83 lines
3.2 KiB
PHP
83 lines
3.2 KiB
PHP
<?php
|
|
|
|
namespace Drupal\rest\Tests;
|
|
|
|
use Drupal\Core\Url;
|
|
|
|
/**
|
|
* Tests the deletion of resources.
|
|
*
|
|
* @group rest
|
|
*/
|
|
class DeleteTest extends RESTTestBase {
|
|
|
|
/**
|
|
* Modules to install.
|
|
*
|
|
* @var array
|
|
*/
|
|
public static $modules = array('hal', 'rest', 'entity_test', 'node');
|
|
|
|
/**
|
|
* Tests several valid and invalid delete requests on all entity types.
|
|
*/
|
|
public function testDelete() {
|
|
// Define the entity types we want to test.
|
|
// @todo expand this test to at least users once their access
|
|
// controllers are implemented.
|
|
$entity_types = array('entity_test', 'node');
|
|
foreach ($entity_types as $entity_type) {
|
|
$this->enableService('entity:' . $entity_type, 'DELETE');
|
|
// Create a user account that has the required permissions to delete
|
|
// resources via the REST API.
|
|
$permissions = $this->entityPermissions($entity_type, 'delete');
|
|
$account = $this->drupalCreateUser($permissions);
|
|
$this->drupalLogin($account);
|
|
|
|
// Create an entity programmatically.
|
|
$entity = $this->entityCreate($entity_type);
|
|
$entity->save();
|
|
// Try first to delete over REST API without the CSRF token.
|
|
$this->httpRequest($entity->urlInfo(), 'DELETE', NULL, NULL, TRUE);
|
|
$this->assertResponse(403, 'X-CSRF-Token request header is missing');
|
|
// Delete it over the REST API.
|
|
$response = $this->httpRequest($entity->urlInfo(), 'DELETE');
|
|
// Clear the static cache with entity_load(), otherwise we won't see the
|
|
// update.
|
|
$storage = $this->container->get('entity_type.manager')
|
|
->getStorage($entity_type);
|
|
$storage->resetCache([$entity->id()]);
|
|
$entity = $storage->load($entity->id());
|
|
$this->assertFalse($entity, $entity_type . ' entity is not in the DB anymore.');
|
|
$this->assertResponse('204', 'HTTP response code is correct.');
|
|
$this->assertEqual($response, '', 'Response body is empty.');
|
|
|
|
// Try to delete an entity that does not exist.
|
|
$response = $this->httpRequest(Url::fromRoute('entity.' . $entity_type . '.canonical', [$entity_type => 9999]), 'DELETE');
|
|
$this->assertResponse(404);
|
|
$this->assertText('The requested page could not be found.');
|
|
|
|
// Try to delete an entity without proper permissions.
|
|
$this->drupalLogout();
|
|
// Re-save entity to the database.
|
|
$entity = $this->entityCreate($entity_type);
|
|
$entity->save();
|
|
$this->httpRequest($entity->urlInfo(), 'DELETE');
|
|
$this->assertResponse(403);
|
|
$storage->resetCache([$entity->id()]);
|
|
$this->assertNotIdentical(FALSE, $storage->load($entity->id()),
|
|
'The ' . $entity_type . ' entity is still in the database.');
|
|
}
|
|
// Try to delete a resource which is not REST API enabled.
|
|
$this->enableService(FALSE);
|
|
$account = $this->drupalCreateUser();
|
|
$this->drupalLogin($account);
|
|
$this->httpRequest($account->urlInfo(), 'DELETE');
|
|
$user_storage = $this->container->get('entity.manager')->getStorage('user');
|
|
$user_storage->resetCache(array($account->id()));
|
|
$user = $user_storage->load($account->id());
|
|
$this->assertEqual($account->id(), $user->id(), 'User still exists in the database.');
|
|
$this->assertResponse(405);
|
|
}
|
|
|
|
}
|