projects / civicrm-core.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #956 from kurund/fix-gendata
[civicrm-core.git] / tests / phpunit / api / v3 / ACLPermissionTest.php
1 <?php
2 // $Id$
3
4 /*
5 +--------------------------------------------------------------------+
6 | CiviCRM version 4.3 |
7 +--------------------------------------------------------------------+
8 | Copyright CiviCRM LLC (c) 2004-2013 |
9 +--------------------------------------------------------------------+
10 | This file is a part of CiviCRM. |
11 | |
12 | CiviCRM is free software; you can copy, modify, and distribute it |
13 | under the terms of the GNU Affero General Public License |
14 | Version 3, 19 November 2007 and the CiviCRM Licensing Exception. |
15 | |
16 | CiviCRM is distributed in the hope that it will be useful, but |
17 | WITHOUT ANY WARRANTY; without even the implied warranty of |
18 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
19 | See the GNU Affero General Public License for more details. |
20 | |
21 | You should have received a copy of the GNU Affero General Public |
22 | License and the CiviCRM Licensing Exception along |
23 | with this program; if not, contact CiviCRM LLC |
24 | at info[AT]civicrm[DOT]org. If you have questions about the |
25 | GNU Affero General Public License or the licensing of CiviCRM, |
26 | see the CiviCRM license FAQ at http://civicrm.org/licensing |
27 +--------------------------------------------------------------------+
28 */
29
30 require_once 'CiviTest/CiviUnitTestCase.php';
31
32 /**
33 * This class is intended to test ACL permission using the multisite module
34 *
35 * @package CiviCRM_APIv3
36 * @subpackage API_Contact
37 */
38
39 class api_v3_ACLPermissionTest extends CiviUnitTestCase {
40 protected $_apiversion;
41 protected $_params;
42 protected $hookClass = null;
43
44 public $_eNoticeCompliant = TRUE;
45
46 protected $_entity;
47
48 function setUp() {
49 $this->_apiversion = 3;
50
51 parent::setUp();
52 $baoObj = new CRM_Core_DAO();
53 $baoObj->createTestObject('CRM_Pledge_BAO_Pledge', array(), 1, 0);
54 $baoObj->createTestObject('CRM_Core_BAO_Phone', array(), 1, 0);
55 $this->hookClass = CRM_Utils_Hook::singleton();
56 $config = CRM_Core_Config::singleton();
57 $config->userPermissionClass->permissions = array();
58 }
59 /**
60 * (non-PHPdoc)
61 * @see CiviUnitTestCase::tearDown()
62 */
63 function tearDown() {
64 $this->hookClass->reset();
65 $tablesToTruncate = array(
66 'civicrm_contact',
67 );
68 $this->quickCleanup($tablesToTruncate);
69 $config = CRM_Core_Config::singleton();
70 unset($config->userPermissionClass->permissions);
71 }
72 /**
73 * Function just tests that an empty where hook returns the 2 expected results
74 */
75 function testContactGetNoResultsHook(){
76 $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookNoResults'));
77 $result = civicrm_api('contact', 'get', array(
78 'version' => $this->_apiversion,
79 'check_permissions' => 1,
80 'return' => 'display_name',
81 ));
82
83 $this->assertAPISuccess($result,"this should succeed but return no results. line " . __LINE__);
84 $this->assertEquals(0, $result['count']);
85 }
86
87 /**
88 * Function tests all results are returned
89 */
90 function testContactGetAllResultsHook(){
91 $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookAllResults'));
92 $result = civicrm_api('contact', 'get', array(
93 'version' => $this->_apiversion,
94 'check_permissions' => 1,
95 'return' => 'display_name',
96 ));
97
98 $this->assertAPISuccess($result,"this should succeed but return no results. line " . __LINE__);
99 $this->assertEquals(2, $result['count']);
100 }
101 /**
102 * Function just tests that an empty where hook returns the 2 expected results
103 */
104 function testContactGetPermissionHookNoDeleted(){
105 civicrm_api('contact', 'create', array('id' => 2, 'version' => $this->_apiversion, 'is_deleted' => 1));
106 $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookAllResults'));
107 $result = civicrm_api('contact', 'get', array(
108 'version' => $this->_apiversion,
109 'check_permissions' => 1,
110 'return' => 'display_name',
111 ));
112
113 $this->assertAPISuccess($result,"this should succeed but return one results. line " . __LINE__);
114 $this->assertEquals(1, $result['count']);
115 }
116
117 /**
118 * test permissions limited by hook
119 */
120 function testContactGetHookLimitingHook(){
121 $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereOnlySecond'));
122
123 $result = civicrm_api('contact', 'get', array(
124 'version' => $this->_apiversion,
125 'check_permissions' => 1,
126 'return' => 'display_name',
127 ));
128 $this->assertAPISuccess($result, 'api call succeeded');
129 $this->assertEquals(1, $result['count']);
130 }
131
132 /**
133 * confirm that without check permissions we still get 2 contacts returned
134 */
135 function testContactGetHookLimitingHookDontCheck(){
136 //
137 $result = civicrm_api('contact', 'get', array(
138 'version' => $this->_apiversion,
139 'check_permissions' => 0,
140 'return' => 'display_name',
141 ));
142 $this->assertAPISuccess($result, 'api call succeeded');
143 $this->assertEquals(2, $result['count']);
144 }
145 /**
146 * Check that id works as a filter
147 */
148 function testContactGetIDFilter(){
149 $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookAllResults'));
150 $result = civicrm_api('contact', 'get', array(
151 'version' => $this->_apiversion,
152 'sequential' => 1,
153 'id' => 2,
154 'check_permissions' => 1,
155 ));
156
157 $this->assertAPISuccess($result, 'api call succeeded');
158 $this->assertEquals(1, $result['count']);
159 $this->assertEquals(2, $result['id']);
160 }
161
162 /**
163 * Check that address IS returned
164 */
165 function testContactGetAddressReturned(){
166 $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereOnlySecond'));
167 $fullresult = civicrm_api('contact', 'get', array(
168 'version' => $this->_apiversion,
169 'sequential' => 1,
170 ));
171 //return doesn't work for all keys - can't fix that here so let's skip ...
172 //prefix & suffix are inconsistent due to CRM-7929
173 // unsure about others but return doesn't work on them
174 $elementsReturnDoesntSupport = array(
175 'prefix_id',
176 'prefix',
177 'suffix_id',
178 'suffix',
179 'gender_id',
180 'gender',
181 'current_employer',
182 'phone_id',
183 'phone_type_id',
184 'phone',
185 'worldregion_id',
186 'world_region');
187 $expectedReturnElements = array_diff(array_keys($fullresult['values'][0]),$elementsReturnDoesntSupport);
188 $result = civicrm_api('contact', 'get', array(
189 'version' => $this->_apiversion,
190 'check_permissions' => 1,
191 'return' => $expectedReturnElements,
192 'sequential' => 1,
193 ));
194 $this->assertAPISuccess($result, 'api call succeeded');
195 $this->assertEquals(1, $result['count']);
196 foreach ($expectedReturnElements as $element){
197 $this->assertArrayHasKey($element, $result['values'][0]);
198 }
199 }
200 /**
201 * Check that pledge IS not returned
202 */
203 function testContactGetPledgeIDNotReturned(){
204 $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookAllResults'));
205 $fullresult = civicrm_api('contact', 'get', array(
206 'version' => $this->_apiversion,
207 'sequential' => 1,
208 ));
209 $result = civicrm_api('contact', 'get', array(
210 'version' => $this->_apiversion,
211 'check_permissions' => 1,
212 'return' => 'pledge_id',
213 'sequential' => 1,
214 ));
215 $this->assertAPISuccess($result);
216 $this->assertArrayNotHasKey('pledge_id', $result['values'][0]);
217 }
218
219 /**
220 * Check that pledge IS not an allowable filter
221 */
222 function testContactGetPledgeIDNotFiltered(){
223 $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookAllResults'));
224 $fullresult = civicrm_api('contact', 'get', array(
225 'version' => $this->_apiversion,
226 'sequential' => 1,
227 ));
228 $result = civicrm_api('contact', 'get', array(
229 'version' => $this->_apiversion,
230 'check_permissions' => 1,
231 'pledge_id' => 1,
232 'sequential' => 1,
233 ));
234 $this->assertAPISuccess($result, 'api call succeeded');
235 $this->assertEquals(2, $result['count']);
236 }
237
238 /**
239 * Check that chaining doesn't bypass permissions
240 */
241 function testContactGetPledgeNotChainable(){
242 $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereOnlySecond'));
243 $fullresult = civicrm_api('contact', 'get', array(
244 'version' => $this->_apiversion,
245 'sequential' => 1,
246 ));
247 $result = civicrm_api('contact', 'get', array(
248 'version' => $this->_apiversion,
249 'check_permissions' => 1,
250 'api.pledge.get' => 1,
251 'sequential' => 1,
252 ));
253 $this->assertEquals('Error in call to pledge_get : API permission check failed for pledge/get call; missing permission: access CiviCRM.', $result['error_message']);
254 }
255
256 /**
257 * no results returned
258 */
259 function aclWhereHookNoResults($type, &$tables, &$whereTables, &$contactID, &$where) {
260 }
261 /**
262 * all results returned
263 */
264 function aclWhereHookAllResults($type, &$tables, &$whereTables, &$contactID, &$where) {
265 $where = " (1) ";
266 }
267 /**
268 * full results returned
269 */
270 function aclWhereOnlySecond($type, &$tables, &$whereTables, &$contactID, &$where) {
271 $where = " contact_a.id > 1";
272 }
273
274
275 }
276