Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Problem/Motivation
ResourceTestBase
is not usable out of the box for tests of non-entity resources. There are a number of problems one encounters:
$this->serializer
is declared but never setgetExpectedBcUnauthorizedAccessMessage()
needs to be implemented even though it is only needed for entity resources
Proposed resolution
- Move the initialization of
$this->serializer
fromEntityResourceTestBase
toResourceTestBase
- Remove the abstract method
getExpectedBcUnauthorizedAccessMessage()
- Implement
getExpectedUnauthorizedAccessMessage
generically inResourceTestBase
Remove the abstract definition of getExpectedBcUnauthorizedAccessMessage()
from ResourceTestBase
.
Comment | File | Size | Author |
---|---|---|---|
#11 | 2869387-11.patch | 4 KB | tstoeckler |
Comments
Comment #2
tstoecklerJust realized that
EntityResource
already has a generic implementation of that method, so I think the abstract method can simply be removed.Re-titling and updating the issue summary accordingly.
Comment #3
tstoecklerHmmm... thinking about this more: Since generically, resources get their own permissions and only for entities we don't need that, would it make sense to move
EntityResourceTestBase::getExpectedBCUnauthorizedAccessMessage()
intoResourceTestBase
asgetExpectedUnauthorizedAccessMessage()
(i.e. without theBC
)?I currently have this in my non-entity resource test:
We would only need the resource plugin ID to do this generically and
EntityResourceTestBase
could in turn have a default implementation of that since it knows the entity type ID.Assigning to Wim Leers to shine some light on this, this is all very confusing to me.
Comment #4
tstoecklerActually expanding scope a bit here, as I found another problem with
ResourceTestBase
:$this->serializer
is declared, but never set.Also unassigning @Wim Leers again until I have something more "presentable" here. So far I'm still thinking out loud.
Comment #5
tstoecklerAlso found: #2869415: EntityResourceTestBase::getUrl() overrides BrowserTestBase::getUrl(), yet offers different functionality
Comment #6
Wim Leers#4 makes sense on all counts. Thanks for the crystal-clear IS too!
P.S.: very glad to see people using these base classes!
Comment #7
tstoecklerAh, awesome thank you! :-) I will keep you posted if I find anything else ;-)
Comment #9
tstoecklerLet's try this one.
ResourceTestBase::$resourceConfigId
conveniently has the comment:But, I had to search a bit to verify that my assumption of how that actually works is true, so I added a
@see
.Comment #10
tstoecklerAhh damn, double paren's...
Comment #11
tstoecklerQuick fix for #10.
Comment #12
Wim LeersThanks!
Comment #14
Wim LeersComment #15
effulgentsia CreditAttribution: effulgentsia at Acquia commentedThis issue is currently set to version 8.3.x. How important is it to commit it to that version? While I like #11, I'm concerned about introducing the corresponding BC breaks to non-entity resource tests into a patch-level release.
I think this also needs a CR for a before/after example of writing a non-entity resource test (or at least the portions of that that are affected by this patch).
Speaking of which, do we have core issues for adding test coverage for
DBLogResource
andUserRegistrationResource
? And I wonder if independently of that, if we should also have a separate test for a test non-entity resource.Comment #16
effulgentsia CreditAttribution: effulgentsia at Acquia commentedAlso, I'm skeptical about the title of this issue. "does not work" is a pretty strong statement. The issue summary points to some WTFs worth fixing, but is it really true that it doesn't work at all, and that therefore there are 0 contrib modules extending it? That's relevant in evaluating whether to commit it to 8.3.
Comment #17
Wim LeersResourceTestBase
in contrib right now.ResourceTestBase
subclasses, and so it'd remove the need to implement two abstract methods, which aren't called byResourceTestBase
itself. The first (ResourceTestBase::getExpectedUnauthorizedAccessMessage()
) does get a default implementation that will work for 99% of REST resource plugins (it matches\Drupal\rest\Plugin\ResourceBase::permissions()
). The second (ResourceTestBase::getExpectedBcUnauthorizedAccessMessage()
) only ever makes sense for entity resources, seeEntityResource::permissions()
+ https://www.drupal.org/node/2664780.This is becoming very onerous.
(Entity)ResourceTestBase
are in flux. They're designed to be in flux. They're effectively NOT an API. Because REST didn't ship with test coverage. So we need to add it now. Therefore it is in flux, while we work towards complete test coverage… it's not reasonable to provide BC. It is reasonable to be mindful of minimizing pain. This patch likely introduces zero pain.No. Note that there's test coverage for both:
\Drupal\dblog\Tests\Rest\DbLogResourceTest
+\Drupal\Tests\user\Unit\UserRegistrationResourceTest
. It's just not nearly as comprehensive as the test coverage for entities. Which makes sense, because there's a whole lot more dynamism and therefor edge cases/risk/… to test for entities + REST.Comment #18
damiankloip CreditAttribution: damiankloip at Acquia commentedAre there more abstract methods on ResourceTestBase that can be moved/removed too? None of the abstract methods are actually used in the base class, and therefore don't really belong on there (unless I'm missing something)? Seems like most of this stuff is just a part of the EntityResourceTestBase implementation.
EDIT: Hmm, I guess the test traits that are meant to be used for these contain some of the concrete implementation for the abstract methods, like BasicAuthResourceTestTrait
Comment #19
Wim LeersIndeed. So I don't think there's more.
Comment #20
tstoecklerNot actually sure what to with this issue in terms of the title. I agree that "does not work" is not very specific, but I have a hard time finding clearer words. Because it does actually not work, I also have a hard time writing a change notice because the "before" part is not actually clear, unless we actually want to write a change notice about people being able to remove weird workarounds they had to employ before. That seems non-standard to me, though, in terms of how we generally treat change notices. I could see a legitimate change notice for the third point below, but not sure.
In any case, not really sure what to do here, but here is some more explanation of what the parts of the patch actually mean:
So this part is a legitimate bug and it constitutes the "does not work" part for me. Of course, the workaround is trivial (just add the serializer in your own
setUp()
) but still.This is a mere nuisance as without this
ResourceTestBase
is less helpful than it could be and you end up implementing this again and again for every test base class in the same way. It's not actually a bug in the strict sense, though.This is also a bug, as the whole concept of BC permissions does not make sense for non-entity resources. So you have to implement something that is not actually used. Again, the you can just implement it with
return 'foo';
and be done with it, but ...Comment #21
Wim LeersI agree with #20, I think the same conclusion as #2869415: EntityResourceTestBase::getUrl() overrides BrowserTestBase::getUrl(), yet offers different functionality applies here: there's no point in a CR for this etc.
Comment #23
Wim LeersRandom fail in
Drupal\Tests\outside_in\FunctionalJavascript\OutsideInBlockFormTest
in 8.3.x. Re-testing.Comment #24
effulgentsia CreditAttribution: effulgentsia at Acquia commentedI think #17 and #20 are great justifications for committing this into 8.4. I'm still not convinced by those arguments that this can safely go into 8.3. If folks here (especially @tstoeckler, who opened the issue) are willing for this to be an 8.4-only issue, then I think it's great as-is. But if there are 8.3 contrib modules that are wanting this, then I think we need to still figure out whether to adjust the patch or the communication about it to production sites.
On what basis can we assume this? Each of the items in #20 are easy to work around.
Comment #25
effulgentsia CreditAttribution: effulgentsia at Acquia commentedHere's my attempt at a retitle based on #20.
Comment #26
tstoecklerThe new title is bit too forgiving for my taste, but be that as it may ;-). I don't mind this landing in 8.4.x only. If I remember correctly contrib tests on Drupal.org are run against 8.4.x anyway, so this would only be for people with their own CI on Github, etc. So marking RTBC per #24
Comment #27
Wim LeersMe neither.
Let's do this in 8.4.x only.
Comment #29
catchCommitted/pushed to 8.4.x, thanks!