Commit | Line | Data |
---|---|---|
92f5ef6b AF |
1 | <?php |
2 | /* | |
3 | +--------------------------------------------------------------------+ | |
4 | | CiviCRM version 5 | | |
5 | +--------------------------------------------------------------------+ | |
6b83d5bd | 6 | | Copyright CiviCRM LLC (c) 2004-2019 | |
92f5ef6b AF |
7 | +--------------------------------------------------------------------+ |
8 | | This file is a part of CiviCRM. | | |
9 | | | | |
10 | | CiviCRM is free software; you can copy, modify, and distribute it | | |
11 | | under the terms of the GNU Affero General Public License | | |
12 | | Version 3, 19 November 2007 and the CiviCRM Licensing Exception. | | |
13 | | | | |
14 | | CiviCRM is distributed in the hope that it will be useful, but | | |
15 | | WITHOUT ANY WARRANTY; without even the implied warranty of | | |
16 | | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. | | |
17 | | See the GNU Affero General Public License for more details. | | |
18 | | | | |
19 | | You should have received a copy of the GNU Affero General Public | | |
20 | | License and the CiviCRM Licensing Exception along | | |
21 | | with this program; if not, contact CiviCRM LLC | | |
22 | | at info[AT]civicrm[DOT]org. If you have questions about the | | |
23 | | GNU Affero General Public License or the licensing of CiviCRM, | | |
24 | | see the CiviCRM license FAQ at http://civicrm.org/licensing | | |
25 | +--------------------------------------------------------------------+ | |
26 | */ | |
27 | ||
28 | /** | |
29 | * Class CRM_Event_BAO_EventPermissionsTest | |
30 | * @group headless | |
31 | */ | |
32 | class CRM_Event_BAO_EventPermissionsTest extends CiviUnitTestCase { | |
33 | ||
34 | public function setUp() { | |
35 | parent::setUp(); | |
36 | $this->_contactId = $this->createLoggedInUser(); | |
d0853f7d MWMC |
37 | $this->createOwnEvent(); |
38 | $this->createOtherEvent(); | |
39 | } | |
40 | ||
41 | public function createOwnEvent() { | |
92f5ef6b AF |
42 | $event = $this->eventCreate(array( |
43 | 'created_id' => $this->_contactId, | |
44 | )); | |
d0853f7d MWMC |
45 | $this->_ownEventId = $event['id']; |
46 | } | |
47 | ||
48 | public function createOtherEvent() { | |
49 | $this->_otherContactId = $this->_contactId + 1; | |
50 | $event = $this->eventCreate(array( | |
51 | 'created_id' => $this->_otherContactId, | |
52 | )); | |
53 | $this->_otherEventId = $event['id']; | |
54 | } | |
55 | ||
56 | private function setViewOwnEventPermissions() { | |
57 | CRM_Core_Config::singleton()->userPermissionClass->permissions = ['access CiviCRM', 'access CiviEvent', 'view event info']; | |
58 | } | |
59 | ||
60 | private function setViewAllEventPermissions() { | |
61 | CRM_Core_Config::singleton()->userPermissionClass->permissions = ['access CiviCRM', 'access CiviEvent', 'view event info', 'view event participants']; | |
62 | } | |
63 | ||
64 | private function setEditAllEventPermissions() { | |
65 | CRM_Core_Config::singleton()->userPermissionClass->permissions = ['access CiviCRM', 'access CiviEvent', 'view event info', 'edit all events']; | |
66 | } | |
67 | ||
68 | private function setDeleteAllEventPermissions() { | |
69 | CRM_Core_Config::singleton()->userPermissionClass->permissions = ['access CiviCRM', 'access CiviEvent', 'view event info', 'delete in CiviEvent']; | |
70 | } | |
71 | ||
72 | public function testViewOwnEvent() { | |
73 | self::setViewOwnEventPermissions(); | |
74 | unset(\Civi::$statics['CRM_Event_BAO_Event']['permissions']); | |
75 | $permissions = CRM_Event_BAO_Event::checkPermission($this->_ownEventId, CRM_Core_Permission::VIEW); | |
76 | $this->assertTrue($permissions); | |
77 | // Now check that caching is actually working | |
78 | \Civi::$statics['CRM_Event_BAO_Event']['permission']['view'][$this->_ownEventId] = FALSE; | |
79 | $permissions = CRM_Event_BAO_Event::checkPermission($this->_ownEventId, CRM_Core_Permission::VIEW); | |
80 | $this->assertFalse($permissions); | |
92f5ef6b AF |
81 | } |
82 | ||
83 | public function testEditOwnEvent() { | |
d0853f7d MWMC |
84 | self::setViewOwnEventPermissions(); |
85 | unset(\Civi::$statics['CRM_Event_BAO_Event']['permissions']); | |
86 | $this->_loggedInUser = CRM_Core_Session::singleton()->get('userID'); | |
87 | $permissions = CRM_Event_BAO_Event::checkPermission($this->_ownEventId, CRM_Core_Permission::EDIT); | |
88 | $this->assertTrue($permissions); | |
89 | } | |
90 | ||
91 | /** | |
92 | * This requires the same permissions as testDeleteOtherEvent() | |
93 | */ | |
94 | public function testDeleteOwnEvent() { | |
95 | // Check that you can't delete your own event without "Delete in CiviEvent" permission | |
96 | self::setViewOwnEventPermissions(); | |
97 | unset(\Civi::$statics['CRM_Event_BAO_Event']['permissions']); | |
98 | $permissions = CRM_Event_BAO_Event::checkPermission($this->_ownEventId, CRM_Core_Permission::DELETE); | |
99 | $this->assertFalse($permissions); | |
100 | } | |
101 | ||
102 | public function testViewOtherEventDenied() { | |
103 | $this->_loggedInUser = CRM_Core_Session::singleton()->get('userID'); | |
104 | self::setViewOwnEventPermissions(); | |
1580a51e | 105 | unset(\Civi::$statics['CRM_Event_BAO_Event']['permissions']); |
d0853f7d MWMC |
106 | $permissions = CRM_Event_BAO_Event::checkPermission($this->_otherEventId, CRM_Core_Permission::VIEW); |
107 | $this->assertFalse($permissions); | |
108 | } | |
109 | ||
110 | public function testViewOtherEventAllowed() { | |
111 | $this->_loggedInUser = CRM_Core_Session::singleton()->get('userID'); | |
112 | self::setViewAllEventPermissions(); | |
113 | unset(\Civi::$statics['CRM_Event_BAO_Event']['permissions']); | |
114 | $permissions = CRM_Event_BAO_Event::checkPermission($this->_otherEventId, CRM_Core_Permission::VIEW); | |
1580a51e | 115 | $this->assertTrue($permissions); |
92f5ef6b AF |
116 | } |
117 | ||
d0853f7d MWMC |
118 | public function testEditOtherEventDenied() { |
119 | $this->_loggedInUser = CRM_Core_Session::singleton()->get('userID'); | |
120 | self::setViewAllEventPermissions(); | |
121 | unset(\Civi::$statics['CRM_Event_BAO_Event']['permissions']); | |
122 | $permissions = CRM_Event_BAO_Event::checkPermission($this->_otherEventId, CRM_Core_Permission::EDIT); | |
123 | $this->assertFalse($permissions); | |
124 | } | |
125 | ||
126 | public function testEditOtherEventAllowed() { | |
127 | $this->_loggedInUser = CRM_Core_Session::singleton()->get('userID'); | |
128 | self::setEditAllEventPermissions(); | |
129 | unset(\Civi::$statics['CRM_Event_BAO_Event']['permissions']); | |
130 | $permissions = CRM_Event_BAO_Event::checkPermission($this->_otherEventId, CRM_Core_Permission::EDIT); | |
131 | $this->assertTrue($permissions); | |
132 | } | |
133 | ||
134 | public function testDeleteOtherEventAllowed() { | |
135 | self::setDeleteAllEventPermissions(); | |
136 | unset(\Civi::$statics['CRM_Event_BAO_Event']['permissions']); | |
137 | $permissions = CRM_Event_BAO_Event::checkPermission($this->_otherEventId, CRM_Core_Permission::DELETE); | |
138 | $this->assertTrue($permissions); | |
139 | } | |
140 | ||
141 | public function testDeleteOtherEventDenied() { | |
142 | // FIXME: This test could be improved, but for now it checks that we can't delete if we don't have "Delete in CiviEvent" | |
143 | self::setEditAllEventPermissions(); | |
144 | unset(\Civi::$statics['CRM_Event_BAO_Event']['permissions']); | |
145 | $permissions = CRM_Event_BAO_Event::checkPermission($this->_otherEventId, CRM_Core_Permission::DELETE); | |
146 | $this->assertFalse($permissions); | |
147 | } | |
148 | ||
92f5ef6b | 149 | } |