projects / civicrm-core.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #11965 from colemanw/CRM-21855
[civicrm-core.git] / tests / phpunit / api / v3 / EntityTagACLTest.php
1 <?php
2 /*
3 +--------------------------------------------------------------------+
4 | CiviCRM version 4.7 |
5 +--------------------------------------------------------------------+
6 | Copyright CiviCRM LLC (c) 2004-2018 |
7 +--------------------------------------------------------------------+
8 | This file is a part of CiviCRM. |
9 | |
10 | CiviCRM is free software; you can copy, modify, and distribute it |
11 | under the terms of the GNU Affero General Public License |
12 | Version 3, 19 November 2007 and the CiviCRM Licensing Exception. |
13 | |
14 | CiviCRM is distributed in the hope that it will be useful, but |
15 | WITHOUT ANY WARRANTY; without even the implied warranty of |
16 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
17 | See the GNU Affero General Public License for more details. |
18 | |
19 | You should have received a copy of the GNU Affero General Public |
20 | License and the CiviCRM Licensing Exception along |
21 | with this program; if not, contact CiviCRM LLC |
22 | at info[AT]civicrm[DOT]org. If you have questions about the |
23 | GNU Affero General Public License or the licensing of CiviCRM, |
24 | see the CiviCRM license FAQ at http://civicrm.org/licensing |
25 +--------------------------------------------------------------------+
26 */
27
28 /**
29 * Test APIv3 civicrm_entity_tag_* functions
30 *
31 * @package CiviCRM_APIv3
32 * @subpackage API_Core
33 */
34
35 /**
36 * Class api_v3_EntityTagTest.
37 *
38 * This test class was introduced to ensure that the fix for CRM-17350 (reducing the required permission
39 * from edit all contacts to has right to edit this contact) would not result in inappropriate permission opening on
40 * other entities. Other entities are still too restricted but that is a larger job.
41 * @group headless
42 */
43 class api_v3_EntityTagACLTest extends CiviUnitTestCase {
44
45 /**
46 * API Version in use.
47 *
48 * @var int
49 */
50 protected $_apiversion = 3;
51
52 /**
53 * Entity being tested.
54 *
55 * @var string
56 */
57 protected $_entity = 'entity_tag';
58
59 /**
60 * Set up permissions for test.
61 */
62 public function setUp() {
63 $this->useTransaction(TRUE);
64 parent::setUp();
65 $individualID = $this->individualCreate();
66 $daoObj = new CRM_Core_DAO();
67 $this->callAPISuccess('Attachment', 'create', array(
68 'entity_table' => 'civicrm_contact',
69 'entity_id' => $individualID,
70 'mime_type' => 'k',
71 'name' => 'p',
72 'content' => 'l',
73 ));
74 $daoObj->createTestObject('CRM_Activity_BAO_Activity', array(), 1, 0);
75 $daoObj->createTestObject('CRM_Case_BAO_Case', array(), 1, 0);
76 $entities = $this->getTagOptions();
77 foreach ($entities as $key => $entity) {
78 $this->callAPISuccess('Tag', 'create', array(
79 'used_for' => $key,
80 'name' => $entity,
81 'description' => $entity,
82 )
83 );
84 }
85 CRM_Core_Config::singleton()->userPermissionClass->permissions = array('access CiviCRM');
86 }
87
88 /**
89 * Get the options for the used_for fields.
90 *
91 * @return array
92 */
93 public function getTagOptions() {
94 $options = $this->callAPISuccess('Tag', 'getoptions', array('field' => 'used_for'));
95 return $options['values'];
96 }
97
98 /**
99 * Get the entity table for a tag label.
100 *
101 * @param string $entity
102 *
103 * @return string
104 */
105 protected function getTableForTag($entity) {
106 $options = $this->getTagOptions();
107 return array_search($entity, $options);
108 }
109 /**
110 * Get entities which can be tagged in data provider format.
111 */
112 public function taggableEntities() {
113 $return = array();
114 foreach ($this->getTagOptions() as $entity) {
115 $return[] = array($entity);
116 }
117 return $return;
118 }
119
120 /**
121 * This test checks that users with edit all contacts can edit all tags.
122 *
123 * @dataProvider taggableEntities
124 *
125 * We are looking to see that a contact with edit all contacts can still add all tags (for all
126 * tag entities since that was how it was historically and we are not fixing non-contact entities).
127 *
128 * @param string $entity
129 * Entity to test
130 */
131 public function testThatForEntitiesEditAllContactsCanAddTags($entity) {
132
133 CRM_Core_Config::singleton()->userPermissionClass->permissions = array('edit all contacts', 'access CiviCRM');
134 $this->callAPISuccess('EntityTag', 'create', array(
135 'entity_id' => 1,
136 'tag_id' => $entity,
137 'check_permissions' => TRUE,
138 'entity_table' => $this->getTableForTag($entity),
139 ));
140 $this->callAPISuccessGetCount('EntityTag', array(
141 'entity_id' => 1,
142 'entity_table' => $this->getTableForTag($entity),
143 ), 1);
144 }
145
146 /**
147 * This test checks that an ACL or edit all contacts is required to be able to create a contact.
148 *
149 * @dataProvider taggableEntities
150 */
151 public function testThatForEntityWithoutACLOrEditAllThereIsNoAccess($entity) {
152
153 CRM_Core_Config::singleton()->userPermissionClass->permissions = array('access CiviCRM', 'view all contacts');
154 $this->callAPIFailure('EntityTag', 'create', array(
155 'entity_id' => 1,
156 'tag_id' => $entity,
157 'check_permissions' => TRUE,
158 'entity_table' => $this->getTableForTag($entity),
159 ));
160 }
161
162 /**
163 * This test checks that permissions are not applied when check_permissions is off.
164 *
165 * @dataProvider taggableEntities
166 *
167 * @param string $entity
168 * Entity to test
169 */
170 public function testCheckPermissionsOffWorks($entity) {
171
172 CRM_Core_Config::singleton()->userPermissionClass->permissions = array('access CiviCRM', 'view all contacts');
173 $result = $this->callAPISuccess('EntityTag', 'create', array(
174 'entity_id' => 1,
175 'tag_id' => $entity,
176 'check_permissions' => 0,
177 'entity_table' => $this->getTableForTag($entity),
178 ));
179 $this->assertEquals(1, $result['added']);
180 $this->callAPISuccessGetCount('EntityTag', array(
181 'entity_id' => 1,
182 'entity_table' => $this->getTableForTag($entity),
183 'check_permissions' => 0,
184 ), 1);
185 }
186
187 /**
188 * This test checks ACLs can be used to control who can edit a contact.
189 *
190 * Note that for other entities this hook will not allow them to edit the entity_tag and they still need
191 * edit all contacts (pending a more extensive fix).
192 *
193 * @dataProvider taggableEntities
194 *
195 * @param string $entity
196 * Entity to test
197 */
198 public function testThatForEntitiesACLApplies($entity) {
199
200 CRM_Core_Config::singleton()->userPermissionClass->permissions = array('access CiviCRM', 'view all contacts');
201 $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookAllResults'));
202 civicrm_api('EntityTag', 'create', array(
203 'version' => 3,
204 'entity_id' => 1,
205 'tag_id' => $entity,
206 'entity_table' => $this->getTableForTag($entity),
207 'check_permissions' => TRUE,
208 ));
209 $this->callAPISuccessGetCount('EntityTag', array(
210 'entity_id' => 1,
211 'entity_table' => $this->getTableForTag($entity),
212 ), ($entity == 'Contacts' ? 1 : 0));
213 }
214
215 /**
216 * All results returned.
217 *
218 * @implements CRM_Utils_Hook::aclWhereClause
219 *
220 * @param string $type
221 * @param array $tables
222 * @param array $whereTables
223 * @param int $contactID
224 * @param string $where
225 */
226 public function aclWhereHookAllResults($type, &$tables, &$whereTables, &$contactID, &$where) {
227 $where = " (1) ";
228 }
229
230 }