Commit | Line | Data |
---|---|---|
2f6c641a | 1 | <?php |
2 | /* | |
3 | +--------------------------------------------------------------------+ | |
4 | | CiviCRM version 5 | | |
5 | +--------------------------------------------------------------------+ | |
f299f7db | 6 | | Copyright CiviCRM LLC (c) 2004-2020 | |
2f6c641a | 7 | +--------------------------------------------------------------------+ |
8 | | This file is a part of CiviCRM. | | |
9 | | | | |
10 | | CiviCRM is free software; you can copy, modify, and distribute it | | |
11 | | under the terms of the GNU Affero General Public License | | |
12 | | Version 3, 19 November 2007 and the CiviCRM Licensing Exception. | | |
13 | | | | |
14 | | CiviCRM is distributed in the hope that it will be useful, but | | |
15 | | WITHOUT ANY WARRANTY; without even the implied warranty of | | |
16 | | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. | | |
17 | | See the GNU Affero General Public License for more details. | | |
18 | | | | |
19 | | You should have received a copy of the GNU Affero General Public | | |
20 | | License and the CiviCRM Licensing Exception along | | |
21 | | with this program; if not, contact CiviCRM LLC | | |
22 | | at info[AT]civicrm[DOT]org. If you have questions about the | | |
23 | | GNU Affero General Public License or the licensing of CiviCRM, | | |
24 | | see the CiviCRM license FAQ at http://civicrm.org/licensing | | |
25 | +--------------------------------------------------------------------+ | |
26 | */ | |
27 | ||
28 | /** | |
29 | * Trait ACL_Permission_Trait. | |
30 | * | |
31 | * Trait for working with ACLs in tests | |
32 | */ | |
33 | trait CRMTraits_ACL_PermissionTrait { | |
34 | ||
39b959db SL |
35 | /** |
36 | * ContactID of allowed Contact | |
37 | * @var int | |
38 | */ | |
2f6c641a | 39 | protected $allowedContactId = 0; |
39b959db SL |
40 | |
41 | /** | |
42 | * Array of allowed contactIds | |
43 | * @var array | |
44 | */ | |
2f6c641a | 45 | protected $allowedContacts = []; |
46 | ||
8e12938a | 47 | /** |
48 | * Ids created for the scenario in use. | |
49 | * | |
50 | * @var array | |
51 | */ | |
52 | protected $scenarioIDs = []; | |
53 | ||
2f6c641a | 54 | /** |
55 | * All results returned. | |
56 | * | |
57 | * @implements CRM_Utils_Hook::aclWhereClause | |
58 | * | |
59 | * @param string $type | |
60 | * @param array $tables | |
61 | * @param array $whereTables | |
62 | * @param int $contactID | |
63 | * @param string $where | |
64 | */ | |
65 | public function aclWhereHookAllResults($type, &$tables, &$whereTables, &$contactID, &$where) { | |
66 | $where = " (1) "; | |
67 | } | |
68 | ||
2ed07c20 | 69 | /** |
70 | * No results returned. | |
71 | * | |
72 | * @implements CRM_Utils_Hook::aclWhereClause | |
73 | * | |
74 | * @param string $type | |
75 | * @param array $tables | |
76 | * @param array $whereTables | |
77 | * @param int $contactID | |
78 | * @param string $where | |
79 | */ | |
80 | public function aclWhereHookNoResults($type, &$tables, &$whereTables, &$contactID, &$where) { | |
81 | } | |
82 | ||
2f6c641a | 83 | /** |
84 | * All but first results returned. | |
85 | * | |
86 | * @implements CRM_Utils_Hook::aclWhereClause | |
87 | * | |
88 | * @param string $type | |
89 | * @param array $tables | |
90 | * @param array $whereTables | |
91 | * @param int $contactID | |
92 | * @param string $where | |
93 | */ | |
94 | public function aclWhereOnlySecond($type, &$tables, &$whereTables, &$contactID, &$where) { | |
95 | $where = " contact_a.id > 1"; | |
96 | } | |
97 | ||
98 | /** | |
99 | * Only specified contact returned. | |
100 | * | |
101 | * @implements CRM_Utils_Hook::aclWhereClause | |
102 | * | |
103 | * @param string $type | |
104 | * @param array $tables | |
105 | * @param array $whereTables | |
106 | * @param int $contactID | |
107 | * @param string $where | |
108 | */ | |
109 | public function aclWhereOnlyOne($type, &$tables, &$whereTables, &$contactID, &$where) { | |
110 | $where = " contact_a.id = " . $this->allowedContactId; | |
111 | } | |
112 | ||
8e12938a | 113 | /** |
114 | * Set up a core ACL. | |
115 | * | |
116 | * It is recommended that this helper function is accessed through a scenario function. | |
117 | * | |
118 | * @param array $permissionedEntities Array of groups for whom ACLs enable access. | |
119 | * @param string|int $groupAllowedAccess Group permitted to access the permissioned Group | |
120 | * An ID of 0 means that 'Everyone' can access the group. | |
121 | * @param string $operation View|Edit|Create|Delete|Search|All | |
122 | * @param string $entity Group|CustomGroup|Profile|Event | |
123 | * | |
124 | * @throws CRM_Core_Exception | |
125 | */ | |
126 | public function setupCoreACLPermittedToGroup($permissionedEntities = [], $groupAllowedAccess = 'Everyone', $operation = 'View', $entity = 'Group') { | |
127 | $tableMap = ['Group' => 'civicrm_saved_search', 'CustomGroup' => 'civicrm_custom_group', 'Profile' => 'civicrm_uf_match', 'Event' => 'civicrm_event']; | |
128 | $entityTable = $tableMap[$entity]; | |
129 | ||
130 | $permittedRoleID = ($groupAllowedAccess === 'Everyone') ? 0 : $groupAllowedAccess; | |
131 | if ($permittedRoleID !== 0) { | |
132 | throw new CRM_Core_Exception('only handling everyone group as yet'); | |
133 | } | |
134 | ||
135 | foreach ($permissionedEntities as $permissionedEntityID) { | |
136 | $this->callAPISuccess('Acl', 'create', [ | |
137 | 'name' => uniqid(), | |
138 | 'operation' => $operation, | |
139 | 'entity_id' => $permittedRoleID, | |
140 | 'object_id' => $permissionedEntityID, | |
141 | 'object_table' => $entityTable, | |
142 | ]); | |
143 | } | |
144 | } | |
145 | ||
146 | /** | |
147 | * Set up a scenario where everyone can access the permissioned group. | |
148 | * | |
149 | * A scenario in this class involves multiple defined assets. In this case we create | |
150 | * - a group to which the everyone has permission | |
151 | * - a contact in the group | |
152 | * - a contact not in the group | |
153 | * | |
154 | * These are arrayed as follows | |
155 | * $this->scenarioIDs['Contact'] = ['permitted_contact' => x, 'non_permitted_contact' => y] | |
156 | * $this->scenarioIDs['Group'] = ['permitted_group' => x] | |
157 | */ | |
158 | public function setupScenarioCoreACLEveryonePermittedToGroup() { | |
159 | $this->quickCleanup(['civicrm_acl_cache', 'civicrm_acl_contact_cache']); | |
160 | $this->scenarioIDs['Group']['permitted_group'] = $this->groupCreate(); | |
161 | $this->scenarioIDs['Contact']['permitted_contact'] = $this->individualCreate(); | |
162 | $result = $this->callAPISuccess('GroupContact', 'create', ['group_id' => $this->scenarioIDs['Group']['permitted_group'], 'contact_id' => $this->scenarioIDs['Contact']['permitted_contact'], 'status' => 'Added']); | |
163 | $this->scenarioIDs['Contact']['non_permitted_contact'] = $this->individualCreate(); | |
164 | CRM_Core_Config::singleton()->userPermissionClass->permissions = []; | |
165 | $this->setupCoreACLPermittedToGroup([$this->scenarioIDs['Group']['permitted_group']]); | |
166 | } | |
167 | ||
cdacd6ab | 168 | /** |
169 | * Clean up places where permissions get cached. | |
170 | */ | |
171 | protected function cleanupCachedPermissions() { | |
172 | if (isset(Civi::$statics['CRM_Contact_BAO_Contact_Permission'])) { | |
173 | unset(Civi::$statics['CRM_Contact_BAO_Contact_Permission']); | |
174 | } | |
175 | CRM_Core_DAO::executeQuery('TRUNCATE civicrm_acl_contact_cache'); | |
176 | } | |
177 | ||
2f6c641a | 178 | } |