tests/phpunit/api/v3/ACLPermissionTest.php

   1 <?php
   2 /*
   3  +--------------------------------------------------------------------+
   4  | CiviCRM version 4.3                                                |
   5  +--------------------------------------------------------------------+
   6  | Copyright CiviCRM LLC (c) 2004-2013                                |
   7  +--------------------------------------------------------------------+
   8  | This file is a part of CiviCRM.                                    |
   9  |                                                                    |
  10  | CiviCRM is free software; you can copy, modify, and distribute it  |
  11  | under the terms of the GNU Affero General Public License           |
  12  | Version 3, 19 November 2007 and the CiviCRM Licensing Exception.   |
  13  |                                                                    |
  14  | CiviCRM is distributed in the hope that it will be useful, but     |
  15  | WITHOUT ANY WARRANTY; without even the implied warranty of         |
  16  | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.               |
  17  | See the GNU Affero General Public License for more details.        |
  18  |                                                                    |
  19  | You should have received a copy of the GNU Affero General Public   |
  20  | License and the CiviCRM Licensing Exception along                  |
  21  | with this program; if not, contact CiviCRM LLC                     |
  22  | at info[AT]civicrm[DOT]org. If you have questions about the        |
  23  | GNU Affero General Public License or the licensing of CiviCRM,     |
  24  | see the CiviCRM license FAQ at http://civicrm.org/licensing        |
  25  +--------------------------------------------------------------------+
  26  */
  27
  28 require_once 'CiviTest/CiviUnitTestCase.php';
  29
  30 /**
  31  * This class is intended to test ACL permission using the multisite module
  32  *
  33  *  @package CiviCRM_APIv3
  34  *  @subpackage API_Contact
  35  */
  36
  37 class api_v3_ACLPermissionTest extends CiviUnitTestCase {
  38   protected $_apiversion = 3;
  39   protected $_params;
  40   protected $hookClass = null;
  41   public $DBResetRequired = FALSE;
  42
  43   public $_eNoticeCompliant = TRUE;
  44
  45   protected $_entity;
  46
  47   function setUp() {
  48     parent::setUp();
  49     $baoObj = new CRM_Core_DAO();
  50     $baoObj->createTestObject('CRM_Pledge_BAO_Pledge', array(), 1, 0);
  51     $baoObj->createTestObject('CRM_Core_BAO_Phone', array(), 1, 0);
  52     $this->hookClass = CRM_Utils_Hook::singleton();
  53     $config = CRM_Core_Config::singleton();
  54     $config->userPermissionClass->permissions = array();
  55   }
  56 /**
  57  * (non-PHPdoc)
  58  * @see CiviUnitTestCase::tearDown()
  59  */
  60   function tearDown() {
  61     CRM_Utils_Hook::singleton()->reset();
  62     $tablesToTruncate = array(
  63         'civicrm_contact',
  64     );
  65     $this->quickCleanup($tablesToTruncate);
  66     $config = CRM_Core_Config::singleton();
  67     unset($config->userPermissionClass->permissions);
  68   }
  69 /**
  70  * Function just tests that an empty where hook returns the 2 expected results
  71  */
  72   function testContactGetNoResultsHook(){
  73     $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookNoResults'));
  74     $result = $this->callAPISuccess('contact', 'get', array(
  75       'check_permissions' => 1,
  76       'return' => 'display_name',
  77     ));
  78     $this->assertEquals(0, $result['count']);
  79   }
  80
  81   /**
  82    * Function tests all results are returned
  83   */
  84   function testContactGetAllResultsHook(){
  85     $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookAllResults'));
  86     $result = $this->callAPISuccess('contact', 'get', array(
  87         'check_permissions' => 1,
  88         'return' => 'display_name',
  89     ));
  90
  91     $this->assertEquals(2, $result['count']);
  92   }
  93   /**
  94    * Function just tests that an empty where hook returns the 2 expected results
  95   */
  96   function testContactGetPermissionHookNoDeleted(){
  97     $this->callAPISuccess('contact', 'create', array('id' => 2, 'is_deleted' => 1));
  98     $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookAllResults'));
  99     $result = $this->callAPISuccess('contact', 'get', array(
 100         'check_permissions' => 1,
 101         'return' => 'display_name',
 102     ));
 103     $this->assertEquals(1, $result['count']);
 104   }
 105
 106   /**
 107    * test permissions limited by hook
 108    */
 109   function testContactGetHookLimitingHook(){
 110     $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereOnlySecond'));
 111
 112     $result = $this->callAPISuccess('contact', 'get', array(
 113       'check_permissions' => 1,
 114       'return' => 'display_name',
 115       ));
 116     $this->assertEquals(1, $result['count']);
 117   }
 118
 119 /**
 120  * confirm that without check permissions we still get 2 contacts returned
 121  */
 122   function testContactGetHookLimitingHookDontCheck(){
 123     //
 124     $result = $this->callAPISuccess('contact', 'get', array(
 125       'check_permissions' => 0,
 126       'return' => 'display_name',
 127     ));
 128     $this->assertEquals(2, $result['count']);
 129   }
 130   /**
 131    * Check that id works as a filter
 132    */
 133   function testContactGetIDFilter(){
 134     $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookAllResults'));
 135     $result = $this->callAPISuccess('contact', 'get', array(
 136       'sequential' => 1,
 137       'id' => 2,
 138       'check_permissions' => 1,
 139     ));
 140
 141     $this->assertEquals(1, $result['count']);
 142     $this->assertEquals(2, $result['id']);
 143   }
 144
 145 /**
 146  * Check that address IS returned
 147  */
 148     function testContactGetAddressReturned(){
 149       $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereOnlySecond'));
 150       $fullresult = $this->callAPISuccess('contact', 'get', array(
 151           'sequential' => 1,
 152       ));
 153       //return doesn't work for all keys - can't fix that here so let's skip ...
 154       //prefix & suffix are inconsistent due to  CRM-7929
 155       // unsure about others but return doesn't work on them
 156       $elementsReturnDoesntSupport = array(
 157         'prefix_id',
 158         'prefix',
 159         'suffix_id',
 160         'suffix',
 161         'gender_id',
 162         'gender',
 163         'current_employer',
 164         'phone_id',
 165         'phone_type_id',
 166         'phone',
 167         'worldregion_id',
 168         'world_region');
 169       $expectedReturnElements = array_diff(array_keys($fullresult['values'][0]),$elementsReturnDoesntSupport);
 170       $result = $this->callAPISuccess('contact', 'get', array(
 171           'check_permissions' => 1,
 172           'return' => $expectedReturnElements,
 173           'sequential' => 1,
 174       ));
 175       $this->assertEquals(1, $result['count']);
 176       foreach ($expectedReturnElements as $element){
 177         $this->assertArrayHasKey($element, $result['values'][0]);
 178       }
 179     }
 180     /**
 181      * Check that pledge IS not returned
 182     */
 183     function testContactGetPledgeIDNotReturned(){
 184       $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookAllResults'));
 185       $fullresult = $this->callAPISuccess('contact', 'get', array(
 186           'sequential' => 1,
 187       ));
 188       $result = $this->callAPISuccess('contact', 'get', array(
 189         'check_permissions' => 1,
 190         'return' => 'pledge_id',
 191         'sequential' => 1,
 192       ));
 193       $this->assertArrayNotHasKey('pledge_id', $result['values'][0]);
 194     }
 195
 196     /**
 197      * Check that pledge IS not an allowable filter
 198     */
 199     function testContactGetPledgeIDNotFiltered(){
 200       $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookAllResults'));
 201       $fullresult = $this->callAPISuccess('contact', 'get', array(
 202           'sequential' => 1,
 203       ));
 204       $result = $this->callAPISuccess('contact', 'get', array(
 205         'check_permissions' => 1,
 206         'pledge_id' => 1,
 207         'sequential' => 1,
 208       ));
 209       $this->assertEquals(2, $result['count']);
 210     }
 211
 212     /**
 213      * Check that chaining doesn't bypass permissions
 214     */
 215     function testContactGetPledgeNotChainable(){
 216       $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereOnlySecond'));
 217       $fullresult = $this->callAPISuccess('contact', 'get', array(
 218           'sequential' => 1,
 219       ));
 220       $result = $this->callAPIFailure('contact', 'get', array(
 221           'check_permissions' => 1,
 222           'api.pledge.get' => 1,
 223           'sequential' => 1,
 224       ),
 225       'Error in call to pledge_get : API permission check failed for pledge/get call; missing permission: access CiviCRM.'
 226       );
 227     }
 228
 229   /**
 230    * no results returned
 231    */
 232   function aclWhereHookNoResults($type, &$tables, &$whereTables, &$contactID, &$where) {
 233   }
 234   /**
 235    * all results returned
 236   */
 237   function aclWhereHookAllResults($type, &$tables, &$whereTables, &$contactID, &$where) {
 238     $where = " (1) ";
 239   }
 240   /**
 241    * full results returned
 242   */
 243   function aclWhereOnlySecond($type, &$tables, &$whereTables, &$contactID, &$where) {
 244     $where = " contact_a.id > 1";
 245   }
 246
 247
 248 }
 249