3 +--------------------------------------------------------------------+
4 | Copyright CiviCRM LLC. All rights reserved. |
6 | This work is published under the GNU AGPLv3 license with some |
7 | permitted exceptions and without any warranty. For full license |
8 | and copyright information, see https://civicrm.org/licensing |
9 +--------------------------------------------------------------------+
13 * Test APIv3 civicrm_entity_tag_* functions
15 * @package CiviCRM_APIv3
16 * @subpackage API_Core
20 * Class api_v3_EntityTagTest.
22 * This test class was introduced to ensure that the fix for CRM-17350 (reducing the required permission
23 * from edit all contacts to has right to edit this contact) would not result in inappropriate permission opening on
24 * other entities. Other entities are still too restricted but that is a larger job.
27 class api_v3_EntityTagACLTest
extends CiviUnitTestCase
{
29 use CRMTraits_ACL_PermissionTrait
;
36 protected $_apiversion = 3;
39 * Entity being tested.
43 protected $_entity = 'entity_tag';
46 * Set up permissions for test.
48 public function setUp() {
49 $this->useTransaction(TRUE);
51 $individualID = $this->individualCreate();
52 $daoObj = new CRM_Core_DAO();
53 $this->callAPISuccess('Attachment', 'create', [
54 'entity_table' => 'civicrm_contact',
55 'entity_id' => $individualID,
60 $daoObj->createTestObject('CRM_Activity_BAO_Activity', [], 1, 0);
61 $daoObj->createTestObject('CRM_Case_BAO_Case', [], 1, 0);
62 $entities = $this->getTagOptions();
63 foreach ($entities as $key => $entity) {
64 $this->callAPISuccess('Tag', 'create', [
67 'description' => $entity,
70 CRM_Core_Config
::singleton()->userPermissionClass
->permissions
= ['access CiviCRM'];
74 * Get the options for the used_for fields.
78 public function getTagOptions() {
79 $options = $this->callAPISuccess('Tag', 'getoptions', ['field' => 'used_for']);
80 return $options['values'];
84 * Get the entity table for a tag label.
86 * @param string $entity
90 protected function getTableForTag($entity) {
91 $options = $this->getTagOptions();
92 return array_search($entity, $options);
96 * Get entities which can be tagged in data provider format.
98 public function taggableEntities() {
100 foreach ($this->getTagOptions() as $entity) {
101 $return[] = [$entity];
107 * This test checks that users with edit all contacts can edit all tags.
109 * @dataProvider taggableEntities
111 * We are looking to see that a contact with edit all contacts can still add all tags (for all
112 * tag entities since that was how it was historically and we are not fixing non-contact entities).
114 * @param string $entity
117 public function testThatForEntitiesEditAllContactsCanAddTags($entity) {
119 CRM_Core_Config
::singleton()->userPermissionClass
->permissions
= ['edit all contacts', 'access CiviCRM'];
120 $this->callAPISuccess('EntityTag', 'create', [
123 'check_permissions' => TRUE,
124 'entity_table' => $this->getTableForTag($entity),
126 $this->callAPISuccessGetCount('EntityTag', [
128 'entity_table' => $this->getTableForTag($entity),
133 * This test checks that an ACL or edit all contacts is required to be able to create a contact.
135 * @dataProvider taggableEntities
137 public function testThatForEntityWithoutACLOrEditAllThereIsNoAccess($entity) {
139 CRM_Core_Config
::singleton()->userPermissionClass
->permissions
= ['access CiviCRM', 'view all contacts'];
140 $this->callAPIFailure('EntityTag', 'create', [
143 'check_permissions' => TRUE,
144 'entity_table' => $this->getTableForTag($entity),
149 * This test checks that permissions are not applied when check_permissions is off.
151 * @dataProvider taggableEntities
153 * @param string $entity
156 public function testCheckPermissionsOffWorks($entity) {
158 CRM_Core_Config
::singleton()->userPermissionClass
->permissions
= ['access CiviCRM', 'view all contacts'];
159 $result = $this->callAPISuccess('EntityTag', 'create', [
162 'check_permissions' => 0,
163 'entity_table' => $this->getTableForTag($entity),
165 $this->assertEquals(1, $result['added']);
166 $this->callAPISuccessGetCount('EntityTag', [
168 'entity_table' => $this->getTableForTag($entity),
169 'check_permissions' => 0,
174 * This test checks ACLs can be used to control who can edit a contact.
176 * Note that for other entities this hook will not allow them to edit the entity_tag and they still need
177 * edit all contacts (pending a more extensive fix).
179 * @dataProvider taggableEntities
181 * @param string $entity
184 public function testThatForEntitiesACLApplies($entity) {
186 CRM_Core_Config
::singleton()->userPermissionClass
->permissions
= ['access CiviCRM', 'view all contacts'];
187 $this->hookClass
->setHook('civicrm_aclWhereClause', [$this, 'aclWhereHookAllResults']);
188 civicrm_api('EntityTag', 'create', [
192 'entity_table' => $this->getTableForTag($entity),
193 'check_permissions' => TRUE,
195 $this->callAPISuccessGetCount('EntityTag', [
197 'entity_table' => $this->getTableForTag($entity),
198 ], ($entity == 'Contacts' ?
1 : 0));