3 +--------------------------------------------------------------------+
5 +--------------------------------------------------------------------+
6 | Copyright CiviCRM LLC (c) 2004-2019 |
7 +--------------------------------------------------------------------+
8 | This file is a part of CiviCRM. |
10 | CiviCRM is free software; you can copy, modify, and distribute it |
11 | under the terms of the GNU Affero General Public License |
12 | Version 3, 19 November 2007 and the CiviCRM Licensing Exception. |
14 | CiviCRM is distributed in the hope that it will be useful, but |
15 | WITHOUT ANY WARRANTY; without even the implied warranty of |
16 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
17 | See the GNU Affero General Public License for more details. |
19 | You should have received a copy of the GNU Affero General Public |
20 | License and the CiviCRM Licensing Exception along |
21 | with this program; if not, contact CiviCRM LLC |
22 | at info[AT]civicrm[DOT]org. If you have questions about the |
23 | GNU Affero General Public License or the licensing of CiviCRM, |
24 | see the CiviCRM license FAQ at http://civicrm.org/licensing |
25 +--------------------------------------------------------------------+
29 * Class CRM_Event_BAO_EventPermissionsTest
32 class CRM_Event_BAO_EventPermissionsTest
extends CiviUnitTestCase
{
34 public function setUp() {
36 $this->_contactId
= $this->createLoggedInUser();
37 $this->createOwnEvent();
38 $this->createOtherEvent();
41 public function createOwnEvent() {
42 $event = $this->eventCreate(array(
43 'created_id' => $this->_contactId
,
45 $this->_ownEventId
= $event['id'];
48 public function createOtherEvent() {
49 $this->_otherContactId
= $this->_contactId +
1;
50 $event = $this->eventCreate(array(
51 'created_id' => $this->_otherContactId
,
53 $this->_otherEventId
= $event['id'];
56 private function setViewOwnEventPermissions() {
57 CRM_Core_Config
::singleton()->userPermissionClass
->permissions
= ['access CiviCRM', 'access CiviEvent', 'view event info'];
60 private function setViewAllEventPermissions() {
61 CRM_Core_Config
::singleton()->userPermissionClass
->permissions
= ['access CiviCRM', 'access CiviEvent', 'view event info', 'view event participants'];
64 private function setEditAllEventPermissions() {
65 CRM_Core_Config
::singleton()->userPermissionClass
->permissions
= ['access CiviCRM', 'access CiviEvent', 'view event info', 'edit all events'];
68 private function setDeleteAllEventPermissions() {
69 CRM_Core_Config
::singleton()->userPermissionClass
->permissions
= ['access CiviCRM', 'access CiviEvent', 'view event info', 'delete in CiviEvent'];
72 public function testViewOwnEvent() {
73 self
::setViewOwnEventPermissions();
74 unset(\Civi
::$statics['CRM_Event_BAO_Event']['permissions']);
75 $permissions = CRM_Event_BAO_Event
::checkPermission($this->_ownEventId
, CRM_Core_Permission
::VIEW
);
76 $this->assertTrue($permissions);
77 // Now check that caching is actually working
78 \Civi
::$statics['CRM_Event_BAO_Event']['permission']['view'][$this->_ownEventId
] = FALSE;
79 $permissions = CRM_Event_BAO_Event
::checkPermission($this->_ownEventId
, CRM_Core_Permission
::VIEW
);
80 $this->assertFalse($permissions);
83 public function testEditOwnEvent() {
84 self
::setViewOwnEventPermissions();
85 unset(\Civi
::$statics['CRM_Event_BAO_Event']['permissions']);
86 $this->_loggedInUser
= CRM_Core_Session
::singleton()->get('userID');
87 $permissions = CRM_Event_BAO_Event
::checkPermission($this->_ownEventId
, CRM_Core_Permission
::EDIT
);
88 $this->assertTrue($permissions);
92 * This requires the same permissions as testDeleteOtherEvent()
94 public function testDeleteOwnEvent() {
95 // Check that you can't delete your own event without "Delete in CiviEvent" permission
96 self
::setViewOwnEventPermissions();
97 unset(\Civi
::$statics['CRM_Event_BAO_Event']['permissions']);
98 $permissions = CRM_Event_BAO_Event
::checkPermission($this->_ownEventId
, CRM_Core_Permission
::DELETE
);
99 $this->assertFalse($permissions);
102 public function testViewOtherEventDenied() {
103 $this->_loggedInUser
= CRM_Core_Session
::singleton()->get('userID');
104 self
::setViewOwnEventPermissions();
105 unset(\Civi
::$statics['CRM_Event_BAO_Event']['permissions']);
106 $permissions = CRM_Event_BAO_Event
::checkPermission($this->_otherEventId
, CRM_Core_Permission
::VIEW
);
107 $this->assertFalse($permissions);
110 public function testViewOtherEventAllowed() {
111 $this->_loggedInUser
= CRM_Core_Session
::singleton()->get('userID');
112 self
::setViewAllEventPermissions();
113 unset(\Civi
::$statics['CRM_Event_BAO_Event']['permissions']);
114 $permissions = CRM_Event_BAO_Event
::checkPermission($this->_otherEventId
, CRM_Core_Permission
::VIEW
);
115 $this->assertTrue($permissions);
118 public function testEditOtherEventDenied() {
119 $this->_loggedInUser
= CRM_Core_Session
::singleton()->get('userID');
120 self
::setViewAllEventPermissions();
121 unset(\Civi
::$statics['CRM_Event_BAO_Event']['permissions']);
122 $permissions = CRM_Event_BAO_Event
::checkPermission($this->_otherEventId
, CRM_Core_Permission
::EDIT
);
123 $this->assertFalse($permissions);
126 public function testEditOtherEventAllowed() {
127 $this->_loggedInUser
= CRM_Core_Session
::singleton()->get('userID');
128 self
::setEditAllEventPermissions();
129 unset(\Civi
::$statics['CRM_Event_BAO_Event']['permissions']);
130 $permissions = CRM_Event_BAO_Event
::checkPermission($this->_otherEventId
, CRM_Core_Permission
::EDIT
);
131 $this->assertTrue($permissions);
134 public function testDeleteOtherEventAllowed() {
135 self
::setDeleteAllEventPermissions();
136 unset(\Civi
::$statics['CRM_Event_BAO_Event']['permissions']);
137 $permissions = CRM_Event_BAO_Event
::checkPermission($this->_otherEventId
, CRM_Core_Permission
::DELETE
);
138 $this->assertTrue($permissions);
141 public function testDeleteOtherEventDenied() {
142 // FIXME: This test could be improved, but for now it checks that we can't delete if we don't have "Delete in CiviEvent"
143 self
::setEditAllEventPermissions();
144 unset(\Civi
::$statics['CRM_Event_BAO_Event']['permissions']);
145 $permissions = CRM_Event_BAO_Event
::checkPermission($this->_otherEventId
, CRM_Core_Permission
::DELETE
);
146 $this->assertFalse($permissions);