| 1 | <?php |
| 2 | /* |
| 3 | +--------------------------------------------------------------------+ |
| 4 | | Copyright CiviCRM LLC. All rights reserved. | |
| 5 | | | |
| 6 | | This work is published under the GNU AGPLv3 license with some | |
| 7 | | permitted exceptions and without any warranty. For full license | |
| 8 | | and copyright information, see https://civicrm.org/licensing | |
| 9 | +--------------------------------------------------------------------+ |
| 10 | */ |
| 11 | |
| 12 | /** |
| 13 | * Test APIv3 civicrm_contribute_* functions |
| 14 | * |
| 15 | * @package CiviCRM_APIv3 |
| 16 | * @subpackage API_Contribution |
| 17 | */ |
| 18 | class api_v3_FinancialTypeACLTest extends CiviUnitTestCase { |
| 19 | |
| 20 | use CRMTraits_Financial_FinancialACLTrait; |
| 21 | |
| 22 | protected $_individualId; |
| 23 | protected $_contribution; |
| 24 | protected $_financialTypeId = 1; |
| 25 | protected $_apiversion; |
| 26 | protected $_entity = 'Contribution'; |
| 27 | public $debug = 0; |
| 28 | protected $_params; |
| 29 | protected $_ids = []; |
| 30 | protected $_pageParams = []; |
| 31 | |
| 32 | /** |
| 33 | * Parameters to create payment processor. |
| 34 | * |
| 35 | * @var array |
| 36 | */ |
| 37 | protected $_processorParams = []; |
| 38 | |
| 39 | /** |
| 40 | * ID of created event. |
| 41 | * |
| 42 | * @var int |
| 43 | */ |
| 44 | protected $_eventID; |
| 45 | |
| 46 | /** |
| 47 | * Setup function. |
| 48 | */ |
| 49 | public function setUp() { |
| 50 | parent::setUp(); |
| 51 | |
| 52 | $this->_apiversion = 3; |
| 53 | $this->_individualId = $this->individualCreate(); |
| 54 | $this->_params = [ |
| 55 | 'contact_id' => $this->_individualId, |
| 56 | 'receive_date' => '20120511', |
| 57 | 'total_amount' => 100.00, |
| 58 | 'financial_type_id' => $this->_financialTypeId, |
| 59 | 'non_deductible_amount' => 10.00, |
| 60 | 'fee_amount' => 5.00, |
| 61 | 'net_amount' => 95.00, |
| 62 | 'source' => 'SSF', |
| 63 | 'contribution_status_id' => 1, |
| 64 | ]; |
| 65 | $this->_processorParams = [ |
| 66 | 'domain_id' => 1, |
| 67 | 'name' => 'Dummy', |
| 68 | 'payment_processor_type_id' => 10, |
| 69 | 'financial_account_id' => 12, |
| 70 | 'is_active' => 1, |
| 71 | 'user_name' => '', |
| 72 | 'url_site' => 'http://dummy.com', |
| 73 | 'url_recur' => 'http://dummy.com', |
| 74 | 'billing_mode' => 1, |
| 75 | ]; |
| 76 | $this->_pageParams = [ |
| 77 | 'title' => 'Test Contribution Page', |
| 78 | 'financial_type_id' => 1, |
| 79 | 'currency' => 'USD', |
| 80 | 'financial_account_id' => 1, |
| 81 | 'payment_processor' => $this->processorCreate(), |
| 82 | 'is_active' => 1, |
| 83 | 'is_allow_other_amount' => 1, |
| 84 | 'min_amount' => 10, |
| 85 | 'max_amount' => 1000, |
| 86 | ]; |
| 87 | } |
| 88 | |
| 89 | /** |
| 90 | * Clean up after each test. |
| 91 | * |
| 92 | * @throws \Exception |
| 93 | */ |
| 94 | public function tearDown() { |
| 95 | $this->quickCleanUpFinancialEntities(); |
| 96 | $this->quickCleanup(['civicrm_uf_match']); |
| 97 | $this->disableFinancialACLs(); |
| 98 | parent::tearDown(); |
| 99 | } |
| 100 | |
| 101 | /** |
| 102 | * Test Get. |
| 103 | */ |
| 104 | public function testCreateACLContribution() { |
| 105 | $this->enableFinancialACLs(); |
| 106 | $p = [ |
| 107 | 'contact_id' => $this->_individualId, |
| 108 | 'receive_date' => '2010-01-20', |
| 109 | 'total_amount' => 100.00, |
| 110 | 'financial_type_id' => $this->_financialTypeId, |
| 111 | 'non_deductible_amount' => 10.00, |
| 112 | 'fee_amount' => 5.00, |
| 113 | 'net_amount' => 95.00, |
| 114 | 'trxn_id' => 23456, |
| 115 | 'invoice_id' => 78910, |
| 116 | 'source' => 'SSF', |
| 117 | 'contribution_status_id' => 1, |
| 118 | 'check_permissions' => TRUE, |
| 119 | ]; |
| 120 | |
| 121 | $this->setPermissions([ |
| 122 | 'access CiviCRM', |
| 123 | 'access CiviContribute', |
| 124 | 'edit contributions', |
| 125 | ]); |
| 126 | $result = $this->callAPIFailure('contribution', 'create', $p); |
| 127 | $this->assertEquals('You do not have permission to create this contribution', $result['error_message']); |
| 128 | $this->addFinancialAclPermissions([['add', 'Donation']]); |
| 129 | |
| 130 | $contribution = $this->callAPISuccess('contribution', 'create', $p); |
| 131 | |
| 132 | $params = [ |
| 133 | 'contribution_id' => $contribution['id'], |
| 134 | ]; |
| 135 | |
| 136 | $this->setPermissions([ |
| 137 | 'access CiviCRM', |
| 138 | 'access CiviContribute', |
| 139 | 'edit contributions', |
| 140 | 'view contributions of type Donation', |
| 141 | 'delete contributions of type Donation', |
| 142 | ]); |
| 143 | |
| 144 | $contribution = $this->callAPISuccess('contribution', 'get', $params); |
| 145 | |
| 146 | $this->assertEquals(1, $contribution['count']); |
| 147 | $this->assertEquals($contribution['values'][$contribution['id']]['contact_id'], $this->_individualId); |
| 148 | $this->assertEquals($contribution['values'][$contribution['id']]['financial_type_id'], 1); |
| 149 | $this->assertEquals($contribution['values'][$contribution['id']]['total_amount'], 100.00); |
| 150 | $this->assertEquals($contribution['values'][$contribution['id']]['non_deductible_amount'], 10.00); |
| 151 | $this->assertEquals($contribution['values'][$contribution['id']]['fee_amount'], 5.00); |
| 152 | $this->assertEquals($contribution['values'][$contribution['id']]['net_amount'], 95.00); |
| 153 | $this->assertEquals($contribution['values'][$contribution['id']]['trxn_id'], 23456); |
| 154 | $this->assertEquals($contribution['values'][$contribution['id']]['invoice_id'], 78910); |
| 155 | $this->assertEquals($contribution['values'][$contribution['id']]['contribution_source'], 'SSF'); |
| 156 | $this->assertEquals($contribution['values'][$contribution['id']]['contribution_status'], 'Completed'); |
| 157 | $this->callAPISuccess('Contribution', 'Delete', [ |
| 158 | 'id' => $contribution['id'], |
| 159 | ]); |
| 160 | } |
| 161 | |
| 162 | /** |
| 163 | * Test that acl contributions can be retrieved. |
| 164 | */ |
| 165 | public function testGetACLContribution() { |
| 166 | $this->enableFinancialACLs(); |
| 167 | |
| 168 | $this->setPermissions([ |
| 169 | 'access CiviCRM', |
| 170 | 'access CiviContribute', |
| 171 | 'view all contacts', |
| 172 | 'add contributions of type Donation', |
| 173 | ]); |
| 174 | $contribution = $this->callAPISuccess('Contribution', 'create', $this->_params); |
| 175 | $this->callAPISuccess('Contribution', 'create', array_merge($this->_params, ['financial_type_id' => 'Member Dues'])); |
| 176 | |
| 177 | $params = [ |
| 178 | 'id' => $contribution['id'], |
| 179 | 'check_permissions' => TRUE, |
| 180 | ]; |
| 181 | $contribution = $this->callAPISuccess('contribution', 'get', $params); |
| 182 | $this->assertEquals($contribution['count'], 0); |
| 183 | |
| 184 | $this->addFinancialAclPermissions([['view', 'Donation']]); |
| 185 | $this->callAPISuccessGetSingle('contribution', $params); |
| 186 | $this->callAPISuccessGetCount('contribution', ['financial_type_id' => 'Member Dues', 'check_permissions' => 1], 0); |
| 187 | $this->callAPISuccessGetCount('contribution', ['financial_type_id' => 'Member Dues'], 1); |
| 188 | } |
| 189 | |
| 190 | /** |
| 191 | * Test checks that passing in line items suppresses the create mechanism. |
| 192 | */ |
| 193 | public function testCreateACLContributionChainedLineItems() { |
| 194 | $this->enableFinancialACLs(); |
| 195 | $params = [ |
| 196 | 'contact_id' => $this->_individualId, |
| 197 | 'receive_date' => '20120511', |
| 198 | 'total_amount' => 100.00, |
| 199 | 'financial_type_id' => $this->_financialTypeId, |
| 200 | 'payment_instrument_id' => 1, |
| 201 | 'non_deductible_amount' => 10.00, |
| 202 | 'fee_amount' => 50.00, |
| 203 | 'net_amount' => 90.00, |
| 204 | 'source' => 'SSF', |
| 205 | 'contribution_status_id' => 1, |
| 206 | 'check_permissions' => TRUE, |
| 207 | 'api.line_item.create' => [ |
| 208 | [ |
| 209 | 'price_field_id' => 1, |
| 210 | 'qty' => 2, |
| 211 | 'line_total' => '20', |
| 212 | 'unit_price' => '10', |
| 213 | 'financial_type_id' => 1, |
| 214 | ], |
| 215 | [ |
| 216 | 'price_field_id' => 1, |
| 217 | 'qty' => 1, |
| 218 | 'line_total' => '80', |
| 219 | 'unit_price' => '80', |
| 220 | 'financial_type_id' => 2, |
| 221 | ], |
| 222 | ], |
| 223 | ]; |
| 224 | |
| 225 | $this->setPermissions([ |
| 226 | 'access CiviCRM', |
| 227 | 'access CiviContribute', |
| 228 | 'edit contributions', |
| 229 | 'delete in CiviContribute', |
| 230 | 'add contributions of type Donation', |
| 231 | 'delete contributions of type Donation', |
| 232 | ]); |
| 233 | $this->callAPIFailure('contribution', 'create', $params, 'Error in call to LineItem_create : You do not have permission to create this line item'); |
| 234 | |
| 235 | // Check that the entire contribution has rolled back. |
| 236 | $contribution = $this->callAPISuccess('contribution', 'get', []); |
| 237 | $this->assertEquals(0, $contribution['count']); |
| 238 | |
| 239 | $this->addFinancialAclPermissions([ |
| 240 | ['add', 'Member Dues'], |
| 241 | ['view', 'Donation'], |
| 242 | ['view', 'Member Dues'], |
| 243 | ['delete', 'Member Dues'], |
| 244 | ]); |
| 245 | $contribution = $this->callAPISuccess('contribution', 'create', $params); |
| 246 | |
| 247 | $lineItemParams = [ |
| 248 | 'contribution_id' => $contribution['id'], |
| 249 | 'entity_table' => 'civicrm_contribution', |
| 250 | ]; |
| 251 | $lineItems = $this->callAPISuccess('LineItem', 'get', $lineItemParams); |
| 252 | $this->assertEquals(3, $lineItems['count']); |
| 253 | $this->assertEquals(100.00, $lineItems['values'][3]['line_total']); |
| 254 | $this->assertEquals(20, $lineItems['values'][4]['line_total']); |
| 255 | $this->assertEquals(80, $lineItems['values'][5]['line_total']); |
| 256 | $this->assertEquals(1, $lineItems['values'][3]['financial_type_id']); |
| 257 | $this->assertEquals(1, $lineItems['values'][4]['financial_type_id']); |
| 258 | $this->assertEquals(2, $lineItems['values'][5]['financial_type_id']); |
| 259 | |
| 260 | $this->callAPISuccess('Contribution', 'Delete', [ |
| 261 | 'id' => $contribution['id'], |
| 262 | ]); |
| 263 | } |
| 264 | |
| 265 | /** |
| 266 | * Test that acl contributions can be edited. |
| 267 | */ |
| 268 | public function testEditACLContribution() { |
| 269 | $this->enableFinancialACLs(); |
| 270 | $contribution = $this->callAPISuccess('Contribution', 'create', $this->_params); |
| 271 | |
| 272 | $params = [ |
| 273 | 'id' => $contribution['id'], |
| 274 | 'check_permissions' => TRUE, |
| 275 | 'total_amount' => 200.00, |
| 276 | ]; |
| 277 | |
| 278 | $this->setPermissions([ |
| 279 | 'access CiviCRM', |
| 280 | 'access CiviContribute', |
| 281 | 'edit contributions', |
| 282 | 'view contributions of type Donation', |
| 283 | ]); |
| 284 | $this->callAPIFailure('Contribution', 'create', $params); |
| 285 | |
| 286 | $this->addFinancialAclPermissions([['edit', 'Donation']]); |
| 287 | $contribution = $this->callAPISuccess('Contribution', 'create', $params); |
| 288 | |
| 289 | $this->assertEquals($contribution['values'][$contribution['id']]['total_amount'], 200.00); |
| 290 | } |
| 291 | |
| 292 | /** |
| 293 | * Test that acl contributions can be deleted. |
| 294 | */ |
| 295 | public function testDeleteACLContribution() { |
| 296 | $this->enableFinancialACLs(); |
| 297 | |
| 298 | $this->setPermissions([ |
| 299 | 'access CiviCRM', |
| 300 | 'access CiviContribute', |
| 301 | 'view all contacts', |
| 302 | 'add contributions of type Donation', |
| 303 | ]); |
| 304 | $contribution = $this->callAPISuccess('Contribution', 'create', $this->_params); |
| 305 | |
| 306 | $params = [ |
| 307 | 'contribution_id' => $contribution['id'], |
| 308 | 'check_permissions' => TRUE, |
| 309 | ]; |
| 310 | $this->addPermissions(['delete in CiviContribute']); |
| 311 | $this->callAPIFailure('Contribution', 'delete', $params); |
| 312 | |
| 313 | $this->addFinancialAclPermissions([['delete', 'Donation']]); |
| 314 | $contribution = $this->callAPISuccess('Contribution', 'delete', $params); |
| 315 | |
| 316 | $this->assertEquals($contribution['count'], 1); |
| 317 | } |
| 318 | |
| 319 | } |