[civicrm-core.git] / tests / phpunit / CRM / ACL / ListTest.php

<?php

/**
 * Class CRM_ACL_Test
 *
 * This test focuses on testing the (new) ID list-based functions:
 *   CRM_Contact_BAO_Contact_Permission::allowList()
 *   CRM_Contact_BAO_Contact_Permission::relationshipList()
 * @group headless
 */
class CRM_ACL_ListTest extends CiviUnitTestCase {

  /**
   * Set up function.
   */
  public function setUp() {
    parent::setUp();
    $this->useTransaction(TRUE);
  }

  /**
   * general test for the 'view all contacts' permission
   */
  public function testViewAllPermission() {
    // create test contacts    
    $contacts = $this->createScenarioPlain();

    // test WITH all permissions
    CRM_Core_Config::singleton()->userPermissionClass->permissions = NULL;
    $result = CRM_Contact_BAO_Contact_Permission::allowList($contacts);
    sort($result);
    $this->assertEquals($result, $contacts, "Contacts should be viewable when 'view all contacts'");


    // test WITH explicit permission
    CRM_Core_Config::singleton()->userPermissionClass->permissions = array('view all contacts');
    $result = CRM_Contact_BAO_Contact_Permission::allowList($contacts, CRM_Core_Permission::VIEW);
    sort($result);
    $this->assertEquals($result, $contacts, "Contacts should be viewable when 'view all contacts'");


    // test WITHOUT permission
    CRM_Core_Config::singleton()->userPermissionClass->permissions = array();
    $result = CRM_Contact_BAO_Contact_Permission::allowList($contacts);
    sort($result);
    $this->assertEmpty($result, "Contacts should NOT be viewable when 'view all contacts' is not set");
  }


  /**
   * general test for the 'view all contacts' permission
   */
  public function testEditAllPermission() {
    // create test contacts
    $contacts = $this->createScenarioPlain();

    // test WITH explicit permission
    CRM_Core_Config::singleton()->userPermissionClass->permissions = array('edit all contacts');
    $result = CRM_Contact_BAO_Contact_Permission::allowList($contacts, CRM_Core_Permission::EDIT);
    sort($result);
    $this->assertEquals($result, $contacts, "Contacts should be viewable when 'edit all contacts'");


    // test WITHOUT permission
    CRM_Core_Config::singleton()->userPermissionClass->permissions = array();
    $result = CRM_Contact_BAO_Contact_Permission::allowList($contacts);
    sort($result);
    $this->assertEmpty($result, "Contacts should NOT be viewable when 'edit all contacts' is not set");
  }


  /**
   * Test access related to the 'access deleted contact' permission
   */
  public function testViewEditDeleted() {
    // create test contacts
    $contacts = $this->createScenarioPlain();

    // delete one contact
    $deleted_contact_id = $contacts[2];
    $this->callAPISuccess('Contact', 'create', array('id' => $deleted_contact_id, 'contact_is_deleted' => 1));
    $deleted_contact = $this->callAPISuccess('Contact', 'getsingle', array('id' => $deleted_contact_id));
    $this->assertEquals($deleted_contact['contact_is_deleted'], 1, "Contact should've been deleted");

    // test WITH explicit permission
    CRM_Core_Config::singleton()->userPermissionClass->permissions = array('edit all contacts', 'view all contacts');
    $result = CRM_Contact_BAO_Contact_Permission::allowList($contacts, CRM_Core_Permission::EDIT);
    sort($result);
    $this->assertNotContains($deleted_contact_id, $result, "Deleted contacts should be excluded");
    $this->assertEquals(count($result), count($contacts)-1, "Only deleted contacts should be excluded");

  }


  /**
   * Test access related to the 'access deleted contact' permission
   * 
   * There should be the following permission-relationship
   * contact[0] -> contact[1] -> contact[2]
   */
  public function testPermissionByRelation() {
    // create test scenario
    $contacts = $this->createScenarioRelation();

    // remove all permissions
    $config = CRM_Core_Config::singleton();
    $config->userPermissionClass->permissions = array();
    $permissions_to_check = array(CRM_Core_Permission::VIEW => 'View', CRM_Core_Permission::EDIT => 'Edit');

    // run this for SIMPLE relations
    $config->secondDegRelPermissions = FALSE;
    $this->assertFalse($config->secondDegRelPermissions);
    foreach ($permissions_to_check as $permission => $permission_label) {
      $result = CRM_Contact_BAO_Contact_Permission::allowList($contacts, $permission);
      sort($result);


      $this->assertNotContains($contacts[0], $result, "Contact[0] should NOT have $permission_label permission on contact[0].");
      $this->assertContains(   $contacts[1], $result, "Contact[0] should have $permission_label permission on contact[1].");
      $this->assertNotContains($contacts[2], $result, "Contact[0] should NOT have $permission_label permission on contact[2].");
      $this->assertNotContains($contacts[3], $result, "Contact[0] should NOT have $permission_label permission on contact[3].");
      $this->assertNotContains($contacts[4], $result, "Contact[0] should NOT have $permission_label permission on contact[4].");
    }
    
    // run this for SECOND DEGREE relations
    $config->secondDegRelPermissions = TRUE;
    $this->assertTrue($config->secondDegRelPermissions);
    foreach ($permissions_to_check as $permission => $permission_label) {
      $result = CRM_Contact_BAO_Contact_Permission::allowList($contacts, $permission);
      sort($result);

      $this->assertNotContains($contacts[0], $result, "Contact[0] should NOT have $permission_label permission on contact[0].");
      $this->assertContains(   $contacts[1], $result, "Contact[0] should have $permission_label permission on contact[1].");
      $this->assertContains(   $contacts[2], $result, "Contact[0] should have second degree $permission_label permission on contact[2].");
      $this->assertNotContains($contacts[3], $result, "Contact[0] should NOT have $permission_label permission on contact[3].");
      $this->assertNotContains($contacts[4], $result, "Contact[0] should NOT have $permission_label permission on contact[4].");
    }
  }


  /**
   * Test access related to the 'access deleted contact' permission
   */
  public function _testPermissionByACL() {
    // CRM_Core_Config::singleton()->userPermissionClass->permissions = array('edit all contacts', 'view all contacts');
    // $contacts = $this->createScenarioPlain();
  }

  /**
   * Test access related to the 'access deleted contact' permission
   */
  public function _testPermissionACLvsRelationship() {
    // CRM_Core_Config::singleton()->userPermissionClass->permissions = array('edit all contacts', 'view all contacts');
    // $contacts = $this->createScenarioPlain();
  }

  /**
   * Test access related to the 'access deleted contact' permission
   */
  public function _testPermissionCompare() {
    // CRM_Core_Config::singleton()->userPermissionClass->permissions = array('edit all contacts', 'view all contacts');
    // $contacts = $this->createScenarioPlain();
  }


  /****************************************************
   *             Scenario Builders                    *
   ***************************************************/

  /**
   * create plain test scenario, no relationships/ACLs
   */
  protected function createScenarioPlain() {
    // get logged in user
    $user_id = $this->createLoggedInUser();
    $this->assertNotEmpty($user_id);

    // create test contacts
    $bush_sr_id    = $this->individualCreate(array('first_name' => 'George', 'middle_name' => 'W.', 'last_name' => 'Bush'));
    $bush_jr_id    = $this->individualCreate(array('first_name' => 'George', 'middle_name' => 'H. W.', 'last_name' => 'Bush'));
    $bush_laura_id = $this->individualCreate(array('first_name' => 'Laura Lane', 'last_name' => 'Bush'));
    $bush_brbra_id = $this->individualCreate(array('first_name' => 'Barbara', 'last_name' => 'Bush'));

    $contacts = array($user_id, $bush_sr_id, $bush_jr_id, $bush_laura_id, $bush_brbra_id);
    sort($contacts);
    return $contacts;
  }

  /**
   * create plain test scenario, no relationships/ACLs
   */
  protected function createScenarioRelation() {
    $contacts = $this->createScenarioPlain();

    // create some relationships
    $this->callAPISuccess('Relationship', 'create', array(
      'relationship_type_id' => 1,  // CHILD OF
      'contact_id_a'         => $contacts[1],
      'contact_id_b'         => $contacts[0],
      'is_permission_b_a'    => 1,
      'is_active'            => 1,
      ));

    $this->callAPISuccess('Relationship', 'create', array(
      'relationship_type_id' => 1,  // CHILD OF
      'contact_id_a'         => $contacts[2],
      'contact_id_b'         => $contacts[1],
      'is_permission_b_a'    => 1,
      'is_active'            => 1,
      ));

    // create some relationships
    $this->callAPISuccess('Relationship', 'create', array(
      'relationship_type_id' => 1,  // CHILD OF
      'contact_id_a'         => $contacts[4],
      'contact_id_b'         => $contacts[2],
      'is_permission_b_a'    => 1,
      'is_active'            => 1,
      ));

    return $contacts;
  }
}
Commit	Line	Data
ea8011f6	1	<?php
	2
	3	/**
	4	* Class CRM_ACL_Test
	5	*
	6	* This test focuses on testing the (new) ID list-based functions:
	7	* CRM_Contact_BAO_Contact_Permission::allowList()
	8	* CRM_Contact_BAO_Contact_Permission::relationshipList()
	9	* @group headless
	10	*/
	11	class CRM_ACL_ListTest extends CiviUnitTestCase {
	12
	13	/**
	14	* Set up function.
	15	*/
	16	public function setUp() {
	17	parent::setUp();
	18	$this->useTransaction(TRUE);
	19	}
	20
	21	/**
	22	* general test for the 'view all contacts' permission
	23	*/
	24	public function testViewAllPermission() {
	25	// create test contacts
134b2b64	26	$contacts = $this->createScenarioPlain();
ea8011f6	27
134b2b64	28	// test WITH all permissions
134b2b64	29	CRM_Core_Config::singleton()->userPermissionClass->permissions = NULL;
ea8011f6	30	$result = CRM_Contact_BAO_Contact_Permission::allowList($contacts);
134b2b64	31	sort($result);
134b2b64	32	$this->assertEquals($result, $contacts, "Contacts should be viewable when 'view all contacts'");
ea8011f6	33
	34
	35	// test WITH explicit permission
	36	CRM_Core_Config::singleton()->userPermissionClass->permissions = array('view all contacts');
	37	$result = CRM_Contact_BAO_Contact_Permission::allowList($contacts, CRM_Core_Permission::VIEW);
134b2b64	38	sort($result);
134b2b64	39	$this->assertEquals($result, $contacts, "Contacts should be viewable when 'view all contacts'");
ea8011f6	40
	41
	42	// test WITHOUT permission
	43	CRM_Core_Config::singleton()->userPermissionClass->permissions = array();
	44	$result = CRM_Contact_BAO_Contact_Permission::allowList($contacts);
134b2b64	45	sort($result);
ea8011f6	46	$this->assertEmpty($result, "Contacts should NOT be viewable when 'view all contacts' is not set");
	47	}
	48
	49
	50	/**
	51	* general test for the 'view all contacts' permission
	52	*/
	53	public function testEditAllPermission() {
	54	// create test contacts
134b2b64	55	$contacts = $this->createScenarioPlain();
ea8011f6	56
	57	// test WITH explicit permission
	58	CRM_Core_Config::singleton()->userPermissionClass->permissions = array('edit all contacts');
	59	$result = CRM_Contact_BAO_Contact_Permission::allowList($contacts, CRM_Core_Permission::EDIT);
134b2b64	60	sort($result);
134b2b64	61	$this->assertEquals($result, $contacts, "Contacts should be viewable when 'edit all contacts'");
ea8011f6	62
	63
	64	// test WITHOUT permission
	65	CRM_Core_Config::singleton()->userPermissionClass->permissions = array();
	66	$result = CRM_Contact_BAO_Contact_Permission::allowList($contacts);
134b2b64	67	sort($result);
ea8011f6	68	$this->assertEmpty($result, "Contacts should NOT be viewable when 'edit all contacts' is not set");
	69	}
	70
	71
	72	/**
134b2b64	73	* Test access related to the 'access deleted contact' permission
ea8011f6	74	*/
ea8011f6	75	public function testViewEditDeleted() {
134b2b64	76	// create test contacts
	77	$contacts = $this->createScenarioPlain();
	78
	79	// delete one contact
	80	$deleted_contact_id = $contacts[2];
	81	$this->callAPISuccess('Contact', 'create', array('id' => $deleted_contact_id, 'contact_is_deleted' => 1));
	82	$deleted_contact = $this->callAPISuccess('Contact', 'getsingle', array('id' => $deleted_contact_id));
	83	$this->assertEquals($deleted_contact['contact_is_deleted'], 1, "Contact should've been deleted");
	84
	85	// test WITH explicit permission
ea8011f6	86	CRM_Core_Config::singleton()->userPermissionClass->permissions = array('edit all contacts', 'view all contacts');
134b2b64	87	$result = CRM_Contact_BAO_Contact_Permission::allowList($contacts, CRM_Core_Permission::EDIT);
	88	sort($result);
	89	$this->assertNotContains($deleted_contact_id, $result, "Deleted contacts should be excluded");
	90	$this->assertEquals(count($result), count($contacts)-1, "Only deleted contacts should be excluded");
	91
	92	}
	93
ea8011f6	94
134b2b64	95	/**
	96	* Test access related to the 'access deleted contact' permission
	97	*
	98	* There should be the following permission-relationship
	99	* contact[0] -> contact[1] -> contact[2]
	100	*/
	101	public function testPermissionByRelation() {
	102	// create test scenario
	103	$contacts = $this->createScenarioRelation();
	104
	105	// remove all permissions
	106	$config = CRM_Core_Config::singleton();
	107	$config->userPermissionClass->permissions = array();
	108	$permissions_to_check = array(CRM_Core_Permission::VIEW => 'View', CRM_Core_Permission::EDIT => 'Edit');
	109
	110	// run this for SIMPLE relations
	111	$config->secondDegRelPermissions = FALSE;
	112	$this->assertFalse($config->secondDegRelPermissions);
	113	foreach ($permissions_to_check as $permission => $permission_label) {
	114	$result = CRM_Contact_BAO_Contact_Permission::allowList($contacts, $permission);
	115	sort($result);
	116
	117
	118	$this->assertNotContains($contacts[0], $result, "Contact[0] should NOT have $permission_label permission on contact[0].");
	119	$this->assertContains( $contacts[1], $result, "Contact[0] should have $permission_label permission on contact[1].");
	120	$this->assertNotContains($contacts[2], $result, "Contact[0] should NOT have $permission_label permission on contact[2].");
	121	$this->assertNotContains($contacts[3], $result, "Contact[0] should NOT have $permission_label permission on contact[3].");
	122	$this->assertNotContains($contacts[4], $result, "Contact[0] should NOT have $permission_label permission on contact[4].");
	123	}
ea8011f6	124
134b2b64	125	// run this for SECOND DEGREE relations
	126	$config->secondDegRelPermissions = TRUE;
	127	$this->assertTrue($config->secondDegRelPermissions);
	128	foreach ($permissions_to_check as $permission => $permission_label) {
	129	$result = CRM_Contact_BAO_Contact_Permission::allowList($contacts, $permission);
	130	sort($result);
	131
	132	$this->assertNotContains($contacts[0], $result, "Contact[0] should NOT have $permission_label permission on contact[0].");
	133	$this->assertContains( $contacts[1], $result, "Contact[0] should have $permission_label permission on contact[1].");
	134	$this->assertContains( $contacts[2], $result, "Contact[0] should have second degree $permission_label permission on contact[2].");
	135	$this->assertNotContains($contacts[3], $result, "Contact[0] should NOT have $permission_label permission on contact[3].");
	136	$this->assertNotContains($contacts[4], $result, "Contact[0] should NOT have $permission_label permission on contact[4].");
	137	}
ea8011f6	138	}
	139
	140
134b2b64	141	/**
	142	* Test access related to the 'access deleted contact' permission
	143	*/
	144	public function _testPermissionByACL() {
	145	// CRM_Core_Config::singleton()->userPermissionClass->permissions = array('edit all contacts', 'view all contacts');
	146	// $contacts = $this->createScenarioPlain();
	147	}
ea8011f6	148
134b2b64	149	/**
	150	* Test access related to the 'access deleted contact' permission
	151	*/
	152	public function _testPermissionACLvsRelationship() {
	153	// CRM_Core_Config::singleton()->userPermissionClass->permissions = array('edit all contacts', 'view all contacts');
	154	// $contacts = $this->createScenarioPlain();
	155	}
ea8011f6	156
134b2b64	157	/**
	158	* Test access related to the 'access deleted contact' permission
	159	*/
	160	public function _testPermissionCompare() {
	161	// CRM_Core_Config::singleton()->userPermissionClass->permissions = array('edit all contacts', 'view all contacts');
	162	// $contacts = $this->createScenarioPlain();
	163	}
ea8011f6	164
ea8011f6	165
134b2b64	166	/****************************************************
	167	* Scenario Builders *
	168	***************************************************/
ea8011f6	169
ea8011f6	170	/**
134b2b64	171	* create plain test scenario, no relationships/ACLs
ea8011f6	172	*/
134b2b64	173	protected function createScenarioPlain() {
ea8011f6	174	// get logged in user
	175	$user_id = $this->createLoggedInUser();
	176	$this->assertNotEmpty($user_id);
	177
	178	// create test contacts
	179	$bush_sr_id = $this->individualCreate(array('first_name' => 'George', 'middle_name' => 'W.', 'last_name' => 'Bush'));
	180	$bush_jr_id = $this->individualCreate(array('first_name' => 'George', 'middle_name' => 'H. W.', 'last_name' => 'Bush'));
	181	$bush_laura_id = $this->individualCreate(array('first_name' => 'Laura Lane', 'last_name' => 'Bush'));
	182	$bush_brbra_id = $this->individualCreate(array('first_name' => 'Barbara', 'last_name' => 'Bush'));
	183
134b2b64	184	$contacts = array($user_id, $bush_sr_id, $bush_jr_id, $bush_laura_id, $bush_brbra_id);
	185	sort($contacts);
	186	return $contacts;
	187	}
	188
	189	/**
	190	* create plain test scenario, no relationships/ACLs
	191	*/
	192	protected function createScenarioRelation() {
	193	$contacts = $this->createScenarioPlain();
	194
ea8011f6	195	// create some relationships
	196	$this->callAPISuccess('Relationship', 'create', array(
	197	'relationship_type_id' => 1, // CHILD OF
134b2b64	198	'contact_id_a' => $contacts[1],
	199	'contact_id_b' => $contacts[0],
	200	'is_permission_b_a' => 1,
	201	'is_active' => 1,
ea8011f6	202	));
	203
	204	$this->callAPISuccess('Relationship', 'create', array(
	205	'relationship_type_id' => 1, // CHILD OF
134b2b64	206	'contact_id_a' => $contacts[2],
	207	'contact_id_b' => $contacts[1],
	208	'is_permission_b_a' => 1,
	209	'is_active' => 1,
ea8011f6	210	));
	211
	212	// create some relationships
	213	$this->callAPISuccess('Relationship', 'create', array(
	214	'relationship_type_id' => 1, // CHILD OF
134b2b64	215	'contact_id_a' => $contacts[4],
	216	'contact_id_b' => $contacts[2],
	217	'is_permission_b_a' => 1,
	218	'is_active' => 1,
ea8011f6	219	));
ea8011f6	220
134b2b64	221	return $contacts;
ea8011f6	222	}
ea8011f6	223	}