Commit | Line | Data |
---|---|---|
83a2ebb6 | 1 | <?php |
2 | /* | |
3 | +--------------------------------------------------------------------+ | |
2fe49090 | 4 | | CiviCRM version 5 | |
83a2ebb6 | 5 | +--------------------------------------------------------------------+ |
8c9251b3 | 6 | | Copyright CiviCRM LLC (c) 2004-2018 | |
83a2ebb6 | 7 | +--------------------------------------------------------------------+ |
8 | | This file is a part of CiviCRM. | | |
9 | | | | |
10 | | CiviCRM is free software; you can copy, modify, and distribute it | | |
11 | | under the terms of the GNU Affero General Public License | | |
12 | | Version 3, 19 November 2007 and the CiviCRM Licensing Exception. | | |
13 | | | | |
14 | | CiviCRM is distributed in the hope that it will be useful, but | | |
15 | | WITHOUT ANY WARRANTY; without even the implied warranty of | | |
16 | | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. | | |
17 | | See the GNU Affero General Public License for more details. | | |
18 | | | | |
19 | | You should have received a copy of the GNU Affero General Public | | |
20 | | License and the CiviCRM Licensing Exception along | | |
21 | | with this program; if not, contact CiviCRM LLC | | |
22 | | at info[AT]civicrm[DOT]org. If you have questions about the | | |
23 | | GNU Affero General Public License or the licensing of CiviCRM, | | |
24 | | see the CiviCRM license FAQ at http://civicrm.org/licensing | | |
25 | +--------------------------------------------------------------------+ | |
26 | */ | |
27 | ||
28 | /** | |
29 | * Test APIv3 civicrm_entity_tag_* functions | |
30 | * | |
31 | * @package CiviCRM_APIv3 | |
32 | * @subpackage API_Core | |
33 | */ | |
34 | ||
83a2ebb6 | 35 | /** |
36 | * Class api_v3_EntityTagTest. | |
37 | * | |
38 | * This test class was introduced to ensure that the fix for CRM-17350 (reducing the required permission | |
39 | * from edit all contacts to has right to edit this contact) would not result in inappropriate permission opening on | |
40 | * other entities. Other entities are still too restricted but that is a larger job. | |
acb109b7 | 41 | * @group headless |
83a2ebb6 | 42 | */ |
43 | class api_v3_EntityTagACLTest extends CiviUnitTestCase { | |
44 | ||
45 | /** | |
46 | * API Version in use. | |
47 | * | |
48 | * @var int | |
49 | */ | |
50 | protected $_apiversion = 3; | |
51 | ||
52 | /** | |
53 | * Entity being tested. | |
54 | * | |
55 | * @var string | |
56 | */ | |
57 | protected $_entity = 'entity_tag'; | |
58 | ||
59 | /** | |
60 | * Set up permissions for test. | |
61 | */ | |
62 | public function setUp() { | |
63 | $this->useTransaction(TRUE); | |
64 | parent::setUp(); | |
65 | $individualID = $this->individualCreate(); | |
66 | $daoObj = new CRM_Core_DAO(); | |
67 | $this->callAPISuccess('Attachment', 'create', array( | |
68 | 'entity_table' => 'civicrm_contact', | |
69 | 'entity_id' => $individualID, | |
70 | 'mime_type' => 'k', | |
71 | 'name' => 'p', | |
72 | 'content' => 'l', | |
73 | )); | |
74 | $daoObj->createTestObject('CRM_Activity_BAO_Activity', array(), 1, 0); | |
75 | $daoObj->createTestObject('CRM_Case_BAO_Case', array(), 1, 0); | |
76 | $entities = $this->getTagOptions(); | |
77 | foreach ($entities as $key => $entity) { | |
78 | $this->callAPISuccess('Tag', 'create', array( | |
79 | 'used_for' => $key, | |
80 | 'name' => $entity, | |
81 | 'description' => $entity, | |
82 | ) | |
83 | ); | |
84 | } | |
85 | CRM_Core_Config::singleton()->userPermissionClass->permissions = array('access CiviCRM'); | |
86 | } | |
87 | ||
88 | /** | |
89 | * Get the options for the used_for fields. | |
90 | * | |
91 | * @return array | |
92 | */ | |
93 | public function getTagOptions() { | |
94 | $options = $this->callAPISuccess('Tag', 'getoptions', array('field' => 'used_for')); | |
95 | return $options['values']; | |
96 | } | |
97 | ||
98 | /** | |
99 | * Get the entity table for a tag label. | |
100 | * | |
101 | * @param string $entity | |
102 | * | |
103 | * @return string | |
104 | */ | |
105 | protected function getTableForTag($entity) { | |
106 | $options = $this->getTagOptions(); | |
107 | return array_search($entity, $options); | |
108 | } | |
109 | /** | |
110 | * Get entities which can be tagged in data provider format. | |
111 | */ | |
112 | public function taggableEntities() { | |
113 | $return = array(); | |
114 | foreach ($this->getTagOptions() as $entity) { | |
115 | $return[] = array($entity); | |
116 | } | |
117 | return $return; | |
118 | } | |
119 | ||
120 | /** | |
121 | * This test checks that users with edit all contacts can edit all tags. | |
122 | * | |
123 | * @dataProvider taggableEntities | |
124 | * | |
125 | * We are looking to see that a contact with edit all contacts can still add all tags (for all | |
126 | * tag entities since that was how it was historically and we are not fixing non-contact entities). | |
127 | * | |
128 | * @param string $entity | |
129 | * Entity to test | |
130 | */ | |
131 | public function testThatForEntitiesEditAllContactsCanAddTags($entity) { | |
132 | ||
980fd807 | 133 | CRM_Core_Config::singleton()->userPermissionClass->permissions = array('edit all contacts', 'access CiviCRM'); |
83a2ebb6 | 134 | $this->callAPISuccess('EntityTag', 'create', array( |
135 | 'entity_id' => 1, | |
136 | 'tag_id' => $entity, | |
137 | 'check_permissions' => TRUE, | |
138 | 'entity_table' => $this->getTableForTag($entity), | |
139 | )); | |
140 | $this->callAPISuccessGetCount('EntityTag', array( | |
141 | 'entity_id' => 1, | |
142 | 'entity_table' => $this->getTableForTag($entity), | |
143 | ), 1); | |
144 | } | |
145 | ||
146 | /** | |
147 | * This test checks that an ACL or edit all contacts is required to be able to create a contact. | |
148 | * | |
149 | * @dataProvider taggableEntities | |
150 | */ | |
151 | public function testThatForEntityWithoutACLOrEditAllThereIsNoAccess($entity) { | |
152 | ||
153 | CRM_Core_Config::singleton()->userPermissionClass->permissions = array('access CiviCRM', 'view all contacts'); | |
3cdb86a6 | 154 | $this->callAPIFailure('EntityTag', 'create', array( |
83a2ebb6 | 155 | 'entity_id' => 1, |
156 | 'tag_id' => $entity, | |
157 | 'check_permissions' => TRUE, | |
158 | 'entity_table' => $this->getTableForTag($entity), | |
159 | )); | |
83a2ebb6 | 160 | } |
161 | ||
162 | /** | |
163 | * This test checks that permissions are not applied when check_permissions is off. | |
164 | * | |
165 | * @dataProvider taggableEntities | |
166 | * | |
167 | * @param string $entity | |
168 | * Entity to test | |
169 | */ | |
170 | public function testCheckPermissionsOffWorks($entity) { | |
171 | ||
172 | CRM_Core_Config::singleton()->userPermissionClass->permissions = array('access CiviCRM', 'view all contacts'); | |
173 | $result = $this->callAPISuccess('EntityTag', 'create', array( | |
174 | 'entity_id' => 1, | |
175 | 'tag_id' => $entity, | |
176 | 'check_permissions' => 0, | |
177 | 'entity_table' => $this->getTableForTag($entity), | |
178 | )); | |
179 | $this->assertEquals(1, $result['added']); | |
180 | $this->callAPISuccessGetCount('EntityTag', array( | |
181 | 'entity_id' => 1, | |
182 | 'entity_table' => $this->getTableForTag($entity), | |
183 | 'check_permissions' => 0, | |
184 | ), 1); | |
185 | } | |
186 | ||
187 | /** | |
188 | * This test checks ACLs can be used to control who can edit a contact. | |
189 | * | |
190 | * Note that for other entities this hook will not allow them to edit the entity_tag and they still need | |
191 | * edit all contacts (pending a more extensive fix). | |
192 | * | |
193 | * @dataProvider taggableEntities | |
194 | * | |
195 | * @param string $entity | |
196 | * Entity to test | |
197 | */ | |
198 | public function testThatForEntitiesACLApplies($entity) { | |
199 | ||
200 | CRM_Core_Config::singleton()->userPermissionClass->permissions = array('access CiviCRM', 'view all contacts'); | |
201 | $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookAllResults')); | |
3cdb86a6 CW |
202 | civicrm_api('EntityTag', 'create', array( |
203 | 'version' => 3, | |
83a2ebb6 | 204 | 'entity_id' => 1, |
205 | 'tag_id' => $entity, | |
206 | 'entity_table' => $this->getTableForTag($entity), | |
207 | 'check_permissions' => TRUE, | |
208 | )); | |
209 | $this->callAPISuccessGetCount('EntityTag', array( | |
210 | 'entity_id' => 1, | |
211 | 'entity_table' => $this->getTableForTag($entity), | |
212 | ), ($entity == 'Contacts' ? 1 : 0)); | |
213 | } | |
214 | ||
215 | /** | |
216 | * All results returned. | |
217 | * | |
218 | * @implements CRM_Utils_Hook::aclWhereClause | |
219 | * | |
220 | * @param string $type | |
221 | * @param array $tables | |
222 | * @param array $whereTables | |
223 | * @param int $contactID | |
224 | * @param string $where | |
225 | */ | |
226 | public function aclWhereHookAllResults($type, &$tables, &$whereTables, &$contactID, &$where) { | |
227 | $where = " (1) "; | |
228 | } | |
229 | ||
230 | } |