From 7e0a0c376223433983773c40d32c4ee0f49d3fcb Mon Sep 17 00:00:00 2001
From: Oliver Davies <oliver@oliverdavies.uk>
Date: Thu, 19 Mar 2020 20:39:37 +0000
Subject: [PATCH] 2a: Admin page access for anonymous users
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Ensure that anonymous users cannot access the site’s administration
pages.
---
 .../custom/my_module/tests/src/Functional/MyModuleTest.php | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/web/modules/custom/my_module/tests/src/Functional/MyModuleTest.php b/web/modules/custom/my_module/tests/src/Functional/MyModuleTest.php
index 3158087..4173e30 100644
--- a/web/modules/custom/my_module/tests/src/Functional/MyModuleTest.php
+++ b/web/modules/custom/my_module/tests/src/Functional/MyModuleTest.php
@@ -18,4 +18,11 @@ class MyModuleTest extends BrowserTestBase {
     $this->assertResponse(Response::HTTP_OK);
   }
 
+  /** @test */
+  public function the_admin_page_is_not_accessible_to_anonymous_users() {
+    $this->drupalGet('admin');
+
+    $this->assertResponse(Response::HTTP_FORBIDDEN);
+  }
+
 }