projects / civicrm-core.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #15944 from magnolia61/Sort_CMS_tables_alphabetically
[civicrm-core.git] / tests / phpunit / CRM / Event / BAO / EventPermissionsTest.php
1 <?php
2 /*
3 +--------------------------------------------------------------------+
4 | Copyright CiviCRM LLC. All rights reserved. |
5 | |
6 | This work is published under the GNU AGPLv3 license with some |
7 | permitted exceptions and without any warranty. For full license |
8 | and copyright information, see https://civicrm.org/licensing |
9 +--------------------------------------------------------------------+
10 */
11
12 /**
13 * Class CRM_Event_BAO_EventPermissionsTest
14 * @group headless
15 */
16 class CRM_Event_BAO_EventPermissionsTest extends CiviUnitTestCase {
17
18 public function setUp() {
19 parent::setUp();
20 $this->_contactId = $this->createLoggedInUser();
21 $this->createOwnEvent();
22 $this->createOtherEvent();
23 }
24
25 public function createOwnEvent() {
26 $event = $this->eventCreate([
27 'created_id' => $this->_contactId,
28 ]);
29 $this->_ownEventId = $event['id'];
30 }
31
32 public function createOtherEvent() {
33 $this->_otherContactId = $this->_contactId + 1;
34 $event = $this->eventCreate([
35 'created_id' => $this->_otherContactId,
36 ]);
37 $this->_otherEventId = $event['id'];
38 }
39
40 private function setViewOwnEventPermissions() {
41 CRM_Core_Config::singleton()->userPermissionClass->permissions = ['access CiviCRM', 'access CiviEvent', 'view event info'];
42 }
43
44 private function setViewAllEventPermissions() {
45 CRM_Core_Config::singleton()->userPermissionClass->permissions = ['access CiviCRM', 'access CiviEvent', 'view event info', 'view event participants'];
46 }
47
48 private function setEditAllEventPermissions() {
49 CRM_Core_Config::singleton()->userPermissionClass->permissions = ['access CiviCRM', 'access CiviEvent', 'view event info', 'edit all events'];
50 }
51
52 private function setDeleteAllEventPermissions() {
53 CRM_Core_Config::singleton()->userPermissionClass->permissions = ['access CiviCRM', 'access CiviEvent', 'view event info', 'delete in CiviEvent'];
54 }
55
56 public function testViewOwnEvent() {
57 self::setViewOwnEventPermissions();
58 unset(\Civi::$statics['CRM_Event_BAO_Event']['permissions']);
59 $permissions = CRM_Event_BAO_Event::checkPermission($this->_ownEventId, CRM_Core_Permission::VIEW);
60 $this->assertTrue($permissions);
61 // Now check that caching is actually working
62 \Civi::$statics['CRM_Event_BAO_Event']['permission']['view'][$this->_ownEventId] = FALSE;
63 $permissions = CRM_Event_BAO_Event::checkPermission($this->_ownEventId, CRM_Core_Permission::VIEW);
64 $this->assertFalse($permissions);
65 }
66
67 public function testEditOwnEvent() {
68 self::setViewOwnEventPermissions();
69 unset(\Civi::$statics['CRM_Event_BAO_Event']['permissions']);
70 $this->_loggedInUser = CRM_Core_Session::singleton()->get('userID');
71 $permissions = CRM_Event_BAO_Event::checkPermission($this->_ownEventId, CRM_Core_Permission::EDIT);
72 $this->assertTrue($permissions);
73 }
74
75 /**
76 * This requires the same permissions as testDeleteOtherEvent()
77 */
78 public function testDeleteOwnEvent() {
79 // Check that you can't delete your own event without "Delete in CiviEvent" permission
80 self::setViewOwnEventPermissions();
81 unset(\Civi::$statics['CRM_Event_BAO_Event']['permissions']);
82 $permissions = CRM_Event_BAO_Event::checkPermission($this->_ownEventId, CRM_Core_Permission::DELETE);
83 $this->assertFalse($permissions);
84 }
85
86 public function testViewOtherEventDenied() {
87 $this->_loggedInUser = CRM_Core_Session::singleton()->get('userID');
88 self::setViewOwnEventPermissions();
89 unset(\Civi::$statics['CRM_Event_BAO_Event']['permissions']);
90 $permissions = CRM_Event_BAO_Event::checkPermission($this->_otherEventId, CRM_Core_Permission::VIEW);
91 $this->assertFalse($permissions);
92 }
93
94 public function testViewOtherEventAllowed() {
95 $this->_loggedInUser = CRM_Core_Session::singleton()->get('userID');
96 self::setViewAllEventPermissions();
97 unset(\Civi::$statics['CRM_Event_BAO_Event']['permissions']);
98 $permissions = CRM_Event_BAO_Event::checkPermission($this->_otherEventId, CRM_Core_Permission::VIEW);
99 $this->assertTrue($permissions);
100 }
101
102 public function testEditOtherEventDenied() {
103 $this->_loggedInUser = CRM_Core_Session::singleton()->get('userID');
104 self::setViewAllEventPermissions();
105 unset(\Civi::$statics['CRM_Event_BAO_Event']['permissions']);
106 $permissions = CRM_Event_BAO_Event::checkPermission($this->_otherEventId, CRM_Core_Permission::EDIT);
107 $this->assertFalse($permissions);
108 }
109
110 public function testEditOtherEventAllowed() {
111 $this->_loggedInUser = CRM_Core_Session::singleton()->get('userID');
112 self::setEditAllEventPermissions();
113 unset(\Civi::$statics['CRM_Event_BAO_Event']['permissions']);
114 $permissions = CRM_Event_BAO_Event::checkPermission($this->_otherEventId, CRM_Core_Permission::EDIT);
115 $this->assertTrue($permissions);
116 }
117
118 public function testDeleteOtherEventAllowed() {
119 self::setDeleteAllEventPermissions();
120 unset(\Civi::$statics['CRM_Event_BAO_Event']['permissions']);
121 $permissions = CRM_Event_BAO_Event::checkPermission($this->_otherEventId, CRM_Core_Permission::DELETE);
122 $this->assertTrue($permissions);
123 }
124
125 public function testDeleteOtherEventDenied() {
126 // FIXME: This test could be improved, but for now it checks that we can't delete if we don't have "Delete in CiviEvent"
127 self::setEditAllEventPermissions();
128 unset(\Civi::$statics['CRM_Event_BAO_Event']['permissions']);
129 $permissions = CRM_Event_BAO_Event::checkPermission($this->_otherEventId, CRM_Core_Permission::DELETE);
130 $this->assertFalse($permissions);
131 }
132
133 }