projects / civicrm-core.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge pull request #11735 from mukeshcompucorp/CRM-21814-add-proper-container-to...
[civicrm-core.git] / tests / phpunit / api / v3 / ACLPermissionTest.php
CommitLineData
6a488035 1<?php
6a488035
TO		 2/*
3 +--------------------------------------------------------------------+
81621fee 4 | CiviCRM version 4.7 |
6a488035 5 +--------------------------------------------------------------------+
8c9251b3 6 | Copyright CiviCRM LLC (c) 2004-2018 |
6a488035
TO		 7 +--------------------------------------------------------------------+
8 | This file is a part of CiviCRM. |
9 | |
10 | CiviCRM is free software; you can copy, modify, and distribute it |
11 | under the terms of the GNU Affero General Public License |
12 | Version 3, 19 November 2007 and the CiviCRM Licensing Exception. |
13 | |
14 | CiviCRM is distributed in the hope that it will be useful, but |
15 | WITHOUT ANY WARRANTY; without even the implied warranty of |
16 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
17 | See the GNU Affero General Public License for more details. |
18 | |
19 | You should have received a copy of the GNU Affero General Public |
20 | License and the CiviCRM Licensing Exception along |
21 | with this program; if not, contact CiviCRM LLC |
22 | at info[AT]civicrm[DOT]org. If you have questions about the |
23 | GNU Affero General Public License or the licensing of CiviCRM, |
24 | see the CiviCRM license FAQ at http://civicrm.org/licensing |
25 +--------------------------------------------------------------------+
26 */
27
6a488035
TO		 28/**
29 * This class is intended to test ACL permission using the multisite module
30 *
7884d958 31 * @package CiviCRM_APIv3
32 * @subpackage API_Contact
acb109b7 33 * @group headless
6a488035 34 */
6a488035 35class api_v3_ACLPermissionTest extends CiviUnitTestCase {
4e420887 36 protected $_apiversion = 3;
4e420887 37 public $DBResetRequired = FALSE;
430ae6dd 38 protected $_entity;
c16ed19b 39 protected $allowedContactId = 0;
f404486e 40 protected $allowedContacts = array();
430ae6dd 41
00be9182 42 public function setUp() {
6a488035
TO		 43 parent::setUp();
44 $baoObj = new CRM_Core_DAO();
45 $baoObj->createTestObject('CRM_Pledge_BAO_Pledge', array(), 1, 0);
46 $baoObj->createTestObject('CRM_Core_BAO_Phone', array(), 1, 0);
5e8daa54 47 $this->prepareForACLs();
6a488035 48 }
7884d958 49
50 /**
51 * (non-PHPdoc)
52 * @see CiviUnitTestCase::tearDown()
53 */
00be9182 54 public function tearDown() {
5e8daa54 55 $this->cleanUpAfterACLs();
6a488035 56 $tablesToTruncate = array(
7884d958 57 'civicrm_contact',
ae4bb4c9
EM		 58 'civicrm_group_contact',
59 'civicrm_group',
60 'civicrm_acl',
61 'civicrm_acl_cache',
62 'civicrm_acl_entity_role',
63 'civicrm_acl_contact_cache',
64 'civicrm_contribution',
65 'civicrm_participant',
225d474b 66 'civicrm_uf_match',
bbd2743b 67 'civicrm_activity',
68 'civicrm_activity_contact',
c6835264
CW		 69 'civicrm_note',
70 'civicrm_entity_tag',
71 'civicrm_tag',
6a488035
TO		 72 );
73 $this->quickCleanup($tablesToTruncate);
6a488035 74 }
7884d958 75
76 /**
eceb18cc 77 * Function tests that an empty where hook returns no results.
7884d958 78 */
00be9182 79 public function testContactGetNoResultsHook() {
6a488035 80 $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookNoResults'));
4e420887 81 $result = $this->callAPISuccess('contact', 'get', array(
6a488035
TO		 82 'check_permissions' => 1,
83 'return' => 'display_name',
84 ));
6a488035
TO		 85 $this->assertEquals(0, $result['count']);
86 }
87
1028f75e 88 /**
1a4651ba 89 * Function tests that an empty where hook returns exactly 1 result with "view my contact".
1028f75e 90 *
91 * CRM-16512 caused contacts with Edit my contact to be able to view all records.
92 */
1a4651ba 93 public function testContactGetOneResultHookWithViewMyContact() {
1028f75e 94 $this->createLoggedInUser();
95 $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookNoResults'));
96 CRM_Core_Config::singleton()->userPermissionClass->permissions = array('access CiviCRM', 'view my contact');
97 $result = $this->callAPISuccess('contact', 'get', array(
98 'check_permissions' => 1,
99 'return' => 'display_name',
100 ));
1a4651ba
CW		 101 $this->assertEquals(1, $result['count']);
102 }
103
104 /**
105 * Function tests that a user with "edit my contact" can edit themselves.
106 */
107 public function testContactEditHookWithEditMyContact() {
1a4651ba
CW		 108 $cid = $this->createLoggedInUser();
109 $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookNoResults'));
110 CRM_Core_Config::singleton()->userPermissionClass->permissions = array('access CiviCRM', 'edit my contact');
111 $this->callAPISuccess('contact', 'create', array(
112 'check_permissions' => 1,
113 'id' => $cid,
114 ));
1028f75e 115 }
116
52ed95a8 117 /**
118 * Ensure contact permissions do not block contact-less location entities.
119 */
120 public function testAddressWithoutContactIDAccess() {
121 $ownID = $this->createLoggedInUser();
122 CRM_Core_Config::singleton()->userPermissionClass->permissions = array('access CiviCRM', 'view all contacts');
123 $this->callAPISuccess('Address', 'create', array(
124 'city' => 'Mouseville',
125 'location_type_id' => 'Main',
126 'api.LocBlock.create' => 1,
127 'contact_id' => $ownID,
128 ));
129 $this->callAPISuccessGetSingle('Address', array('city' => 'Mouseville', 'check_permissions' => 1));
130 CRM_Core_DAO::executeQuery('UPDATE civicrm_address SET contact_id = NULL WHERE contact_id = %1', array(1 => array($ownID, 'Integer')));
131 $this->callAPISuccessGetSingle('Address', array('city' => 'Mouseville', 'check_permissions' => 1));
132 }
133
c16ed19b
CW		 134 /**
135 * Ensure contact permissions extend to related entities like email
136 */
137 public function testRelatedEntityPermissions() {
0a61b6e2 138 $this->createLoggedInUser();
c16ed19b
CW		 139 $disallowedContact = $this->individualCreate(array(), 0);
140 $this->allowedContactId = $this->individualCreate(array(), 1);
141 $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereOnlyOne'));
142 CRM_Core_Config::singleton()->userPermissionClass->permissions = array('access CiviCRM');
143 $testEntities = array(
0a61b6e2
CW		 144 'Email' => array('email' => 'null@nothing', 'location_type_id' => 1),
145 'Phone' => array('phone' => '123456', 'location_type_id' => 1),
146 'IM' => array('name' => 'hello', 'location_type_id' => 1),
c16ed19b 147 'Website' => array('url' => 'http://test'),
0a61b6e2 148 'Address' => array('street_address' => '123 Sesame St.', 'location_type_id' => 1),
c16ed19b
CW		 149 );
150 foreach ($testEntities as $entity => $params) {
151 $params += array(
152 'contact_id' => $disallowedContact,
153 'check_permissions' => 1,
154 );
155 // We should be prevented from getting or creating entities for a contact we don't have permission for
156 $this->callAPIFailure($entity, 'create', $params);
c6835264 157 $this->callAPISuccess($entity, 'create', array('check_permissions' => 0) + $params);
c16ed19b
CW		 158 $results = $this->callAPISuccess($entity, 'get', array('contact_id' => $disallowedContact, 'check_permissions' => 1));
159 $this->assertEquals(0, $results['count']);
160
161 // We should be allowed to create and get for contacts we do have permission on
162 $params['contact_id'] = $this->allowedContactId;
163 $this->callAPISuccess($entity, 'create', $params);
164 $results = $this->callAPISuccess($entity, 'get', array('contact_id' => $this->allowedContactId, 'check_permissions' => 1));
165 $this->assertGreaterThan(0, $results['count']);
166 }
c6835264
CW		 167 $newTag = civicrm_api3('Tag', 'create', array(
168 'name' => 'Foo123',
169 ));
170 $relatedEntities = array(
171 'Note' => array('note' => 'abc'),
172 'EntityTag' => array('tag_id' => $newTag['id']),
173 );
174 foreach ($relatedEntities as $entity => $params) {
175 $params += array(
176 'entity_id' => $disallowedContact,
177 'entity_table' => 'civicrm_contact',
178 'check_permissions' => 1,
179 );
180 // We should be prevented from getting or creating entities for a contact we don't have permission for
181 $this->callAPIFailure($entity, 'create', $params);
182 $this->callAPISuccess($entity, 'create', array('check_permissions' => 0) + $params);
183 $results = $this->callAPISuccess($entity, 'get', array('entity_id' => $disallowedContact, 'entity_table' => 'civicrm_contact', 'check_permissions' => 1));
184 $this->assertEquals(0, $results['count']);
185
186 // We should be allowed to create and get for entities we do have permission on
187 $params['entity_id'] = $this->allowedContactId;
188 $this->callAPISuccess($entity, 'create', $params);
189 $results = $this->callAPISuccess($entity, 'get', array('entity_id' => $this->allowedContactId, 'entity_table' => 'civicrm_contact', 'check_permissions' => 1));
190 $this->assertGreaterThan(0, $results['count']);
191 }
c16ed19b
CW		 192 }
193
6a488035 194 /**
eceb18cc 195 * Function tests all results are returned.
7884d958 196 */
00be9182 197 public function testContactGetAllResultsHook() {
6a488035 198 $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookAllResults'));
4e420887 199 $result = $this->callAPISuccess('contact', 'get', array(
7884d958 200 'check_permissions' => 1,
201 'return' => 'display_name',
6a488035
TO		 202 ));
203
6a488035
TO		 204 $this->assertEquals(2, $result['count']);
205 }
7884d958 206
6a488035 207 /**
eceb18cc 208 * Function tests that deleted contacts are not returned.
7884d958 209 */
00be9182 210 public function testContactGetPermissionHookNoDeleted() {
f5052d4d 211 $this->callAPISuccess('contact', 'create', array('id' => 2, 'is_deleted' => 1));
6a488035 212 $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookAllResults'));
4e420887 213 $result = $this->callAPISuccess('contact', 'get', array(
7884d958 214 'check_permissions' => 1,
215 'return' => 'display_name',
6a488035 216 ));
6a488035
TO		 217 $this->assertEquals(1, $result['count']);
218 }
219
220 /**
eceb18cc 221 * Test permissions limited by hook.
6a488035 222 */
00be9182 223 public function testContactGetHookLimitingHook() {
6a488035
TO		 224 $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereOnlySecond'));
225
4e420887 226 $result = $this->callAPISuccess('contact', 'get', array(
6a488035
TO		 227 'check_permissions' => 1,
228 'return' => 'display_name',
7884d958 229 ));
6a488035
TO		 230 $this->assertEquals(1, $result['count']);
231 }
232
7884d958 233 /**
1028f75e 234 * Confirm that without check permissions we still get 2 contacts returned.
7884d958 235 */
00be9182 236 public function testContactGetHookLimitingHookDontCheck() {
4e420887 237 $result = $this->callAPISuccess('contact', 'get', array(
238 'check_permissions' => 0,
239 'return' => 'display_name',
6a488035 240 ));
6a488035
TO		 241 $this->assertEquals(2, $result['count']);
242 }
7884d958 243
6a488035 244 /**
eceb18cc 245 * Check that id works as a filter.
6a488035 246 */
00be9182 247 public function testContactGetIDFilter() {
6a488035 248 $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookAllResults'));
4e420887 249 $result = $this->callAPISuccess('contact', 'get', array(
6a488035
TO		 250 'sequential' => 1,
251 'id' => 2,
252 'check_permissions' => 1,
253 ));
254
6a488035
TO		 255 $this->assertEquals(1, $result['count']);
256 $this->assertEquals(2, $result['id']);
257 }
258
7884d958 259 /**
eceb18cc 260 * Check that address IS returned.
7884d958 261 */
00be9182 262 public function testContactGetAddressReturned() {
7884d958 263 $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereOnlySecond'));
264 $fullresult = $this->callAPISuccess('contact', 'get', array(
265 'sequential' => 1,
266 ));
267 //return doesn't work for all keys - can't fix that here so let's skip ...
268 //prefix & suffix are inconsistent due to CRM-7929
269 // unsure about others but return doesn't work on them
270 $elementsReturnDoesntSupport = array(
7884d958 271 'prefix',
7884d958 272 'suffix',
7884d958 273 'gender',
274 'current_employer',
275 'phone_id',
276 'phone_type_id',
277 'phone',
278 'worldregion_id',
21dfd5f5 279 'world_region',
7884d958 280 );
281 $expectedReturnElements = array_diff(array_keys($fullresult['values'][0]), $elementsReturnDoesntSupport);
282 $result = $this->callAPISuccess('contact', 'get', array(
283 'check_permissions' => 1,
284 'return' => $expectedReturnElements,
285 'sequential' => 1,
286 ));
287 $this->assertEquals(1, $result['count']);
288 foreach ($expectedReturnElements as $element) {
289 $this->assertArrayHasKey($element, $result['values'][0]);
6a488035 290 }
7884d958 291 }
292
293 /**
eceb18cc 294 * Check that pledge IS not returned.
7884d958 295 */
00be9182 296 public function testContactGetPledgeIDNotReturned() {
7884d958 297 $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookAllResults'));
f5052d4d 298 $this->callAPISuccess('contact', 'get', array(
7884d958 299 'sequential' => 1,
300 ));
301 $result = $this->callAPISuccess('contact', 'get', array(
302 'check_permissions' => 1,
303 'return' => 'pledge_id',
304 'sequential' => 1,
305 ));
306 $this->assertArrayNotHasKey('pledge_id', $result['values'][0]);
307 }
6a488035 308
7884d958 309 /**
eceb18cc 310 * Check that pledge IS not an allowable filter.
7884d958 311 */
00be9182 312 public function testContactGetPledgeIDNotFiltered() {
7884d958 313 $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookAllResults'));
f5052d4d 314 $this->callAPISuccess('contact', 'get', array(
7884d958 315 'sequential' => 1,
316 ));
317 $result = $this->callAPISuccess('contact', 'get', array(
318 'check_permissions' => 1,
319 'pledge_id' => 1,
320 'sequential' => 1,
321 ));
322 $this->assertEquals(2, $result['count']);
323 }
324
325 /**
326 * Check that chaining doesn't bypass permissions
327 */
00be9182 328 public function testContactGetPledgeNotChainable() {
7884d958 329 $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereOnlySecond'));
f5052d4d 330 $this->callAPISuccess('contact', 'get', array(
7884d958 331 'sequential' => 1,
332 ));
f5052d4d 333 $this->callAPIFailure('contact', 'get', array(
6a488035 334 'check_permissions' => 1,
7884d958 335 'api.pledge.get' => 1,
6a488035 336 'sequential' => 1,
4e420887 337 ),
d235daf6 338 'Error in call to Pledge_get : API permission check failed for Pledge/get call; insufficient permission: require access CiviCRM and access CiviPledge'
7884d958 339 );
340 }
6a488035 341
00be9182 342 public function setupCoreACL() {
ae4bb4c9 343 $this->createLoggedInUser();
5896d037 344 $this->_permissionedDisabledGroup = $this->groupCreate(array(
92915c55
TO		 345 'title' => 'pick-me-disabled',
346 'is_active' => 0,
347 'name' => 'pick-me-disabled',
348 ));
5896d037 349 $this->_permissionedGroup = $this->groupCreate(array(
92915c55
TO		 350 'title' => 'pick-me-active',
351 'is_active' => 1,
352 'name' => 'pick-me-active',
353 ));
ae4bb4c9
EM		 354 $this->setupACL();
355 }
5896d037 356
ae4bb4c9
EM		 357 /**
358 * @dataProvider entities
359 * confirm that without check permissions we still get 2 contacts returned
1e1fdcf6 360 * @param $entity
ae4bb4c9 361 */
00be9182 362 public function testEntitiesGetHookLimitingHookNoCheck($entity) {
ae4bb4c9
EM		 363 CRM_Core_Config::singleton()->userPermissionClass->permissions = array();
364 $this->setUpEntities($entity);
365 $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookNoResults'));
366 $result = $this->callAPISuccess($entity, 'get', array(
367 'check_permissions' => 0,
368 'return' => 'contact_id',
369 ));
370 $this->assertEquals(2, $result['count']);
371 }
372
373 /**
374 * @dataProvider entities
375 * confirm that without check permissions we still get 2 entities returned
1e1fdcf6 376 * @param $entity
ae4bb4c9 377 */
00be9182 378 public function testEntitiesGetCoreACLLimitingHookNoCheck($entity) {
ae4bb4c9
EM		 379 $this->setupCoreACL();
380 //CRM_Core_Config::singleton()->userPermissionClass->permissions = array();
381 $this->setUpEntities($entity);
382 $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookNoResults'));
383 $result = $this->callAPISuccess($entity, 'get', array(
384 'check_permissions' => 0,
385 'return' => 'contact_id',
386 ));
387 $this->assertEquals(2, $result['count']);
388 }
5896d037 389
ae4bb4c9
EM		 390 /**
391 * @dataProvider entities
392 * confirm that with check permissions we don't get entities
1e1fdcf6
EM		 393 * @param $entity
394 * @throws \PHPUnit_Framework_IncompleteTestError
ae4bb4c9 395 */
00be9182 396 public function testEntitiesGetCoreACLLimitingCheck($entity) {
ae4bb4c9
EM		 397 $this->setupCoreACL();
398 $this->setUpEntities($entity);
ae4bb4c9
EM		 399 $result = $this->callAPISuccess($entity, 'get', array(
400 'check_permissions' => 1,
401 'return' => 'contact_id',
402 ));
403 $this->assertEquals(0, $result['count']);
404 }
405
ae4bb4c9
EM		 406 /**
407 * @dataProvider entities
408 * Function tests that an empty where hook returns no results
1028f75e 409 * @param string $entity
1e1fdcf6 410 * @throws \PHPUnit_Framework_IncompleteTestError
ae4bb4c9 411 */
00be9182 412 public function testEntityGetNoResultsHook($entity) {
ae4bb4c9
EM		 413 $this->markTestIncomplete('hook acls only work with contacts so far');
414 CRM_Core_Config::singleton()->userPermissionClass->permissions = array();
415 $this->setUpEntities($entity);
416 $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookNoResults'));
417 $result = $this->callAPISuccess($entity, 'get', array(
418 'check_permission' => 1,
419 ));
420 $this->assertEquals(0, $result['count']);
421 }
422
423 /**
424 * @return array
425 */
426 public static function entities() {
6c6e6187 427 return array(array('contribution'), array('participant'));// @todo array('pledge' => 'pledge')
ae4bb4c9
EM		 428 }
429
430 /**
431 * Create 2 entities
1e1fdcf6 432 * @param $entity
ae4bb4c9
EM		 433 */
434 public function setUpEntities($entity) {
435 $baoObj = new CRM_Core_DAO();
5896d037 436 $baoObj->createTestObject(_civicrm_api3_get_BAO($entity), array(), 2, 0);
ae4bb4c9
EM		 437 CRM_Core_Config::singleton()->userPermissionClass->permissions = array(
438 'access CiviCRM',
439 'access CiviContribute',
440 'access CiviEvent',
441 'view event participants',
442 );
443 }
444
6a488035 445 /**
eceb18cc 446 * All results returned.
24602943 447 *
f5052d4d 448 * @implements CRM_Utils_Hook::aclWhereClause
24602943 449 *
450 * @param string $type
451 * @param array $tables
452 * @param array $whereTables
453 * @param int $contactID
454 * @param string $where
7884d958 455 */
00be9182 456 public function aclWhereHookAllResults($type, &$tables, &$whereTables, &$contactID, &$where) {
6a488035
TO		 457 $where = " (1) ";
458 }
7884d958 459
6a488035 460 /**
c16ed19b 461 * All but first results returned.
f5052d4d 462 * @implements CRM_Utils_Hook::aclWhereClause
1e1fdcf6
EM		 463 * @param $type
464 * @param $tables
465 * @param $whereTables
466 * @param $contactID
467 * @param $where
7884d958 468 */
00be9182 469 public function aclWhereOnlySecond($type, &$tables, &$whereTables, &$contactID, &$where) {
6a488035
TO		 470 $where = " contact_a.id > 1";
471 }
96025800 472
c16ed19b
CW		 473 /**
474 * Only specified contact returned.
475 * @implements CRM_Utils_Hook::aclWhereClause
476 * @param $type
477 * @param $tables
478 * @param $whereTables
479 * @param $contactID
480 * @param $where
481 */
482 public function aclWhereOnlyOne($type, &$tables, &$whereTables, &$contactID, &$where) {
483 $where = " contact_a.id = " . $this->allowedContactId;
484 }
485
bbd2743b 486 /**
487 * Basic check that an unpermissioned call keeps working and permissioned call fails.
488 */
489 public function testGetActivityNoPermissions() {
490 $this->setPermissions(array());
491 $this->callAPISuccess('Activity', 'get', array());
492 $this->callAPIFailure('Activity', 'get', array('check_permissions' => 1));
493 }
494
495 /**
496 * View all activities is enough regardless of contact ACLs.
497 */
498 public function testGetActivityViewAllActivitiesEnoughWithOrWithoutID() {
499 $activity = $this->activityCreate();
500 $this->setPermissions(array('view all activities', 'access CiviCRM'));
501 $this->callAPISuccess('Activity', 'getsingle', array('check_permissions' => 1, 'id' => $activity['id']));
502 $this->callAPISuccess('Activity', 'getsingle', array('check_permissions' => 1));
503 }
504
505 /**
506 * View all activities is required unless id is passed in.
507 */
3c9d67b0 508 public function testGetActivityViewAllContactsEnoughWIthoutID() {
bbd2743b 509 $this->setPermissions(array('view all contacts', 'access CiviCRM'));
3c9d67b0 510 $this->callAPISuccess('Activity', 'get', array('check_permissions' => 1));
bbd2743b 511 }
512
513 /**
514 * View all activities is required unless id is passed in, in which case ACLs are used.
515 */
516 public function testGetActivityViewAllContactsEnoughWIthID() {
517 $activity = $this->activityCreate();
518 $this->setPermissions(array('view all contacts', 'access CiviCRM'));
519 $this->callAPISuccess('Activity', 'getsingle', array('check_permissions' => 1, 'id' => $activity['id']));
520 }
521
522 /**
523 * View all activities is required unless id is passed in, in which case ACLs are used.
524 */
525 public function testGetActivityAccessCiviCRMNotEnough() {
526 $activity = $this->activityCreate();
527 $this->setPermissions(array('access CiviCRM'));
528 $this->callAPIFailure('Activity', 'getsingle', array('check_permissions' => 1, 'id' => $activity['id']));
529 }
530
531 /**
532 * Check that activities can be retrieved by ACL.
533 *
534 * The activities api applies ACLs in a very limited circumstance, if id is passed in.
535 * Otherwise it sticks with the blunt original permissions.
536 */
537 public function testGetActivityByACL() {
538 $this->setPermissions(array('access CiviCRM'));
539 $activity = $this->activityCreate();
540
541 $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookAllResults'));
542 $this->callAPISuccess('Activity', 'getsingle', array('check_permissions' => 1, 'id' => $activity['id']));
543 }
544
545 /**
546 * To leverage ACL permission to view an activity you must be able to see all of the contacts.
547 */
548 public function testGetActivityByAclCannotViewAllContacts() {
549 $activity = $this->activityCreate();
550 $contacts = $this->getActivityContacts($activity);
551 $this->setPermissions(array('access CiviCRM'));
552
553 foreach ($contacts as $contact_id) {
554 $this->allowedContactId = $contact_id;
555 $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereOnlyOne'));
556 $this->callAPIFailure('Activity', 'getsingle', array('check_permissions' => 1, 'id' => $activity['id']));
557 }
558 }
559
560 /**
561 * Check that if the source contact is deleted but we can view the others we can see the activity.
562 *
563 * CRM-18409.
564 *
565 * @throws \CRM_Core_Exception
566 */
567 public function testGetActivityACLSourceContactDeleted() {
568 $this->setPermissions(array('access CiviCRM', 'delete contacts'));
569 $activity = $this->activityCreate();
570 $contacts = $this->getActivityContacts($activity);
571
572 $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookAllResults'));
573 $this->contactDelete($contacts['source_contact_id']);
574 $this->callAPISuccess('Activity', 'getsingle', array('check_permissions' => 1, 'id' => $activity['id']));
575 }
576
f404486e
SL		 577 /**
578 * Test get activities multiple ids with check permissions
579 * CRM-20441
580 */
581 public function testActivitiesGetMultipleIdsCheckPermissions() {
582 $this->createLoggedInUser();
583 $activity = $this->activityCreate();
584 $activity2 = $this->activityCreate();
585 $this->setPermissions(array('access CiviCRM'));
586 $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookAllResults'));
587 // Get activities associated with contact $this->_contactID.
588 $params = array(
589 'id' => array('IN' => array($activity['id'], $activity2['id'])),
590 'check_permissions' => TRUE,
591 );
592 $result = $this->callAPISuccess('activity', 'get', $params);
593 $this->assertEquals(2, $result['count']);
594 }
595
596 /**
597 * Test get activities multiple ids with check permissions
598 * Limit access to One contact
599 * CRM-20441
600 */
601 public function testActivitiesGetMultipleIdsCheckPermissionsLimitedACL() {
602 $this->createLoggedInUser();
603 $activity = $this->activityCreate();
604 $contacts = $this->getActivityContacts($activity);
605 $this->setPermissions(array('access CiviCRM'));
606 foreach ($contacts as $contact_id) {
607 $this->allowedContacts[] = $contact_id;
608 }
609 $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereMultipleContacts'));
610 $contact2 = $this->individualCreate();
611 $activity2 = $this->activityCreate(array('source_contact_id' => $contact2));
612 // Get activities associated with contact $this->_contactID.
613 $params = array(
614 'id' => array('IN' => array($activity['id'])),
615 'check_permissions' => TRUE,
616 );
617 $result = $this->callAPISuccess('activity', 'get', $params);
618 $this->assertEquals(1, $result['count']);
619 $this->callAPIFailure('activity', 'get', array_merge($params, array('id' => array('IN', array($activity2['id'])))));
620 }
621
dfe0e2e1
SL		 622 /**
623 * Test get activities multiple ids with check permissions
624 * CRM-20441
625 */
626 public function testActivitiesGetMultipleIdsCheckPermissionsNotIN() {
627 $this->createLoggedInUser();
628 $activity = $this->activityCreate();
629 $activity2 = $this->activityCreate();
630 $this->setPermissions(array('access CiviCRM'));
631 $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookAllResults'));
632 // Get activities associated with contact $this->_contactID.
633 $params = array(
634 'id' => array('NOT IN' => array($activity['id'], $activity2['id'])),
635 'check_permissions' => TRUE,
636 );
3c9d67b0 637 $result = $this->callAPISuccess('activity', 'get', $params);
638 $this->assertEquals(0, $result['count']);
dfe0e2e1
SL		 639 }
640
bbd2743b 641 /**
642 * Get the contacts for the activity.
643 *
644 * @param $activity
645 *
646 * @return array
647 * @throws \CRM_Core_Exception
648 */
649 protected function getActivityContacts($activity) {
650 $contacts = array();
651
652 $activityContacts = $this->callAPISuccess('ActivityContact', 'get', array(
653 'activity_id' => $activity['id'],
654 )
655 );
656
657 $activityRecordTypes = $this->callAPISuccess('ActivityContact', 'getoptions', array('field' => 'record_type_id'));
658 foreach ($activityContacts['values'] as $activityContact) {
659 $type = $activityRecordTypes['values'][$activityContact['record_type_id']];
660 switch ($type) {
661 case 'Activity Source':
662 $contacts['source_contact_id'] = $activityContact['contact_id'];
663 break;
664
665 case 'Activity Targets':
666 $contacts['target_contact_id'] = $activityContact['contact_id'];
667 break;
668
669 case 'Activity Assignees':
670 $contacts['assignee_contact_id'] = $activityContact['contact_id'];
671 break;
672
673 }
674 }
675 return $contacts;
676 }
677
6a488035 678}