Commit 86459338 authored by Lily Yan's avatar Lily Yan
Browse files

Merge branch 'feature/ISTWCMS-5085-lkmorlan-menu-link-admin-access' into '3.0.x'

ISTWCMS-5085: Prevent non-admin access to menu add, edit, and delete

See merge request !243
parents e6ae4bf0 cfa47055
......@@ -1563,17 +1563,18 @@ class UwWcmsBasicTest extends BrowserTestBase {
$this->assertSession()->statusCodeEquals(200);
$this->assertSession()->elementExists('css', 'input#edit-weight[value="-51"]');
$this->drupalLogin($this->drupalUsers['uw_role_site_manager']);
// Menu admin. These are tested again below as site manager who does not
// have access.
// Edit link for home page.
$this->drupalGet('admin/structure/menu/manage/main');
$path = 'admin/structure/menu/link/uw_base_profile.front_page/edit';
$this->assertSession()->elementExists('xpath', '//ul[@class="dropbutton"]/li/a[@href="' . base_path() . $path . '"]');
// Menu add item link.
$this->drupalGet('admin/structure/menu');
$path = 'admin/structure/menu/manage/main/add';
$this->assertSession()->elementExists('xpath', '//ul[@class="dropbutton"]/li/a[@href="' . base_path() . $path . '"]');
// No access to edit home page menu entry.
$this->drupalGet('admin/structure/menu/link/uw_base_profile.front_page/edit');
$this->assertSession()->statusCodeEquals(403);
// Test that the home page cannot be the parent of any item. Using first
// menu item that was created.
$this->drupalGet('admin/structure/menu/item/1/edit');
$this->assertSession()->statusCodeEquals(200);
$this->assertSession()->elementExists('css', 'select#edit-menu-parent');
$this->assertSession()->elementNotExists('css', 'select#edit-menu-parent > option[value="main:uw_base_profile.front_page"]');
$this->drupalLogin($this->drupalUsers['uw_role_site_manager']);
// Test that main menu has disabled Catalogs menu link.
$this->drupalGet('admin/structure/menu/manage/main');
......@@ -1585,6 +1586,19 @@ class UwWcmsBasicTest extends BrowserTestBase {
// to validate if checkbox is unchecked.
$menu_uuid = $this->getSession()->getPage()->findLink('Catalogs')->getParent()->getParent()->getAttribute('data-drupal-selector');
$this->assertSession()->checkboxNotChecked($menu_uuid . '-enabled');
// No access to menu admin.
// No access to edit home page menu entry.
$path = 'admin/structure/menu/link/uw_base_profile.front_page/edit';
$this->assertSession()->elementNotExists('xpath', '//ul[@class="dropbutton"]/li/a[@href="' . base_path() . $path . '"]');
$this->drupalGet($path);
$this->assertSession()->statusCodeEquals(403);
// Menu add item link.
$this->drupalGet('admin/structure/menu');
$path = 'admin/structure/menu/manage/main/add';
$this->assertSession()->elementNotExists('xpath', '//ul[@class="dropbutton"]/li/a[@href="' . base_path() . $path . '"]');
$this->drupalGet($path);
$this->assertSession()->statusCodeEquals(403);
}
/**
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment