Commit | Line | Data |
---|---|---|
6a488035 TO |
1 | <?php |
2 | // $Id$ | |
3 | ||
4 | /* | |
5 | +--------------------------------------------------------------------+ | |
6 | | CiviCRM version 4.3 | | |
7 | +--------------------------------------------------------------------+ | |
8 | | Copyright CiviCRM LLC (c) 2004-2013 | | |
9 | +--------------------------------------------------------------------+ | |
10 | | This file is a part of CiviCRM. | | |
11 | | | | |
12 | | CiviCRM is free software; you can copy, modify, and distribute it | | |
13 | | under the terms of the GNU Affero General Public License | | |
14 | | Version 3, 19 November 2007 and the CiviCRM Licensing Exception. | | |
15 | | | | |
16 | | CiviCRM is distributed in the hope that it will be useful, but | | |
17 | | WITHOUT ANY WARRANTY; without even the implied warranty of | | |
18 | | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. | | |
19 | | See the GNU Affero General Public License for more details. | | |
20 | | | | |
21 | | You should have received a copy of the GNU Affero General Public | | |
22 | | License and the CiviCRM Licensing Exception along | | |
23 | | with this program; if not, contact CiviCRM LLC | | |
24 | | at info[AT]civicrm[DOT]org. If you have questions about the | | |
25 | | GNU Affero General Public License or the licensing of CiviCRM, | | |
26 | | see the CiviCRM license FAQ at http://civicrm.org/licensing | | |
27 | +--------------------------------------------------------------------+ | |
28 | */ | |
29 | ||
30 | require_once 'CiviTest/CiviUnitTestCase.php'; | |
31 | ||
32 | /** | |
33 | * This class is intended to test ACL permission using the multisite module | |
34 | * | |
35 | * @package CiviCRM_APIv3 | |
36 | * @subpackage API_Contact | |
37 | */ | |
38 | ||
39 | class api_v3_ACLPermissionTest extends CiviUnitTestCase { | |
40 | protected $_apiversion; | |
41 | protected $_params; | |
42 | protected $hookClass = null; | |
43 | ||
44 | public $_eNoticeCompliant = TRUE; | |
45 | ||
46 | protected $_entity; function setUp() { | |
47 | $this->_apiversion = 3; | |
48 | ||
49 | parent::setUp(); | |
50 | $baoObj = new CRM_Core_DAO(); | |
51 | $baoObj->createTestObject('CRM_Pledge_BAO_Pledge', array(), 1, 0); | |
52 | $baoObj->createTestObject('CRM_Core_BAO_Phone', array(), 1, 0); | |
53 | $this->hookClass = CRM_Utils_Hook::singleton(); | |
54 | $config = CRM_Core_Config::singleton(); | |
55 | $config->userPermissionClass->permissions = array(); | |
56 | } | |
57 | /** | |
58 | * (non-PHPdoc) | |
59 | * @see CiviUnitTestCase::tearDown() | |
60 | */ | |
61 | function tearDown() { | |
62 | $this->hookClass->reset(); | |
63 | $tablesToTruncate = array( | |
64 | 'civicrm_contact', | |
65 | ); | |
66 | $this->quickCleanup($tablesToTruncate); | |
67 | $config = CRM_Core_Config::singleton(); | |
68 | unset($config->userPermissionClass->permissions); | |
69 | } | |
70 | /** | |
71 | * Function just tests that an empty where hook returns the 2 expected results | |
72 | */ | |
73 | function testContactGetNoResultsHook(){ | |
74 | $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookNoResults')); | |
75 | $result = civicrm_api('contact', 'get', array( | |
76 | 'version' => $this->_apiversion, | |
77 | 'check_permissions' => 1, | |
78 | 'return' => 'display_name', | |
79 | )); | |
80 | ||
81 | $this->assertAPISuccess($result,"this should succeed but return no results. line " . __LINE__); | |
82 | $this->assertEquals(0, $result['count']); | |
83 | } | |
84 | ||
85 | /** | |
86 | * Function tests all results are returned | |
87 | */ | |
88 | function testContactGetAllResultsHook(){ | |
89 | $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookAllResults')); | |
90 | $result = civicrm_api('contact', 'get', array( | |
91 | 'version' => $this->_apiversion, | |
92 | 'check_permissions' => 1, | |
93 | 'return' => 'display_name', | |
94 | )); | |
95 | ||
96 | $this->assertAPISuccess($result,"this should succeed but return no results. line " . __LINE__); | |
97 | $this->assertEquals(2, $result['count']); | |
98 | } | |
99 | /** | |
100 | * Function just tests that an empty where hook returns the 2 expected results | |
101 | */ | |
102 | function testContactGetPermissionHookNoDeleted(){ | |
103 | civicrm_api('contact', 'create', array('id' => 2, 'version' => $this->_apiversion, 'is_deleted' => 1)); | |
104 | $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookAllResults')); | |
105 | $result = civicrm_api('contact', 'get', array( | |
106 | 'version' => $this->_apiversion, | |
107 | 'check_permissions' => 1, | |
108 | 'return' => 'display_name', | |
109 | )); | |
110 | ||
111 | $this->assertAPISuccess($result,"this should succeed but return one results. line " . __LINE__); | |
112 | $this->assertEquals(1, $result['count']); | |
113 | } | |
114 | ||
115 | /** | |
116 | * test permissions limited by hook | |
117 | */ | |
118 | function testContactGetHookLimitingHook(){ | |
119 | $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereOnlySecond')); | |
120 | ||
121 | $result = civicrm_api('contact', 'get', array( | |
122 | 'version' => $this->_apiversion, | |
123 | 'check_permissions' => 1, | |
124 | 'return' => 'display_name', | |
125 | )); | |
126 | $this->assertAPISuccess($result, 'api call succeeded'); | |
127 | $this->assertEquals(1, $result['count']); | |
128 | } | |
129 | ||
130 | /** | |
131 | * confirm that without check permissions we still get 2 contacts returned | |
132 | */ | |
133 | function testContactGetHookLimitingHookDontCheck(){ | |
134 | // | |
135 | $result = civicrm_api('contact', 'get', array( | |
136 | 'version' => $this->_apiversion, | |
137 | 'check_permissions' => 0, | |
138 | 'return' => 'display_name', | |
139 | )); | |
140 | $this->assertAPISuccess($result, 'api call succeeded'); | |
141 | $this->assertEquals(2, $result['count']); | |
142 | } | |
143 | /** | |
144 | * Check that id works as a filter | |
145 | */ | |
146 | function testContactGetIDFilter(){ | |
147 | $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookAllResults')); | |
148 | $result = civicrm_api('contact', 'get', array( | |
149 | 'version' => $this->_apiversion, | |
150 | 'sequential' => 1, | |
151 | 'id' => 2, | |
152 | 'check_permissions' => 1, | |
153 | )); | |
154 | ||
155 | $this->assertAPISuccess($result, 'api call succeeded'); | |
156 | $this->assertEquals(1, $result['count']); | |
157 | $this->assertEquals(2, $result['id']); | |
158 | } | |
159 | ||
160 | /** | |
161 | * Check that address IS returned | |
162 | */ | |
163 | function testContactGetAddressReturned(){ | |
164 | $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereOnlySecond')); | |
165 | $fullresult = civicrm_api('contact', 'get', array( | |
166 | 'version' => $this->_apiversion, | |
167 | 'sequential' => 1, | |
168 | )); | |
169 | //return doesn't work for all keys - can't fix that here so let's skip ... | |
170 | //prefix & suffix are inconsistent due to CRM-7929 | |
171 | // unsure about others but return doesn't work on them | |
172 | $elementsReturnDoesntSupport = array( | |
173 | 'prefix_id', | |
174 | 'prefix', | |
175 | 'suffix_id', | |
176 | 'suffix', | |
177 | 'gender_id', | |
178 | 'gender', | |
179 | 'current_employer', | |
180 | 'phone_id', | |
181 | 'phone_type_id', | |
182 | 'phone', | |
183 | 'worldregion_id', | |
184 | 'world_region'); | |
185 | $expectedReturnElements = array_diff(array_keys($fullresult['values'][0]),$elementsReturnDoesntSupport); | |
186 | $result = civicrm_api('contact', 'get', array( | |
187 | 'version' => $this->_apiversion, | |
188 | 'check_permissions' => 1, | |
189 | 'return' => $expectedReturnElements, | |
190 | 'sequential' => 1, | |
191 | )); | |
192 | $this->assertAPISuccess($result, 'api call succeeded'); | |
193 | $this->assertEquals(1, $result['count']); | |
194 | foreach ($expectedReturnElements as $element){ | |
195 | $this->assertArrayHasKey($element, $result['values'][0]); | |
196 | } | |
197 | } | |
198 | /** | |
199 | * Check that pledge IS not returned | |
200 | */ | |
201 | function testContactGetPledgeIDNotReturned(){ | |
202 | $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookAllResults')); | |
203 | $fullresult = civicrm_api('contact', 'get', array( | |
204 | 'version' => $this->_apiversion, | |
205 | 'sequential' => 1, | |
206 | )); | |
207 | $result = civicrm_api('contact', 'get', array( | |
208 | 'version' => $this->_apiversion, | |
209 | 'check_permissions' => 1, | |
210 | 'return' => 'pledge_id', | |
211 | 'sequential' => 1, | |
212 | )); | |
213 | $this->assertAPISuccess($result); | |
214 | $this->assertArrayNotHasKey('pledge_id', $result['values'][0]); | |
215 | } | |
216 | ||
217 | /** | |
218 | * Check that pledge IS not an allowable filter | |
219 | */ | |
220 | function testContactGetPledgeIDNotFiltered(){ | |
221 | $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookAllResults')); | |
222 | $fullresult = civicrm_api('contact', 'get', array( | |
223 | 'version' => $this->_apiversion, | |
224 | 'sequential' => 1, | |
225 | )); | |
226 | $result = civicrm_api('contact', 'get', array( | |
227 | 'version' => $this->_apiversion, | |
228 | 'check_permissions' => 1, | |
229 | 'pledge_id' => 1, | |
230 | 'sequential' => 1, | |
231 | )); | |
232 | $this->assertAPISuccess($result, 'api call succeeded'); | |
233 | $this->assertEquals(2, $result['count']); | |
234 | } | |
235 | ||
236 | /** | |
237 | * Check that chaining doesn't bypass permissions | |
238 | */ | |
239 | function testContactGetPledgeNotChainable(){ | |
240 | $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereOnlySecond')); | |
241 | $fullresult = civicrm_api('contact', 'get', array( | |
242 | 'version' => $this->_apiversion, | |
243 | 'sequential' => 1, | |
244 | )); | |
245 | $result = civicrm_api('contact', 'get', array( | |
246 | 'version' => $this->_apiversion, | |
247 | 'check_permissions' => 1, | |
248 | 'api.pledge.get' => 1, | |
249 | 'sequential' => 1, | |
250 | )); | |
251 | $this->assertEquals('Error in call to pledge_get : API permission check failed for pledge/get call; missing permission: access CiviCRM.', $result['error_message']); | |
252 | } | |
253 | ||
254 | /** | |
255 | * no results returned | |
256 | */ | |
257 | function aclWhereHookNoResults($type, &$tables, &$whereTables, &$contactID, &$where) { | |
258 | } | |
259 | /** | |
260 | * all results returned | |
261 | */ | |
262 | function aclWhereHookAllResults($type, &$tables, &$whereTables, &$contactID, &$where) { | |
263 | $where = " (1) "; | |
264 | } | |
265 | /** | |
266 | * full results returned | |
267 | */ | |
268 | function aclWhereOnlySecond($type, &$tables, &$whereTables, &$contactID, &$where) { | |
269 | $where = " contact_a.id > 1"; | |
270 | } | |
271 | ||
272 | ||
273 | } | |
274 |