Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
From #1874640: Rename edit module to quickedit. Updated: Comment #0
Problem/Motivation
- The [quick]edit module provides access checkers for verifying edit access to entities and fields during routing, but these classes are not unit-tested.
- Furthermore
QuickeditLoadingTest
(currentlyEditLoadingTest
in HEAD) tests access based on whether or not the user has permission to use the in-place editor, but access based on whether or not the user can edit a particular entity or field.
Proposed resolution
- Add methods to QuickEditLoadingTest to test the module based on the user's entity and field access.
- If possible, unit-test the access checkers.
Remaining tasks
TBD
Related Issues
Comment | File | Size | Author |
---|---|---|---|
#17 | edit_access-2047659-16.patch | 26.05 KB | Wim Leers |
#17 | interdiff.txt | 6.39 KB | Wim Leers |
#16 | edit_access-2047659-13.patch | 25.98 KB | Wim Leers |
#13 | edit_access-2047659-13.patch | 25.98 KB | Wim Leers |
#13 | interdiff-test_fixes.txt | 3.66 KB | Wim Leers |
Comments
Comment #1
Wim LeersWhat exactly is there to unit test here? All it does is
$entity->access()
andfield_access()
I don't see the point in adding additional tests for this?
Comment #2
xjmThe fact that the parameter upcasting might need to be reimplemented is all the more reason to add test coverage. Ideally, we should unit test everything, always.
Right now, this functionality could be broken--for whatever reason--and we would have no idea until someone tried it manually. The entire point of automated testing is to prevent that from happening, and to allow refactoring (like renaming the module and everything in its API) to happen safely. It is not an opt-in or opt-out based on the current implementation.
Comment #3
tim.plunkettWe have unit tests for those APIs. But we don't necessarily have integration tests for putting it all together quite the way edit does. That needs testing.
In addition, edit provides a custom access checker. As such, it is unit testable. If you just used an existing access checker, you'd be done, but by writing a custom one, you now have code to be tested.
Comment #4
Wim LeersI agree with the unit tests (and admit fault there!), but I still disagree with the integration tests. Regardless of me disagreeing, I'm providing the test coverage here anyway.
Note that even the routing system's access checking system itself does not have integration tests: #1984528-53: Follow-up: Allow for more robust access checking. dawehner also thinks that's a bad idea; here are relevant excerpts from an IRC discussion about that issue:
Also, via #2031385: Editor's in-place editing AJAX endpoint broken because of #1043198 and routing system bug, I stumbled upon #1984528-53: Follow-up: Allow for more robust access checking, which is how I found that here too,
_access_mode: 'ALL'
is missing. Due to the change towardsstatic::(ALLOW|DENY)
, the behavior was changed, which meant that now_access_mode: 'ALL'
had to be added, but I wasn't aware of thisALL
vs.ANY
route option, let alone that the default wasANY
.Even though the default is being fixed at #2063401: Replace the default _access_checks(access mode) with ALL instead of ANY, I believe it's valuable to be explicit about it. So, changing that too in this patch.
So, patch attached that adds
EditEntityAccessCheck
, not forEditEntityFieldAccessCheck
because that requires me to be able to mockfield_(access|info_field|info_instance|valid_language)()
and AFAICT those are not yet mockableComment #5
dawehnerShould we better wait until the other issue is in?
In general it would be also cool to have the same directory structure in the tests as in the actual code.
When I last time talked with someone using phpunit quite a lot his oppinion was to use @group Drupal all the time, so you can execute all of them without the ones from symfony. Note: you can use multiple groups.
Can we have a @see \classNameWithNamespace?
Note: this error is just displayed if the test failed, so we use the reverse logic for the messages in some places ...
Do we need a full Node or is just a mocked NodeInterface enough?
Let's use $this->assertTrue and $this->assertFalse
Most of the points applies to that class as well.
Comment #6
Wim LeersI said this: "I believe it's valuable to be explicit about it. So, changing that too in this patch." Do you disagree with that?
AFAICT none of the existing unit tests don't do that though? I'd like to be consistent with everything else in core.
Same, nothing is doing that yet, so I don't want to introduce that here.
Done.
I looked at
EntityAccessCheckTest
as the guiding example. It's exactly the same there. I'm just being consistent.Good point! :) I changed it to
NodeInterface
and it failed.Also note that this, too, is exactly the same as
EntityAccessCheckTest
.Good catch! Fixed.
Also note that this, too, is exactly the same as
EntityAccessCheckTest
. I fixed it there too.And actually, that's not even good enough. Because it should be asserting that the returned value is identical to either of
AccessInterface::(ALLOW|DENY|KILL)
. So I switched it to using$this->assertSame(AccessCheckInterface::(ALLOW|DENY|KILL), $access)
. So I changed it to that everywhere. (RoleAccessCheckTest
was already doing this.)Comment #7
dawehnerI would say that there are just a few UnitTests (not simpletess) which not uses the same directory structure. Feel free to provide some numbers
,but core/tests/Drupal/Tests/Core seriously provides similar structure. EntityAccessCheckTest is just one example
Just do it. #2057905-5: [policy, no patch] Discuss the standards for phpunit based tests for a comment about that.
Thanks
Well, I would not assume everything to follow proper standards. They are developed during the time, see also the linked issue above.
Mhhh can't we just make a novice follow up? It makes things more complex to review etc.
Good point!
Comment #8
Wim LeersD'oh — I had misread! I thought you said you wanted it to be in the same directory as the class/file it is testing, but that's not at all what you said. My bad. Fixed.
(I must say that by applying this, the directory structure is now ridiculously deep. From
core/modules/edit/lib/Drupal/edit/Tests/TEST.PHP
tocore/modules/edit/lib/Drupal/edit/Tests/edit/Access/TEST.PHP
…)Just did it! :P
For one new line and one changed line…? Done: #2070045: EntityAccessCheckTest should use AccessCheckInterface::ALLOW.
Comment #9
dawehnerI guess you are familiar with http://xkcd.com/356/
This still does not cover every case, but at least some of the possible ones.
Comment #11
dawehnerThere we go.
Comment #13
Wim LeersThis is better indeed.
Changes:
EditEntityAccessCheck
to be in sync withEditEntityFieldAccessCheck
's changes: for consistency.1+2: see
interdiff-test_fixes.txt
.3: see
interdiff-apply_similar_tests_to_other_access_checker.txt
.Comment #14
Gábor HojtsyHave not found any issues except one of semantics and unfamiliarity :D
There have been some (for me) strange things in my patch (eg. @group phpdoc), which I grepped for and found they are kind of used already. Discussed this namespace use with Wim and I understand this is needed so a top level function can be defined, so the namespace is not provided for the whole file. It may be a good idea to add a comment to the top to signify this.
Comment #15
dawehnerI won't fight for any additional suggestions, just telling that this is common in some of the phpunit tests which appear more and more over time.
Great additional test coverages and fixes by wim!
It is good to know that our routes and controllers/access checkers are indepedent from the actual paths, but nevertheless we should at least match the entity type and field we test with.
Comment #16
Wim Leers#15: agreed, fixed. RTBC? :)
Comment #17
Wim LeersD'oh. It'd help if I'd uploaded the right patch and the interdiff.
Comment #18
Gábor HojtsyAll right, looks good as per above!
Comment #19
Wim LeersNot yet renamed, so adjusting title.
Comment #20
webchickAwesome, it'll be nice not to ever break this again. :)
Committed and pushed to 8.x. Thanks!
Comment #21
Wim LeersWell, it was never broken :) But now it's guaranteed that won't happen, so yay indeed.
Comment #22.0
(not verified) CreditAttribution: commentedUpdated issue summary.