[civicrm-core.git] / tests / phpunit / CRMTraits / ACL / PermissionTrait.php

<?php
/*
 +--------------------------------------------------------------------+
 | CiviCRM version 5                                                  |
 +--------------------------------------------------------------------+
 | Copyright CiviCRM LLC (c) 2004-2020                                |
 +--------------------------------------------------------------------+
 | This file is a part of CiviCRM.                                    |
 |                                                                    |
 | CiviCRM is free software; you can copy, modify, and distribute it  |
 | under the terms of the GNU Affero General Public License           |
 | Version 3, 19 November 2007 and the CiviCRM Licensing Exception.   |
 |                                                                    |
 | CiviCRM is distributed in the hope that it will be useful, but     |
 | WITHOUT ANY WARRANTY; without even the implied warranty of         |
 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.               |
 | See the GNU Affero General Public License for more details.        |
 |                                                                    |
 | You should have received a copy of the GNU Affero General Public   |
 | License and the CiviCRM Licensing Exception along                  |
 | with this program; if not, contact CiviCRM LLC                     |
 | at info[AT]civicrm[DOT]org. If you have questions about the        |
 | GNU Affero General Public License or the licensing of CiviCRM,     |
 | see the CiviCRM license FAQ at http://civicrm.org/licensing        |
 +--------------------------------------------------------------------+
 */

/**
 * Trait ACL_Permission_Trait.
 *
 * Trait for working with ACLs in tests
 */
trait CRMTraits_ACL_PermissionTrait {

  /**
   * ContactID of allowed Contact
   * @var int
   */
  protected $allowedContactId = 0;

  /**
   * Array of allowed contactIds
   * @var array
   */
  protected $allowedContacts = [];

  /**
   * Ids created for the scenario in use.
   *
   * @var array
   */
  protected $scenarioIDs = [];

  /**
   * All results returned.
   *
   * @implements CRM_Utils_Hook::aclWhereClause
   *
   * @param string $type
   * @param array $tables
   * @param array $whereTables
   * @param int $contactID
   * @param string $where
   */
  public function aclWhereHookAllResults($type, &$tables, &$whereTables, &$contactID, &$where) {
    $where = " (1) ";
  }

  /**
   * No results returned.
   *
   * @implements CRM_Utils_Hook::aclWhereClause
   *
   * @param string $type
   * @param array $tables
   * @param array $whereTables
   * @param int $contactID
   * @param string $where
   */
  public function aclWhereHookNoResults($type, &$tables, &$whereTables, &$contactID, &$where) {
  }

  /**
   * All but first results returned.
   *
   * @implements CRM_Utils_Hook::aclWhereClause
   *
   * @param string $type
   * @param array $tables
   * @param array $whereTables
   * @param int $contactID
   * @param string $where
   */
  public function aclWhereOnlySecond($type, &$tables, &$whereTables, &$contactID, &$where) {
    $where = " contact_a.id > 1";
  }

  /**
   * Only specified contact returned.
   *
   * @implements CRM_Utils_Hook::aclWhereClause
   *
   * @param string $type
   * @param array $tables
   * @param array $whereTables
   * @param int $contactID
   * @param string $where
   */
  public function aclWhereOnlyOne($type, &$tables, &$whereTables, &$contactID, &$where) {
    $where = " contact_a.id = " . $this->allowedContactId;
  }

  /**
   * Set up a core ACL.
   *
   * It is recommended that this helper function is accessed through a scenario function.
   *
   * @param array $permissionedEntities Array of groups for whom ACLs enable access.
   * @param string|int $groupAllowedAccess Group permitted to access the permissioned Group
   *   An ID of 0 means that 'Everyone' can access the group.
   * @param string $operation View|Edit|Create|Delete|Search|All
   * @param string $entity Group|CustomGroup|Profile|Event
   *
   * @throws CRM_Core_Exception
   */
  public function setupCoreACLPermittedToGroup($permissionedEntities = [], $groupAllowedAccess = 'Everyone', $operation = 'View', $entity = 'Group') {
    $tableMap = ['Group' => 'civicrm_saved_search', 'CustomGroup' => 'civicrm_custom_group', 'Profile' => 'civicrm_uf_match', 'Event' => 'civicrm_event'];
    $entityTable = $tableMap[$entity];

    $permittedRoleID = ($groupAllowedAccess === 'Everyone') ? 0 : $groupAllowedAccess;
    if ($permittedRoleID !== 0) {
      throw new CRM_Core_Exception('only handling everyone group as yet');
    }

    foreach ($permissionedEntities as $permissionedEntityID) {
      $this->callAPISuccess('Acl', 'create', [
        'name' => uniqid(),
        'operation' => $operation,
        'entity_id' => $permittedRoleID,
        'object_id' => $permissionedEntityID,
        'object_table' => $entityTable,
      ]);
    }
  }

  /**
   * Set up a scenario where everyone can access the permissioned group.
   *
   * A scenario in this class involves multiple defined assets. In this case we create
   * - a group to which the everyone has permission
   * - a contact in the group
   * - a contact not in the group
   *
   * These are arrayed as follows
   *   $this->scenarioIDs['Contact'] = ['permitted_contact' => x, 'non_permitted_contact' => y]
   *   $this->scenarioIDs['Group'] = ['permitted_group' => x]
   */
  public function setupScenarioCoreACLEveryonePermittedToGroup() {
    $this->quickCleanup(['civicrm_acl_cache', 'civicrm_acl_contact_cache']);
    $this->scenarioIDs['Group']['permitted_group'] = $this->groupCreate();
    $this->scenarioIDs['Contact']['permitted_contact'] = $this->individualCreate();
    $result = $this->callAPISuccess('GroupContact', 'create', ['group_id' => $this->scenarioIDs['Group']['permitted_group'], 'contact_id' => $this->scenarioIDs['Contact']['permitted_contact'], 'status' => 'Added']);
    $this->scenarioIDs['Contact']['non_permitted_contact'] = $this->individualCreate();
    CRM_Core_Config::singleton()->userPermissionClass->permissions = [];
    $this->setupCoreACLPermittedToGroup([$this->scenarioIDs['Group']['permitted_group']]);
  }

  /**
   * Clean up places where permissions get cached.
   */
  protected function cleanupCachedPermissions() {
    if (isset(Civi::$statics['CRM_Contact_BAO_Contact_Permission'])) {
      unset(Civi::$statics['CRM_Contact_BAO_Contact_Permission']);
    }
    CRM_Core_DAO::executeQuery('TRUNCATE civicrm_acl_contact_cache');
  }

}
Commit	Line	Data
2f6c641a	1	<?php
	2	/*
	3	+--------------------------------------------------------------------+
	4	\| CiviCRM version 5 \|
	5	+--------------------------------------------------------------------+
f299f7db	6	\| Copyright CiviCRM LLC (c) 2004-2020 \|
2f6c641a	7	+--------------------------------------------------------------------+
	8	\| This file is a part of CiviCRM. \|
	9	\| \|
	10	\| CiviCRM is free software; you can copy, modify, and distribute it \|
	11	\| under the terms of the GNU Affero General Public License \|
	12	\| Version 3, 19 November 2007 and the CiviCRM Licensing Exception. \|
	13	\| \|
	14	\| CiviCRM is distributed in the hope that it will be useful, but \|
	15	\| WITHOUT ANY WARRANTY; without even the implied warranty of \|
	16	\| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. \|
	17	\| See the GNU Affero General Public License for more details. \|
	18	\| \|
	19	\| You should have received a copy of the GNU Affero General Public \|
	20	\| License and the CiviCRM Licensing Exception along \|
	21	\| with this program; if not, contact CiviCRM LLC \|
	22	\| at info[AT]civicrm[DOT]org. If you have questions about the \|
	23	\| GNU Affero General Public License or the licensing of CiviCRM, \|
	24	\| see the CiviCRM license FAQ at http://civicrm.org/licensing \|
	25	+--------------------------------------------------------------------+
	26	*/
	27
	28	/**
	29	* Trait ACL_Permission_Trait.
	30	*
	31	* Trait for working with ACLs in tests
	32	*/
	33	trait CRMTraits_ACL_PermissionTrait {
	34
39b959db SL	35	/**
	36	* ContactID of allowed Contact
	37	* @var int
	38	*/
2f6c641a	39	protected $allowedContactId = 0;
39b959db SL	40
	41	/**
	42	* Array of allowed contactIds
	43	* @var array
	44	*/
2f6c641a	45	protected $allowedContacts = [];
2f6c641a	46
8e12938a	47	/**
	48	* Ids created for the scenario in use.
	49	*
	50	* @var array
	51	*/
	52	protected $scenarioIDs = [];
	53
2f6c641a	54	/**
	55	* All results returned.
	56	*
	57	* @implements CRM_Utils_Hook::aclWhereClause
	58	*
	59	* @param string $type
	60	* @param array $tables
	61	* @param array $whereTables
	62	* @param int $contactID
	63	* @param string $where
	64	*/
	65	public function aclWhereHookAllResults($type, &$tables, &$whereTables, &$contactID, &$where) {
	66	$where = " (1) ";
	67	}
	68
2ed07c20	69	/**
	70	* No results returned.
	71	*
	72	* @implements CRM_Utils_Hook::aclWhereClause
	73	*
	74	* @param string $type
	75	* @param array $tables
	76	* @param array $whereTables
	77	* @param int $contactID
	78	* @param string $where
	79	*/
	80	public function aclWhereHookNoResults($type, &$tables, &$whereTables, &$contactID, &$where) {
	81	}
	82
2f6c641a	83	/**
	84	* All but first results returned.
	85	*
	86	* @implements CRM_Utils_Hook::aclWhereClause
	87	*
	88	* @param string $type
	89	* @param array $tables
	90	* @param array $whereTables
	91	* @param int $contactID
	92	* @param string $where
	93	*/
	94	public function aclWhereOnlySecond($type, &$tables, &$whereTables, &$contactID, &$where) {
	95	$where = " contact_a.id > 1";
	96	}
	97
	98	/**
	99	* Only specified contact returned.
	100	*
	101	* @implements CRM_Utils_Hook::aclWhereClause
	102	*
	103	* @param string $type
	104	* @param array $tables
	105	* @param array $whereTables
	106	* @param int $contactID
	107	* @param string $where
	108	*/
	109	public function aclWhereOnlyOne($type, &$tables, &$whereTables, &$contactID, &$where) {
	110	$where = " contact_a.id = " . $this->allowedContactId;
	111	}
	112
8e12938a	113	/**
	114	* Set up a core ACL.
	115	*
	116	* It is recommended that this helper function is accessed through a scenario function.
	117	*
	118	* @param array $permissionedEntities Array of groups for whom ACLs enable access.
	119	* @param string\|int $groupAllowedAccess Group permitted to access the permissioned Group
	120	* An ID of 0 means that 'Everyone' can access the group.
	121	* @param string $operation View\|Edit\|Create\|Delete\|Search\|All
	122	* @param string $entity Group\|CustomGroup\|Profile\|Event
	123	*
	124	* @throws CRM_Core_Exception
	125	*/
	126	public function setupCoreACLPermittedToGroup($permissionedEntities = [], $groupAllowedAccess = 'Everyone', $operation = 'View', $entity = 'Group') {
	127	$tableMap = ['Group' => 'civicrm_saved_search', 'CustomGroup' => 'civicrm_custom_group', 'Profile' => 'civicrm_uf_match', 'Event' => 'civicrm_event'];
	128	$entityTable = $tableMap[$entity];
	129
	130	$permittedRoleID = ($groupAllowedAccess === 'Everyone') ? 0 : $groupAllowedAccess;
	131	if ($permittedRoleID !== 0) {
	132	throw new CRM_Core_Exception('only handling everyone group as yet');
	133	}
	134
	135	foreach ($permissionedEntities as $permissionedEntityID) {
	136	$this->callAPISuccess('Acl', 'create', [
	137	'name' => uniqid(),
	138	'operation' => $operation,
	139	'entity_id' => $permittedRoleID,
	140	'object_id' => $permissionedEntityID,
	141	'object_table' => $entityTable,
	142	]);
	143	}
	144	}
	145
	146	/**
	147	* Set up a scenario where everyone can access the permissioned group.
	148	*
	149	* A scenario in this class involves multiple defined assets. In this case we create
	150	* - a group to which the everyone has permission
	151	* - a contact in the group
	152	* - a contact not in the group
	153	*
	154	* These are arrayed as follows
	155	* $this->scenarioIDs['Contact'] = ['permitted_contact' => x, 'non_permitted_contact' => y]
	156	* $this->scenarioIDs['Group'] = ['permitted_group' => x]
	157	*/
	158	public function setupScenarioCoreACLEveryonePermittedToGroup() {
	159	$this->quickCleanup(['civicrm_acl_cache', 'civicrm_acl_contact_cache']);
	160	$this->scenarioIDs['Group']['permitted_group'] = $this->groupCreate();
	161	$this->scenarioIDs['Contact']['permitted_contact'] = $this->individualCreate();
	162	$result = $this->callAPISuccess('GroupContact', 'create', ['group_id' => $this->scenarioIDs['Group']['permitted_group'], 'contact_id' => $this->scenarioIDs['Contact']['permitted_contact'], 'status' => 'Added']);
	163	$this->scenarioIDs['Contact']['non_permitted_contact'] = $this->individualCreate();
	164	CRM_Core_Config::singleton()->userPermissionClass->permissions = [];
	165	$this->setupCoreACLPermittedToGroup([$this->scenarioIDs['Group']['permitted_group']]);
	166	}
	167
cdacd6ab	168	/**
	169	* Clean up places where permissions get cached.
	170	*/
	171	protected function cleanupCachedPermissions() {
	172	if (isset(Civi::$statics['CRM_Contact_BAO_Contact_Permission'])) {
	173	unset(Civi::$statics['CRM_Contact_BAO_Contact_Permission']);
	174	}
	175	CRM_Core_DAO::executeQuery('TRUNCATE civicrm_acl_contact_cache');
	176	}
	177
2f6c641a	178	}