83a2ebb6 |
1 | <?php |
2 | /* |
3 | +--------------------------------------------------------------------+ |
4 | | CiviCRM version 4.7 | |
5 | +--------------------------------------------------------------------+ |
fa938177 |
6 | | Copyright CiviCRM LLC (c) 2004-2016 | |
83a2ebb6 |
7 | +--------------------------------------------------------------------+ |
8 | | This file is a part of CiviCRM. | |
9 | | | |
10 | | CiviCRM is free software; you can copy, modify, and distribute it | |
11 | | under the terms of the GNU Affero General Public License | |
12 | | Version 3, 19 November 2007 and the CiviCRM Licensing Exception. | |
13 | | | |
14 | | CiviCRM is distributed in the hope that it will be useful, but | |
15 | | WITHOUT ANY WARRANTY; without even the implied warranty of | |
16 | | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. | |
17 | | See the GNU Affero General Public License for more details. | |
18 | | | |
19 | | You should have received a copy of the GNU Affero General Public | |
20 | | License and the CiviCRM Licensing Exception along | |
21 | | with this program; if not, contact CiviCRM LLC | |
22 | | at info[AT]civicrm[DOT]org. If you have questions about the | |
23 | | GNU Affero General Public License or the licensing of CiviCRM, | |
24 | | see the CiviCRM license FAQ at http://civicrm.org/licensing | |
25 | +--------------------------------------------------------------------+ |
26 | */ |
27 | |
28 | /** |
29 | * Test APIv3 civicrm_entity_tag_* functions |
30 | * |
31 | * @package CiviCRM_APIv3 |
32 | * @subpackage API_Core |
33 | */ |
34 | |
83a2ebb6 |
35 | /** |
36 | * Class api_v3_EntityTagTest. |
37 | * |
38 | * This test class was introduced to ensure that the fix for CRM-17350 (reducing the required permission |
39 | * from edit all contacts to has right to edit this contact) would not result in inappropriate permission opening on |
40 | * other entities. Other entities are still too restricted but that is a larger job. |
acb109b7 |
41 | * @group headless |
83a2ebb6 |
42 | */ |
43 | class api_v3_EntityTagACLTest extends CiviUnitTestCase { |
44 | |
45 | /** |
46 | * API Version in use. |
47 | * |
48 | * @var int |
49 | */ |
50 | protected $_apiversion = 3; |
51 | |
52 | /** |
53 | * Entity being tested. |
54 | * |
55 | * @var string |
56 | */ |
57 | protected $_entity = 'entity_tag'; |
58 | |
59 | /** |
60 | * Set up permissions for test. |
61 | */ |
62 | public function setUp() { |
63 | $this->useTransaction(TRUE); |
64 | parent::setUp(); |
65 | $individualID = $this->individualCreate(); |
66 | $daoObj = new CRM_Core_DAO(); |
67 | $this->callAPISuccess('Attachment', 'create', array( |
68 | 'entity_table' => 'civicrm_contact', |
69 | 'entity_id' => $individualID, |
70 | 'mime_type' => 'k', |
71 | 'name' => 'p', |
72 | 'content' => 'l', |
73 | )); |
74 | $daoObj->createTestObject('CRM_Activity_BAO_Activity', array(), 1, 0); |
75 | $daoObj->createTestObject('CRM_Case_BAO_Case', array(), 1, 0); |
76 | $entities = $this->getTagOptions(); |
77 | foreach ($entities as $key => $entity) { |
78 | $this->callAPISuccess('Tag', 'create', array( |
79 | 'used_for' => $key, |
80 | 'name' => $entity, |
81 | 'description' => $entity, |
82 | ) |
83 | ); |
84 | } |
85 | CRM_Core_Config::singleton()->userPermissionClass->permissions = array('access CiviCRM'); |
86 | } |
87 | |
88 | /** |
89 | * Get the options for the used_for fields. |
90 | * |
91 | * @return array |
92 | */ |
93 | public function getTagOptions() { |
94 | $options = $this->callAPISuccess('Tag', 'getoptions', array('field' => 'used_for')); |
95 | return $options['values']; |
96 | } |
97 | |
98 | /** |
99 | * Get the entity table for a tag label. |
100 | * |
101 | * @param string $entity |
102 | * |
103 | * @return string |
104 | */ |
105 | protected function getTableForTag($entity) { |
106 | $options = $this->getTagOptions(); |
107 | return array_search($entity, $options); |
108 | } |
109 | /** |
110 | * Get entities which can be tagged in data provider format. |
111 | */ |
112 | public function taggableEntities() { |
113 | $return = array(); |
114 | foreach ($this->getTagOptions() as $entity) { |
115 | $return[] = array($entity); |
116 | } |
117 | return $return; |
118 | } |
119 | |
120 | /** |
121 | * This test checks that users with edit all contacts can edit all tags. |
122 | * |
123 | * @dataProvider taggableEntities |
124 | * |
125 | * We are looking to see that a contact with edit all contacts can still add all tags (for all |
126 | * tag entities since that was how it was historically and we are not fixing non-contact entities). |
127 | * |
128 | * @param string $entity |
129 | * Entity to test |
130 | */ |
131 | public function testThatForEntitiesEditAllContactsCanAddTags($entity) { |
132 | |
980fd807 |
133 | CRM_Core_Config::singleton()->userPermissionClass->permissions = array('edit all contacts', 'access CiviCRM'); |
83a2ebb6 |
134 | $this->callAPISuccess('EntityTag', 'create', array( |
135 | 'entity_id' => 1, |
136 | 'tag_id' => $entity, |
137 | 'check_permissions' => TRUE, |
138 | 'entity_table' => $this->getTableForTag($entity), |
139 | )); |
140 | $this->callAPISuccessGetCount('EntityTag', array( |
141 | 'entity_id' => 1, |
142 | 'entity_table' => $this->getTableForTag($entity), |
143 | ), 1); |
144 | } |
145 | |
146 | /** |
147 | * This test checks that an ACL or edit all contacts is required to be able to create a contact. |
148 | * |
149 | * @dataProvider taggableEntities |
150 | */ |
151 | public function testThatForEntityWithoutACLOrEditAllThereIsNoAccess($entity) { |
152 | |
153 | CRM_Core_Config::singleton()->userPermissionClass->permissions = array('access CiviCRM', 'view all contacts'); |
154 | $this->callAPISuccess('EntityTag', 'create', array( |
155 | 'entity_id' => 1, |
156 | 'tag_id' => $entity, |
157 | 'check_permissions' => TRUE, |
158 | 'entity_table' => $this->getTableForTag($entity), |
159 | )); |
160 | $this->callAPISuccessGetCount('EntityTag', array( |
161 | 'entity_id' => 1, |
162 | 'entity_table' => $this->getTableForTag($entity), |
163 | ), 0); |
164 | } |
165 | |
166 | /** |
167 | * This test checks that permissions are not applied when check_permissions is off. |
168 | * |
169 | * @dataProvider taggableEntities |
170 | * |
171 | * @param string $entity |
172 | * Entity to test |
173 | */ |
174 | public function testCheckPermissionsOffWorks($entity) { |
175 | |
176 | CRM_Core_Config::singleton()->userPermissionClass->permissions = array('access CiviCRM', 'view all contacts'); |
177 | $result = $this->callAPISuccess('EntityTag', 'create', array( |
178 | 'entity_id' => 1, |
179 | 'tag_id' => $entity, |
180 | 'check_permissions' => 0, |
181 | 'entity_table' => $this->getTableForTag($entity), |
182 | )); |
183 | $this->assertEquals(1, $result['added']); |
184 | $this->callAPISuccessGetCount('EntityTag', array( |
185 | 'entity_id' => 1, |
186 | 'entity_table' => $this->getTableForTag($entity), |
187 | 'check_permissions' => 0, |
188 | ), 1); |
189 | } |
190 | |
191 | /** |
192 | * This test checks ACLs can be used to control who can edit a contact. |
193 | * |
194 | * Note that for other entities this hook will not allow them to edit the entity_tag and they still need |
195 | * edit all contacts (pending a more extensive fix). |
196 | * |
197 | * @dataProvider taggableEntities |
198 | * |
199 | * @param string $entity |
200 | * Entity to test |
201 | */ |
202 | public function testThatForEntitiesACLApplies($entity) { |
203 | |
204 | CRM_Core_Config::singleton()->userPermissionClass->permissions = array('access CiviCRM', 'view all contacts'); |
205 | $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookAllResults')); |
206 | $this->callAPISuccess('EntityTag', 'create', array( |
207 | 'entity_id' => 1, |
208 | 'tag_id' => $entity, |
209 | 'entity_table' => $this->getTableForTag($entity), |
210 | 'check_permissions' => TRUE, |
211 | )); |
212 | $this->callAPISuccessGetCount('EntityTag', array( |
213 | 'entity_id' => 1, |
214 | 'entity_table' => $this->getTableForTag($entity), |
215 | ), ($entity == 'Contacts' ? 1 : 0)); |
216 | } |
217 | |
218 | /** |
219 | * All results returned. |
220 | * |
221 | * @implements CRM_Utils_Hook::aclWhereClause |
222 | * |
223 | * @param string $type |
224 | * @param array $tables |
225 | * @param array $whereTables |
226 | * @param int $contactID |
227 | * @param string $where |
228 | */ |
229 | public function aclWhereHookAllResults($type, &$tables, &$whereTables, &$contactID, &$where) { |
230 | $where = " (1) "; |
231 | } |
232 | |
233 | } |