ea8011f6 |
1 | <?php |
2 | |
3 | /** |
4 | * Class CRM_ACL_Test |
5 | * |
6 | * This test focuses on testing the (new) ID list-based functions: |
7 | * CRM_Contact_BAO_Contact_Permission::allowList() |
8 | * CRM_Contact_BAO_Contact_Permission::relationshipList() |
9 | * @group headless |
10 | */ |
11 | class CRM_ACL_ListTest extends CiviUnitTestCase { |
12 | |
13 | /** |
14 | * Set up function. |
15 | */ |
16 | public function setUp() { |
17 | parent::setUp(); |
18 | $this->useTransaction(TRUE); |
19 | } |
20 | |
21 | /** |
22 | * general test for the 'view all contacts' permission |
23 | */ |
24 | public function testViewAllPermission() { |
25 | // create test contacts |
134b2b64 |
26 | $contacts = $this->createScenarioPlain(); |
ea8011f6 |
27 | |
134b2b64 |
28 | // test WITH all permissions |
29 | CRM_Core_Config::singleton()->userPermissionClass->permissions = NULL; |
ea8011f6 |
30 | $result = CRM_Contact_BAO_Contact_Permission::allowList($contacts); |
134b2b64 |
31 | sort($result); |
32 | $this->assertEquals($result, $contacts, "Contacts should be viewable when 'view all contacts'"); |
ea8011f6 |
33 | |
34 | |
35 | // test WITH explicit permission |
36 | CRM_Core_Config::singleton()->userPermissionClass->permissions = array('view all contacts'); |
37 | $result = CRM_Contact_BAO_Contact_Permission::allowList($contacts, CRM_Core_Permission::VIEW); |
134b2b64 |
38 | sort($result); |
39 | $this->assertEquals($result, $contacts, "Contacts should be viewable when 'view all contacts'"); |
ea8011f6 |
40 | |
41 | |
42 | // test WITHOUT permission |
43 | CRM_Core_Config::singleton()->userPermissionClass->permissions = array(); |
44 | $result = CRM_Contact_BAO_Contact_Permission::allowList($contacts); |
134b2b64 |
45 | sort($result); |
ea8011f6 |
46 | $this->assertEmpty($result, "Contacts should NOT be viewable when 'view all contacts' is not set"); |
47 | } |
48 | |
49 | |
50 | /** |
51 | * general test for the 'view all contacts' permission |
52 | */ |
53 | public function testEditAllPermission() { |
54 | // create test contacts |
134b2b64 |
55 | $contacts = $this->createScenarioPlain(); |
ea8011f6 |
56 | |
57 | // test WITH explicit permission |
58 | CRM_Core_Config::singleton()->userPermissionClass->permissions = array('edit all contacts'); |
59 | $result = CRM_Contact_BAO_Contact_Permission::allowList($contacts, CRM_Core_Permission::EDIT); |
134b2b64 |
60 | sort($result); |
61 | $this->assertEquals($result, $contacts, "Contacts should be viewable when 'edit all contacts'"); |
ea8011f6 |
62 | |
63 | |
64 | // test WITHOUT permission |
65 | CRM_Core_Config::singleton()->userPermissionClass->permissions = array(); |
66 | $result = CRM_Contact_BAO_Contact_Permission::allowList($contacts); |
134b2b64 |
67 | sort($result); |
ea8011f6 |
68 | $this->assertEmpty($result, "Contacts should NOT be viewable when 'edit all contacts' is not set"); |
69 | } |
70 | |
71 | |
72 | /** |
134b2b64 |
73 | * Test access related to the 'access deleted contact' permission |
ea8011f6 |
74 | */ |
75 | public function testViewEditDeleted() { |
134b2b64 |
76 | // create test contacts |
77 | $contacts = $this->createScenarioPlain(); |
78 | |
79 | // delete one contact |
80 | $deleted_contact_id = $contacts[2]; |
81 | $this->callAPISuccess('Contact', 'create', array('id' => $deleted_contact_id, 'contact_is_deleted' => 1)); |
82 | $deleted_contact = $this->callAPISuccess('Contact', 'getsingle', array('id' => $deleted_contact_id)); |
83 | $this->assertEquals($deleted_contact['contact_is_deleted'], 1, "Contact should've been deleted"); |
84 | |
85 | // test WITH explicit permission |
ea8011f6 |
86 | CRM_Core_Config::singleton()->userPermissionClass->permissions = array('edit all contacts', 'view all contacts'); |
134b2b64 |
87 | $result = CRM_Contact_BAO_Contact_Permission::allowList($contacts, CRM_Core_Permission::EDIT); |
88 | sort($result); |
89 | $this->assertNotContains($deleted_contact_id, $result, "Deleted contacts should be excluded"); |
90 | $this->assertEquals(count($result), count($contacts)-1, "Only deleted contacts should be excluded"); |
91 | |
92 | } |
93 | |
ea8011f6 |
94 | |
134b2b64 |
95 | /** |
96 | * Test access related to the 'access deleted contact' permission |
97 | * |
98 | * There should be the following permission-relationship |
99 | * contact[0] -> contact[1] -> contact[2] |
100 | */ |
101 | public function testPermissionByRelation() { |
102 | // create test scenario |
103 | $contacts = $this->createScenarioRelation(); |
104 | |
105 | // remove all permissions |
106 | $config = CRM_Core_Config::singleton(); |
107 | $config->userPermissionClass->permissions = array(); |
108 | $permissions_to_check = array(CRM_Core_Permission::VIEW => 'View', CRM_Core_Permission::EDIT => 'Edit'); |
109 | |
110 | // run this for SIMPLE relations |
111 | $config->secondDegRelPermissions = FALSE; |
112 | $this->assertFalse($config->secondDegRelPermissions); |
113 | foreach ($permissions_to_check as $permission => $permission_label) { |
114 | $result = CRM_Contact_BAO_Contact_Permission::allowList($contacts, $permission); |
115 | sort($result); |
116 | |
117 | |
118 | $this->assertNotContains($contacts[0], $result, "Contact[0] should NOT have $permission_label permission on contact[0]."); |
119 | $this->assertContains( $contacts[1], $result, "Contact[0] should have $permission_label permission on contact[1]."); |
120 | $this->assertNotContains($contacts[2], $result, "Contact[0] should NOT have $permission_label permission on contact[2]."); |
121 | $this->assertNotContains($contacts[3], $result, "Contact[0] should NOT have $permission_label permission on contact[3]."); |
122 | $this->assertNotContains($contacts[4], $result, "Contact[0] should NOT have $permission_label permission on contact[4]."); |
123 | } |
ea8011f6 |
124 | |
134b2b64 |
125 | // run this for SECOND DEGREE relations |
126 | $config->secondDegRelPermissions = TRUE; |
127 | $this->assertTrue($config->secondDegRelPermissions); |
128 | foreach ($permissions_to_check as $permission => $permission_label) { |
129 | $result = CRM_Contact_BAO_Contact_Permission::allowList($contacts, $permission); |
130 | sort($result); |
131 | |
132 | $this->assertNotContains($contacts[0], $result, "Contact[0] should NOT have $permission_label permission on contact[0]."); |
133 | $this->assertContains( $contacts[1], $result, "Contact[0] should have $permission_label permission on contact[1]."); |
134 | $this->assertContains( $contacts[2], $result, "Contact[0] should have second degree $permission_label permission on contact[2]."); |
135 | $this->assertNotContains($contacts[3], $result, "Contact[0] should NOT have $permission_label permission on contact[3]."); |
136 | $this->assertNotContains($contacts[4], $result, "Contact[0] should NOT have $permission_label permission on contact[4]."); |
137 | } |
ea8011f6 |
138 | } |
139 | |
140 | |
134b2b64 |
141 | /** |
142 | * Test access related to the 'access deleted contact' permission |
143 | */ |
144 | public function _testPermissionByACL() { |
145 | // CRM_Core_Config::singleton()->userPermissionClass->permissions = array('edit all contacts', 'view all contacts'); |
146 | // $contacts = $this->createScenarioPlain(); |
147 | } |
ea8011f6 |
148 | |
134b2b64 |
149 | /** |
150 | * Test access related to the 'access deleted contact' permission |
151 | */ |
152 | public function _testPermissionACLvsRelationship() { |
153 | // CRM_Core_Config::singleton()->userPermissionClass->permissions = array('edit all contacts', 'view all contacts'); |
154 | // $contacts = $this->createScenarioPlain(); |
155 | } |
ea8011f6 |
156 | |
134b2b64 |
157 | /** |
158 | * Test access related to the 'access deleted contact' permission |
159 | */ |
160 | public function _testPermissionCompare() { |
161 | // CRM_Core_Config::singleton()->userPermissionClass->permissions = array('edit all contacts', 'view all contacts'); |
162 | // $contacts = $this->createScenarioPlain(); |
163 | } |
ea8011f6 |
164 | |
165 | |
134b2b64 |
166 | /**************************************************** |
167 | * Scenario Builders * |
168 | ***************************************************/ |
ea8011f6 |
169 | |
170 | /** |
134b2b64 |
171 | * create plain test scenario, no relationships/ACLs |
ea8011f6 |
172 | */ |
134b2b64 |
173 | protected function createScenarioPlain() { |
ea8011f6 |
174 | // get logged in user |
175 | $user_id = $this->createLoggedInUser(); |
176 | $this->assertNotEmpty($user_id); |
177 | |
178 | // create test contacts |
179 | $bush_sr_id = $this->individualCreate(array('first_name' => 'George', 'middle_name' => 'W.', 'last_name' => 'Bush')); |
180 | $bush_jr_id = $this->individualCreate(array('first_name' => 'George', 'middle_name' => 'H. W.', 'last_name' => 'Bush')); |
181 | $bush_laura_id = $this->individualCreate(array('first_name' => 'Laura Lane', 'last_name' => 'Bush')); |
182 | $bush_brbra_id = $this->individualCreate(array('first_name' => 'Barbara', 'last_name' => 'Bush')); |
183 | |
134b2b64 |
184 | $contacts = array($user_id, $bush_sr_id, $bush_jr_id, $bush_laura_id, $bush_brbra_id); |
185 | sort($contacts); |
186 | return $contacts; |
187 | } |
188 | |
189 | /** |
190 | * create plain test scenario, no relationships/ACLs |
191 | */ |
192 | protected function createScenarioRelation() { |
193 | $contacts = $this->createScenarioPlain(); |
194 | |
ea8011f6 |
195 | // create some relationships |
196 | $this->callAPISuccess('Relationship', 'create', array( |
197 | 'relationship_type_id' => 1, // CHILD OF |
134b2b64 |
198 | 'contact_id_a' => $contacts[1], |
199 | 'contact_id_b' => $contacts[0], |
200 | 'is_permission_b_a' => 1, |
201 | 'is_active' => 1, |
ea8011f6 |
202 | )); |
203 | |
204 | $this->callAPISuccess('Relationship', 'create', array( |
205 | 'relationship_type_id' => 1, // CHILD OF |
134b2b64 |
206 | 'contact_id_a' => $contacts[2], |
207 | 'contact_id_b' => $contacts[1], |
208 | 'is_permission_b_a' => 1, |
209 | 'is_active' => 1, |
ea8011f6 |
210 | )); |
211 | |
212 | // create some relationships |
213 | $this->callAPISuccess('Relationship', 'create', array( |
214 | 'relationship_type_id' => 1, // CHILD OF |
134b2b64 |
215 | 'contact_id_a' => $contacts[4], |
216 | 'contact_id_b' => $contacts[2], |
217 | 'is_permission_b_a' => 1, |
218 | 'is_active' => 1, |
ea8011f6 |
219 | )); |
220 | |
134b2b64 |
221 | return $contacts; |
ea8011f6 |
222 | } |
ea8011f6 |
223 | } |