[civicrm-core.git] / tests / phpunit / api / v3 / ACLPermissionTest.php

<?php
// $Id$

/*
 +--------------------------------------------------------------------+
 | CiviCRM version 4.3                                                |
 +--------------------------------------------------------------------+
 | Copyright CiviCRM LLC (c) 2004-2013                                |
 +--------------------------------------------------------------------+
 | This file is a part of CiviCRM.                                    |
 |                                                                    |
 | CiviCRM is free software; you can copy, modify, and distribute it  |
 | under the terms of the GNU Affero General Public License           |
 | Version 3, 19 November 2007 and the CiviCRM Licensing Exception.   |
 |                                                                    |
 | CiviCRM is distributed in the hope that it will be useful, but     |
 | WITHOUT ANY WARRANTY; without even the implied warranty of         |
 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.               |
 | See the GNU Affero General Public License for more details.        |
 |                                                                    |
 | You should have received a copy of the GNU Affero General Public   |
 | License and the CiviCRM Licensing Exception along                  |
 | with this program; if not, contact CiviCRM LLC                     |
 | at info[AT]civicrm[DOT]org. If you have questions about the        |
 | GNU Affero General Public License or the licensing of CiviCRM,     |
 | see the CiviCRM license FAQ at http://civicrm.org/licensing        |
 +--------------------------------------------------------------------+
 */

require_once 'CiviTest/CiviUnitTestCase.php';

/**
 * This class is intended to test ACL permission using the multisite module
 *
 *  @package CiviCRM_APIv3
 *  @subpackage API_Contact
 */

class api_v3_ACLPermissionTest extends CiviUnitTestCase {
  protected $_apiversion;
  protected $_params;
  protected $hookClass = null;

  public $_eNoticeCompliant = TRUE;

  protected $_entity; function setUp() {
    $this->_apiversion = 3;

    parent::setUp();
    $baoObj = new CRM_Core_DAO();
    $baoObj->createTestObject('CRM_Pledge_BAO_Pledge', array(), 1, 0);
    $baoObj->createTestObject('CRM_Core_BAO_Phone', array(), 1, 0);
    $this->hookClass = CRM_Utils_Hook::singleton();
    $config = CRM_Core_Config::singleton();
    $config->userPermissionClass->permissions = array();
  }
/**
 * (non-PHPdoc)
 * @see CiviUnitTestCase::tearDown()
 */
  function tearDown() {
    $this->hookClass->reset();
    $tablesToTruncate = array(
        'civicrm_contact',
    );
    $this->quickCleanup($tablesToTruncate);
    $config = CRM_Core_Config::singleton();
    unset($config->userPermissionClass->permissions);
  }
/**
 * Function just tests that an empty where hook returns the 2 expected results
 */
  function testContactGetNoResultsHook(){
    $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookNoResults'));
    $result = civicrm_api('contact', 'get', array(
      'version' => $this->_apiversion,
      'check_permissions' => 1,
      'return' => 'display_name',
    ));

    $this->assertAPISuccess($result,"this should succeed but return no results. line " . __LINE__);
    $this->assertEquals(0, $result['count']);
  }

  /**
   * Function tests all results are returned
  */
  function testContactGetAllResultsHook(){
    $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookAllResults'));
    $result = civicrm_api('contact', 'get', array(
        'version' => $this->_apiversion,
        'check_permissions' => 1,
        'return' => 'display_name',
    ));

    $this->assertAPISuccess($result,"this should succeed but return no results. line " . __LINE__);
    $this->assertEquals(2, $result['count']);
  }
  /**
   * Function just tests that an empty where hook returns the 2 expected results
  */
  function testContactGetPermissionHookNoDeleted(){
    civicrm_api('contact', 'create', array('id' => 2, 'version' => $this->_apiversion, 'is_deleted' => 1));
    $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookAllResults'));
    $result = civicrm_api('contact', 'get', array(
        'version' => $this->_apiversion,
        'check_permissions' => 1,
        'return' => 'display_name',
    ));

    $this->assertAPISuccess($result,"this should succeed but return one results. line " . __LINE__);
    $this->assertEquals(1, $result['count']);
  }

  /**
   * test permissions limited by hook
   */
  function testContactGetHookLimitingHook(){
    $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereOnlySecond'));

    $result = civicrm_api('contact', 'get', array(
      'version' => $this->_apiversion,
      'check_permissions' => 1,
      'return' => 'display_name',
      ));
    $this->assertAPISuccess($result, 'api call succeeded');
    $this->assertEquals(1, $result['count']);
  }

/**
 * confirm that without check permissions we still get 2 contacts returned
 */
  function testContactGetHookLimitingHookDontCheck(){
    //
    $result = civicrm_api('contact', 'get', array(
        'version' => $this->_apiversion,
        'check_permissions' => 0,
        'return' => 'display_name',
    ));
    $this->assertAPISuccess($result, 'api call succeeded');
    $this->assertEquals(2, $result['count']);
  }
  /**
   * Check that id works as a filter
   */
  function testContactGetIDFilter(){
    $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookAllResults'));
    $result = civicrm_api('contact', 'get', array(
      'version' => $this->_apiversion,
      'sequential' => 1,
      'id' => 2,
      'check_permissions' => 1,
    ));

    $this->assertAPISuccess($result, 'api call succeeded');
    $this->assertEquals(1, $result['count']);
    $this->assertEquals(2, $result['id']);
  }

/**
 * Check that address IS returned
 */
    function testContactGetAddressReturned(){
      $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereOnlySecond'));
      $fullresult = civicrm_api('contact', 'get', array(
          'version' => $this->_apiversion,
          'sequential' => 1,
      ));
      //return doesn't work for all keys - can't fix that here so let's skip ...
      //prefix & suffix are inconsistent due to  CRM-7929
      // unsure about others but return doesn't work on them
      $elementsReturnDoesntSupport = array(
        'prefix_id',
        'prefix',
        'suffix_id',
        'suffix',
        'gender_id',
        'gender',
        'current_employer',
        'phone_id',
        'phone_type_id',
        'phone',
        'worldregion_id',
        'world_region');
      $expectedReturnElements = array_diff(array_keys($fullresult['values'][0]),$elementsReturnDoesntSupport);
      $result = civicrm_api('contact', 'get', array(
          'version' => $this->_apiversion,
          'check_permissions' => 1,
          'return' => $expectedReturnElements,
          'sequential' => 1,
      ));
      $this->assertAPISuccess($result, 'api call succeeded');
      $this->assertEquals(1, $result['count']);
      foreach ($expectedReturnElements as $element){
        $this->assertArrayHasKey($element, $result['values'][0]);
      }
    }
    /**
     * Check that pledge IS not returned
    */
    function testContactGetPledgeIDNotReturned(){
      $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookAllResults'));
      $fullresult = civicrm_api('contact', 'get', array(
          'version' => $this->_apiversion,
          'sequential' => 1,
      ));
      $result = civicrm_api('contact', 'get', array(
        'version' => $this->_apiversion,
        'check_permissions' => 1,
        'return' => 'pledge_id',
        'sequential' => 1,
      ));
      $this->assertAPISuccess($result);
      $this->assertArrayNotHasKey('pledge_id', $result['values'][0]);
    }

    /**
     * Check that pledge IS not an allowable filter
    */
    function testContactGetPledgeIDNotFiltered(){
      $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookAllResults'));
      $fullresult = civicrm_api('contact', 'get', array(
          'version' => $this->_apiversion,
          'sequential' => 1,
      ));
      $result = civicrm_api('contact', 'get', array(
        'version' => $this->_apiversion,
        'check_permissions' => 1,
        'pledge_id' => 1,
        'sequential' => 1,
      ));
      $this->assertAPISuccess($result, 'api call succeeded');
      $this->assertEquals(2, $result['count']);
    }

    /**
     * Check that chaining doesn't bypass permissions
    */
    function testContactGetPledgeNotChainable(){
      $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereOnlySecond'));
      $fullresult = civicrm_api('contact', 'get', array(
          'version' => $this->_apiversion,
          'sequential' => 1,
      ));
      $result = civicrm_api('contact', 'get', array(
          'version' => $this->_apiversion,
          'check_permissions' => 1,
          'api.pledge.get' => 1,
          'sequential' => 1,
      ));
      $this->assertEquals('Error in call to pledge_get : API permission check failed for pledge/get call; missing permission: access CiviCRM.', $result['error_message']);
    }

  /**
   * no results returned
   */
  function aclWhereHookNoResults($type, &$tables, &$whereTables, &$contactID, &$where) {
  }
  /**
   * all results returned
  */
  function aclWhereHookAllResults($type, &$tables, &$whereTables, &$contactID, &$where) {
    $where = " (1) ";
  }
  /**
   * full results returned
  */
  function aclWhereOnlySecond($type, &$tables, &$whereTables, &$contactID, &$where) {
    $where = " contact_a.id > 1";
  }


}
Commit	Line	Data
6a488035 TO	1	<?php
	2	// $Id$
	3
	4	/*
	5	+--------------------------------------------------------------------+
	6	\| CiviCRM version 4.3 \|
	7	+--------------------------------------------------------------------+
	8	\| Copyright CiviCRM LLC (c) 2004-2013 \|
	9	+--------------------------------------------------------------------+
	10	\| This file is a part of CiviCRM. \|
	11	\| \|
	12	\| CiviCRM is free software; you can copy, modify, and distribute it \|
	13	\| under the terms of the GNU Affero General Public License \|
	14	\| Version 3, 19 November 2007 and the CiviCRM Licensing Exception. \|
	15	\| \|
	16	\| CiviCRM is distributed in the hope that it will be useful, but \|
	17	\| WITHOUT ANY WARRANTY; without even the implied warranty of \|
	18	\| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. \|
	19	\| See the GNU Affero General Public License for more details. \|
	20	\| \|
	21	\| You should have received a copy of the GNU Affero General Public \|
	22	\| License and the CiviCRM Licensing Exception along \|
	23	\| with this program; if not, contact CiviCRM LLC \|
	24	\| at info[AT]civicrm[DOT]org. If you have questions about the \|
	25	\| GNU Affero General Public License or the licensing of CiviCRM, \|
	26	\| see the CiviCRM license FAQ at http://civicrm.org/licensing \|
	27	+--------------------------------------------------------------------+
	28	*/
	29
	30	require_once 'CiviTest/CiviUnitTestCase.php';
	31
	32	/**
	33	* This class is intended to test ACL permission using the multisite module
	34	*
	35	* @package CiviCRM_APIv3
	36	* @subpackage API_Contact
	37	*/
	38
	39	class api_v3_ACLPermissionTest extends CiviUnitTestCase {
	40	protected $_apiversion;
	41	protected $_params;
	42	protected $hookClass = null;
	43
	44	public $_eNoticeCompliant = TRUE;
	45
	46	protected $_entity; function setUp() {
	47	$this->_apiversion = 3;
	48
	49	parent::setUp();
	50	$baoObj = new CRM_Core_DAO();
	51	$baoObj->createTestObject('CRM_Pledge_BAO_Pledge', array(), 1, 0);
	52	$baoObj->createTestObject('CRM_Core_BAO_Phone', array(), 1, 0);
	53	$this->hookClass = CRM_Utils_Hook::singleton();
	54	$config = CRM_Core_Config::singleton();
	55	$config->userPermissionClass->permissions = array();
	56	}
	57	/**
	58	* (non-PHPdoc)
	59	* @see CiviUnitTestCase::tearDown()
	60	*/
	61	function tearDown() {
	62	$this->hookClass->reset();
	63	$tablesToTruncate = array(
	64	'civicrm_contact',
65	);
66	$this->quickCleanup($tablesToTruncate);
67	$config = CRM_Core_Config::singleton();
68	unset($config->userPermissionClass->permissions);
69	}
70	/**
71	* Function just tests that an empty where hook returns the 2 expected results
72	*/
73	function testContactGetNoResultsHook(){
74	$this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookNoResults'));
75	$result = civicrm_api('contact', 'get', array(
76	'version' => $this->_apiversion,
77	'check_permissions' => 1,
78	'return' => 'display_name',
79	));
80
81	$this->assertAPISuccess($result,"this should succeed but return no results. line " . __LINE__);
82	$this->assertEquals(0, $result['count']);
83	}
84
85	/**
86	* Function tests all results are returned
87	*/
88	function testContactGetAllResultsHook(){
89	$this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookAllResults'));
90	$result = civicrm_api('contact', 'get', array(
91	'version' => $this->_apiversion,
92	'check_permissions' => 1,
93	'return' => 'display_name',
94	));
95
96	$this->assertAPISuccess($result,"this should succeed but return no results. line " . __LINE__);
97	$this->assertEquals(2, $result['count']);
98	}
99	/**
100	* Function just tests that an empty where hook returns the 2 expected results
101	*/
102	function testContactGetPermissionHookNoDeleted(){
103	civicrm_api('contact', 'create', array('id' => 2, 'version' => $this->_apiversion, 'is_deleted' => 1));
104	$this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookAllResults'));
105	$result = civicrm_api('contact', 'get', array(
106	'version' => $this->_apiversion,
107	'check_permissions' => 1,
108	'return' => 'display_name',
109	));
110
111	$this->assertAPISuccess($result,"this should succeed but return one results. line " . __LINE__);
112	$this->assertEquals(1, $result['count']);
113	}
114
115	/**
116	* test permissions limited by hook
117	*/
118	function testContactGetHookLimitingHook(){
119	$this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereOnlySecond'));
120
121	$result = civicrm_api('contact', 'get', array(
122	'version' => $this->_apiversion,
123	'check_permissions' => 1,
124	'return' => 'display_name',
125	));
126	$this->assertAPISuccess($result, 'api call succeeded');
127	$this->assertEquals(1, $result['count']);
128	}
129
130	/**
131	* confirm that without check permissions we still get 2 contacts returned
132	*/
133	function testContactGetHookLimitingHookDontCheck(){
134	//
135	$result = civicrm_api('contact', 'get', array(
136	'version' => $this->_apiversion,
137	'check_permissions' => 0,
138	'return' => 'display_name',
139	));
140	$this->assertAPISuccess($result, 'api call succeeded');
141	$this->assertEquals(2, $result['count']);
142	}
143	/**
144	* Check that id works as a filter
145	*/
146	function testContactGetIDFilter(){
147	$this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookAllResults'));
148	$result = civicrm_api('contact', 'get', array(
149	'version' => $this->_apiversion,
150	'sequential' => 1,
151	'id' => 2,
152	'check_permissions' => 1,
153	));
154
155	$this->assertAPISuccess($result, 'api call succeeded');
156	$this->assertEquals(1, $result['count']);
157	$this->assertEquals(2, $result['id']);
158	}
159
160	/**
161	* Check that address IS returned
162	*/
163	function testContactGetAddressReturned(){
164	$this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereOnlySecond'));
165	$fullresult = civicrm_api('contact', 'get', array(
166	'version' => $this->_apiversion,
167	'sequential' => 1,
168	));
169	//return doesn't work for all keys - can't fix that here so let's skip ...
170	//prefix & suffix are inconsistent due to CRM-7929
171	// unsure about others but return doesn't work on them
172	$elementsReturnDoesntSupport = array(
173	'prefix_id',
174	'prefix',
175	'suffix_id',
176	'suffix',
177	'gender_id',
178	'gender',
179	'current_employer',
180	'phone_id',
181	'phone_type_id',
182	'phone',
183	'worldregion_id',
184	'world_region');
185	$expectedReturnElements = array_diff(array_keys($fullresult['values'][0]),$elementsReturnDoesntSupport);
186	$result = civicrm_api('contact', 'get', array(
187	'version' => $this->_apiversion,
188	'check_permissions' => 1,
189	'return' => $expectedReturnElements,
190	'sequential' => 1,
191	));
192	$this->assertAPISuccess($result, 'api call succeeded');
193	$this->assertEquals(1, $result['count']);
194	foreach ($expectedReturnElements as $element){
195	$this->assertArrayHasKey($element, $result['values'][0]);
196	}
197	}
198	/**
199	* Check that pledge IS not returned
200	*/
201	function testContactGetPledgeIDNotReturned(){
202	$this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookAllResults'));
203	$fullresult = civicrm_api('contact', 'get', array(
204	'version' => $this->_apiversion,
205	'sequential' => 1,
206	));
207	$result = civicrm_api('contact', 'get', array(
208	'version' => $this->_apiversion,
209	'check_permissions' => 1,
210	'return' => 'pledge_id',
211	'sequential' => 1,
212	));
213	$this->assertAPISuccess($result);
214	$this->assertArrayNotHasKey('pledge_id', $result['values'][0]);
215	}
216
217	/**
218	* Check that pledge IS not an allowable filter
219	*/
220	function testContactGetPledgeIDNotFiltered(){
221	$this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookAllResults'));
222	$fullresult = civicrm_api('contact', 'get', array(
223	'version' => $this->_apiversion,
224	'sequential' => 1,
225	));
226	$result = civicrm_api('contact', 'get', array(
227	'version' => $this->_apiversion,
228	'check_permissions' => 1,
229	'pledge_id' => 1,
230	'sequential' => 1,
231	));
232	$this->assertAPISuccess($result, 'api call succeeded');
233	$this->assertEquals(2, $result['count']);
234	}
235
236	/**
237	* Check that chaining doesn't bypass permissions
238	*/
239	function testContactGetPledgeNotChainable(){
240	$this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereOnlySecond'));
241	$fullresult = civicrm_api('contact', 'get', array(
242	'version' => $this->_apiversion,
243	'sequential' => 1,
244	));
245	$result = civicrm_api('contact', 'get', array(
246	'version' => $this->_apiversion,
247	'check_permissions' => 1,
248	'api.pledge.get' => 1,
249	'sequential' => 1,
250	));
251	$this->assertEquals('Error in call to pledge_get : API permission check failed for pledge/get call; missing permission: access CiviCRM.', $result['error_message']);
252	}
253
254	/**
255	* no results returned
256	*/
257	function aclWhereHookNoResults($type, &$tables, &$whereTables, &$contactID, &$where) {
258	}
259	/**
260	* all results returned
261	*/
262	function aclWhereHookAllResults($type, &$tables, &$whereTables, &$contactID, &$where) {
263	$where = " (1) ";
264	}
265	/**
266	* full results returned
267	*/
268	function aclWhereOnlySecond($type, &$tables, &$whereTables, &$contactID, &$where) {
269	$where = " contact_a.id > 1";
270	}
271
272
273	}
274