Compare revisions

################

# GitLabCI template for Drupal projects.

#

# This template is designed to give any Contrib maintainer everything they need to test, without requiring modification.

# It is also designed to keep up to date with Core Development automatically through the use of include files that can be centrally maintained.

# As long as you include the project, ref and three files below, any future updates added by the Drupal Association will be used in your

# pipelines automatically. However, you can modify this template if you have additional needs for your project.

# The full documentation is on https://project.pages.drupalcode.org/gitlab_templates/

################

# For information on alternative values for 'ref' see https://project.pages.drupalcode.org/gitlab_templates/info/templates-version/

# To test a Drupal 7 project, change the first include filename from .main.yml to .main-d7.yml

include:

  - project: $_GITLAB_TEMPLATES_REPO

    ref: $_GITLAB_TEMPLATES_REF

    file:

      - '/includes/include.drupalci.main.yml'

      - '/includes/include.drupalci.variables.yml'

      - '/includes/include.drupalci.workflows.yml'

#

################

# Pipeline configuration variables are defined with default values and descriptions in the file

# https://git.drupalcode.org/project/gitlab_templates/-/blob/main/includes/include.drupalci.variables.yml

# Uncomment the lines below if you want to override any of the variables. The following is just an example.

################

variables:

  _CSPELL_WORDS: 'frontends'

 * @noinspection PhpUnused

 * @noinspection PhpUnusedParameterInspection

 */

function disable_ui_help($route_name,

                         RouteMatchInterface $route_match) {

function disable_ui_help($route_name, RouteMatchInterface $route_match) {

  $output = NULL;

  switch ($route_name) {

  return [

    'user.login',

    'user.logout',

    'user.logout.confirm',

    'user.pass',

    'user.reset',

    'user.reset.form',

use Drupal\Core\Access\AccessResultInterface;

use Drupal\Core\Routing\Access\AccessInterface;

use Drupal\Core\Session\AccountInterface;

use Symfony\Component\HttpFoundation\Request;

/**

 * Checks whether the current user has permission to access non-API routes.

  protected const ACCESS_PERMISSION = 'access ui route';

  /**

   * Checks access.

   * Checks access for non-API routes.

   *

   * Access is allowed if the user has our permission or if the access route

   * being checked is not the route of the main request (e.g. access checks

   * when generating menu links).

   *

   * @param \Drupal\Core\Session\AccountInterface $account

   *   The account being checked.

   * @param \Symfony\Component\HttpFoundation\Request|null $request

   *   Optional, a request. Only supplied when checking the incoming request.

   *

   * @return \Drupal\Core\Access\AccessResultInterface

   *   The access result.

   */

  public function access(AccountInterface $account): AccessResultInterface {

    return AccessResult::allowedIfHasPermission($account, static::ACCESS_PERMISSION);

  public function access(AccountInterface $account, ?Request $request = NULL): AccessResultInterface {

    // See \Drupal\Core\Access\AccessManagerInterface::check(), the $request

    // parameter should only be supplied when checking the incoming request,

    // if we do not receive the request object we can assume that we are

    // checking a route while generating the page.

    $isNotMainRequest = AccessResult::allowedIf(is_null($request));

    return AccessResult::allowedIfHasPermission($account, static::ACCESS_PERMISSION)

      ->orIf($isNotMainRequest);

  }

}

name: 'Disable UI test'

type: module

description: 'Provides test hooks and resources for Disable UI tests.'

package: Testing

<?php

/**

 * @file

 * Provides a test module for the disable_ui module.

 */

/**

 * Implements hook_disable_ui_route_exclusions().

 */

function disable_ui_test_disable_ui_route_exclusions(): array {

  return [

    'disable_ui_test.excluded_by_hook',

  ];

}

disable_ui_test.disabled_route:

  path: '/disable-ui-test/custom-route-disabled'

  defaults:

    _title: 'Test for custom route that should be disabled'

    _controller: '\Drupal\disable_ui_test\Controller\TestController::disabledRoute'

  methods: [GET]

  requirements:

    _permission: 'access content'

disable_ui_test.json_format:

  path: '/disable-ui-test/excluded-by-format'

  defaults:

    _title: 'Test for custom API with declared JSON format'

    _controller: '\Drupal\disable_ui_test\Controller\TestController::jsonFormatRoute'

  methods: [GET]

  requirements:

    _permission: 'access content'

    _format: json

disable_ui_test.excluded_by_hook:

  path: '/disable-ui-test/excluded-by-hook'

  defaults:

    _title: 'Test for custom API excluded by our hook'

    _controller: '\Drupal\disable_ui_test\Controller\TestController::excludedByHookRoute'

  methods: [GET]

  requirements:

    _permission: 'access content'

<?php

namespace Drupal\disable_ui_test\Controller;

use Drupal\Core\Controller\ControllerBase;

use Symfony\Component\HttpFoundation\JsonResponse;

/**

 * Controller for test routes for disable_ui.

 */

class TestController extends ControllerBase {

  /**

   * Route callback for a path that should be disabled.

   */

  public function disabledRoute() {

    return [

      '#markup' => 'Custom route that should be disabled without permission',

    ];

  }

  /**

   * Route callback for a path that should be excluded with defined json format.

   */

  public function jsonFormatRoute() {

    return new JsonResponse(['test' => 'JSON format route is excluded']);

  }

  /**

   * Route callback for a path that should be excluded explicitly with hook.

   */

  public function excludedByHookRoute() {

    return [

      '#markup' => 'Custom route that should be excluded with hook_disable_ui_route_exclusions',

    ];

  }

}

<?php

namespace Drupal\Tests\disable_ui\Functional;

use Drupal\Tests\BrowserTestBase;

use Drupal\node\NodeInterface;

/**

 * Base class for disable_ui functional tests.

 *

 * @group disable_ui

 */

abstract class DisableUiFunctionalTestBase extends BrowserTestBase {

  /**

   * {@inheritdoc}

   */

  protected $defaultTheme = 'stark';

  /**

   * User with permission to access UI routes and access content.

   *

   * @var \Drupal\user\Entity\User

   */

  protected $user;

  /**

   * The nodes.

   *

   * @var \Drupal\node\Entity\Node[]

   */

  protected $nodes = [];

  /**

   * Modules list.

   *

   * @var array

   */

  protected static $modules = [

    'node',

    'path',

    'disable_ui',

    'disable_ui_test',

  ];

  /**

   * {@inheritdoc}

   */

  protected function setUp(): void {

    parent::setUp();

    $this->user = $this->drupalCreateUser([

      'access content',

      'access ui route',

    ]);

    $this->drupalCreateContentType([

      'type' => 'page',

      'name' => 'Page',

    ]);

    for ($i = 0; $i < 5; $i++) {

      $id = $this->randomMachineName(12);

      $title = 'Disable UI test node - ' . $id;

      $this->nodes[] = $this->drupalCreateNode([

        'type' => 'page',

        'title' => $title,

        'status' => NodeInterface::PUBLISHED,

        'path' => '/disable-ui-test-node-' . $id,

      ]);

    }

  }

}

<?php

namespace Drupal\Tests\disable_ui\Functional;

use Drupal\Component\Serialization\Json;

/**

 * Test basic disabled routes functionality.

 *

 * @group disable_ui

 */

class DisabledRoutesTest extends DisableUiFunctionalTestBase {

  /**

   * Test content routes are disabled without the appropriate permission.

   */

  public function testDisableUiRoutes() {

    // Verify that node pages are inaccessible to anonymous users.

    foreach ($this->nodes as $node) {

      $this->drupalGet($node->toUrl());

      $this->assertSession()->statusCodeEquals(403);

    }

    // Verify that custom route is inaccessible to anonymous users.

    $this->drupalGet('/disable-ui-test/custom-route-disabled');

    $this->assertSession()->statusCodeEquals(403);

    // Verify that node pages are accessible to the user with the correct

    // permission.

    $this->drupalLogin($this->user);

    foreach ($this->nodes as $node) {

      $this->drupalGet($node->toUrl());

      $this->assertSession()->statusCodeEquals(200);

      $this->assertSession()->titleEquals($node->label() . ' | Drupal');

    }

    // Verify that custom route is accessible to users with the correct

    // permission.

    $this->drupalGet('/disable-ui-test/custom-route-disabled');

    $this->assertSession()->statusCodeEquals(200);

    $this->assertSession()->pageTextContainsOnce('Custom route that should be disabled without permission');

  }

  /**

   * Test default UI route exclusions.

   */

  public function testUiRouteExclusions() {

    // Verify that login and logout work using both one-time login links and

    // the login form.

    $this->useOneTimeLoginLinks = TRUE;

    $this->drupalLogin($this->user);

    $this->drupalLogout();

    $this->useOneTimeLoginLinks = FALSE;

    $this->drupalLogin($this->user);

    $this->drupalLogout();

    // Access default route exclusions as anonymous user.

    $paths = [

      '/user/password',

      '/session/token',

    ];

    foreach ($paths as $path) {

      $this->drupalGet($path);

      $this->assertSession()->statusCodeEquals(200);

    }

    // Test exclusion for custom route based on _format set to json.

    $content = Json::decode($this->drupalGet('/disable-ui-test/excluded-by-format'));

    $this->assertSession()->statusCodeEquals(200);

    $this->assertEquals($content['test'], 'JSON format route is excluded');

    // Test exclusion using hook_disable_ui_route_exclusions().

    $this->drupalGet('/disable-ui-test/excluded-by-hook');

    $this->assertSession()->statusCodeEquals(200);

    $this->assertSession()->pageTextContains('Custom route that should be excluded with hook_disable_ui_route_exclusions');

  }

}

<?php

namespace Drupal\Tests\disable_ui\Functional;

use Drupal\Component\Serialization\Json;

use Drupal\Core\Url;

/**

 * Test JSON:API routes.

 *

 * @group disable_ui

 */

class JsonApiRoutesTest extends DisableUiFunctionalTestBase {

  /**

   * Modules list.

   *

   * @var array

   */

  protected static $modules = [

    'jsonapi',

    'serialization',

  ];

  /**

   * {@inheritdoc}

   */

  protected function setUp(): void {

    parent::setUp();

    // Rebuild router to pick up JSON:API routes.

    \Drupal::service('router.builder')->rebuild();

  }

  /**

   * Test default JSON:API route exclusions.

   */

  public function testJsonApiExclusions() {

    // Load the JSON:API root listing, iterate through all

    // exposed endpoints and check they are accessible.

    $content = Json::decode($this->drupalGet('/jsonapi'));

    $this->assertSession()->statusCodeEquals(200);

    $this->assertGreaterThan(1, count($content['links']));

    foreach ($content['links'] as $link) {

      $this->drupalGet($link['href']);

      $this->assertSession()->statusCodeEquals(200);

    }

    // Check specific JSON:API paths for our test nodes.

    foreach ($this->nodes as $node) {

      $url = Url::fromRoute('jsonapi.node--page.individual', ['entity' => $node->uuid()]);

      $content = JSON::decode($this->drupalGet($url));

      $this->assertSession()->statusCodeEquals(200);

      $this->assertEquals($content['data']['attributes']['title'], $node->label());

    }

  }

}

<?php

namespace Drupal\Tests\disable_ui\Functional;

use Drupal\Component\Serialization\Json;

use Drupal\menu_link_content\Entity\MenuLinkContent;

use Drupal\system\Entity\Menu;

/**

 * Test menu linkset route.

 *

 * @group disable_ui

 */

class MenuLinksetTest extends DisableUiFunctionalTestBase {

  /**

   * The menu links.

   *

   * @var \Drupal\menu_link_content\Entity\MenuLinkContent[]

   */

  protected $menuLinks = [];

  /**

   * Modules list.

   *

   * @var array

   */

  protected static $modules = [

    'menu_link_content',

  ];

  /**

   * {@inheritdoc}

   */

  protected function setUp(): void {

    parent::setUp();

    // Create test menu.

    Menu::create([

      'id' => 'test',

      'label' => 'Test menu',

      'description' => 'Test description',

    ])->save();

    // Add menu content links for each of the created nodes.

    foreach ($this->nodes as $delta => $node) {

      $menuLink = MenuLinkContent::create([

        'title' => $node->label(),

        'provider' => 'menu_link_content',

        'menu_name' => 'test',

        'link' => ['uri' => 'internal:/node/' . $node->id()],

        'weight' => $delta,

      ]);

      $menuLink->save();

      $this->menuLinks[] = $menuLink;

    }

    // Enable menu linkset endpoint.

    $featureFlagsConfig = $this->config('system.feature_flags');

    $featureFlagsConfig->set('linkset_endpoint', TRUE);

    $featureFlagsConfig->save();

    // Rebuild router to pick up linkset routes.

    \Drupal::service('router.builder')->rebuild();

  }

  /**

   * Test menu linkset API.

   */

  public function testMenuLinkset() {

    // Load main menu linkset as anonymous user.

    $content = JSON::decode($this->drupalGet('/system/menu/test/linkset'));

    $this->assertSession()->statusCodeEquals(200);

    // Check all the expected links are there.

    foreach ($content['linkset'][0]['item'] as $delta => $link) {

      $this->assertEquals($this->menuLinks[$delta]->label(), $link['title']);

    }

  }

}

<?php

namespace Drupal\Tests\disable_ui\Functional;

use Drupal\Component\Serialization\Json;

use Drupal\rest\Entity\RestResourceConfig;

use Drupal\rest\RestResourceConfigInterface;

/**

 * Test REST routes.

 *

 * @group disable_ui

 */

class RestRoutesTest extends DisableUiFunctionalTestBase {

  /**

   * Modules list.

   *

   * @var array

   */

  protected static $modules = [

    'rest',

    'serialization',

  ];

  /**

   * {@inheritdoc}

   */

  protected function setUp(): void {

    parent::setUp();

    // Set up basic REST resource for getting nodes.

    RestResourceConfig::create([

      'id' => 'entity.node',

      'plugin_id' => 'entity:node',

      'granularity' => RestResourceConfigInterface::RESOURCE_GRANULARITY,

      'configuration' => [

        'methods' => ['GET'],

        'formats' => ['json'],

        'authentication' => ['cookie'],

      ],

      'status' => TRUE,

    ])->save();

    // Rebuild router to pick up REST routes.

    \Drupal::service('router.builder')->rebuild();

  }

  /**

   * Test default REST route exclusions.

   */

  public function testRestExclusions() {

    // Load each node through the default JSON format.

    foreach ($this->nodes as $node) {

      $url = $node->toUrl('canonical', ['query' => ['_format' => 'json']]);

      $content = JSON::decode($this->drupalGet($url));

      $this->assertSession()->statusCodeEquals(200);

      $this->assertEquals($content['title'][0]['value'], $node->label());

    }

  }

}