projects / civicrm-core.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Test fix
[civicrm-core.git] / tests / phpunit / api / v3 / ACLPermissionTest.php
CommitLineData
6a488035 1<?php
6a488035
TO		 2/*
3 +--------------------------------------------------------------------+
81621fee 4 | CiviCRM version 4.7 |
6a488035 5 +--------------------------------------------------------------------+
fa938177 6 | Copyright CiviCRM LLC (c) 2004-2016 |
6a488035
TO		 7 +--------------------------------------------------------------------+
8 | This file is a part of CiviCRM. |
9 | |
10 | CiviCRM is free software; you can copy, modify, and distribute it |
11 | under the terms of the GNU Affero General Public License |
12 | Version 3, 19 November 2007 and the CiviCRM Licensing Exception. |
13 | |
14 | CiviCRM is distributed in the hope that it will be useful, but |
15 | WITHOUT ANY WARRANTY; without even the implied warranty of |
16 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
17 | See the GNU Affero General Public License for more details. |
18 | |
19 | You should have received a copy of the GNU Affero General Public |
20 | License and the CiviCRM Licensing Exception along |
21 | with this program; if not, contact CiviCRM LLC |
22 | at info[AT]civicrm[DOT]org. If you have questions about the |
23 | GNU Affero General Public License or the licensing of CiviCRM, |
24 | see the CiviCRM license FAQ at http://civicrm.org/licensing |
25 +--------------------------------------------------------------------+
26 */
27
6a488035
TO		 28/**
29 * This class is intended to test ACL permission using the multisite module
30 *
7884d958 31 * @package CiviCRM_APIv3
32 * @subpackage API_Contact
acb109b7 33 * @group headless
6a488035 34 */
6a488035 35class api_v3_ACLPermissionTest extends CiviUnitTestCase {
4e420887 36 protected $_apiversion = 3;
4e420887 37 public $DBResetRequired = FALSE;
430ae6dd 38 protected $_entity;
c16ed19b 39 protected $allowedContactId = 0;
430ae6dd 40
00be9182 41 public function setUp() {
6a488035
TO		 42 parent::setUp();
43 $baoObj = new CRM_Core_DAO();
44 $baoObj->createTestObject('CRM_Pledge_BAO_Pledge', array(), 1, 0);
45 $baoObj->createTestObject('CRM_Core_BAO_Phone', array(), 1, 0);
6a488035
TO		 46 $config = CRM_Core_Config::singleton();
47 $config->userPermissionClass->permissions = array();
48 }
7884d958 49
50 /**
51 * (non-PHPdoc)
52 * @see CiviUnitTestCase::tearDown()
53 */
00be9182 54 public function tearDown() {
e182b859 55 CRM_Utils_Hook::singleton()->reset();
6a488035 56 $tablesToTruncate = array(
7884d958 57 'civicrm_contact',
ae4bb4c9
EM		 58 'civicrm_group_contact',
59 'civicrm_group',
60 'civicrm_acl',
61 'civicrm_acl_cache',
62 'civicrm_acl_entity_role',
63 'civicrm_acl_contact_cache',
64 'civicrm_contribution',
65 'civicrm_participant',
225d474b 66 'civicrm_uf_match',
bbd2743b 67 'civicrm_activity',
68 'civicrm_activity_contact',
c6835264
CW		 69 'civicrm_note',
70 'civicrm_entity_tag',
71 'civicrm_tag',
6a488035
TO		 72 );
73 $this->quickCleanup($tablesToTruncate);
74 $config = CRM_Core_Config::singleton();
75 unset($config->userPermissionClass->permissions);
76 }
7884d958 77
78 /**
eceb18cc 79 * Function tests that an empty where hook returns no results.
7884d958 80 */
00be9182 81 public function testContactGetNoResultsHook() {
6a488035 82 $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookNoResults'));
4e420887 83 $result = $this->callAPISuccess('contact', 'get', array(
6a488035
TO		 84 'check_permissions' => 1,
85 'return' => 'display_name',
86 ));
6a488035
TO		 87 $this->assertEquals(0, $result['count']);
88 }
89
1028f75e 90 /**
1a4651ba 91 * Function tests that an empty where hook returns exactly 1 result with "view my contact".
1028f75e 92 *
93 * CRM-16512 caused contacts with Edit my contact to be able to view all records.
94 */
1a4651ba 95 public function testContactGetOneResultHookWithViewMyContact() {
1028f75e 96 $this->createLoggedInUser();
97 $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookNoResults'));
98 CRM_Core_Config::singleton()->userPermissionClass->permissions = array('access CiviCRM', 'view my contact');
99 $result = $this->callAPISuccess('contact', 'get', array(
100 'check_permissions' => 1,
101 'return' => 'display_name',
102 ));
1a4651ba
CW		 103 $this->assertEquals(1, $result['count']);
104 }
105
106 /**
107 * Function tests that a user with "edit my contact" can edit themselves.
108 */
109 public function testContactEditHookWithEditMyContact() {
1a4651ba
CW		 110 $cid = $this->createLoggedInUser();
111 $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookNoResults'));
112 CRM_Core_Config::singleton()->userPermissionClass->permissions = array('access CiviCRM', 'edit my contact');
113 $this->callAPISuccess('contact', 'create', array(
114 'check_permissions' => 1,
115 'id' => $cid,
116 ));
1028f75e 117 }
118
c16ed19b
CW		 119 /**
120 * Ensure contact permissions extend to related entities like email
121 */
122 public function testRelatedEntityPermissions() {
0a61b6e2 123 $this->createLoggedInUser();
c16ed19b
CW		 124 $disallowedContact = $this->individualCreate(array(), 0);
125 $this->allowedContactId = $this->individualCreate(array(), 1);
126 $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereOnlyOne'));
127 CRM_Core_Config::singleton()->userPermissionClass->permissions = array('access CiviCRM');
128 $testEntities = array(
0a61b6e2
CW		 129 'Email' => array('email' => 'null@nothing', 'location_type_id' => 1),
130 'Phone' => array('phone' => '123456', 'location_type_id' => 1),
131 'IM' => array('name' => 'hello', 'location_type_id' => 1),
c16ed19b 132 'Website' => array('url' => 'http://test'),
0a61b6e2 133 'Address' => array('street_address' => '123 Sesame St.', 'location_type_id' => 1),
c16ed19b
CW		 134 );
135 foreach ($testEntities as $entity => $params) {
136 $params += array(
137 'contact_id' => $disallowedContact,
138 'check_permissions' => 1,
139 );
140 // We should be prevented from getting or creating entities for a contact we don't have permission for
141 $this->callAPIFailure($entity, 'create', $params);
c6835264 142 $this->callAPISuccess($entity, 'create', array('check_permissions' => 0) + $params);
c16ed19b
CW		 143 $results = $this->callAPISuccess($entity, 'get', array('contact_id' => $disallowedContact, 'check_permissions' => 1));
144 $this->assertEquals(0, $results['count']);
145
146 // We should be allowed to create and get for contacts we do have permission on
147 $params['contact_id'] = $this->allowedContactId;
148 $this->callAPISuccess($entity, 'create', $params);
149 $results = $this->callAPISuccess($entity, 'get', array('contact_id' => $this->allowedContactId, 'check_permissions' => 1));
150 $this->assertGreaterThan(0, $results['count']);
151 }
c6835264
CW		 152 $newTag = civicrm_api3('Tag', 'create', array(
153 'name' => 'Foo123',
154 ));
155 $relatedEntities = array(
156 'Note' => array('note' => 'abc'),
157 'EntityTag' => array('tag_id' => $newTag['id']),
158 );
159 foreach ($relatedEntities as $entity => $params) {
160 $params += array(
161 'entity_id' => $disallowedContact,
162 'entity_table' => 'civicrm_contact',
163 'check_permissions' => 1,
164 );
165 // We should be prevented from getting or creating entities for a contact we don't have permission for
166 $this->callAPIFailure($entity, 'create', $params);
167 $this->callAPISuccess($entity, 'create', array('check_permissions' => 0) + $params);
168 $results = $this->callAPISuccess($entity, 'get', array('entity_id' => $disallowedContact, 'entity_table' => 'civicrm_contact', 'check_permissions' => 1));
169 $this->assertEquals(0, $results['count']);
170
171 // We should be allowed to create and get for entities we do have permission on
172 $params['entity_id'] = $this->allowedContactId;
173 $this->callAPISuccess($entity, 'create', $params);
174 $results = $this->callAPISuccess($entity, 'get', array('entity_id' => $this->allowedContactId, 'entity_table' => 'civicrm_contact', 'check_permissions' => 1));
175 $this->assertGreaterThan(0, $results['count']);
176 }
c16ed19b
CW		 177 }
178
6a488035 179 /**
eceb18cc 180 * Function tests all results are returned.
7884d958 181 */
00be9182 182 public function testContactGetAllResultsHook() {
6a488035 183 $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookAllResults'));
4e420887 184 $result = $this->callAPISuccess('contact', 'get', array(
7884d958 185 'check_permissions' => 1,
186 'return' => 'display_name',
6a488035
TO		 187 ));
188
6a488035
TO		 189 $this->assertEquals(2, $result['count']);
190 }
7884d958 191
6a488035 192 /**
eceb18cc 193 * Function tests that deleted contacts are not returned.
7884d958 194 */
00be9182 195 public function testContactGetPermissionHookNoDeleted() {
f5052d4d 196 $this->callAPISuccess('contact', 'create', array('id' => 2, 'is_deleted' => 1));
6a488035 197 $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookAllResults'));
4e420887 198 $result = $this->callAPISuccess('contact', 'get', array(
7884d958 199 'check_permissions' => 1,
200 'return' => 'display_name',
6a488035 201 ));
6a488035
TO		 202 $this->assertEquals(1, $result['count']);
203 }
204
205 /**
eceb18cc 206 * Test permissions limited by hook.
6a488035 207 */
00be9182 208 public function testContactGetHookLimitingHook() {
6a488035
TO		 209 $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereOnlySecond'));
210
4e420887 211 $result = $this->callAPISuccess('contact', 'get', array(
6a488035
TO		 212 'check_permissions' => 1,
213 'return' => 'display_name',
7884d958 214 ));
6a488035
TO		 215 $this->assertEquals(1, $result['count']);
216 }
217
7884d958 218 /**
1028f75e 219 * Confirm that without check permissions we still get 2 contacts returned.
7884d958 220 */
00be9182 221 public function testContactGetHookLimitingHookDontCheck() {
4e420887 222 $result = $this->callAPISuccess('contact', 'get', array(
223 'check_permissions' => 0,
224 'return' => 'display_name',
6a488035 225 ));
6a488035
TO		 226 $this->assertEquals(2, $result['count']);
227 }
7884d958 228
6a488035 229 /**
eceb18cc 230 * Check that id works as a filter.
6a488035 231 */
00be9182 232 public function testContactGetIDFilter() {
6a488035 233 $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookAllResults'));
4e420887 234 $result = $this->callAPISuccess('contact', 'get', array(
6a488035
TO		 235 'sequential' => 1,
236 'id' => 2,
237 'check_permissions' => 1,
238 ));
239
6a488035
TO		 240 $this->assertEquals(1, $result['count']);
241 $this->assertEquals(2, $result['id']);
242 }
243
7884d958 244 /**
eceb18cc 245 * Check that address IS returned.
7884d958 246 */
00be9182 247 public function testContactGetAddressReturned() {
7884d958 248 $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereOnlySecond'));
249 $fullresult = $this->callAPISuccess('contact', 'get', array(
250 'sequential' => 1,
251 ));
252 //return doesn't work for all keys - can't fix that here so let's skip ...
253 //prefix & suffix are inconsistent due to CRM-7929
254 // unsure about others but return doesn't work on them
255 $elementsReturnDoesntSupport = array(
7884d958 256 'prefix',
7884d958 257 'suffix',
7884d958 258 'gender',
259 'current_employer',
260 'phone_id',
261 'phone_type_id',
262 'phone',
263 'worldregion_id',
21dfd5f5 264 'world_region',
7884d958 265 );
266 $expectedReturnElements = array_diff(array_keys($fullresult['values'][0]), $elementsReturnDoesntSupport);
267 $result = $this->callAPISuccess('contact', 'get', array(
268 'check_permissions' => 1,
269 'return' => $expectedReturnElements,
270 'sequential' => 1,
271 ));
272 $this->assertEquals(1, $result['count']);
273 foreach ($expectedReturnElements as $element) {
274 $this->assertArrayHasKey($element, $result['values'][0]);
6a488035 275 }
7884d958 276 }
277
278 /**
eceb18cc 279 * Check that pledge IS not returned.
7884d958 280 */
00be9182 281 public function testContactGetPledgeIDNotReturned() {
7884d958 282 $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookAllResults'));
f5052d4d 283 $this->callAPISuccess('contact', 'get', array(
7884d958 284 'sequential' => 1,
285 ));
286 $result = $this->callAPISuccess('contact', 'get', array(
287 'check_permissions' => 1,
288 'return' => 'pledge_id',
289 'sequential' => 1,
290 ));
291 $this->assertArrayNotHasKey('pledge_id', $result['values'][0]);
292 }
6a488035 293
7884d958 294 /**
eceb18cc 295 * Check that pledge IS not an allowable filter.
7884d958 296 */
00be9182 297 public function testContactGetPledgeIDNotFiltered() {
7884d958 298 $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookAllResults'));
f5052d4d 299 $this->callAPISuccess('contact', 'get', array(
7884d958 300 'sequential' => 1,
301 ));
302 $result = $this->callAPISuccess('contact', 'get', array(
303 'check_permissions' => 1,
304 'pledge_id' => 1,
305 'sequential' => 1,
306 ));
307 $this->assertEquals(2, $result['count']);
308 }
309
310 /**
311 * Check that chaining doesn't bypass permissions
312 */
00be9182 313 public function testContactGetPledgeNotChainable() {
7884d958 314 $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereOnlySecond'));
f5052d4d 315 $this->callAPISuccess('contact', 'get', array(
7884d958 316 'sequential' => 1,
317 ));
f5052d4d 318 $this->callAPIFailure('contact', 'get', array(
6a488035 319 'check_permissions' => 1,
7884d958 320 'api.pledge.get' => 1,
6a488035 321 'sequential' => 1,
4e420887 322 ),
d235daf6 323 'Error in call to Pledge_get : API permission check failed for Pledge/get call; insufficient permission: require access CiviCRM and access CiviPledge'
7884d958 324 );
325 }
6a488035 326
00be9182 327 public function setupCoreACL() {
ae4bb4c9 328 $this->createLoggedInUser();
5896d037 329 $this->_permissionedDisabledGroup = $this->groupCreate(array(
92915c55
TO		 330 'title' => 'pick-me-disabled',
331 'is_active' => 0,
332 'name' => 'pick-me-disabled',
333 ));
5896d037 334 $this->_permissionedGroup = $this->groupCreate(array(
92915c55
TO		 335 'title' => 'pick-me-active',
336 'is_active' => 1,
337 'name' => 'pick-me-active',
338 ));
ae4bb4c9
EM		 339 $this->setupACL();
340 }
5896d037 341
ae4bb4c9
EM		 342 /**
343 * @dataProvider entities
344 * confirm that without check permissions we still get 2 contacts returned
1e1fdcf6 345 * @param $entity
ae4bb4c9 346 */
00be9182 347 public function testEntitiesGetHookLimitingHookNoCheck($entity) {
ae4bb4c9
EM		 348 CRM_Core_Config::singleton()->userPermissionClass->permissions = array();
349 $this->setUpEntities($entity);
350 $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookNoResults'));
351 $result = $this->callAPISuccess($entity, 'get', array(
352 'check_permissions' => 0,
353 'return' => 'contact_id',
354 ));
355 $this->assertEquals(2, $result['count']);
356 }
357
358 /**
359 * @dataProvider entities
360 * confirm that without check permissions we still get 2 entities returned
1e1fdcf6 361 * @param $entity
ae4bb4c9 362 */
00be9182 363 public function testEntitiesGetCoreACLLimitingHookNoCheck($entity) {
ae4bb4c9
EM		 364 $this->setupCoreACL();
365 //CRM_Core_Config::singleton()->userPermissionClass->permissions = array();
366 $this->setUpEntities($entity);
367 $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookNoResults'));
368 $result = $this->callAPISuccess($entity, 'get', array(
369 'check_permissions' => 0,
370 'return' => 'contact_id',
371 ));
372 $this->assertEquals(2, $result['count']);
373 }
5896d037 374
ae4bb4c9
EM		 375 /**
376 * @dataProvider entities
377 * confirm that with check permissions we don't get entities
1e1fdcf6
EM		 378 * @param $entity
379 * @throws \PHPUnit_Framework_IncompleteTestError
ae4bb4c9 380 */
00be9182 381 public function testEntitiesGetCoreACLLimitingCheck($entity) {
ae4bb4c9
EM		 382 $this->setupCoreACL();
383 $this->setUpEntities($entity);
ae4bb4c9
EM		 384 $result = $this->callAPISuccess($entity, 'get', array(
385 'check_permissions' => 1,
386 'return' => 'contact_id',
387 ));
388 $this->assertEquals(0, $result['count']);
389 }
390
ae4bb4c9
EM		 391 /**
392 * @dataProvider entities
393 * Function tests that an empty where hook returns no results
1028f75e 394 * @param string $entity
1e1fdcf6 395 * @throws \PHPUnit_Framework_IncompleteTestError
ae4bb4c9 396 */
00be9182 397 public function testEntityGetNoResultsHook($entity) {
ae4bb4c9
EM		 398 $this->markTestIncomplete('hook acls only work with contacts so far');
399 CRM_Core_Config::singleton()->userPermissionClass->permissions = array();
400 $this->setUpEntities($entity);
401 $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookNoResults'));
402 $result = $this->callAPISuccess($entity, 'get', array(
403 'check_permission' => 1,
404 ));
405 $this->assertEquals(0, $result['count']);
406 }
407
408 /**
409 * @return array
410 */
411 public static function entities() {
6c6e6187 412 return array(array('contribution'), array('participant'));// @todo array('pledge' => 'pledge')
ae4bb4c9
EM		 413 }
414
415 /**
416 * Create 2 entities
1e1fdcf6 417 * @param $entity
ae4bb4c9
EM		 418 */
419 public function setUpEntities($entity) {
420 $baoObj = new CRM_Core_DAO();
5896d037 421 $baoObj->createTestObject(_civicrm_api3_get_BAO($entity), array(), 2, 0);
ae4bb4c9
EM		 422 CRM_Core_Config::singleton()->userPermissionClass->permissions = array(
423 'access CiviCRM',
424 'access CiviContribute',
425 'access CiviEvent',
426 'view event participants',
427 );
428 }
429
6a488035 430 /**
eceb18cc 431 * No results returned.
24602943 432 *
c16ed19b 433 * @implements CRM_Utils_Hook::aclWhereClause
24602943 434 *
435 * @param string $type
436 * @param array $tables
437 * @param array $whereTables
438 * @param int $contactID
439 * @param string $where
6a488035 440 */
00be9182 441 public function aclWhereHookNoResults($type, &$tables, &$whereTables, &$contactID, &$where) {
6a488035 442 }
7884d958 443
6a488035 444 /**
eceb18cc 445 * All results returned.
24602943 446 *
f5052d4d 447 * @implements CRM_Utils_Hook::aclWhereClause
24602943 448 *
449 * @param string $type
450 * @param array $tables
451 * @param array $whereTables
452 * @param int $contactID
453 * @param string $where
7884d958 454 */
00be9182 455 public function aclWhereHookAllResults($type, &$tables, &$whereTables, &$contactID, &$where) {
6a488035
TO		 456 $where = " (1) ";
457 }
7884d958 458
6a488035 459 /**
c16ed19b 460 * All but first results returned.
f5052d4d 461 * @implements CRM_Utils_Hook::aclWhereClause
1e1fdcf6
EM		 462 * @param $type
463 * @param $tables
464 * @param $whereTables
465 * @param $contactID
466 * @param $where
7884d958 467 */
00be9182 468 public function aclWhereOnlySecond($type, &$tables, &$whereTables, &$contactID, &$where) {
6a488035
TO		 469 $where = " contact_a.id > 1";
470 }
96025800 471
c16ed19b
CW		 472 /**
473 * Only specified contact returned.
474 * @implements CRM_Utils_Hook::aclWhereClause
475 * @param $type
476 * @param $tables
477 * @param $whereTables
478 * @param $contactID
479 * @param $where
480 */
481 public function aclWhereOnlyOne($type, &$tables, &$whereTables, &$contactID, &$where) {
482 $where = " contact_a.id = " . $this->allowedContactId;
483 }
484
bbd2743b 485 /**
486 * Basic check that an unpermissioned call keeps working and permissioned call fails.
487 */
488 public function testGetActivityNoPermissions() {
489 $this->setPermissions(array());
490 $this->callAPISuccess('Activity', 'get', array());
491 $this->callAPIFailure('Activity', 'get', array('check_permissions' => 1));
492 }
493
494 /**
495 * View all activities is enough regardless of contact ACLs.
496 */
497 public function testGetActivityViewAllActivitiesEnoughWithOrWithoutID() {
498 $activity = $this->activityCreate();
499 $this->setPermissions(array('view all activities', 'access CiviCRM'));
500 $this->callAPISuccess('Activity', 'getsingle', array('check_permissions' => 1, 'id' => $activity['id']));
501 $this->callAPISuccess('Activity', 'getsingle', array('check_permissions' => 1));
502 }
503
504 /**
505 * View all activities is required unless id is passed in.
506 */
507 public function testGetActivityViewAllContactsNotEnoughWIthoutID() {
508 $this->setPermissions(array('view all contacts', 'access CiviCRM'));
509 $this->callAPIFailure('Activity', 'get', array('check_permissions' => 1));
510 }
511
512 /**
513 * View all activities is required unless id is passed in, in which case ACLs are used.
514 */
515 public function testGetActivityViewAllContactsEnoughWIthID() {
516 $activity = $this->activityCreate();
517 $this->setPermissions(array('view all contacts', 'access CiviCRM'));
518 $this->callAPISuccess('Activity', 'getsingle', array('check_permissions' => 1, 'id' => $activity['id']));
519 }
520
521 /**
522 * View all activities is required unless id is passed in, in which case ACLs are used.
523 */
524 public function testGetActivityAccessCiviCRMNotEnough() {
525 $activity = $this->activityCreate();
526 $this->setPermissions(array('access CiviCRM'));
527 $this->callAPIFailure('Activity', 'getsingle', array('check_permissions' => 1, 'id' => $activity['id']));
528 }
529
530 /**
531 * Check that activities can be retrieved by ACL.
532 *
533 * The activities api applies ACLs in a very limited circumstance, if id is passed in.
534 * Otherwise it sticks with the blunt original permissions.
535 */
536 public function testGetActivityByACL() {
537 $this->setPermissions(array('access CiviCRM'));
538 $activity = $this->activityCreate();
539
540 $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookAllResults'));
541 $this->callAPISuccess('Activity', 'getsingle', array('check_permissions' => 1, 'id' => $activity['id']));
542 }
543
544 /**
545 * To leverage ACL permission to view an activity you must be able to see all of the contacts.
546 */
547 public function testGetActivityByAclCannotViewAllContacts() {
548 $activity = $this->activityCreate();
549 $contacts = $this->getActivityContacts($activity);
550 $this->setPermissions(array('access CiviCRM'));
551
552 foreach ($contacts as $contact_id) {
553 $this->allowedContactId = $contact_id;
554 $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereOnlyOne'));
555 $this->callAPIFailure('Activity', 'getsingle', array('check_permissions' => 1, 'id' => $activity['id']));
556 }
557 }
558
559 /**
560 * Check that if the source contact is deleted but we can view the others we can see the activity.
561 *
562 * CRM-18409.
563 *
564 * @throws \CRM_Core_Exception
565 */
566 public function testGetActivityACLSourceContactDeleted() {
567 $this->setPermissions(array('access CiviCRM', 'delete contacts'));
568 $activity = $this->activityCreate();
569 $contacts = $this->getActivityContacts($activity);
570
571 $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookAllResults'));
572 $this->contactDelete($contacts['source_contact_id']);
573 $this->callAPISuccess('Activity', 'getsingle', array('check_permissions' => 1, 'id' => $activity['id']));
574 }
575
576 /**
577 * Get the contacts for the activity.
578 *
579 * @param $activity
580 *
581 * @return array
582 * @throws \CRM_Core_Exception
583 */
584 protected function getActivityContacts($activity) {
585 $contacts = array();
586
587 $activityContacts = $this->callAPISuccess('ActivityContact', 'get', array(
588 'activity_id' => $activity['id'],
589 )
590 );
591
592 $activityRecordTypes = $this->callAPISuccess('ActivityContact', 'getoptions', array('field' => 'record_type_id'));
593 foreach ($activityContacts['values'] as $activityContact) {
594 $type = $activityRecordTypes['values'][$activityContact['record_type_id']];
595 switch ($type) {
596 case 'Activity Source':
597 $contacts['source_contact_id'] = $activityContact['contact_id'];
598 break;
599
600 case 'Activity Targets':
601 $contacts['target_contact_id'] = $activityContact['contact_id'];
602 break;
603
604 case 'Activity Assignees':
605 $contacts['assignee_contact_id'] = $activityContact['contact_id'];
606 break;
607
608 }
609 }
610 return $contacts;
611 }
612
6a488035 613}