2 namespace Civi\API\Subscriber
;
5 use \Symfony\Component\EventDispatcher\EventDispatcher
;
9 class DynamicFKAuthorizationTest
extends \CiviUnitTestCase
{
10 const FILE_WIDGET_ID
= 10;
12 const FILE_FORBIDDEN_ID
= 11;
16 const FORBIDDEN_ID
= 30;
19 * @var EventDispatcher
28 protected function setUp() {
30 \CRM_Core_DAO_AllCoreTables
::init(TRUE);
32 \CRM_Core_DAO_AllCoreTables
::registerEntityType('FakeFile', 'CRM_Fake_DAO_FakeFile', 'fake_file');
33 $fileProvider = new \Civi\API\Provider\
StaticProvider(
36 array('id', 'entity_table', 'entity_id'),
39 array('id' => self
::FILE_WIDGET_ID
, 'entity_table' => 'fake_widget', 'entity_id' => self
::WIDGET_ID
),
40 array('id' => self
::FILE_FORBIDDEN_ID
, 'entity_table' => 'fake_forbidden', 'entity_id' => self
::FORBIDDEN_ID
),
44 \CRM_Core_DAO_AllCoreTables
::registerEntityType('Widget', 'CRM_Fake_DAO_Widget', 'fake_widget');
45 $widgetProvider = new \Civi\API\Provider\
StaticProvider(3, 'Widget',
49 array('id' => self
::WIDGET_ID
, 'title' => 'my widget'),
53 \CRM_Core_DAO_AllCoreTables
::registerEntityType('Forbidden', 'CRM_Fake_DAO_Forbidden', 'fake_forbidden');
54 $forbiddenProvider = new \Civi\API\Provider\
StaticProvider(
59 'create' => \CRM_Core_Permission
::ALWAYS_DENY_PERMISSION
,
60 'get' => \CRM_Core_Permission
::ALWAYS_DENY_PERMISSION
,
61 'delete' => \CRM_Core_Permission
::ALWAYS_DENY_PERMISSION
,
64 array('id' => self
::FORBIDDEN_ID
, 'label' => 'my forbidden'),
68 $this->dispatcher
= new EventDispatcher();
69 $this->kernel
= new Kernel($this->dispatcher
);
71 ->registerApiProvider($fileProvider)
72 ->registerApiProvider($widgetProvider)
73 ->registerApiProvider($forbiddenProvider);
74 $this->dispatcher
->addSubscriber(new DynamicFKAuthorization(
77 array('create', 'get'),
78 // Given a file ID, determine the entity+table it's attached to.
81 when " . self
::FILE_WIDGET_ID
. " then 1
82 when " . self
::FILE_FORBIDDEN_ID
. " then 1
86 when " . self
::FILE_WIDGET_ID
. " then 'fake_widget'
87 when " . self
::FILE_FORBIDDEN_ID
. " then 'fake_forbidden'
91 when " . self
::FILE_WIDGET_ID
. " then " . self
::WIDGET_ID
. "
92 when " . self
::FILE_FORBIDDEN_ID
. " then " . self
::FORBIDDEN_ID
. "
96 // Get a list of custom fields (field_name,table_name,extends)
98 array('fake_widget', 'fake_forbidden')
102 protected function tearDown() {
104 \CRM_Core_DAO_AllCoreTables
::init(TRUE);
110 public function okDataProvider() {
113 $cases[] = array('Widget', 'create', array('id' => self
::WIDGET_ID
));
114 $cases[] = array('Widget', 'get', array('id' => self
::WIDGET_ID
));
116 $cases[] = array('FakeFile', 'create', array('id' => self
::FILE_WIDGET_ID
));
117 $cases[] = array('FakeFile', 'get', array('id' => self
::FILE_WIDGET_ID
));
121 array('entity_table' => 'fake_widget', 'entity_id' => self
::WIDGET_ID
),
130 public function badDataProvider() {
133 $cases[] = array('Forbidden', 'create', array('id' => self
::FORBIDDEN_ID
), '/Authorization failed/');
134 $cases[] = array('Forbidden', 'get', array('id' => self
::FORBIDDEN_ID
), '/Authorization failed/');
136 $cases[] = array('FakeFile', 'create', array('id' => self
::FILE_FORBIDDEN_ID
), '/Authorization failed/');
137 $cases[] = array('FakeFile', 'get', array('id' => self
::FILE_FORBIDDEN_ID
), '/Authorization failed/');
139 $cases[] = array('FakeFile', 'create', array('entity_table' => 'fake_forbidden'), '/Authorization failed/');
140 $cases[] = array('FakeFile', 'get', array('entity_table' => 'fake_forbidden'), '/Authorization failed/');
145 array('entity_table' => 'fake_forbidden', 'entity_id' => self
::FORBIDDEN_ID
),
146 '/Authorization failed/',
151 array('entity_table' => 'fake_forbidden', 'entity_id' => self
::FORBIDDEN_ID
),
152 '/Authorization failed/',
159 "/Mandatory key\\(s\\) missing from params array: 'id' or 'entity_table/",
165 "/Mandatory key\\(s\\) missing from params array: 'id' or 'entity_table/",
168 $cases[] = array('FakeFile', 'create', array('entity_table' => 'unknown'), '/Unrecognized target entity/');
169 $cases[] = array('FakeFile', 'get', array('entity_table' => 'unknown'), '/Unrecognized target entity/');
171 // We should be allowed to lookup files for fake_widgets, but we need an ID.
172 $cases[] = array('FakeFile', 'get', array('entity_table' => 'fake_widget'), '/Missing entity_id/');
180 * @param array $params
181 * @dataProvider okDataProvider
183 public function testOk($entity, $action, $params) {
184 $params['version'] = 3;
185 $params['debug'] = 1;
186 $params['check_permissions'] = 1;
187 $result = $this->kernel
->run($entity, $action, $params);
188 $this->assertFalse((bool) $result['is_error'], print_r(array(
189 '$entity' => $entity,
190 '$action' => $action,
191 '$params' => $params,
192 '$result' => $result,
199 * @param array $params
200 * @param $expectedError
201 * @dataProvider badDataProvider
203 public function testBad($entity, $action, $params, $expectedError) {
204 $params['version'] = 3;
205 $params['debug'] = 1;
206 $params['check_permissions'] = 1;
207 $result = $this->kernel
->run($entity, $action, $params);
208 $this->assertTrue((bool) $result['is_error'], print_r(array(
209 '$entity' => $entity,
210 '$action' => $action,
211 '$params' => $params,
212 '$result' => $result,
214 $this->assertRegExp($expectedError, $result['error_message']);