.../EntityResource/EntityResourceTestBase.php | 39 ++++++++++++++++++++-- 1 file changed, 37 insertions(+), 2 deletions(-) diff --git a/core/modules/rest/tests/src/Functional/EntityResource/EntityResourceTestBase.php b/core/modules/rest/tests/src/Functional/EntityResource/EntityResourceTestBase.php index 09bca01..12b08e3 100644 --- a/core/modules/rest/tests/src/Functional/EntityResource/EntityResourceTestBase.php +++ b/core/modules/rest/tests/src/Functional/EntityResource/EntityResourceTestBase.php @@ -22,8 +22,6 @@ * * Subclass this for every entity type. Also respect instructions in * \Drupal\rest\Tests\ResourceTestBase. - * - * @todo BC: 'restful get/post [entity type]' permission */ abstract class EntityResourceTestBase extends ResourceTestBase { @@ -207,6 +205,24 @@ public function testGet() { $this->assertSame($get_headers, $head_headers); + $this->config('rest.settings')->set('bc_entity_resource_permissions', TRUE)->save(TRUE); + // @todo Remove this in https://www.drupal.org/node/2815845. + drupal_flush_all_caches(); + + + // DX: 403 when unauthorized. + $response = $this->request('GET', $url, $request_options); + $this->assertResourceErrorResponse(403, '', $response); + + + $this->grantPermissionsToTestedRole(['restful get entity:' . static::$entityType]); + + + // 200 for well-formed request. + $response = $this->request('GET', $url, $request_options); + $this->assertResourceResponse(200, FALSE, $response); + + $url->setOption('query', ['_format' => 'non_existing_format']); @@ -379,6 +395,25 @@ public function testPost() { $response = $this->request('POST', $url, $request_options); $this->assertResourceResponse(201, FALSE, $response); $this->assertSame([str_replace($this->entity->id(), 2, $this->entity->toUrl('canonical')->setAbsolute(TRUE)->toString())], $response->getHeader('Location')); + + + $this->config('rest.settings')->set('bc_entity_resource_permissions', TRUE)->save(TRUE); + // @todo Remove this in https://www.drupal.org/node/2815845. + drupal_flush_all_caches(); + + + // DX: 403 when unauthorized. + $response = $this->request('POST', $url, $request_options); + $this->assertResourceErrorResponse(403, '', $response); + + + $this->grantPermissionsToTestedRole(['restful post entity:' . static::$entityType]); + + + // 201 for well-formed request. + $response = $this->request('POST', $url, $request_options); + $this->assertResourceResponse(201, FALSE, $response); + $this->assertSame([str_replace($this->entity->id(), 3, $this->entity->toUrl('canonical')->setAbsolute(TRUE)->toString())], $response->getHeader('Location')); } /**