Commit | Line | Data |
---|---|---|
6a488035 | 1 | <?php |
6a488035 TO |
2 | /* |
3 | +--------------------------------------------------------------------+ | |
4 | | CiviCRM version 4.3 | | |
5 | +--------------------------------------------------------------------+ | |
6 | | Copyright CiviCRM LLC (c) 2004-2013 | | |
7 | +--------------------------------------------------------------------+ | |
8 | | This file is a part of CiviCRM. | | |
9 | | | | |
10 | | CiviCRM is free software; you can copy, modify, and distribute it | | |
11 | | under the terms of the GNU Affero General Public License | | |
12 | | Version 3, 19 November 2007 and the CiviCRM Licensing Exception. | | |
13 | | | | |
14 | | CiviCRM is distributed in the hope that it will be useful, but | | |
15 | | WITHOUT ANY WARRANTY; without even the implied warranty of | | |
16 | | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. | | |
17 | | See the GNU Affero General Public License for more details. | | |
18 | | | | |
19 | | You should have received a copy of the GNU Affero General Public | | |
20 | | License and the CiviCRM Licensing Exception along | | |
21 | | with this program; if not, contact CiviCRM LLC | | |
22 | | at info[AT]civicrm[DOT]org. If you have questions about the | | |
23 | | GNU Affero General Public License or the licensing of CiviCRM, | | |
24 | | see the CiviCRM license FAQ at http://civicrm.org/licensing | | |
25 | +--------------------------------------------------------------------+ | |
26 | */ | |
27 | ||
28 | require_once 'CiviTest/CiviUnitTestCase.php'; | |
29 | ||
30 | /** | |
31 | * This class is intended to test ACL permission using the multisite module | |
32 | * | |
33 | * @package CiviCRM_APIv3 | |
34 | * @subpackage API_Contact | |
35 | */ | |
36 | ||
37 | class api_v3_ACLPermissionTest extends CiviUnitTestCase { | |
4e420887 | 38 | protected $_apiversion = 3; |
6a488035 TO |
39 | protected $_params; |
40 | protected $hookClass = null; | |
4e420887 | 41 | public $DBResetRequired = FALSE; |
6a488035 TO |
42 | |
43 | public $_eNoticeCompliant = TRUE; | |
44 | ||
430ae6dd TO |
45 | protected $_entity; |
46 | ||
47 | function setUp() { | |
6a488035 TO |
48 | parent::setUp(); |
49 | $baoObj = new CRM_Core_DAO(); | |
50 | $baoObj->createTestObject('CRM_Pledge_BAO_Pledge', array(), 1, 0); | |
51 | $baoObj->createTestObject('CRM_Core_BAO_Phone', array(), 1, 0); | |
52 | $this->hookClass = CRM_Utils_Hook::singleton(); | |
53 | $config = CRM_Core_Config::singleton(); | |
54 | $config->userPermissionClass->permissions = array(); | |
55 | } | |
56 | /** | |
57 | * (non-PHPdoc) | |
58 | * @see CiviUnitTestCase::tearDown() | |
59 | */ | |
60 | function tearDown() { | |
e182b859 | 61 | CRM_Utils_Hook::singleton()->reset(); |
6a488035 TO |
62 | $tablesToTruncate = array( |
63 | 'civicrm_contact', | |
64 | ); | |
65 | $this->quickCleanup($tablesToTruncate); | |
66 | $config = CRM_Core_Config::singleton(); | |
67 | unset($config->userPermissionClass->permissions); | |
68 | } | |
69 | /** | |
70 | * Function just tests that an empty where hook returns the 2 expected results | |
71 | */ | |
72 | function testContactGetNoResultsHook(){ | |
73 | $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookNoResults')); | |
4e420887 | 74 | $result = $this->callAPISuccess('contact', 'get', array( |
6a488035 TO |
75 | 'check_permissions' => 1, |
76 | 'return' => 'display_name', | |
77 | )); | |
6a488035 TO |
78 | $this->assertEquals(0, $result['count']); |
79 | } | |
80 | ||
81 | /** | |
82 | * Function tests all results are returned | |
83 | */ | |
84 | function testContactGetAllResultsHook(){ | |
85 | $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookAllResults')); | |
4e420887 | 86 | $result = $this->callAPISuccess('contact', 'get', array( |
6a488035 TO |
87 | 'check_permissions' => 1, |
88 | 'return' => 'display_name', | |
89 | )); | |
90 | ||
6a488035 TO |
91 | $this->assertEquals(2, $result['count']); |
92 | } | |
93 | /** | |
94 | * Function just tests that an empty where hook returns the 2 expected results | |
95 | */ | |
96 | function testContactGetPermissionHookNoDeleted(){ | |
4e420887 | 97 | $this->callAPISuccess('contact', 'create', array('id' => 2, 'is_deleted' => 1)); |
6a488035 | 98 | $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookAllResults')); |
4e420887 | 99 | $result = $this->callAPISuccess('contact', 'get', array( |
6a488035 TO |
100 | 'check_permissions' => 1, |
101 | 'return' => 'display_name', | |
102 | )); | |
6a488035 TO |
103 | $this->assertEquals(1, $result['count']); |
104 | } | |
105 | ||
106 | /** | |
107 | * test permissions limited by hook | |
108 | */ | |
109 | function testContactGetHookLimitingHook(){ | |
110 | $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereOnlySecond')); | |
111 | ||
4e420887 | 112 | $result = $this->callAPISuccess('contact', 'get', array( |
6a488035 TO |
113 | 'check_permissions' => 1, |
114 | 'return' => 'display_name', | |
115 | )); | |
6a488035 TO |
116 | $this->assertEquals(1, $result['count']); |
117 | } | |
118 | ||
119 | /** | |
120 | * confirm that without check permissions we still get 2 contacts returned | |
121 | */ | |
122 | function testContactGetHookLimitingHookDontCheck(){ | |
123 | // | |
4e420887 | 124 | $result = $this->callAPISuccess('contact', 'get', array( |
125 | 'check_permissions' => 0, | |
126 | 'return' => 'display_name', | |
6a488035 | 127 | )); |
6a488035 TO |
128 | $this->assertEquals(2, $result['count']); |
129 | } | |
130 | /** | |
131 | * Check that id works as a filter | |
132 | */ | |
133 | function testContactGetIDFilter(){ | |
134 | $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookAllResults')); | |
4e420887 | 135 | $result = $this->callAPISuccess('contact', 'get', array( |
6a488035 TO |
136 | 'sequential' => 1, |
137 | 'id' => 2, | |
138 | 'check_permissions' => 1, | |
139 | )); | |
140 | ||
6a488035 TO |
141 | $this->assertEquals(1, $result['count']); |
142 | $this->assertEquals(2, $result['id']); | |
143 | } | |
144 | ||
145 | /** | |
146 | * Check that address IS returned | |
147 | */ | |
148 | function testContactGetAddressReturned(){ | |
149 | $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereOnlySecond')); | |
4e420887 | 150 | $fullresult = $this->callAPISuccess('contact', 'get', array( |
6a488035 TO |
151 | 'sequential' => 1, |
152 | )); | |
153 | //return doesn't work for all keys - can't fix that here so let's skip ... | |
154 | //prefix & suffix are inconsistent due to CRM-7929 | |
155 | // unsure about others but return doesn't work on them | |
156 | $elementsReturnDoesntSupport = array( | |
157 | 'prefix_id', | |
158 | 'prefix', | |
159 | 'suffix_id', | |
160 | 'suffix', | |
161 | 'gender_id', | |
162 | 'gender', | |
163 | 'current_employer', | |
164 | 'phone_id', | |
165 | 'phone_type_id', | |
166 | 'phone', | |
167 | 'worldregion_id', | |
168 | 'world_region'); | |
169 | $expectedReturnElements = array_diff(array_keys($fullresult['values'][0]),$elementsReturnDoesntSupport); | |
4e420887 | 170 | $result = $this->callAPISuccess('contact', 'get', array( |
6a488035 TO |
171 | 'check_permissions' => 1, |
172 | 'return' => $expectedReturnElements, | |
173 | 'sequential' => 1, | |
174 | )); | |
6a488035 TO |
175 | $this->assertEquals(1, $result['count']); |
176 | foreach ($expectedReturnElements as $element){ | |
177 | $this->assertArrayHasKey($element, $result['values'][0]); | |
178 | } | |
179 | } | |
180 | /** | |
181 | * Check that pledge IS not returned | |
182 | */ | |
183 | function testContactGetPledgeIDNotReturned(){ | |
184 | $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookAllResults')); | |
4e420887 | 185 | $fullresult = $this->callAPISuccess('contact', 'get', array( |
6a488035 TO |
186 | 'sequential' => 1, |
187 | )); | |
4e420887 | 188 | $result = $this->callAPISuccess('contact', 'get', array( |
6a488035 TO |
189 | 'check_permissions' => 1, |
190 | 'return' => 'pledge_id', | |
191 | 'sequential' => 1, | |
192 | )); | |
6a488035 TO |
193 | $this->assertArrayNotHasKey('pledge_id', $result['values'][0]); |
194 | } | |
195 | ||
196 | /** | |
197 | * Check that pledge IS not an allowable filter | |
198 | */ | |
199 | function testContactGetPledgeIDNotFiltered(){ | |
200 | $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookAllResults')); | |
4e420887 | 201 | $fullresult = $this->callAPISuccess('contact', 'get', array( |
6a488035 TO |
202 | 'sequential' => 1, |
203 | )); | |
4e420887 | 204 | $result = $this->callAPISuccess('contact', 'get', array( |
6a488035 TO |
205 | 'check_permissions' => 1, |
206 | 'pledge_id' => 1, | |
207 | 'sequential' => 1, | |
208 | )); | |
6a488035 TO |
209 | $this->assertEquals(2, $result['count']); |
210 | } | |
211 | ||
212 | /** | |
213 | * Check that chaining doesn't bypass permissions | |
214 | */ | |
215 | function testContactGetPledgeNotChainable(){ | |
216 | $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereOnlySecond')); | |
4e420887 | 217 | $fullresult = $this->callAPISuccess('contact', 'get', array( |
6a488035 TO |
218 | 'sequential' => 1, |
219 | )); | |
4e420887 | 220 | $result = $this->callAPIFailure('contact', 'get', array( |
6a488035 TO |
221 | 'check_permissions' => 1, |
222 | 'api.pledge.get' => 1, | |
223 | 'sequential' => 1, | |
4e420887 | 224 | ), |
225 | 'Error in call to pledge_get : API permission check failed for pledge/get call; missing permission: access CiviCRM.' | |
226 | ); | |
6a488035 TO |
227 | } |
228 | ||
229 | /** | |
230 | * no results returned | |
231 | */ | |
232 | function aclWhereHookNoResults($type, &$tables, &$whereTables, &$contactID, &$where) { | |
233 | } | |
234 | /** | |
235 | * all results returned | |
236 | */ | |
237 | function aclWhereHookAllResults($type, &$tables, &$whereTables, &$contactID, &$where) { | |
238 | $where = " (1) "; | |
239 | } | |
240 | /** | |
241 | * full results returned | |
242 | */ | |
243 | function aclWhereOnlySecond($type, &$tables, &$whereTables, &$contactID, &$where) { | |
244 | $where = " contact_a.id > 1"; | |
245 | } | |
246 | ||
247 | ||
248 | } | |
249 |