[civicrm-core.git] / tests / phpunit / CRMTraits / ACL / PermissionTrait.php

<?php
/*
 +--------------------------------------------------------------------+
 | Copyright CiviCRM LLC. All rights reserved.                        |
 |                                                                    |
 | This work is published under the GNU AGPLv3 license with some      |
 | permitted exceptions and without any warranty. For full license    |
 | and copyright information, see https://civicrm.org/licensing       |
 +--------------------------------------------------------------------+
 */

/**
 * Trait ACL_Permission_Trait.
 *
 * Trait for working with ACLs in tests
 */
trait CRMTraits_ACL_PermissionTrait {

  /**
   * ContactID of allowed Contact
   * @var int
   */
  protected $allowedContactId = 0;

  /**
   * Array of allowed contactIds
   * @var array
   */
  protected $allowedContacts = [];

  /**
   * Ids created for the scenario in use.
   *
   * @var array
   */
  protected $scenarioIDs = [];

  /**
   * All results returned.
   *
   * @implements CRM_Utils_Hook::aclWhereClause
   *
   * @param string $type
   * @param array $tables
   * @param array $whereTables
   * @param int $contactID
   * @param string $where
   */
  public function aclWhereHookAllResults($type, &$tables, &$whereTables, &$contactID, &$where) {
    $where = " (1) ";
  }

  /**
   * No results returned.
   *
   * @implements CRM_Utils_Hook::aclWhereClause
   *
   * @param string $type
   * @param array $tables
   * @param array $whereTables
   * @param int $contactID
   * @param string $where
   */
  public function aclWhereHookNoResults($type, &$tables, &$whereTables, &$contactID, &$where) {
  }

  /**
   * All but first results returned.
   *
   * @implements CRM_Utils_Hook::aclWhereClause
   *
   * @param string $type
   * @param array $tables
   * @param array $whereTables
   * @param int $contactID
   * @param string $where
   */
  public function aclWhereOnlySecond($type, &$tables, &$whereTables, &$contactID, &$where) {
    $where = " contact_a.id > 1";
  }

  /**
   * Only specified contact returned.
   *
   * @implements CRM_Utils_Hook::aclWhereClause
   *
   * @param string $type
   * @param array $tables
   * @param array $whereTables
   * @param int $contactID
   * @param string $where
   */
  public function aclWhereOnlyOne($type, &$tables, &$whereTables, &$contactID, &$where) {
    $where = " contact_a.id = " . $this->allowedContactId;
  }

  /**
   * Set up a core ACL.
   *
   * It is recommended that this helper function is accessed through a scenario function.
   *
   * @param array $permissionedEntities Array of groups for whom ACLs enable access.
   * @param string|int $groupAllowedAccess Group permitted to access the permissioned Group
   *   An ID of 0 means that 'Everyone' can access the group.
   * @param string $operation View|Edit|Create|Delete|Search|All
   * @param string $entity Group|CustomGroup|Profile|Event
   *
   * @throws CRM_Core_Exception
   */
  public function setupCoreACLPermittedAcl($permissionedEntities = [], $groupAllowedAccess = 'Everyone', $operation = 'View', $entity = 'Group') {
    $tableMap = ['Group' => 'civicrm_saved_search', 'CustomGroup' => 'civicrm_custom_group', 'Profile' => 'civicrm_uf_match', 'Event' => 'civicrm_event'];
    $entityTable = $tableMap[$entity];

    $permittedRoleID = ($groupAllowedAccess === 'Everyone') ? 0 : $groupAllowedAccess;
    if ($permittedRoleID !== 0) {
      throw new CRM_Core_Exception('only handling everyone group as yet');
    }

    foreach ($permissionedEntities as $permissionedEntityID) {
      $this->callAPISuccess('Acl', 'create', [
        'name' => uniqid(),
        'operation' => $operation,
        'entity_id' => $permittedRoleID,
        'object_id' => $permissionedEntityID,
        'object_table' => $entityTable,
      ]);
    }
  }

  /**
   * Set up a scenario where everyone can access the permissioned group.
   *
   * A scenario in this class involves multiple defined assets. In this case we create
   * - a group to which the everyone has permission
   * - a contact in the group
   * - a contact not in the group
   *
   * These are arrayed as follows
   *   $this->scenarioIDs['Contact'] = ['permitted_contact' => x, 'non_permitted_contact' => y]
   *   $this->scenarioIDs['Group'] = ['permitted_group' => x]
   */
  public function setupScenarioCoreACLEveryonePermittedToGroup() {
    $this->quickCleanup(['civicrm_acl_cache', 'civicrm_acl_contact_cache']);
    $this->scenarioIDs['Group']['permitted_group'] = $this->groupCreate();
    $this->scenarioIDs['Contact']['permitted_contact'] = $this->individualCreate();
    $result = $this->callAPISuccess('GroupContact', 'create', ['group_id' => $this->scenarioIDs['Group']['permitted_group'], 'contact_id' => $this->scenarioIDs['Contact']['permitted_contact'], 'status' => 'Added']);
    $this->scenarioIDs['Contact']['non_permitted_contact'] = $this->individualCreate();
    CRM_Core_Config::singleton()->userPermissionClass->permissions = [];
    $this->setupCoreACLPermittedAcl([$this->scenarioIDs['Group']['permitted_group']]);
  }

  /**
   * Set up a scenario where everyone can access the permissioned group.
   *
   * A scenario in this class involves multiple defined assets. In this case we create
   * - a group to which the everyone has permission
   * - a contact in the group
   * - a contact not in the group
   *
   * These are arrayed as follows
   *   $this->scenarioIDs['Contact'] = ['permitted_contact' => x, 'non_permitted_contact' => y]
   *   $this->scenarioIDs['Group'] = ['permitted_group' => x]
   */
  public function setupScenarioCoreACLEveryonePermittedToEvent() {
    $this->quickCleanup(['civicrm_acl_cache', 'civicrm_acl_contact_cache']);
    $this->scenarioIDs['Event']['permitted_event'] = $this->eventCreate()['id'];
    $this->scenarioIDs['Contact']['permitted_contact'] = $this->individualCreate();
    CRM_Core_Config::singleton()->userPermissionClass->permissions = ['view event info'];
    $this->setupCoreACLPermittedAcl([$this->scenarioIDs['Event']['permitted_event']], 'Everyone', 'View', 'Event');
  }

  /**
   * Clean up places where permissions get cached.
   */
  protected function cleanupCachedPermissions() {
    if (isset(Civi::$statics['CRM_Contact_BAO_Contact_Permission'])) {
      unset(Civi::$statics['CRM_Contact_BAO_Contact_Permission']);
    }
    CRM_Core_DAO::executeQuery('TRUNCATE civicrm_acl_contact_cache');
  }

}
Commit	Line	Data
2f6c641a	1	<?php
	2	/*
	3	+--------------------------------------------------------------------+
7d61e75f	4	\| Copyright CiviCRM LLC. All rights reserved. \|
2f6c641a	5	\| \|
7d61e75f TO	6	\| This work is published under the GNU AGPLv3 license with some \|
	7	\| permitted exceptions and without any warranty. For full license \|
	8	\| and copyright information, see https://civicrm.org/licensing \|
2f6c641a	9	+--------------------------------------------------------------------+
	10	*/
	11
	12	/**
	13	* Trait ACL_Permission_Trait.
	14	*
	15	* Trait for working with ACLs in tests
	16	*/
	17	trait CRMTraits_ACL_PermissionTrait {
	18
39b959db SL	19	/**
	20	* ContactID of allowed Contact
	21	* @var int
	22	*/
2f6c641a	23	protected $allowedContactId = 0;
39b959db SL	24
	25	/**
	26	* Array of allowed contactIds
	27	* @var array
	28	*/
2f6c641a	29	protected $allowedContacts = [];
2f6c641a	30
8e12938a	31	/**
	32	* Ids created for the scenario in use.
	33	*
	34	* @var array
	35	*/
	36	protected $scenarioIDs = [];
	37
2f6c641a	38	/**
	39	* All results returned.
	40	*
	41	* @implements CRM_Utils_Hook::aclWhereClause
	42	*
	43	* @param string $type
	44	* @param array $tables
	45	* @param array $whereTables
	46	* @param int $contactID
	47	* @param string $where
	48	*/
	49	public function aclWhereHookAllResults($type, &$tables, &$whereTables, &$contactID, &$where) {
	50	$where = " (1) ";
	51	}
	52
2ed07c20	53	/**
	54	* No results returned.
	55	*
	56	* @implements CRM_Utils_Hook::aclWhereClause
	57	*
	58	* @param string $type
	59	* @param array $tables
	60	* @param array $whereTables
	61	* @param int $contactID
	62	* @param string $where
	63	*/
	64	public function aclWhereHookNoResults($type, &$tables, &$whereTables, &$contactID, &$where) {
	65	}
	66
2f6c641a	67	/**
	68	* All but first results returned.
	69	*
	70	* @implements CRM_Utils_Hook::aclWhereClause
	71	*
	72	* @param string $type
	73	* @param array $tables
	74	* @param array $whereTables
	75	* @param int $contactID
	76	* @param string $where
	77	*/
	78	public function aclWhereOnlySecond($type, &$tables, &$whereTables, &$contactID, &$where) {
	79	$where = " contact_a.id > 1";
	80	}
	81
	82	/**
	83	* Only specified contact returned.
	84	*
	85	* @implements CRM_Utils_Hook::aclWhereClause
	86	*
	87	* @param string $type
	88	* @param array $tables
	89	* @param array $whereTables
	90	* @param int $contactID
	91	* @param string $where
	92	*/
	93	public function aclWhereOnlyOne($type, &$tables, &$whereTables, &$contactID, &$where) {
	94	$where = " contact_a.id = " . $this->allowedContactId;
	95	}
	96
8e12938a	97	/**
	98	* Set up a core ACL.
	99	*
	100	* It is recommended that this helper function is accessed through a scenario function.
	101	*
	102	* @param array $permissionedEntities Array of groups for whom ACLs enable access.
	103	* @param string\|int $groupAllowedAccess Group permitted to access the permissioned Group
	104	* An ID of 0 means that 'Everyone' can access the group.
	105	* @param string $operation View\|Edit\|Create\|Delete\|Search\|All
	106	* @param string $entity Group\|CustomGroup\|Profile\|Event
	107	*
	108	* @throws CRM_Core_Exception
	109	*/
11fa49fe	110	public function setupCoreACLPermittedAcl($permissionedEntities = [], $groupAllowedAccess = 'Everyone', $operation = 'View', $entity = 'Group') {
8e12938a	111	$tableMap = ['Group' => 'civicrm_saved_search', 'CustomGroup' => 'civicrm_custom_group', 'Profile' => 'civicrm_uf_match', 'Event' => 'civicrm_event'];
	112	$entityTable = $tableMap[$entity];
	113
	114	$permittedRoleID = ($groupAllowedAccess === 'Everyone') ? 0 : $groupAllowedAccess;
	115	if ($permittedRoleID !== 0) {
	116	throw new CRM_Core_Exception('only handling everyone group as yet');
	117	}
	118
	119	foreach ($permissionedEntities as $permissionedEntityID) {
	120	$this->callAPISuccess('Acl', 'create', [
	121	'name' => uniqid(),
	122	'operation' => $operation,
	123	'entity_id' => $permittedRoleID,
	124	'object_id' => $permissionedEntityID,
	125	'object_table' => $entityTable,
	126	]);
	127	}
	128	}
	129
	130	/**
	131	* Set up a scenario where everyone can access the permissioned group.
	132	*
	133	* A scenario in this class involves multiple defined assets. In this case we create
	134	* - a group to which the everyone has permission
	135	* - a contact in the group
	136	* - a contact not in the group
	137	*
	138	* These are arrayed as follows
	139	* $this->scenarioIDs['Contact'] = ['permitted_contact' => x, 'non_permitted_contact' => y]
	140	* $this->scenarioIDs['Group'] = ['permitted_group' => x]
	141	*/
	142	public function setupScenarioCoreACLEveryonePermittedToGroup() {
	143	$this->quickCleanup(['civicrm_acl_cache', 'civicrm_acl_contact_cache']);
	144	$this->scenarioIDs['Group']['permitted_group'] = $this->groupCreate();
	145	$this->scenarioIDs['Contact']['permitted_contact'] = $this->individualCreate();
	146	$result = $this->callAPISuccess('GroupContact', 'create', ['group_id' => $this->scenarioIDs['Group']['permitted_group'], 'contact_id' => $this->scenarioIDs['Contact']['permitted_contact'], 'status' => 'Added']);
	147	$this->scenarioIDs['Contact']['non_permitted_contact'] = $this->individualCreate();
	148	CRM_Core_Config::singleton()->userPermissionClass->permissions = [];
11fa49fe	149	$this->setupCoreACLPermittedAcl([$this->scenarioIDs['Group']['permitted_group']]);
	150	}
	151
	152	/**
	153	* Set up a scenario where everyone can access the permissioned group.
	154	*
	155	* A scenario in this class involves multiple defined assets. In this case we create
	156	* - a group to which the everyone has permission
	157	* - a contact in the group
	158	* - a contact not in the group
	159	*
	160	* These are arrayed as follows
	161	* $this->scenarioIDs['Contact'] = ['permitted_contact' => x, 'non_permitted_contact' => y]
	162	* $this->scenarioIDs['Group'] = ['permitted_group' => x]
	163	*/
	164	public function setupScenarioCoreACLEveryonePermittedToEvent() {
	165	$this->quickCleanup(['civicrm_acl_cache', 'civicrm_acl_contact_cache']);
	166	$this->scenarioIDs['Event']['permitted_event'] = $this->eventCreate()['id'];
	167	$this->scenarioIDs['Contact']['permitted_contact'] = $this->individualCreate();
	168	CRM_Core_Config::singleton()->userPermissionClass->permissions = ['view event info'];
	169	$this->setupCoreACLPermittedAcl([$this->scenarioIDs['Event']['permitted_event']], 'Everyone', 'View', 'Event');
8e12938a	170	}
8e12938a	171
cdacd6ab	172	/**
	173	* Clean up places where permissions get cached.
	174	*/
	175	protected function cleanupCachedPermissions() {
	176	if (isset(Civi::$statics['CRM_Contact_BAO_Contact_Permission'])) {
	177	unset(Civi::$statics['CRM_Contact_BAO_Contact_Permission']);
	178	}
	179	CRM_Core_DAO::executeQuery('TRUNCATE civicrm_acl_contact_cache');
	180	}
	181
2f6c641a	182	}