tests/phpunit/Civi/API/Subscriber/DynamicFKAuthorizationTest.php

   1 <?php
   2 namespace Civi\API\Subscriber;
   3
   4 use \Civi\API\Kernel;
   5 use \Symfony\Component\EventDispatcher\EventDispatcher;
   6
   7 /**
   8  */
   9 class DynamicFKAuthorizationTest extends \CiviUnitTestCase {
  10   const FILE_WIDGET_ID = 10;
  11
  12   const FILE_FORBIDDEN_ID = 11;
  13
  14   const WIDGET_ID = 20;
  15
  16   const FORBIDDEN_ID = 30;
  17
  18   /**
  19    * @var EventDispatcher
  20    */
  21   var $dispatcher;
  22
  23   /**
  24    * @var Kernel
  25    */
  26   var $kernel;
  27
  28   protected function setUp() {
  29     parent::setUp();
  30     \CRM_Core_DAO_AllCoreTables::init(TRUE);
  31
  32     \CRM_Core_DAO_AllCoreTables::registerEntityType('FakeFile', 'CRM_Fake_DAO_FakeFile', 'fake_file');
  33     $fileProvider = new \Civi\API\Provider\StaticProvider(
  34       3,
  35       'FakeFile',
  36       array('id', 'entity_table', 'entity_id'),
  37       array(),
  38       array(
  39         array('id' => self::FILE_WIDGET_ID, 'entity_table' => 'fake_widget', 'entity_id' => self::WIDGET_ID),
  40         array('id' => self::FILE_FORBIDDEN_ID, 'entity_table' => 'fake_forbidden', 'entity_id' => self::FORBIDDEN_ID),
  41       )
  42     );
  43
  44     \CRM_Core_DAO_AllCoreTables::registerEntityType('Widget', 'CRM_Fake_DAO_Widget', 'fake_widget');
  45     $widgetProvider = new \Civi\API\Provider\StaticProvider(3, 'Widget',
  46       array('id', 'title'),
  47       array(),
  48       array(
  49         array('id' => self::WIDGET_ID, 'title' => 'my widget'),
  50       )
  51     );
  52
  53     \CRM_Core_DAO_AllCoreTables::registerEntityType('Forbidden', 'CRM_Fake_DAO_Forbidden', 'fake_forbidden');
  54     $forbiddenProvider = new \Civi\API\Provider\StaticProvider(
  55       3,
  56       'Forbidden',
  57       array('id', 'label'),
  58       array(
  59         'create' => \CRM_Core_Permission::ALWAYS_DENY_PERMISSION,
  60         'get' => \CRM_Core_Permission::ALWAYS_DENY_PERMISSION,
  61         'delete' => \CRM_Core_Permission::ALWAYS_DENY_PERMISSION,
  62       ),
  63       array(
  64         array('id' => self::FORBIDDEN_ID, 'label' => 'my forbidden'),
  65       )
  66     );
  67
  68     $this->dispatcher = new EventDispatcher();
  69     $this->kernel = new Kernel($this->dispatcher);
  70     $this->kernel
  71       ->registerApiProvider($fileProvider)
  72       ->registerApiProvider($widgetProvider)
  73       ->registerApiProvider($forbiddenProvider);
  74     $this->dispatcher->addSubscriber(new DynamicFKAuthorization(
  75       $this->kernel,
  76       'FakeFile',
  77       array('create', 'get'),
  78       // Given a file ID, determine the entity+table it's attached to.
  79       "select
  80       case %1
  81         when " . self::FILE_WIDGET_ID . " then 1
  82         when " . self::FILE_FORBIDDEN_ID . " then 1
  83         else 0
  84       end as is_valid,
  85       case %1
  86         when " . self::FILE_WIDGET_ID . " then 'fake_widget'
  87         when " . self::FILE_FORBIDDEN_ID . " then 'fake_forbidden'
  88         else null
  89       end as entity_table,
  90       case %1
  91         when " . self::FILE_WIDGET_ID . " then " . self::WIDGET_ID . "
  92         when " . self::FILE_FORBIDDEN_ID . " then " . self::FORBIDDEN_ID . "
  93         else null
  94       end as entity_id
  95       ",
  96       // Get a list of custom fields (field_name,table_name,extends)
  97       "select",
  98       array('fake_widget', 'fake_forbidden')
  99     ));
 100   }
 101
 102   protected function tearDown() {
 103     parent::tearDown();
 104     \CRM_Core_DAO_AllCoreTables::init(TRUE);
 105   }
 106
 107   /**
 108    * @return array
 109    */
 110   public function okDataProvider() {
 111     $cases = array();
 112
 113     $cases[] = array('Widget', 'create', array('id' => self::WIDGET_ID));
 114     $cases[] = array('Widget', 'get', array('id' => self::WIDGET_ID));
 115
 116     $cases[] = array('FakeFile', 'create', array('id' => self::FILE_WIDGET_ID));
 117     $cases[] = array('FakeFile', 'get', array('id' => self::FILE_WIDGET_ID));
 118     $cases[] = array(
 119       'FakeFile',
 120       'create',
 121       array('entity_table' => 'fake_widget', 'entity_id' => self::WIDGET_ID),
 122     );
 123
 124     return $cases;
 125   }
 126
 127   /**
 128    * @return array
 129    */
 130   public function badDataProvider() {
 131     $cases = array();
 132
 133     $cases[] = array('Forbidden', 'create', array('id' => self::FORBIDDEN_ID), '/Authorization failed/');
 134     $cases[] = array('Forbidden', 'get', array('id' => self::FORBIDDEN_ID), '/Authorization failed/');
 135
 136     $cases[] = array('FakeFile', 'create', array('id' => self::FILE_FORBIDDEN_ID), '/Authorization failed/');
 137     $cases[] = array('FakeFile', 'get', array('id' => self::FILE_FORBIDDEN_ID), '/Authorization failed/');
 138
 139     $cases[] = array('FakeFile', 'create', array('entity_table' => 'fake_forbidden'), '/Authorization failed/');
 140     $cases[] = array('FakeFile', 'get', array('entity_table' => 'fake_forbidden'), '/Authorization failed/');
 141
 142     $cases[] = array(
 143       'FakeFile',
 144       'create',
 145       array('entity_table' => 'fake_forbidden', 'entity_id' => self::FORBIDDEN_ID),
 146       '/Authorization failed/',
 147     );
 148     $cases[] = array(
 149       'FakeFile',
 150       'get',
 151       array('entity_table' => 'fake_forbidden', 'entity_id' => self::FORBIDDEN_ID),
 152       '/Authorization failed/',
 153     );
 154
 155     $cases[] = array(
 156       'FakeFile',
 157       'create',
 158       array(),
 159       "/Mandatory key\\(s\\) missing from params array: 'id' or 'entity_table/",
 160     );
 161     $cases[] = array(
 162       'FakeFile',
 163       'get',
 164       array(),
 165       "/Mandatory key\\(s\\) missing from params array: 'id' or 'entity_table/",
 166     );
 167
 168     $cases[] = array('FakeFile', 'create', array('entity_table' => 'unknown'), '/Unrecognized target entity/');
 169     $cases[] = array('FakeFile', 'get', array('entity_table' => 'unknown'), '/Unrecognized target entity/');
 170
 171     // We should be allowed to lookup files for fake_widgets, but we need an ID.
 172     $cases[] = array('FakeFile', 'get', array('entity_table' => 'fake_widget'), '/Missing entity_id/');
 173
 174     return $cases;
 175   }
 176
 177   /**
 178    * @param $entity
 179    * @param $action
 180    * @param array $params
 181    * @dataProvider okDataProvider
 182    */
 183   public function testOk($entity, $action, $params) {
 184     $params['version'] = 3;
 185     $params['debug'] = 1;
 186     $params['check_permissions'] = 1;
 187     $result = $this->kernel->run($entity, $action, $params);
 188     $this->assertFalse((bool) $result['is_error'], print_r(array(
 189       '$entity' => $entity,
 190       '$action' => $action,
 191       '$params' => $params,
 192       '$result' => $result,
 193     ), TRUE));
 194   }
 195
 196   /**
 197    * @param $entity
 198    * @param $action
 199    * @param array $params
 200    * @param $expectedError
 201    * @dataProvider badDataProvider
 202    */
 203   public function testBad($entity, $action, $params, $expectedError) {
 204     $params['version'] = 3;
 205     $params['debug'] = 1;
 206     $params['check_permissions'] = 1;
 207     $result = $this->kernel->run($entity, $action, $params);
 208     $this->assertTrue((bool) $result['is_error'], print_r(array(
 209       '$entity' => $entity,
 210       '$action' => $action,
 211       '$params' => $params,
 212       '$result' => $result,
 213     ), TRUE));
 214     $this->assertRegExp($expectedError, $result['error_message']);
 215   }
 216
 217 }