new BadRequestHttpException("Filters using the 'IS NOT NULL' operator should not provide a value."),
+ ],
+ [
+ ['path' => 'path_only'],
+ new BadRequestHttpException("Filter parameter is missing a '" . EntityCondition::VALUE_KEY . "' key."),
+ ],
+ [
+ ['value' => 'value_only'],
+ new BadRequestHttpException("Filter parameter is missing a '" . EntityCondition::PATH_KEY . "' key."),
+ ],
+ ];
+ }
+
+}
diff --git a/core/modules/jsonapi/tests/src/Unit/Query/OffsetPageTest.php b/core/modules/jsonapi/tests/src/Unit/Query/OffsetPageTest.php
new file mode 100644
index 0000000000..5e9287e7fe
--- /dev/null
+++ b/core/modules/jsonapi/tests/src/Unit/Query/OffsetPageTest.php
@@ -0,0 +1,66 @@
+prophesize(CacheContextsManager::class);
+ $cache_context_manager->assertValidTokens(Argument::any())
+ ->willReturn(TRUE);
+ $container->set('cache_contexts_manager', $cache_context_manager->reveal());
+ \Drupal::setContainer($container);
+ }
+
+ /**
+ * @covers ::createFromQueryParameter
+ * @dataProvider parameterProvider
+ */
+ public function testCreateFromQueryParameter($original, $expected) {
+ $actual = OffsetPage::createFromQueryParameter($original);
+ $this->assertEquals($expected['offset'], $actual->getOffset());
+ $this->assertEquals($expected['limit'], $actual->getSize());
+ }
+
+ /**
+ * Data provider for testCreateFromQueryParameter.
+ */
+ public function parameterProvider() {
+ return [
+ [['offset' => 12, 'limit' => 20], ['offset' => 12, 'limit' => 20]],
+ [['offset' => 12, 'limit' => 60], ['offset' => 12, 'limit' => 50]],
+ [['offset' => 12], ['offset' => 12, 'limit' => 50]],
+ [['offset' => 0], ['offset' => 0, 'limit' => 50]],
+ [[], ['offset' => 0, 'limit' => 50]],
+ ];
+ }
+
+ /**
+ * @covers ::createFromQueryParameter
+ */
+ public function testCreateFromQueryParameterFail() {
+ $this->setExpectedException(BadRequestHttpException::class);
+ OffsetPage::createFromQueryParameter('lorem');
+ }
+
+}
diff --git a/core/modules/jsonapi/tests/src/Unit/Query/SortTest.php b/core/modules/jsonapi/tests/src/Unit/Query/SortTest.php
new file mode 100644
index 0000000000..c97a562c11
--- /dev/null
+++ b/core/modules/jsonapi/tests/src/Unit/Query/SortTest.php
@@ -0,0 +1,102 @@
+prophesize(CacheContextsManager::class);
+ $cache_context_manager->assertValidTokens(Argument::any())
+ ->willReturn(TRUE);
+ $container->set('cache_contexts_manager', $cache_context_manager->reveal());
+ \Drupal::setContainer($container);
+ }
+
+ /**
+ * @covers ::createFromQueryParameter
+ * @dataProvider parameterProvider
+ */
+ public function testCreateFromQueryParameter($input, $expected) {
+ $sort = Sort::createFromQueryParameter($input);
+ foreach ($sort->fields() as $index => $sort_field) {
+ $this->assertEquals($expected[$index]['path'], $sort_field['path']);
+ $this->assertEquals($expected[$index]['direction'], $sort_field['direction']);
+ $this->assertEquals($expected[$index]['langcode'], $sort_field['langcode']);
+ }
+ }
+
+ /**
+ * Provides a suite of shortcut sort paramaters and their expected expansions.
+ */
+ public function parameterProvider() {
+ return [
+ ['lorem', [['path' => 'lorem', 'direction' => 'ASC', 'langcode' => NULL]]],
+ [
+ '-lorem',
+ [['path' => 'lorem', 'direction' => 'DESC', 'langcode' => NULL]],
+ ],
+ ['-lorem,ipsum', [
+ ['path' => 'lorem', 'direction' => 'DESC', 'langcode' => NULL],
+ ['path' => 'ipsum', 'direction' => 'ASC', 'langcode' => NULL],
+ ],
+ ],
+ ['-lorem,-ipsum', [
+ ['path' => 'lorem', 'direction' => 'DESC', 'langcode' => NULL],
+ ['path' => 'ipsum', 'direction' => 'DESC', 'langcode' => NULL],
+ ],
+ ],
+ [[
+ ['path' => 'lorem', 'langcode' => NULL],
+ ['path' => 'ipsum', 'langcode' => 'ca'],
+ ['path' => 'dolor', 'direction' => 'ASC', 'langcode' => 'ca'],
+ ['path' => 'sit', 'direction' => 'DESC', 'langcode' => 'ca'],
+ ], [
+ ['path' => 'lorem', 'direction' => 'ASC', 'langcode' => NULL],
+ ['path' => 'ipsum', 'direction' => 'ASC', 'langcode' => 'ca'],
+ ['path' => 'dolor', 'direction' => 'ASC', 'langcode' => 'ca'],
+ ['path' => 'sit', 'direction' => 'DESC', 'langcode' => 'ca'],
+ ],
+ ],
+ ];
+ }
+
+ /**
+ * @covers ::createFromQueryParameter
+ * @dataProvider badParameterProvider
+ */
+ public function testCreateFromQueryParameterFail($input) {
+ $this->setExpectedException(BadRequestHttpException::class);
+ Sort::createFromQueryParameter($input);
+ }
+
+ /**
+ * Data provider for testCreateFromQueryParameterFail.
+ */
+ public function badParameterProvider() {
+ return [
+ [[['lorem']]],
+ [''],
+ ];
+ }
+
+}
diff --git a/core/modules/jsonapi/tests/src/Unit/Routing/RoutesTest.php b/core/modules/jsonapi/tests/src/Unit/Routing/RoutesTest.php
new file mode 100644
index 0000000000..b423262dbf
--- /dev/null
+++ b/core/modules/jsonapi/tests/src/Unit/Routing/RoutesTest.php
@@ -0,0 +1,242 @@
+ [$type_1],
+ 'internal' => [$type_2],
+ 'both' => [$type_1, $type_2],
+ ];
+ $type_1->setRelatableResourceTypes($relatable_resource_types);
+ $type_2->setRelatableResourceTypes($relatable_resource_types);
+ // This type ensures that we can create routes for bundle IDs which might be
+ // cast from strings to integers. It should not affect related resource
+ // routing.
+ $type_3 = new ResourceType('entity_type_3', '123', EntityInterface::class, TRUE);
+ $type_3->setRelatableResourceTypes([]);
+ $resource_type_repository = $this->prophesize(ResourceTypeRepository::class);
+ $resource_type_repository->all()->willReturn([$type_1, $type_2, $type_3]);
+ $container = $this->prophesize(ContainerInterface::class);
+ $container->get('jsonapi.resource_type.repository')->willReturn($resource_type_repository->reveal());
+ $container->getParameter('jsonapi.base_path')->willReturn('/jsonapi');
+ $container->getParameter('authentication_providers')->willReturn([
+ 'lorem' => [],
+ 'ipsum' => [],
+ ]);
+
+ $this->routes['ok'] = Routes::create($container->reveal());
+ }
+
+ /**
+ * @covers ::routes
+ */
+ public function testRoutesCollection() {
+ // Get the route collection and start making assertions.
+ $routes = $this->routes['ok']->routes();
+
+ // - 2 collection routes; GET & POST for the non-internal resource type.
+ // - 3 individual routes; GET, PATCH & DELETE for the non-internal resource
+ // type.
+ // - 2 related routes; GET for the non-internal resource type relationships
+ // fields: external & both.
+ // - 12 relationship routes; 3 fields * 4 HTTP methods.
+ // `relationship` routes are generated even for internal target resource
+ // types (`related` routes are not).
+ // - 1 for the JSON:API entry point.
+ $this->assertEquals(20, $routes->count());
+
+ $iterator = $routes->getIterator();
+ // Check the collection route.
+ /** @var \Symfony\Component\Routing\Route $route */
+ $route = $iterator->offsetGet('jsonapi.entity_type_1--bundle_1_1.collection');
+ $this->assertSame('/jsonapi/entity_type_1/bundle_1_1', $route->getPath());
+ $this->assertSame(['lorem', 'ipsum'], $route->getOption('_auth'));
+ $this->assertSame('entity_type_1--bundle_1_1', $route->getDefault(Routes::RESOURCE_TYPE_KEY));
+ $this->assertEquals(['GET'], $route->getMethods());
+ $this->assertSame(Routes::CONTROLLER_SERVICE_NAME . ':getCollection', $route->getDefault(RouteObjectInterface::CONTROLLER_NAME));
+ // Check the collection POST route.
+ $route = $iterator->offsetGet('jsonapi.entity_type_1--bundle_1_1.collection.post');
+ $this->assertSame('/jsonapi/entity_type_1/bundle_1_1', $route->getPath());
+ $this->assertSame(['lorem', 'ipsum'], $route->getOption('_auth'));
+ $this->assertSame('entity_type_1--bundle_1_1', $route->getDefault(Routes::RESOURCE_TYPE_KEY));
+ $this->assertEquals(['POST'], $route->getMethods());
+ $this->assertSame(Routes::CONTROLLER_SERVICE_NAME . ':createIndividual', $route->getDefault(RouteObjectInterface::CONTROLLER_NAME));
+ $this->assertSame('Drupal\jsonapi\JsonApiResource\JsonApiDocumentTopLevel', $route->getDefault('serialization_class'));
+ }
+
+ /**
+ * @covers ::routes
+ */
+ public function testRoutesIndividual() {
+ // Get the route collection and start making assertions.
+ $iterator = $this->routes['ok']->routes()->getIterator();
+
+ // Check the individual route.
+ /** @var \Symfony\Component\Routing\Route $route */
+ $route = $iterator->offsetGet('jsonapi.entity_type_1--bundle_1_1.individual');
+ $this->assertSame('/jsonapi/entity_type_1/bundle_1_1/{entity}', $route->getPath());
+ $this->assertSame('entity_type_1--bundle_1_1', $route->getDefault(Routes::RESOURCE_TYPE_KEY));
+ $this->assertEquals(['GET'], $route->getMethods());
+ $this->assertSame(Routes::CONTROLLER_SERVICE_NAME . ':getIndividual', $route->getDefault(RouteObjectInterface::CONTROLLER_NAME));
+ $this->assertSame(['lorem', 'ipsum'], $route->getOption('_auth'));
+ $this->assertEquals([
+ 'entity' => ['type' => 'entity:entity_type_1'],
+ 'resource_type' => ['type' => 'jsonapi_resource_type'],
+ ], $route->getOption('parameters'));
+
+ $route = $iterator->offsetGet('jsonapi.entity_type_1--bundle_1_1.individual.patch');
+ $this->assertSame('/jsonapi/entity_type_1/bundle_1_1/{entity}', $route->getPath());
+ $this->assertSame('entity_type_1--bundle_1_1', $route->getDefault(Routes::RESOURCE_TYPE_KEY));
+ $this->assertEquals(['PATCH'], $route->getMethods());
+ $this->assertSame(Routes::CONTROLLER_SERVICE_NAME . ':patchIndividual', $route->getDefault(RouteObjectInterface::CONTROLLER_NAME));
+ $this->assertSame(JsonApiDocumentTopLevel::class, $route->getDefault('serialization_class'));
+ $this->assertSame(['lorem', 'ipsum'], $route->getOption('_auth'));
+ $this->assertEquals([
+ 'entity' => ['type' => 'entity:entity_type_1'],
+ 'resource_type' => ['type' => 'jsonapi_resource_type'],
+ ], $route->getOption('parameters'));
+
+ $route = $iterator->offsetGet('jsonapi.entity_type_1--bundle_1_1.individual.delete');
+ $this->assertSame('/jsonapi/entity_type_1/bundle_1_1/{entity}', $route->getPath());
+ $this->assertSame('entity_type_1--bundle_1_1', $route->getDefault(Routes::RESOURCE_TYPE_KEY));
+ $this->assertEquals(['DELETE'], $route->getMethods());
+ $this->assertSame(Routes::CONTROLLER_SERVICE_NAME . ':deleteIndividual', $route->getDefault(RouteObjectInterface::CONTROLLER_NAME));
+ $this->assertSame(['lorem', 'ipsum'], $route->getOption('_auth'));
+ $this->assertEquals([
+ 'entity' => ['type' => 'entity:entity_type_1'],
+ 'resource_type' => ['type' => 'jsonapi_resource_type'],
+ ], $route->getOption('parameters'));
+ }
+
+ /**
+ * @covers ::routes
+ */
+ public function testRoutesRelated() {
+ // Get the route collection and start making assertions.
+ $iterator = $this->routes['ok']->routes()->getIterator();
+
+ // Check the related route.
+ /** @var \Symfony\Component\Routing\Route $route */
+ $route = $iterator->offsetGet('jsonapi.entity_type_1--bundle_1_1.external.related');
+ $this->assertSame('/jsonapi/entity_type_1/bundle_1_1/{entity}/external', $route->getPath());
+ $this->assertSame('entity_type_1--bundle_1_1', $route->getDefault(Routes::RESOURCE_TYPE_KEY));
+ $this->assertEquals(['GET'], $route->getMethods());
+ $this->assertSame(Routes::CONTROLLER_SERVICE_NAME . ':getRelated', $route->getDefault(RouteObjectInterface::CONTROLLER_NAME));
+ $this->assertSame(['lorem', 'ipsum'], $route->getOption('_auth'));
+ $this->assertEquals([
+ 'entity' => ['type' => 'entity:entity_type_1'],
+ 'resource_type' => ['type' => 'jsonapi_resource_type'],
+ ], $route->getOption('parameters'));
+ }
+
+ /**
+ * @covers ::routes
+ */
+ public function testRoutesRelationships() {
+ // Get the route collection and start making assertions.
+ $iterator = $this->routes['ok']->routes()->getIterator();
+
+ // Check the relationships route.
+ /** @var \Symfony\Component\Routing\Route $route */
+ $route = $iterator->offsetGet('jsonapi.entity_type_1--bundle_1_1.both.relationship.get');
+ $this->assertSame('/jsonapi/entity_type_1/bundle_1_1/{entity}/relationships/both', $route->getPath());
+ $this->assertSame('entity_type_1--bundle_1_1', $route->getDefault(Routes::RESOURCE_TYPE_KEY));
+ $this->assertEquals(['GET'], $route->getMethods());
+ $this->assertSame(Routes::CONTROLLER_SERVICE_NAME . ':getRelationship', $route->getDefault(RouteObjectInterface::CONTROLLER_NAME));
+ $this->assertSame(['lorem', 'ipsum'], $route->getOption('_auth'));
+ $this->assertEquals([
+ 'entity' => ['type' => 'entity:entity_type_1'],
+ 'resource_type' => ['type' => 'jsonapi_resource_type'],
+ ], $route->getOption('parameters'));
+ $this->assertSame(ResourceIdentifier::class, $route->getDefault('serialization_class'));
+ }
+
+ /**
+ * Ensures that the expected routes are created or not created.
+ *
+ * @dataProvider expectedRoutes
+ */
+ public function testRoutes($route) {
+ $this->assertArrayHasKey($route, $this->routes['ok']->routes()->all());
+ }
+
+ /**
+ * Lists routes which should have been created.
+ */
+ public function expectedRoutes() {
+ return [
+ ['jsonapi.entity_type_1--bundle_1_1.individual'],
+ ['jsonapi.entity_type_1--bundle_1_1.collection'],
+ ['jsonapi.entity_type_1--bundle_1_1.internal.relationship.get'],
+ ['jsonapi.entity_type_1--bundle_1_1.internal.relationship.post'],
+ ['jsonapi.entity_type_1--bundle_1_1.internal.relationship.patch'],
+ ['jsonapi.entity_type_1--bundle_1_1.internal.relationship.delete'],
+ ['jsonapi.entity_type_1--bundle_1_1.external.related'],
+ ['jsonapi.entity_type_1--bundle_1_1.external.relationship.get'],
+ ['jsonapi.entity_type_1--bundle_1_1.external.relationship.post'],
+ ['jsonapi.entity_type_1--bundle_1_1.external.relationship.patch'],
+ ['jsonapi.entity_type_1--bundle_1_1.external.relationship.delete'],
+ ['jsonapi.entity_type_1--bundle_1_1.both.related'],
+ ['jsonapi.entity_type_1--bundle_1_1.both.relationship.get'],
+ ['jsonapi.entity_type_1--bundle_1_1.both.relationship.post'],
+ ['jsonapi.entity_type_1--bundle_1_1.both.relationship.patch'],
+ ['jsonapi.entity_type_1--bundle_1_1.both.relationship.delete'],
+ ['jsonapi.resource_list'],
+ ];
+ }
+
+ /**
+ * Ensures that no routes are created for internal resources.
+ *
+ * @dataProvider notExpectedRoutes
+ */
+ public function testInternalRoutes($route) {
+ $this->assertArrayNotHasKey($route, $this->routes['ok']->routes()->all());
+ }
+
+ /**
+ * Lists routes which should have been created.
+ */
+ public function notExpectedRoutes() {
+ return [
+ ['jsonapi.entity_type_2--bundle_2_1.individual'],
+ ['jsonapi.entity_type_2--bundle_2_1.collection'],
+ ['jsonapi.entity_type_2--bundle_2_1.collection.post'],
+ ['jsonapi.entity_type_2--bundle_2_1.internal.related'],
+ ['jsonapi.entity_type_2--bundle_2_1.internal.relationship'],
+ ];
+ }
+
+}