2015-08-17 17:00:26 -07:00
< ? php
namespace Drupal\rest\Tests ;
use Drupal\Core\Url ;
/**
* Tests the deletion of resources .
*
* @ group rest
*/
class DeleteTest extends RESTTestBase {
/**
* Modules to install .
*
* @ var array
*/
2016-10-06 15:16:20 -07:00
public static $modules = array ( 'hal' , 'rest' , 'entity_test' , 'node' );
2015-08-17 17:00:26 -07:00
/**
* Tests several valid and invalid delete requests on all entity types .
*/
public function testDelete () {
// Define the entity types we want to test.
// @todo expand this test to at least users once their access
// controllers are implemented.
$entity_types = array ( 'entity_test' , 'node' );
foreach ( $entity_types as $entity_type ) {
$this -> enableService ( 'entity:' . $entity_type , 'DELETE' );
// Create a user account that has the required permissions to delete
// resources via the REST API.
$permissions = $this -> entityPermissions ( $entity_type , 'delete' );
$account = $this -> drupalCreateUser ( $permissions );
$this -> drupalLogin ( $account );
// Create an entity programmatically.
$entity = $this -> entityCreate ( $entity_type );
$entity -> save ();
2016-10-06 15:16:20 -07:00
// Try first to delete over REST API without the CSRF token.
$this -> httpRequest ( $entity -> urlInfo (), 'DELETE' , NULL , NULL , TRUE );
$this -> assertResponse ( 403 , 'X-CSRF-Token request header is missing' );
2015-08-17 17:00:26 -07:00
// Delete it over the REST API.
$response = $this -> httpRequest ( $entity -> urlInfo (), 'DELETE' );
// Clear the static cache with entity_load(), otherwise we won't see the
// update.
2016-10-06 15:16:20 -07:00
$storage = $this -> container -> get ( 'entity_type.manager' )
-> getStorage ( $entity_type );
$storage -> resetCache ([ $entity -> id ()]);
$entity = $storage -> load ( $entity -> id ());
2015-08-17 17:00:26 -07:00
$this -> assertFalse ( $entity , $entity_type . ' entity is not in the DB anymore.' );
$this -> assertResponse ( '204' , 'HTTP response code is correct.' );
$this -> assertEqual ( $response , '' , 'Response body is empty.' );
// Try to delete an entity that does not exist.
$response = $this -> httpRequest ( Url :: fromRoute ( 'entity.' . $entity_type . '.canonical' , [ $entity_type => 9999 ]), 'DELETE' );
$this -> assertResponse ( 404 );
$this -> assertText ( 'The requested page could not be found.' );
// Try to delete an entity without proper permissions.
$this -> drupalLogout ();
// Re-save entity to the database.
$entity = $this -> entityCreate ( $entity_type );
$entity -> save ();
$this -> httpRequest ( $entity -> urlInfo (), 'DELETE' );
$this -> assertResponse ( 403 );
2016-10-06 15:16:20 -07:00
$storage -> resetCache ([ $entity -> id ()]);
$this -> assertNotIdentical ( FALSE , $storage -> load ( $entity -> id ()),
'The ' . $entity_type . ' entity is still in the database.' );
2015-08-17 17:00:26 -07:00
}
// Try to delete a resource which is not REST API enabled.
$this -> enableService ( FALSE );
$account = $this -> drupalCreateUser ();
$this -> drupalLogin ( $account );
$this -> httpRequest ( $account -> urlInfo (), 'DELETE' );
$user_storage = $this -> container -> get ( 'entity.manager' ) -> getStorage ( 'user' );
$user_storage -> resetCache ( array ( $account -> id ()));
$user = $user_storage -> load ( $account -> id ());
$this -> assertEqual ( $account -> id (), $user -> id (), 'User still exists in the database.' );
$this -> assertResponse ( 405 );
}
2016-06-02 15:56:09 -07:00
2015-08-17 17:00:26 -07:00
}
