Commit | Line | Data |
---|---|---|
2f6c641a | 1 | <?php |
2 | /* | |
3 | +--------------------------------------------------------------------+ | |
7d61e75f | 4 | | Copyright CiviCRM LLC. All rights reserved. | |
2f6c641a | 5 | | | |
7d61e75f TO |
6 | | This work is published under the GNU AGPLv3 license with some | |
7 | | permitted exceptions and without any warranty. For full license | | |
8 | | and copyright information, see https://civicrm.org/licensing | | |
2f6c641a | 9 | +--------------------------------------------------------------------+ |
10 | */ | |
11 | ||
12 | /** | |
13 | * Trait ACL_Permission_Trait. | |
14 | * | |
15 | * Trait for working with ACLs in tests | |
16 | */ | |
17 | trait CRMTraits_ACL_PermissionTrait { | |
18 | ||
39b959db SL |
19 | /** |
20 | * ContactID of allowed Contact | |
21 | * @var int | |
22 | */ | |
2f6c641a | 23 | protected $allowedContactId = 0; |
39b959db SL |
24 | |
25 | /** | |
26 | * Array of allowed contactIds | |
27 | * @var array | |
28 | */ | |
2f6c641a | 29 | protected $allowedContacts = []; |
30 | ||
8e12938a | 31 | /** |
32 | * Ids created for the scenario in use. | |
33 | * | |
34 | * @var array | |
35 | */ | |
36 | protected $scenarioIDs = []; | |
37 | ||
2f6c641a | 38 | /** |
39 | * All results returned. | |
40 | * | |
41 | * @implements CRM_Utils_Hook::aclWhereClause | |
42 | * | |
43 | * @param string $type | |
44 | * @param array $tables | |
45 | * @param array $whereTables | |
46 | * @param int $contactID | |
47 | * @param string $where | |
48 | */ | |
49 | public function aclWhereHookAllResults($type, &$tables, &$whereTables, &$contactID, &$where) { | |
50 | $where = " (1) "; | |
51 | } | |
52 | ||
2ed07c20 | 53 | /** |
54 | * No results returned. | |
55 | * | |
56 | * @implements CRM_Utils_Hook::aclWhereClause | |
57 | * | |
58 | * @param string $type | |
59 | * @param array $tables | |
60 | * @param array $whereTables | |
61 | * @param int $contactID | |
62 | * @param string $where | |
63 | */ | |
64 | public function aclWhereHookNoResults($type, &$tables, &$whereTables, &$contactID, &$where) { | |
65 | } | |
66 | ||
2f6c641a | 67 | /** |
68 | * All but first results returned. | |
69 | * | |
70 | * @implements CRM_Utils_Hook::aclWhereClause | |
71 | * | |
72 | * @param string $type | |
73 | * @param array $tables | |
74 | * @param array $whereTables | |
75 | * @param int $contactID | |
76 | * @param string $where | |
77 | */ | |
78 | public function aclWhereOnlySecond($type, &$tables, &$whereTables, &$contactID, &$where) { | |
79 | $where = " contact_a.id > 1"; | |
80 | } | |
81 | ||
82 | /** | |
83 | * Only specified contact returned. | |
84 | * | |
85 | * @implements CRM_Utils_Hook::aclWhereClause | |
86 | * | |
87 | * @param string $type | |
88 | * @param array $tables | |
89 | * @param array $whereTables | |
90 | * @param int $contactID | |
91 | * @param string $where | |
92 | */ | |
93 | public function aclWhereOnlyOne($type, &$tables, &$whereTables, &$contactID, &$where) { | |
94 | $where = " contact_a.id = " . $this->allowedContactId; | |
95 | } | |
96 | ||
8e12938a | 97 | /** |
98 | * Set up a core ACL. | |
99 | * | |
100 | * It is recommended that this helper function is accessed through a scenario function. | |
101 | * | |
102 | * @param array $permissionedEntities Array of groups for whom ACLs enable access. | |
103 | * @param string|int $groupAllowedAccess Group permitted to access the permissioned Group | |
104 | * An ID of 0 means that 'Everyone' can access the group. | |
105 | * @param string $operation View|Edit|Create|Delete|Search|All | |
106 | * @param string $entity Group|CustomGroup|Profile|Event | |
107 | * | |
108 | * @throws CRM_Core_Exception | |
109 | */ | |
11fa49fe | 110 | public function setupCoreACLPermittedAcl($permissionedEntities = [], $groupAllowedAccess = 'Everyone', $operation = 'View', $entity = 'Group') { |
8e12938a | 111 | $tableMap = ['Group' => 'civicrm_saved_search', 'CustomGroup' => 'civicrm_custom_group', 'Profile' => 'civicrm_uf_match', 'Event' => 'civicrm_event']; |
112 | $entityTable = $tableMap[$entity]; | |
113 | ||
114 | $permittedRoleID = ($groupAllowedAccess === 'Everyone') ? 0 : $groupAllowedAccess; | |
115 | if ($permittedRoleID !== 0) { | |
116 | throw new CRM_Core_Exception('only handling everyone group as yet'); | |
117 | } | |
118 | ||
119 | foreach ($permissionedEntities as $permissionedEntityID) { | |
120 | $this->callAPISuccess('Acl', 'create', [ | |
121 | 'name' => uniqid(), | |
122 | 'operation' => $operation, | |
123 | 'entity_id' => $permittedRoleID, | |
124 | 'object_id' => $permissionedEntityID, | |
125 | 'object_table' => $entityTable, | |
126 | ]); | |
127 | } | |
128 | } | |
129 | ||
130 | /** | |
131 | * Set up a scenario where everyone can access the permissioned group. | |
132 | * | |
133 | * A scenario in this class involves multiple defined assets. In this case we create | |
134 | * - a group to which the everyone has permission | |
135 | * - a contact in the group | |
136 | * - a contact not in the group | |
137 | * | |
138 | * These are arrayed as follows | |
139 | * $this->scenarioIDs['Contact'] = ['permitted_contact' => x, 'non_permitted_contact' => y] | |
140 | * $this->scenarioIDs['Group'] = ['permitted_group' => x] | |
141 | */ | |
142 | public function setupScenarioCoreACLEveryonePermittedToGroup() { | |
143 | $this->quickCleanup(['civicrm_acl_cache', 'civicrm_acl_contact_cache']); | |
144 | $this->scenarioIDs['Group']['permitted_group'] = $this->groupCreate(); | |
145 | $this->scenarioIDs['Contact']['permitted_contact'] = $this->individualCreate(); | |
146 | $result = $this->callAPISuccess('GroupContact', 'create', ['group_id' => $this->scenarioIDs['Group']['permitted_group'], 'contact_id' => $this->scenarioIDs['Contact']['permitted_contact'], 'status' => 'Added']); | |
147 | $this->scenarioIDs['Contact']['non_permitted_contact'] = $this->individualCreate(); | |
148 | CRM_Core_Config::singleton()->userPermissionClass->permissions = []; | |
11fa49fe | 149 | $this->setupCoreACLPermittedAcl([$this->scenarioIDs['Group']['permitted_group']]); |
150 | } | |
151 | ||
152 | /** | |
153 | * Set up a scenario where everyone can access the permissioned group. | |
154 | * | |
155 | * A scenario in this class involves multiple defined assets. In this case we create | |
156 | * - a group to which the everyone has permission | |
157 | * - a contact in the group | |
158 | * - a contact not in the group | |
159 | * | |
160 | * These are arrayed as follows | |
161 | * $this->scenarioIDs['Contact'] = ['permitted_contact' => x, 'non_permitted_contact' => y] | |
162 | * $this->scenarioIDs['Group'] = ['permitted_group' => x] | |
163 | */ | |
164 | public function setupScenarioCoreACLEveryonePermittedToEvent() { | |
165 | $this->quickCleanup(['civicrm_acl_cache', 'civicrm_acl_contact_cache']); | |
166 | $this->scenarioIDs['Event']['permitted_event'] = $this->eventCreate()['id']; | |
167 | $this->scenarioIDs['Contact']['permitted_contact'] = $this->individualCreate(); | |
168 | CRM_Core_Config::singleton()->userPermissionClass->permissions = ['view event info']; | |
169 | $this->setupCoreACLPermittedAcl([$this->scenarioIDs['Event']['permitted_event']], 'Everyone', 'View', 'Event'); | |
8e12938a | 170 | } |
171 | ||
cdacd6ab | 172 | /** |
173 | * Clean up places where permissions get cached. | |
174 | */ | |
175 | protected function cleanupCachedPermissions() { | |
176 | if (isset(Civi::$statics['CRM_Contact_BAO_Contact_Permission'])) { | |
177 | unset(Civi::$statics['CRM_Contact_BAO_Contact_Permission']); | |
178 | } | |
179 | CRM_Core_DAO::executeQuery('TRUNCATE civicrm_acl_contact_cache'); | |
180 | } | |
181 | ||
2f6c641a | 182 | } |