projects / civicrm-core.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #7642 from totten/master-wp-path
[civicrm-core.git] / tests / phpunit / api / v3 / EntityTagACLTest.php
1 <?php
2 /*
3 +--------------------------------------------------------------------+
4 | CiviCRM version 4.7 |
5 +--------------------------------------------------------------------+
6 | Copyright CiviCRM LLC (c) 2004-2015 |
7 +--------------------------------------------------------------------+
8 | This file is a part of CiviCRM. |
9 | |
10 | CiviCRM is free software; you can copy, modify, and distribute it |
11 | under the terms of the GNU Affero General Public License |
12 | Version 3, 19 November 2007 and the CiviCRM Licensing Exception. |
13 | |
14 | CiviCRM is distributed in the hope that it will be useful, but |
15 | WITHOUT ANY WARRANTY; without even the implied warranty of |
16 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
17 | See the GNU Affero General Public License for more details. |
18 | |
19 | You should have received a copy of the GNU Affero General Public |
20 | License and the CiviCRM Licensing Exception along |
21 | with this program; if not, contact CiviCRM LLC |
22 | at info[AT]civicrm[DOT]org. If you have questions about the |
23 | GNU Affero General Public License or the licensing of CiviCRM, |
24 | see the CiviCRM license FAQ at http://civicrm.org/licensing |
25 +--------------------------------------------------------------------+
26 */
27
28 /**
29 * Test APIv3 civicrm_entity_tag_* functions
30 *
31 * @package CiviCRM_APIv3
32 * @subpackage API_Core
33 */
34
35 require_once 'CiviTest/CiviUnitTestCase.php';
36
37 /**
38 * Class api_v3_EntityTagTest.
39 *
40 * This test class was introduced to ensure that the fix for CRM-17350 (reducing the required permission
41 * from edit all contacts to has right to edit this contact) would not result in inappropriate permission opening on
42 * other entities. Other entities are still too restricted but that is a larger job.
43 */
44 class api_v3_EntityTagACLTest extends CiviUnitTestCase {
45
46 /**
47 * API Version in use.
48 *
49 * @var int
50 */
51 protected $_apiversion = 3;
52
53 /**
54 * Entity being tested.
55 *
56 * @var string
57 */
58 protected $_entity = 'entity_tag';
59
60 /**
61 * Set up permissions for test.
62 */
63 public function setUp() {
64 $this->useTransaction(TRUE);
65 parent::setUp();
66 $individualID = $this->individualCreate();
67 $daoObj = new CRM_Core_DAO();
68 $this->callAPISuccess('Attachment', 'create', array(
69 'entity_table' => 'civicrm_contact',
70 'entity_id' => $individualID,
71 'mime_type' => 'k',
72 'name' => 'p',
73 'content' => 'l',
74 ));
75 $daoObj->createTestObject('CRM_Activity_BAO_Activity', array(), 1, 0);
76 $daoObj->createTestObject('CRM_Case_BAO_Case', array(), 1, 0);
77 $entities = $this->getTagOptions();
78 foreach ($entities as $key => $entity) {
79 $this->callAPISuccess('Tag', 'create', array(
80 'used_for' => $key,
81 'name' => $entity,
82 'description' => $entity,
83 )
84 );
85 }
86 CRM_Core_Config::singleton()->userPermissionClass->permissions = array('access CiviCRM');
87 }
88
89 /**
90 * Get the options for the used_for fields.
91 *
92 * @return array
93 */
94 public function getTagOptions() {
95 $options = $this->callAPISuccess('Tag', 'getoptions', array('field' => 'used_for'));
96 return $options['values'];
97 }
98
99 /**
100 * Get the entity table for a tag label.
101 *
102 * @param string $entity
103 *
104 * @return string
105 */
106 protected function getTableForTag($entity) {
107 $options = $this->getTagOptions();
108 return array_search($entity, $options);
109 }
110 /**
111 * Get entities which can be tagged in data provider format.
112 */
113 public function taggableEntities() {
114 $return = array();
115 foreach ($this->getTagOptions() as $entity) {
116 $return[] = array($entity);
117 }
118 return $return;
119 }
120
121 /**
122 * This test checks that users with edit all contacts can edit all tags.
123 *
124 * @dataProvider taggableEntities
125 *
126 * We are looking to see that a contact with edit all contacts can still add all tags (for all
127 * tag entities since that was how it was historically and we are not fixing non-contact entities).
128 *
129 * @param string $entity
130 * Entity to test
131 */
132 public function testThatForEntitiesEditAllContactsCanAddTags($entity) {
133
134 CRM_Core_Config::singleton()->userPermissionClass->permissions = array('edit all contacts');
135 $this->callAPISuccess('EntityTag', 'create', array(
136 'entity_id' => 1,
137 'tag_id' => $entity,
138 'check_permissions' => TRUE,
139 'entity_table' => $this->getTableForTag($entity),
140 ));
141 $this->callAPISuccessGetCount('EntityTag', array(
142 'entity_id' => 1,
143 'entity_table' => $this->getTableForTag($entity),
144 ), 1);
145 }
146
147 /**
148 * This test checks that an ACL or edit all contacts is required to be able to create a contact.
149 *
150 * @dataProvider taggableEntities
151 */
152 public function testThatForEntityWithoutACLOrEditAllThereIsNoAccess($entity) {
153
154 CRM_Core_Config::singleton()->userPermissionClass->permissions = array('access CiviCRM', 'view all contacts');
155 $this->callAPISuccess('EntityTag', 'create', array(
156 'entity_id' => 1,
157 'tag_id' => $entity,
158 'check_permissions' => TRUE,
159 'entity_table' => $this->getTableForTag($entity),
160 ));
161 $this->callAPISuccessGetCount('EntityTag', array(
162 'entity_id' => 1,
163 'entity_table' => $this->getTableForTag($entity),
164 ), 0);
165 }
166
167 /**
168 * This test checks that permissions are not applied when check_permissions is off.
169 *
170 * @dataProvider taggableEntities
171 *
172 * @param string $entity
173 * Entity to test
174 */
175 public function testCheckPermissionsOffWorks($entity) {
176
177 CRM_Core_Config::singleton()->userPermissionClass->permissions = array('access CiviCRM', 'view all contacts');
178 $result = $this->callAPISuccess('EntityTag', 'create', array(
179 'entity_id' => 1,
180 'tag_id' => $entity,
181 'check_permissions' => 0,
182 'entity_table' => $this->getTableForTag($entity),
183 ));
184 $this->assertEquals(1, $result['added']);
185 $this->callAPISuccessGetCount('EntityTag', array(
186 'entity_id' => 1,
187 'entity_table' => $this->getTableForTag($entity),
188 'check_permissions' => 0,
189 ), 1);
190 }
191
192 /**
193 * This test checks ACLs can be used to control who can edit a contact.
194 *
195 * Note that for other entities this hook will not allow them to edit the entity_tag and they still need
196 * edit all contacts (pending a more extensive fix).
197 *
198 * @dataProvider taggableEntities
199 *
200 * @param string $entity
201 * Entity to test
202 */
203 public function testThatForEntitiesACLApplies($entity) {
204
205 CRM_Core_Config::singleton()->userPermissionClass->permissions = array('access CiviCRM', 'view all contacts');
206 $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookAllResults'));
207 $this->callAPISuccess('EntityTag', 'create', array(
208 'entity_id' => 1,
209 'tag_id' => $entity,
210 'entity_table' => $this->getTableForTag($entity),
211 'check_permissions' => TRUE,
212 ));
213 $this->callAPISuccessGetCount('EntityTag', array(
214 'entity_id' => 1,
215 'entity_table' => $this->getTableForTag($entity),
216 ), ($entity == 'Contacts' ? 1 : 0));
217 }
218
219 /**
220 * All results returned.
221 *
222 * @implements CRM_Utils_Hook::aclWhereClause
223 *
224 * @param string $type
225 * @param array $tables
226 * @param array $whereTables
227 * @param int $contactID
228 * @param string $where
229 */
230 public function aclWhereHookAllResults($type, &$tables, &$whereTables, &$contactID, &$where) {
231 $where = " (1) ";
232 }
233
234 }