| 1 | <?php |
| 2 | /* |
| 3 | +--------------------------------------------------------------------+ |
| 4 | | CiviCRM version 4.7 | |
| 5 | +--------------------------------------------------------------------+ |
| 6 | | Copyright CiviCRM LLC (c) 2004-2015 | |
| 7 | +--------------------------------------------------------------------+ |
| 8 | | This file is a part of CiviCRM. | |
| 9 | | | |
| 10 | | CiviCRM is free software; you can copy, modify, and distribute it | |
| 11 | | under the terms of the GNU Affero General Public License | |
| 12 | | Version 3, 19 November 2007 and the CiviCRM Licensing Exception. | |
| 13 | | | |
| 14 | | CiviCRM is distributed in the hope that it will be useful, but | |
| 15 | | WITHOUT ANY WARRANTY; without even the implied warranty of | |
| 16 | | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. | |
| 17 | | See the GNU Affero General Public License for more details. | |
| 18 | | | |
| 19 | | You should have received a copy of the GNU Affero General Public | |
| 20 | | License and the CiviCRM Licensing Exception along | |
| 21 | | with this program; if not, contact CiviCRM LLC | |
| 22 | | at info[AT]civicrm[DOT]org. If you have questions about the | |
| 23 | | GNU Affero General Public License or the licensing of CiviCRM, | |
| 24 | | see the CiviCRM license FAQ at http://civicrm.org/licensing | |
| 25 | +--------------------------------------------------------------------+ |
| 26 | */ |
| 27 | |
| 28 | /** |
| 29 | * Test APIv3 civicrm_entity_tag_* functions |
| 30 | * |
| 31 | * @package CiviCRM_APIv3 |
| 32 | * @subpackage API_Core |
| 33 | */ |
| 34 | |
| 35 | /** |
| 36 | * Class api_v3_EntityTagTest. |
| 37 | * |
| 38 | * This test class was introduced to ensure that the fix for CRM-17350 (reducing the required permission |
| 39 | * from edit all contacts to has right to edit this contact) would not result in inappropriate permission opening on |
| 40 | * other entities. Other entities are still too restricted but that is a larger job. |
| 41 | * @group headless |
| 42 | */ |
| 43 | class api_v3_EntityTagACLTest extends CiviUnitTestCase { |
| 44 | |
| 45 | /** |
| 46 | * API Version in use. |
| 47 | * |
| 48 | * @var int |
| 49 | */ |
| 50 | protected $_apiversion = 3; |
| 51 | |
| 52 | /** |
| 53 | * Entity being tested. |
| 54 | * |
| 55 | * @var string |
| 56 | */ |
| 57 | protected $_entity = 'entity_tag'; |
| 58 | |
| 59 | /** |
| 60 | * Set up permissions for test. |
| 61 | */ |
| 62 | public function setUp() { |
| 63 | $this->useTransaction(TRUE); |
| 64 | parent::setUp(); |
| 65 | $individualID = $this->individualCreate(); |
| 66 | $daoObj = new CRM_Core_DAO(); |
| 67 | $this->callAPISuccess('Attachment', 'create', array( |
| 68 | 'entity_table' => 'civicrm_contact', |
| 69 | 'entity_id' => $individualID, |
| 70 | 'mime_type' => 'k', |
| 71 | 'name' => 'p', |
| 72 | 'content' => 'l', |
| 73 | )); |
| 74 | $daoObj->createTestObject('CRM_Activity_BAO_Activity', array(), 1, 0); |
| 75 | $daoObj->createTestObject('CRM_Case_BAO_Case', array(), 1, 0); |
| 76 | $entities = $this->getTagOptions(); |
| 77 | foreach ($entities as $key => $entity) { |
| 78 | $this->callAPISuccess('Tag', 'create', array( |
| 79 | 'used_for' => $key, |
| 80 | 'name' => $entity, |
| 81 | 'description' => $entity, |
| 82 | ) |
| 83 | ); |
| 84 | } |
| 85 | CRM_Core_Config::singleton()->userPermissionClass->permissions = array('access CiviCRM'); |
| 86 | } |
| 87 | |
| 88 | /** |
| 89 | * Get the options for the used_for fields. |
| 90 | * |
| 91 | * @return array |
| 92 | */ |
| 93 | public function getTagOptions() { |
| 94 | $options = $this->callAPISuccess('Tag', 'getoptions', array('field' => 'used_for')); |
| 95 | return $options['values']; |
| 96 | } |
| 97 | |
| 98 | /** |
| 99 | * Get the entity table for a tag label. |
| 100 | * |
| 101 | * @param string $entity |
| 102 | * |
| 103 | * @return string |
| 104 | */ |
| 105 | protected function getTableForTag($entity) { |
| 106 | $options = $this->getTagOptions(); |
| 107 | return array_search($entity, $options); |
| 108 | } |
| 109 | /** |
| 110 | * Get entities which can be tagged in data provider format. |
| 111 | */ |
| 112 | public function taggableEntities() { |
| 113 | $return = array(); |
| 114 | foreach ($this->getTagOptions() as $entity) { |
| 115 | $return[] = array($entity); |
| 116 | } |
| 117 | return $return; |
| 118 | } |
| 119 | |
| 120 | /** |
| 121 | * This test checks that users with edit all contacts can edit all tags. |
| 122 | * |
| 123 | * @dataProvider taggableEntities |
| 124 | * |
| 125 | * We are looking to see that a contact with edit all contacts can still add all tags (for all |
| 126 | * tag entities since that was how it was historically and we are not fixing non-contact entities). |
| 127 | * |
| 128 | * @param string $entity |
| 129 | * Entity to test |
| 130 | */ |
| 131 | public function testThatForEntitiesEditAllContactsCanAddTags($entity) { |
| 132 | |
| 133 | CRM_Core_Config::singleton()->userPermissionClass->permissions = array('edit all contacts', 'access CiviCRM'); |
| 134 | $this->callAPISuccess('EntityTag', 'create', array( |
| 135 | 'entity_id' => 1, |
| 136 | 'tag_id' => $entity, |
| 137 | 'check_permissions' => TRUE, |
| 138 | 'entity_table' => $this->getTableForTag($entity), |
| 139 | )); |
| 140 | $this->callAPISuccessGetCount('EntityTag', array( |
| 141 | 'entity_id' => 1, |
| 142 | 'entity_table' => $this->getTableForTag($entity), |
| 143 | ), 1); |
| 144 | } |
| 145 | |
| 146 | /** |
| 147 | * This test checks that an ACL or edit all contacts is required to be able to create a contact. |
| 148 | * |
| 149 | * @dataProvider taggableEntities |
| 150 | */ |
| 151 | public function testThatForEntityWithoutACLOrEditAllThereIsNoAccess($entity) { |
| 152 | |
| 153 | CRM_Core_Config::singleton()->userPermissionClass->permissions = array('access CiviCRM', 'view all contacts'); |
| 154 | $this->callAPISuccess('EntityTag', 'create', array( |
| 155 | 'entity_id' => 1, |
| 156 | 'tag_id' => $entity, |
| 157 | 'check_permissions' => TRUE, |
| 158 | 'entity_table' => $this->getTableForTag($entity), |
| 159 | )); |
| 160 | $this->callAPISuccessGetCount('EntityTag', array( |
| 161 | 'entity_id' => 1, |
| 162 | 'entity_table' => $this->getTableForTag($entity), |
| 163 | ), 0); |
| 164 | } |
| 165 | |
| 166 | /** |
| 167 | * This test checks that permissions are not applied when check_permissions is off. |
| 168 | * |
| 169 | * @dataProvider taggableEntities |
| 170 | * |
| 171 | * @param string $entity |
| 172 | * Entity to test |
| 173 | */ |
| 174 | public function testCheckPermissionsOffWorks($entity) { |
| 175 | |
| 176 | CRM_Core_Config::singleton()->userPermissionClass->permissions = array('access CiviCRM', 'view all contacts'); |
| 177 | $result = $this->callAPISuccess('EntityTag', 'create', array( |
| 178 | 'entity_id' => 1, |
| 179 | 'tag_id' => $entity, |
| 180 | 'check_permissions' => 0, |
| 181 | 'entity_table' => $this->getTableForTag($entity), |
| 182 | )); |
| 183 | $this->assertEquals(1, $result['added']); |
| 184 | $this->callAPISuccessGetCount('EntityTag', array( |
| 185 | 'entity_id' => 1, |
| 186 | 'entity_table' => $this->getTableForTag($entity), |
| 187 | 'check_permissions' => 0, |
| 188 | ), 1); |
| 189 | } |
| 190 | |
| 191 | /** |
| 192 | * This test checks ACLs can be used to control who can edit a contact. |
| 193 | * |
| 194 | * Note that for other entities this hook will not allow them to edit the entity_tag and they still need |
| 195 | * edit all contacts (pending a more extensive fix). |
| 196 | * |
| 197 | * @dataProvider taggableEntities |
| 198 | * |
| 199 | * @param string $entity |
| 200 | * Entity to test |
| 201 | */ |
| 202 | public function testThatForEntitiesACLApplies($entity) { |
| 203 | |
| 204 | CRM_Core_Config::singleton()->userPermissionClass->permissions = array('access CiviCRM', 'view all contacts'); |
| 205 | $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookAllResults')); |
| 206 | $this->callAPISuccess('EntityTag', 'create', array( |
| 207 | 'entity_id' => 1, |
| 208 | 'tag_id' => $entity, |
| 209 | 'entity_table' => $this->getTableForTag($entity), |
| 210 | 'check_permissions' => TRUE, |
| 211 | )); |
| 212 | $this->callAPISuccessGetCount('EntityTag', array( |
| 213 | 'entity_id' => 1, |
| 214 | 'entity_table' => $this->getTableForTag($entity), |
| 215 | ), ($entity == 'Contacts' ? 1 : 0)); |
| 216 | } |
| 217 | |
| 218 | /** |
| 219 | * All results returned. |
| 220 | * |
| 221 | * @implements CRM_Utils_Hook::aclWhereClause |
| 222 | * |
| 223 | * @param string $type |
| 224 | * @param array $tables |
| 225 | * @param array $whereTables |
| 226 | * @param int $contactID |
| 227 | * @param string $where |
| 228 | */ |
| 229 | public function aclWhereHookAllResults($type, &$tables, &$whereTables, &$contactID, &$where) { |
| 230 | $where = " (1) "; |
| 231 | } |
| 232 | |
| 233 | } |