diff --git a/core/modules/rest/lib/Drupal/rest/Tests/CreateTest.php b/core/modules/rest/lib/Drupal/rest/Tests/CreateTest.php index 42c2950..8d5245d 100644 --- a/core/modules/rest/lib/Drupal/rest/Tests/CreateTest.php +++ b/core/modules/rest/lib/Drupal/rest/Tests/CreateTest.php @@ -34,79 +34,81 @@ public static function getInfo() { */ public function testCreate() { $serializer = drupal_container()->get('serializer'); - // @todo once EntityNG is implemented for other entity types test all other - // entity types here as well. - $entity_type = 'entity_test'; - - $this->enableService('entity:' . $entity_type, 'POST'); - // Create a user account that has the required permissions to create - // resources via the REST API. - $permissions = $this->entityPermissions($entity_type, 'create'); - $permissions[] = 'restful post entity:' . $entity_type; - $account = $this->drupalCreateUser($permissions); - $this->drupalLogin($account); - - $entity_values = $this->entityValues($entity_type); - $entity = entity_create($entity_type, $entity_values); - $serialized = $serializer->serialize($entity, $this->defaultFormat); - // Create the entity over the REST API. - $this->httpRequest('entity/' . $entity_type, 'POST', $serialized, $this->defaultMimeType); - $this->assertResponse(201); - - // Get the new entity ID from the location header and try to read it from - // the database. - $location_url = $this->drupalGetHeader('location'); - $url_parts = explode('/', $location_url); - $id = end($url_parts); - $loaded_entity = entity_load($entity_type, $id); - $this->assertNotIdentical(FALSE, $loaded_entity, 'The new ' . $entity_type . ' was found in the database.'); - $this->assertEqual($entity->uuid(), $loaded_entity->uuid(), 'UUID of created entity is correct.'); - // @todo Remove the user reference field for now until deserialization for - // entity references is implemented. - unset($entity_values['user_id']); - foreach ($entity_values as $property => $value) { - $actual_value = $loaded_entity->get($property)->value; - $send_value = $entity->get($property)->value; - $this->assertEqual($send_value, $actual_value, 'Created property ' . $property . ' expected: ' . $send_value . ', actual: ' . $actual_value); + $entity_types = array('entity_test', 'node'); + foreach ($entity_types as $entity_type) { + + $this->enableService('entity:' . $entity_type, 'POST'); + // Create a user account that has the required permissions to create + // resources via the REST API. + $permissions = $this->entityPermissions($entity_type, 'create'); + $permissions[] = 'restful post entity:' . $entity_type; + $account = $this->drupalCreateUser($permissions); + $this->drupalLogin($account); + + $entity_values = $this->entityValues($entity_type); + $entity = entity_create($entity_type, $entity_values); + $serialized = $serializer->serialize($entity, $this->defaultFormat); + // Create the entity over the REST API. + $this->httpRequest('entity/' . $entity_type, 'POST', $serialized, $this->defaultMimeType); + $this->assertResponse(201); + + // Get the new entity ID from the location header and try to read it from + // the database. + $location_url = $this->drupalGetHeader('location'); + $url_parts = explode('/', $location_url); + $id = end($url_parts); + $loaded_entity = entity_load($entity_type, $id); + $this->assertNotIdentical(FALSE, $loaded_entity, 'The new ' . $entity_type . ' was found in the database.'); + $this->assertEqual($entity->uuid(), $loaded_entity->uuid(), 'UUID of created entity is correct.'); + // @todo Remove the user reference field for now until deserialization for + // entity references is implemented. + unset($entity_values['user_id']); + foreach ($entity_values as $property => $value) { + $actual_value = $loaded_entity->get($property)->value; + $send_value = $entity->get($property)->value; + $this->assertEqual($send_value, $actual_value, 'Created property ' . $property . ' expected: ' . $send_value . ', actual: ' . $actual_value); + } + + $loaded_entity->delete(); + + // Try to create an entity with an access protected field. + // @see entity_test_entity_field_access() + if ($entity_type == 'entity_test') { + $entity->field_test_text->value = 'no access value'; + $serialized = $serializer->serialize($entity, $this->defaultFormat); + $this->httpRequest('entity/' . $entity_type, 'POST', $serialized, $this->defaultMimeType); + $this->assertResponse(403); + $this->assertFalse(entity_load_multiple($entity_type, NULL, TRUE), 'No entity has been created in the database.'); + + // Restore the valid test value. + $entity->field_test_text->value = $entity_values['field_test_text'][0]['value']; + $serialized = $serializer->serialize($entity, $this->defaultFormat); + } + + // Try to send invalid data that cannot be correctly deserialized. + $this->httpRequest('entity/' . $entity_type, 'POST', 'kaboom!', $this->defaultMimeType); + $this->assertResponse(400); + + // Try to create an entity without the CSRF token. + $this->curlExec(array( + CURLOPT_HTTPGET => FALSE, + CURLOPT_POST => TRUE, + CURLOPT_CUSTOMREQUEST => 'POST', + CURLOPT_POSTFIELDS => $serialized, + CURLOPT_URL => url('entity/' . $entity_type, array('absolute' => TRUE)), + CURLOPT_NOBODY => FALSE, + CURLOPT_HTTPHEADER => array('Content-Type: ' . $this->defaultMimeType), + )); + $this->assertResponse(403); + $this->assertFalse(entity_load_multiple($entity_type, NULL, TRUE), 'No entity has been created in the database.'); + + // Try to create an entity without proper permissions. + $this->drupalLogout(); + $this->httpRequest('entity/' . $entity_type, 'POST', $serialized, $this->defaultMimeType); + $this->assertResponse(403); + $this->assertFalse(entity_load_multiple($entity_type, NULL, TRUE), 'No entity has been created in the database.'); } - $loaded_entity->delete(); - - // Try to create an entity with an access protected field. - // @see entity_test_entity_field_access() - $entity->field_test_text->value = 'no access value'; - $serialized = $serializer->serialize($entity, $this->defaultFormat); - $this->httpRequest('entity/' . $entity_type, 'POST', $serialized, $this->defaultMimeType); - $this->assertResponse(403); - $this->assertFalse(entity_load_multiple($entity_type, NULL, TRUE), 'No entity has been created in the database.'); - - // Restore the valid test value. - $entity->field_test_text->value = $entity_values['field_test_text'][0]['value']; - $serialized = $serializer->serialize($entity, $this->defaultFormat); - - // Try to send invalid data that cannot be correctly deserialized. - $this->httpRequest('entity/' . $entity_type, 'POST', 'kaboom!', $this->defaultMimeType); - $this->assertResponse(400); - - // Try to create an entity without the CSRF token. - $this->curlExec(array( - CURLOPT_HTTPGET => FALSE, - CURLOPT_POST => TRUE, - CURLOPT_CUSTOMREQUEST => 'POST', - CURLOPT_POSTFIELDS => $serialized, - CURLOPT_URL => url('entity/' . $entity_type, array('absolute' => TRUE)), - CURLOPT_NOBODY => FALSE, - CURLOPT_HTTPHEADER => array('Content-Type: ' . $this->defaultMimeType), - )); - $this->assertResponse(403); - $this->assertFalse(entity_load_multiple($entity_type, NULL, TRUE), 'No entity has been created in the database.'); - - // Try to create an entity without proper permissions. - $this->drupalLogout(); - $this->httpRequest('entity/' . $entity_type, 'POST', $serialized, $this->defaultMimeType); - $this->assertResponse(403); - $this->assertFalse(entity_load_multiple($entity_type, NULL, TRUE), 'No entity has been created in the database.'); - // Try to create a resource which is not REST API enabled. $this->enableService(FALSE); $this->drupalLogin($account); diff --git a/core/modules/rest/lib/Drupal/rest/Tests/DeleteTest.php b/core/modules/rest/lib/Drupal/rest/Tests/DeleteTest.php index d85cf71..10695c4 100644 --- a/core/modules/rest/lib/Drupal/rest/Tests/DeleteTest.php +++ b/core/modules/rest/lib/Drupal/rest/Tests/DeleteTest.php @@ -34,9 +34,9 @@ public static function getInfo() { */ public function testDelete() { // Define the entity types we want to test. - // @todo expand this test to at least nodes and users once their access + // @todo expand this test to at least users once their access // controllers are implemented. - $entity_types = array('entity_test'); + $entity_types = array('entity_test', 'node'); foreach ($entity_types as $entity_type) { $this->enableService('entity:' . $entity_type, 'DELETE'); // Create a user account that has the required permissions to delete diff --git a/core/modules/rest/lib/Drupal/rest/Tests/RESTTestBase.php b/core/modules/rest/lib/Drupal/rest/Tests/RESTTestBase.php index 4bad46b..752c603 100644 --- a/core/modules/rest/lib/Drupal/rest/Tests/RESTTestBase.php +++ b/core/modules/rest/lib/Drupal/rest/Tests/RESTTestBase.php @@ -32,6 +32,8 @@ protected function setUp() { parent::setUp(); $this->defaultFormat = 'hal_json'; $this->defaultMimeType = 'application/hal+json'; + // Create a test content type for node testing. + $this->drupalCreateContentType(array('name' => 'resttest', 'type' => 'resttest')); } /** @@ -60,6 +62,7 @@ protected function httpRequest($url, $method, $body = NULL, $mime_type = NULL) { $options = isset($body) ? array('absolute' => TRUE, 'query' => $body) : array('absolute' => TRUE); $curl_options = array( CURLOPT_HTTPGET => TRUE, + CURLOPT_CUSTOMREQUEST => 'GET', CURLOPT_URL => url($url, $options), CURLOPT_NOBODY => FALSE, CURLOPT_HTTPHEADER => array('Accept: ' . $mime_type), @@ -165,7 +168,7 @@ protected function entityValues($entity_type) { 'field_test_text' => array(0 => array('value' => $this->randomString())), ); case 'node': - return array('title' => $this->randomString(), 'type' => $this->randomString()); + return array('title' => $this->randomString(), 'type' => 'resttest'); case 'user': return array('name' => $this->randomName()); default: @@ -264,6 +267,15 @@ protected function entityPermissions($entity_type, $operation) { case 'delete': return array('administer entity_test content'); } + case 'node': + switch ($operation) { + case 'view': + return array('access content'); + case 'create': + return array('create resttest content'); + case 'delete': + return array('delete any resttest content'); + } } } } diff --git a/core/modules/rest/lib/Drupal/rest/Tests/ReadTest.php b/core/modules/rest/lib/Drupal/rest/Tests/ReadTest.php index cb7fb6e..4ea4e17 100644 --- a/core/modules/rest/lib/Drupal/rest/Tests/ReadTest.php +++ b/core/modules/rest/lib/Drupal/rest/Tests/ReadTest.php @@ -34,9 +34,9 @@ public static function getInfo() { */ public function testRead() { // @todo once EntityNG is implemented for other entity types expand this at - // least to nodes and users. + // least to users. // Define the entity types we want to test. - $entity_types = array('entity_test'); + $entity_types = array('entity_test', 'node'); foreach ($entity_types as $entity_type) { $this->enableService('entity:' . $entity_type, 'GET'); // Create a user account that has the required permissions to read @@ -69,15 +69,17 @@ public function testRead() { $this->assertEqual($decoded['error'], 'Entity with ID 9999 not found', 'Response message is correct.'); // Make sure that field level access works and that the according field is - // not available in the response. + // not available in the response. Only applies to entity_test. // @see entity_test_entity_field_access() - $entity->field_test_text->value = 'no access value'; - $entity->save(); - $response = $this->httpRequest('entity/' . $entity_type . '/' . $entity->id(), 'GET', NULL, $this->defaultMimeType); - $this->assertResponse(200); - $this->assertHeader('content-type', $this->defaultMimeType); - $data = drupal_json_decode($response); - $this->assertFalse(isset($data['field_test_text']), 'Field access protexted field is not visible in the response.'); + if ($entity_type == 'entity_test') { + $entity->field_test_text->value = 'no access value'; + $entity->save(); + $response = $this->httpRequest('entity/' . $entity_type . '/' . $entity->id(), 'GET', NULL, $this->defaultMimeType); + $this->assertResponse(200); + $this->assertHeader('content-type', $this->defaultMimeType); + $data = drupal_json_decode($response); + $this->assertFalse(isset($data['field_test_text']), 'Field access protected field is not visible in the response.'); + } // Try to read an entity without proper permissions. $this->drupalLogout();