Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Problem/Motivation
Please refer the problem/motivation section of #2737719: EntityResource: Provide comprehensive test coverage: for every entity type, every format, every method
Proposed resolution
Write EntityResourceTestBase subclass for the Shortcut entity.
Remaining tasks
References
1. Follow-up of #2737719: EntityResource: Provide comprehensive test coverage: for every entity type, every format, every method
2. Subtask of #2824572: Write EntityResourceTestBase subclasses for every other entity type.
Comment | File | Size | Author |
---|---|---|---|
#33 | entityresource_provide-2843750-33.patch | 11.54 KB | Wim Leers |
#30 | interdiff.txt | 1.67 KB | Anonymous (not verified) |
#30 | entityresource_provide-2843750-30.patch | 10.84 KB | Anonymous (not verified) |
Comments
Comment #2
sumanthkumarc CreditAttribution: sumanthkumarc at Azri Solutions commentedComment #3
sumanthkumarc CreditAttribution: sumanthkumarc at Azri Solutions commentedComment #4
sumanthkumarc CreditAttribution: sumanthkumarc at Azri Solutions commentedTook the help of https://www.drupal.org/node/2832859 MenuLinkContent entity and putting up a patch. If this works, planning on patches for other entities as well.
Comment #6
sumanthkumarc CreditAttribution: sumanthkumarc at Azri Solutions commentedComment #7
sumanthkumarc CreditAttribution: sumanthkumarc at Azri Solutions commentedResolved a silly error. NR to trigger test.
Comment #8
dawehnerPlease convert that to spaces, sorry :(
Comment #9
sumanthkumarc CreditAttribution: sumanthkumarc at Azri Solutions commented@dawehner will remove.
Need help in resolving following.
1) Drupal\Tests\hal\Functional\EntityResource\Shortcut\ShortcutHalJsonAnonTest::testGet
Failed asserting that 403 is identical to 200.
2) Drupal\Tests\hal\Functional\EntityResource\Shortcut\ShortcutHalJsonAnonTest::testPost
Failed asserting that 400 is identical to 403.
3) Drupal\Tests\hal\Functional\EntityResource\Shortcut\ShortcutHalJsonAnonTest::testPatch
Failed asserting that 400 is identical to 403.
should i catch error and assert this??
Comment #10
sumanthkumarc CreditAttribution: sumanthkumarc at Azri Solutions commentedComment #11
sumanthkumarc CreditAttribution: sumanthkumarc at Azri Solutions commentedComment #12
sumanthkumarc CreditAttribution: sumanthkumarc at Azri Solutions commentedsome hal+json fixes.
Comment #13
sumanthkumarc CreditAttribution: sumanthkumarc at Azri Solutions commentedComment #15
Wim LeersPlease provide interdiffs in the future. Otherwise it's impossible to review differences between previous versions of the patch. For example, it's very hard to tell what changed between #6 and #12. See https://www.drupal.org/documentation/git/interdiff.
The problems you ran into in #9 are all due to bugs:
customize shortcut links
permission.ShortcutResourceTestBase::getNormalizedPostEntity()
is wrong in two significant ways: it's not sending a bundle (this was causing the 400), plus it's sending a non-existingname
field, which should be thetitle
field.I fixed just those problems. This patch will still come back red, because there are more problems to solve. But at least you can now continue :)
Finally: you're still using that work-around trait, which means this is 8.2.x-specific. This likely won't get committed to 8.2.x anymore, since 8.4.x was just branched. So, it's best to just remove that altogether.
Back to you, @sumanthkumarc!
Comment #17
sumanthkumarc CreditAttribution: sumanthkumarc at Azri Solutions commented@wimleers Thanks. This is my first time in writing tests and learned a lot already. Also, Thanks for the help there.
I'll provide a new patch and interdiff with above points. :)
Comment #18
Wim LeersGreat, thanks!
Comment #19
himanshu-dixit CreditAttribution: himanshu-dixit as a volunteer commented@sumanthkumarc Any progress on this? Do you mind if i take a shot at this?
Comment #20
sumanthkumarc CreditAttribution: sumanthkumarc at Azri Solutions commented@himanshu-dixit sure, i'm just busy for sometime. Unassigning myself.
Comment #21
Anonymous (not verified) CreditAttribution: Anonymous commentedWe have #2339903: Shortcut module's access checking is insane and this prevents the output of pretty reason-messages :(.
Also we have issue with a lot of work on refactoring #2083123: Shortcut cleanup: Remove duplicated code and deprecate legacy functions, but unfortunately it does not contain the necessary changes too. I can reroll that issue, but may be better first commit current issue to get better test coverage?
Bit change to get the reasons:
Also patch have:
I'm not sure with this, but without it there is a fall:
PS. I did not touch the indentations in the code, to better view the changes. But I'll do it in the future with
--diff-word
Comment #22
Anonymous (not verified) CreditAttribution: Anonymous commentedFix indentations.
Comment #23
Anonymous (not verified) CreditAttribution: Anonymous commentedbit cleanup short array + separete issue for cheat with assertSame/assertEquals #2859875: Use assertEquals instead of assertSame in EntityResourceTestBase :)
Comment #24
Anonymous (not verified) CreditAttribution: Anonymous commentedline adds whitespace errors :(
Review changes in new patch:
It looks like the tests are passing without 'administer shortcuts' permission, I do not know how good this news?
Return to original code, now changed only ShortcutAccessControlHandler.
Additional access processing. The reason includes the
$operation
. But we can not distinguish 'update' from 'view' operation without the next change:Looks like just typo, no?
And we have test cover this change via
Comment #25
Wim LeersThat's how
\Drupal\shortcut\ShortcutAccessControlHandler
(well,\shortcut_set_edit_access()
) is designed to work. So this is fine.Why would we be changing this? This is a form to edit a shortcut entity. Requiring
view
access seems very wrong.Why not move this logic directly into
shortcut_set_edit_access()
?Comment #26
Anonymous (not verified) CreditAttribution: Anonymous commentedOk, back to #23 and nit cleanup.
#25:
An interesting moment, looks like we have one path to
canonical
andedit_form
:And without change
entity.shortcut.canonical
we have'update'
$operation when we need'view'
incheckAccess(EntityInterface $entity, $operation, AccountInterface $account) {
Hence next fail:
shortcut_set_edit_access()
hasn't info about current operations ('view', 'create', 'update', 'delete').And one more thing, it takes only one argument
function shortcut_set_edit_access(ShortcutSetInterface $shortcut_set = NULL)
But we call it form
ShortcutAccessControlHandler
with two arguments :)Comment #27
Wim LeersYes, the Shortcut module is a mess. Not something we need to solve here though :)
This patch is perfect now! 99% test coverage. 1% surgical modification to
shortcut
module.This is fine!
However, if the committer doesn't like this, it could be changed to this alternative:
Thanks! :)
Comment #28
Anonymous (not verified) CreditAttribution: Anonymous commentedNice hint, now surgical modification looks really perfect!
Comment #29
Wim LeersThanks, great work @vaplas! :)
Comment #30
Anonymous (not verified) CreditAttribution: Anonymous commentedOnly nit cleanup, no change in the code.
Comment #31
Wim LeersLooks great!
Comment #32
alexpottThe words here are not the same as the logic defining
$may_edit_current_shortcut_set
. There is something about it being the currently displayed set too. This also makes me wonder if the we should also be doing->addCacheableDependency($shortcut_set)
if the shortcut_set is provided. The caching is out-of-scope here but should have a separate issue to discuss. What is in scope is this message. I'm not sure of what it should be but I know it needs to correctly describe the logic... which is described by:So maybe something like:
"The shortcut set must be the currently displayed set for the user and the user must have 'access shortcuts' AND 'customize shortcut links' permissions."
Not sure.
Comment #33
Wim LeersGood catch!
I forgot for a moment that unfortunately the "reason" message for denying access must reflect the actual complexity of the access checking, regardless of how insane it is (yes, I think shortcut access checking is insane, and I think most would agree).
I think your proposal makes sense. It's complex and confusing, but again… that is only because the access checking is complex and confusing. We must convey all information/requirements, otherwise the "reason" still is incomplete.
Thanks for your diligence.
Comment #34
Wim Leers@alexpott pointed out in IRC that we actually want/need
addCacheableDependency()
inshortcut_set_edit_access()
. But fixing that is out of scope here.I was fairly certain this problem had been reported before. And in fact…
\Drupal\shortcut\ShortcutSetAccessControlHandler::checkAccess()
gets it right! So the problem is more thatshortcut_set_edit_access()
is a pointless/stale/wrong duplicate. We already have #2083123: Shortcut cleanup: Remove duplicated code and deprecate legacy functions to fix that. So the follow-up already exists :)Comment #35
alexpott@Wim Leers so should we be adding the setReason to \Drupal\shortcut\ShortcutSetAccessControlHandler::checkAccess() to avoid surprises when we do deprecate? Not sure.
Comment #36
Wim Leers#35: when we remove
shortcut_set_edit_access()
, we'll get test failures for the test coverage added here, because the expected reason will not be present in the 403 response. So I think it's safe to say we won't forget to move this over.Comment #37
alexpottCommitted and pushed e1524ff to 8.4.x and 60f5d00 to 8.3.x. Thanks!
The change to shortcut_set_edit_access() is purely informational so there aren't any BC implications.