Commit | Line | Data |
---|---|---|
6a488035 | 1 | <?php |
6a488035 TO |
2 | /* |
3 | +--------------------------------------------------------------------+ | |
06a1bc01 | 4 | | CiviCRM version 4.5 | |
6a488035 | 5 | +--------------------------------------------------------------------+ |
06a1bc01 | 6 | | Copyright CiviCRM LLC (c) 2004-2014 | |
6a488035 TO |
7 | +--------------------------------------------------------------------+ |
8 | | This file is a part of CiviCRM. | | |
9 | | | | |
10 | | CiviCRM is free software; you can copy, modify, and distribute it | | |
11 | | under the terms of the GNU Affero General Public License | | |
12 | | Version 3, 19 November 2007 and the CiviCRM Licensing Exception. | | |
13 | | | | |
14 | | CiviCRM is distributed in the hope that it will be useful, but | | |
15 | | WITHOUT ANY WARRANTY; without even the implied warranty of | | |
16 | | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. | | |
17 | | See the GNU Affero General Public License for more details. | | |
18 | | | | |
19 | | You should have received a copy of the GNU Affero General Public | | |
20 | | License and the CiviCRM Licensing Exception along | | |
21 | | with this program; if not, contact CiviCRM LLC | | |
22 | | at info[AT]civicrm[DOT]org. If you have questions about the | | |
23 | | GNU Affero General Public License or the licensing of CiviCRM, | | |
24 | | see the CiviCRM license FAQ at http://civicrm.org/licensing | | |
25 | +--------------------------------------------------------------------+ | |
26 | */ | |
27 | ||
28 | require_once 'CiviTest/CiviUnitTestCase.php'; | |
29 | ||
30 | /** | |
31 | * This class is intended to test ACL permission using the multisite module | |
32 | * | |
7884d958 | 33 | * @package CiviCRM_APIv3 |
34 | * @subpackage API_Contact | |
6a488035 TO |
35 | */ |
36 | ||
37 | class api_v3_ACLPermissionTest extends CiviUnitTestCase { | |
4e420887 | 38 | protected $_apiversion = 3; |
6a488035 | 39 | protected $_params; |
7884d958 | 40 | protected $hookClass = NULL; |
4e420887 | 41 | public $DBResetRequired = FALSE; |
6a488035 | 42 | |
b7c9bc4c | 43 | |
6a488035 | 44 | |
430ae6dd TO |
45 | protected $_entity; |
46 | ||
47 | function setUp() { | |
6a488035 TO |
48 | parent::setUp(); |
49 | $baoObj = new CRM_Core_DAO(); | |
50 | $baoObj->createTestObject('CRM_Pledge_BAO_Pledge', array(), 1, 0); | |
51 | $baoObj->createTestObject('CRM_Core_BAO_Phone', array(), 1, 0); | |
52 | $this->hookClass = CRM_Utils_Hook::singleton(); | |
53 | $config = CRM_Core_Config::singleton(); | |
54 | $config->userPermissionClass->permissions = array(); | |
55 | } | |
7884d958 | 56 | |
57 | /** | |
58 | * (non-PHPdoc) | |
59 | * @see CiviUnitTestCase::tearDown() | |
60 | */ | |
6a488035 | 61 | function tearDown() { |
e182b859 | 62 | CRM_Utils_Hook::singleton()->reset(); |
6a488035 | 63 | $tablesToTruncate = array( |
7884d958 | 64 | 'civicrm_contact', |
6a488035 TO |
65 | ); |
66 | $this->quickCleanup($tablesToTruncate); | |
67 | $config = CRM_Core_Config::singleton(); | |
68 | unset($config->userPermissionClass->permissions); | |
69 | } | |
7884d958 | 70 | |
71 | /** | |
72 | * Function tests that an empty where hook returns no results | |
73 | */ | |
74 | function testContactGetNoResultsHook() { | |
6a488035 | 75 | $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookNoResults')); |
4e420887 | 76 | $result = $this->callAPISuccess('contact', 'get', array( |
6a488035 TO |
77 | 'check_permissions' => 1, |
78 | 'return' => 'display_name', | |
79 | )); | |
6a488035 TO |
80 | $this->assertEquals(0, $result['count']); |
81 | } | |
82 | ||
83 | /** | |
84 | * Function tests all results are returned | |
7884d958 | 85 | */ |
86 | function testContactGetAllResultsHook() { | |
6a488035 | 87 | $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookAllResults')); |
4e420887 | 88 | $result = $this->callAPISuccess('contact', 'get', array( |
7884d958 | 89 | 'check_permissions' => 1, |
90 | 'return' => 'display_name', | |
6a488035 TO |
91 | )); |
92 | ||
6a488035 TO |
93 | $this->assertEquals(2, $result['count']); |
94 | } | |
7884d958 | 95 | |
6a488035 | 96 | /** |
5d3b3d60 | 97 | * Function tests that deleted contacts are not returned |
7884d958 | 98 | */ |
99 | function testContactGetPermissionHookNoDeleted() { | |
6fa193fb | 100 | $result = $this->callAPISuccess('contact', 'create', array('id' => 2, 'is_deleted' => 1)); |
6a488035 | 101 | $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookAllResults')); |
4e420887 | 102 | $result = $this->callAPISuccess('contact', 'get', array( |
7884d958 | 103 | 'check_permissions' => 1, |
104 | 'return' => 'display_name', | |
6a488035 | 105 | )); |
6a488035 TO |
106 | $this->assertEquals(1, $result['count']); |
107 | } | |
108 | ||
109 | /** | |
110 | * test permissions limited by hook | |
111 | */ | |
7884d958 | 112 | function testContactGetHookLimitingHook() { |
6a488035 TO |
113 | $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereOnlySecond')); |
114 | ||
4e420887 | 115 | $result = $this->callAPISuccess('contact', 'get', array( |
6a488035 TO |
116 | 'check_permissions' => 1, |
117 | 'return' => 'display_name', | |
7884d958 | 118 | )); |
6a488035 TO |
119 | $this->assertEquals(1, $result['count']); |
120 | } | |
121 | ||
7884d958 | 122 | /** |
123 | * confirm that without check permissions we still get 2 contacts returned | |
124 | */ | |
125 | function testContactGetHookLimitingHookDontCheck() { | |
6a488035 | 126 | // |
4e420887 | 127 | $result = $this->callAPISuccess('contact', 'get', array( |
128 | 'check_permissions' => 0, | |
129 | 'return' => 'display_name', | |
6a488035 | 130 | )); |
6a488035 TO |
131 | $this->assertEquals(2, $result['count']); |
132 | } | |
7884d958 | 133 | |
6a488035 TO |
134 | /** |
135 | * Check that id works as a filter | |
136 | */ | |
7884d958 | 137 | function testContactGetIDFilter() { |
6a488035 | 138 | $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookAllResults')); |
4e420887 | 139 | $result = $this->callAPISuccess('contact', 'get', array( |
6a488035 TO |
140 | 'sequential' => 1, |
141 | 'id' => 2, | |
142 | 'check_permissions' => 1, | |
143 | )); | |
144 | ||
6a488035 TO |
145 | $this->assertEquals(1, $result['count']); |
146 | $this->assertEquals(2, $result['id']); | |
147 | } | |
148 | ||
7884d958 | 149 | /** |
150 | * Check that address IS returned | |
151 | */ | |
152 | function testContactGetAddressReturned() { | |
153 | $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereOnlySecond')); | |
154 | $fullresult = $this->callAPISuccess('contact', 'get', array( | |
155 | 'sequential' => 1, | |
156 | )); | |
157 | //return doesn't work for all keys - can't fix that here so let's skip ... | |
158 | //prefix & suffix are inconsistent due to CRM-7929 | |
159 | // unsure about others but return doesn't work on them | |
160 | $elementsReturnDoesntSupport = array( | |
7884d958 | 161 | 'prefix', |
7884d958 | 162 | 'suffix', |
7884d958 | 163 | 'gender', |
164 | 'current_employer', | |
165 | 'phone_id', | |
166 | 'phone_type_id', | |
167 | 'phone', | |
168 | 'worldregion_id', | |
169 | 'world_region' | |
170 | ); | |
171 | $expectedReturnElements = array_diff(array_keys($fullresult['values'][0]), $elementsReturnDoesntSupport); | |
172 | $result = $this->callAPISuccess('contact', 'get', array( | |
173 | 'check_permissions' => 1, | |
174 | 'return' => $expectedReturnElements, | |
175 | 'sequential' => 1, | |
176 | )); | |
177 | $this->assertEquals(1, $result['count']); | |
178 | foreach ($expectedReturnElements as $element) { | |
179 | $this->assertArrayHasKey($element, $result['values'][0]); | |
6a488035 | 180 | } |
7884d958 | 181 | } |
182 | ||
183 | /** | |
184 | * Check that pledge IS not returned | |
185 | */ | |
186 | function testContactGetPledgeIDNotReturned() { | |
187 | $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookAllResults')); | |
188 | $fullresult = $this->callAPISuccess('contact', 'get', array( | |
189 | 'sequential' => 1, | |
190 | )); | |
191 | $result = $this->callAPISuccess('contact', 'get', array( | |
192 | 'check_permissions' => 1, | |
193 | 'return' => 'pledge_id', | |
194 | 'sequential' => 1, | |
195 | )); | |
196 | $this->assertArrayNotHasKey('pledge_id', $result['values'][0]); | |
197 | } | |
6a488035 | 198 | |
7884d958 | 199 | /** |
200 | * Check that pledge IS not an allowable filter | |
201 | */ | |
202 | function testContactGetPledgeIDNotFiltered() { | |
203 | $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookAllResults')); | |
204 | $fullresult = $this->callAPISuccess('contact', 'get', array( | |
205 | 'sequential' => 1, | |
206 | )); | |
207 | $result = $this->callAPISuccess('contact', 'get', array( | |
208 | 'check_permissions' => 1, | |
209 | 'pledge_id' => 1, | |
210 | 'sequential' => 1, | |
211 | )); | |
212 | $this->assertEquals(2, $result['count']); | |
213 | } | |
214 | ||
215 | /** | |
216 | * Check that chaining doesn't bypass permissions | |
217 | */ | |
218 | function testContactGetPledgeNotChainable() { | |
219 | $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereOnlySecond')); | |
220 | $fullresult = $this->callAPISuccess('contact', 'get', array( | |
221 | 'sequential' => 1, | |
222 | )); | |
223 | $result = $this->callAPIFailure('contact', 'get', array( | |
6a488035 | 224 | 'check_permissions' => 1, |
7884d958 | 225 | 'api.pledge.get' => 1, |
6a488035 | 226 | 'sequential' => 1, |
4e420887 | 227 | ), |
228 | 'Error in call to pledge_get : API permission check failed for pledge/get call; missing permission: access CiviCRM.' | |
7884d958 | 229 | ); |
230 | } | |
6a488035 TO |
231 | |
232 | /** | |
233 | * no results returned | |
234 | */ | |
235 | function aclWhereHookNoResults($type, &$tables, &$whereTables, &$contactID, &$where) { | |
236 | } | |
7884d958 | 237 | |
6a488035 TO |
238 | /** |
239 | * all results returned | |
7884d958 | 240 | */ |
6a488035 TO |
241 | function aclWhereHookAllResults($type, &$tables, &$whereTables, &$contactID, &$where) { |
242 | $where = " (1) "; | |
243 | } | |
7884d958 | 244 | |
6a488035 TO |
245 | /** |
246 | * full results returned | |
7884d958 | 247 | */ |
6a488035 TO |
248 | function aclWhereOnlySecond($type, &$tables, &$whereTables, &$contactID, &$where) { |
249 | $where = " contact_a.id > 1"; | |
250 | } | |
251 | ||
252 | ||
253 | } | |
254 |