Commit | Line | Data |
---|---|---|
83a2ebb6 | 1 | <?php |
2 | /* | |
3 | +--------------------------------------------------------------------+ | |
7d61e75f | 4 | | Copyright CiviCRM LLC. All rights reserved. | |
83a2ebb6 | 5 | | | |
7d61e75f TO |
6 | | This work is published under the GNU AGPLv3 license with some | |
7 | | permitted exceptions and without any warranty. For full license | | |
8 | | and copyright information, see https://civicrm.org/licensing | | |
83a2ebb6 | 9 | +--------------------------------------------------------------------+ |
10 | */ | |
11 | ||
12 | /** | |
13 | * Test APIv3 civicrm_entity_tag_* functions | |
14 | * | |
15 | * @package CiviCRM_APIv3 | |
16 | * @subpackage API_Core | |
17 | */ | |
18 | ||
83a2ebb6 | 19 | /** |
20 | * Class api_v3_EntityTagTest. | |
21 | * | |
22 | * This test class was introduced to ensure that the fix for CRM-17350 (reducing the required permission | |
23 | * from edit all contacts to has right to edit this contact) would not result in inappropriate permission opening on | |
24 | * other entities. Other entities are still too restricted but that is a larger job. | |
acb109b7 | 25 | * @group headless |
83a2ebb6 | 26 | */ |
27 | class api_v3_EntityTagACLTest extends CiviUnitTestCase { | |
28 | ||
2af6f0c0 | 29 | use CRMTraits_ACL_PermissionTrait; |
30 | ||
83a2ebb6 | 31 | /** |
32 | * API Version in use. | |
33 | * | |
34 | * @var int | |
35 | */ | |
36 | protected $_apiversion = 3; | |
37 | ||
38 | /** | |
39 | * Entity being tested. | |
40 | * | |
41 | * @var string | |
42 | */ | |
43 | protected $_entity = 'entity_tag'; | |
44 | ||
45 | /** | |
46 | * Set up permissions for test. | |
47 | */ | |
48 | public function setUp() { | |
49 | $this->useTransaction(TRUE); | |
50 | parent::setUp(); | |
51 | $individualID = $this->individualCreate(); | |
52 | $daoObj = new CRM_Core_DAO(); | |
9099cab3 | 53 | $this->callAPISuccess('Attachment', 'create', [ |
83a2ebb6 | 54 | 'entity_table' => 'civicrm_contact', |
55 | 'entity_id' => $individualID, | |
56 | 'mime_type' => 'k', | |
57 | 'name' => 'p', | |
58 | 'content' => 'l', | |
9099cab3 CW |
59 | ]); |
60 | $daoObj->createTestObject('CRM_Activity_BAO_Activity', [], 1, 0); | |
61 | $daoObj->createTestObject('CRM_Case_BAO_Case', [], 1, 0); | |
83a2ebb6 | 62 | $entities = $this->getTagOptions(); |
63 | foreach ($entities as $key => $entity) { | |
9099cab3 | 64 | $this->callAPISuccess('Tag', 'create', [ |
83a2ebb6 | 65 | 'used_for' => $key, |
66 | 'name' => $entity, | |
67 | 'description' => $entity, | |
9099cab3 | 68 | ]); |
83a2ebb6 | 69 | } |
9099cab3 | 70 | CRM_Core_Config::singleton()->userPermissionClass->permissions = ['access CiviCRM']; |
83a2ebb6 | 71 | } |
72 | ||
73 | /** | |
74 | * Get the options for the used_for fields. | |
75 | * | |
76 | * @return array | |
77 | */ | |
78 | public function getTagOptions() { | |
9099cab3 | 79 | $options = $this->callAPISuccess('Tag', 'getoptions', ['field' => 'used_for']); |
83a2ebb6 | 80 | return $options['values']; |
81 | } | |
82 | ||
83 | /** | |
84 | * Get the entity table for a tag label. | |
85 | * | |
86 | * @param string $entity | |
87 | * | |
88 | * @return string | |
89 | */ | |
90 | protected function getTableForTag($entity) { | |
91 | $options = $this->getTagOptions(); | |
92 | return array_search($entity, $options); | |
93 | } | |
39b959db | 94 | |
83a2ebb6 | 95 | /** |
96 | * Get entities which can be tagged in data provider format. | |
97 | */ | |
98 | public function taggableEntities() { | |
9099cab3 | 99 | $return = []; |
83a2ebb6 | 100 | foreach ($this->getTagOptions() as $entity) { |
9099cab3 | 101 | $return[] = [$entity]; |
83a2ebb6 | 102 | } |
103 | return $return; | |
104 | } | |
105 | ||
106 | /** | |
107 | * This test checks that users with edit all contacts can edit all tags. | |
108 | * | |
109 | * @dataProvider taggableEntities | |
110 | * | |
111 | * We are looking to see that a contact with edit all contacts can still add all tags (for all | |
112 | * tag entities since that was how it was historically and we are not fixing non-contact entities). | |
113 | * | |
114 | * @param string $entity | |
115 | * Entity to test | |
116 | */ | |
117 | public function testThatForEntitiesEditAllContactsCanAddTags($entity) { | |
118 | ||
9099cab3 CW |
119 | CRM_Core_Config::singleton()->userPermissionClass->permissions = ['edit all contacts', 'access CiviCRM']; |
120 | $this->callAPISuccess('EntityTag', 'create', [ | |
83a2ebb6 | 121 | 'entity_id' => 1, |
122 | 'tag_id' => $entity, | |
123 | 'check_permissions' => TRUE, | |
124 | 'entity_table' => $this->getTableForTag($entity), | |
9099cab3 CW |
125 | ]); |
126 | $this->callAPISuccessGetCount('EntityTag', [ | |
83a2ebb6 | 127 | 'entity_id' => 1, |
128 | 'entity_table' => $this->getTableForTag($entity), | |
9099cab3 | 129 | ], 1); |
83a2ebb6 | 130 | } |
131 | ||
132 | /** | |
133 | * This test checks that an ACL or edit all contacts is required to be able to create a contact. | |
134 | * | |
135 | * @dataProvider taggableEntities | |
136 | */ | |
137 | public function testThatForEntityWithoutACLOrEditAllThereIsNoAccess($entity) { | |
138 | ||
9099cab3 CW |
139 | CRM_Core_Config::singleton()->userPermissionClass->permissions = ['access CiviCRM', 'view all contacts']; |
140 | $this->callAPIFailure('EntityTag', 'create', [ | |
83a2ebb6 | 141 | 'entity_id' => 1, |
142 | 'tag_id' => $entity, | |
143 | 'check_permissions' => TRUE, | |
144 | 'entity_table' => $this->getTableForTag($entity), | |
9099cab3 | 145 | ]); |
83a2ebb6 | 146 | } |
147 | ||
148 | /** | |
149 | * This test checks that permissions are not applied when check_permissions is off. | |
150 | * | |
151 | * @dataProvider taggableEntities | |
152 | * | |
153 | * @param string $entity | |
154 | * Entity to test | |
155 | */ | |
156 | public function testCheckPermissionsOffWorks($entity) { | |
157 | ||
9099cab3 CW |
158 | CRM_Core_Config::singleton()->userPermissionClass->permissions = ['access CiviCRM', 'view all contacts']; |
159 | $result = $this->callAPISuccess('EntityTag', 'create', [ | |
83a2ebb6 | 160 | 'entity_id' => 1, |
161 | 'tag_id' => $entity, | |
162 | 'check_permissions' => 0, | |
163 | 'entity_table' => $this->getTableForTag($entity), | |
9099cab3 | 164 | ]); |
83a2ebb6 | 165 | $this->assertEquals(1, $result['added']); |
9099cab3 | 166 | $this->callAPISuccessGetCount('EntityTag', [ |
83a2ebb6 | 167 | 'entity_id' => 1, |
168 | 'entity_table' => $this->getTableForTag($entity), | |
169 | 'check_permissions' => 0, | |
9099cab3 | 170 | ], 1); |
83a2ebb6 | 171 | } |
172 | ||
173 | /** | |
174 | * This test checks ACLs can be used to control who can edit a contact. | |
175 | * | |
176 | * Note that for other entities this hook will not allow them to edit the entity_tag and they still need | |
177 | * edit all contacts (pending a more extensive fix). | |
178 | * | |
179 | * @dataProvider taggableEntities | |
180 | * | |
181 | * @param string $entity | |
182 | * Entity to test | |
183 | */ | |
184 | public function testThatForEntitiesACLApplies($entity) { | |
185 | ||
9099cab3 CW |
186 | CRM_Core_Config::singleton()->userPermissionClass->permissions = ['access CiviCRM', 'view all contacts']; |
187 | $this->hookClass->setHook('civicrm_aclWhereClause', [$this, 'aclWhereHookAllResults']); | |
188 | civicrm_api('EntityTag', 'create', [ | |
3cdb86a6 | 189 | 'version' => 3, |
83a2ebb6 | 190 | 'entity_id' => 1, |
191 | 'tag_id' => $entity, | |
192 | 'entity_table' => $this->getTableForTag($entity), | |
193 | 'check_permissions' => TRUE, | |
9099cab3 CW |
194 | ]); |
195 | $this->callAPISuccessGetCount('EntityTag', [ | |
83a2ebb6 | 196 | 'entity_id' => 1, |
197 | 'entity_table' => $this->getTableForTag($entity), | |
9099cab3 | 198 | ], ($entity == 'Contacts' ? 1 : 0)); |
83a2ebb6 | 199 | } |
200 | ||
83a2ebb6 | 201 | } |