tests/phpunit/api/v3/FinancialTypeACLTest.php

   1 <?php
   2 /*
   3  +--------------------------------------------------------------------+
   4  | CiviCRM version 5                                                  |
   5  +--------------------------------------------------------------------+
   6  | Copyright CiviCRM LLC (c) 2004-2019                                |
   7  +--------------------------------------------------------------------+
   8  | This file is a part of CiviCRM.                                    |
   9  |                                                                    |
  10  | CiviCRM is free software; you can copy, modify, and distribute it  |
  11  | under the terms of the GNU Affero General Public License           |
  12  | Version 3, 19 November 2007 and the CiviCRM Licensing Exception.   |
  13  |                                                                    |
  14  | CiviCRM is distributed in the hope that it will be useful, but     |
  15  | WITHOUT ANY WARRANTY; without even the implied warranty of         |
  16  | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.               |
  17  | See the GNU Affero General Public License for more details.        |
  18  |                                                                    |
  19  | You should have received a copy of the GNU Affero General Public   |
  20  | License and the CiviCRM Licensing Exception along                  |
  21  | with this program; if not, contact CiviCRM LLC                     |
  22  | at info[AT]civicrm[DOT]org. If you have questions about the        |
  23  | GNU Affero General Public License or the licensing of CiviCRM,     |
  24  | see the CiviCRM license FAQ at http://civicrm.org/licensing        |
  25  +--------------------------------------------------------------------+
  26  */
  27
  28 /**
  29  *  Test APIv3 civicrm_contribute_* functions
  30  *
  31  * @package CiviCRM_APIv3
  32  * @subpackage API_Contribution
  33  */
  34 class api_v3_FinancialTypeACLTest extends CiviUnitTestCase {
  35
  36   use CRMTraits_Financial_FinancialACLTrait;
  37
  38   /**
  39    * Assume empty database with just civicrm_data.
  40    */
  41   protected $_individualId;
  42   protected $_contribution;
  43   protected $_financialTypeId = 1;
  44   protected $_apiversion;
  45   protected $_entity = 'Contribution';
  46   public $debug = 0;
  47   protected $_params;
  48   protected $_ids = array();
  49   protected $_pageParams = array();
  50
  51   /**
  52    * Parameters to create payment processor.
  53    *
  54    * @var array
  55    */
  56   protected $_processorParams = array();
  57
  58   /**
  59    * ID of created event.
  60    *
  61    * @var int
  62    */
  63   protected $_eventID;
  64
  65   /**
  66    * Setup function.
  67    */
  68   public function setUp() {
  69     parent::setUp();
  70
  71     $this->_apiversion = 3;
  72     $this->_individualId = $this->individualCreate();
  73     $this->_params = array(
  74       'contact_id' => $this->_individualId,
  75       'receive_date' => '20120511',
  76       'total_amount' => 100.00,
  77       'financial_type_id' => $this->_financialTypeId,
  78       'non_deductible_amount' => 10.00,
  79       'fee_amount' => 5.00,
  80       'net_amount' => 95.00,
  81       'source' => 'SSF',
  82       'contribution_status_id' => 1,
  83     );
  84     $this->_processorParams = array(
  85       'domain_id' => 1,
  86       'name' => 'Dummy',
  87       'payment_processor_type_id' => 10,
  88       'financial_account_id' => 12,
  89       'is_active' => 1,
  90       'user_name' => '',
  91       'url_site' => 'http://dummy.com',
  92       'url_recur' => 'http://dummy.com',
  93       'billing_mode' => 1,
  94     );
  95     $this->_pageParams = array(
  96       'title' => 'Test Contribution Page',
  97       'financial_type_id' => 1,
  98       'currency' => 'USD',
  99       'financial_account_id' => 1,
 100       'payment_processor' => $this->processorCreate(),
 101       'is_active' => 1,
 102       'is_allow_other_amount' => 1,
 103       'min_amount' => 10,
 104       'max_amount' => 1000,
 105     );
 106   }
 107
 108   /**
 109    * Clean up after each test.
 110    */
 111   public function tearDown() {
 112     $this->quickCleanUpFinancialEntities();
 113     $this->quickCleanup(array('civicrm_uf_match'));
 114     $this->disableFinancialACLs();
 115   }
 116
 117   /**
 118    * Test Get.
 119    */
 120   public function testCreateACLContribution() {
 121     $this->enableFinancialACLs();
 122     $p = array(
 123       'contact_id' => $this->_individualId,
 124       'receive_date' => '2010-01-20',
 125       'total_amount' => 100.00,
 126       'financial_type_id' => $this->_financialTypeId,
 127       'non_deductible_amount' => 10.00,
 128       'fee_amount' => 5.00,
 129       'net_amount' => 95.00,
 130       'trxn_id' => 23456,
 131       'invoice_id' => 78910,
 132       'source' => 'SSF',
 133       'contribution_status_id' => 1,
 134       'check_permissions' => TRUE,
 135     );
 136
 137     $this->setPermissions([
 138       'access CiviCRM',
 139       'access CiviContribute',
 140       'edit contributions',
 141     ]);
 142     $result = $this->callAPIFailure('contribution', 'create', $p);
 143     $this->assertEquals('You do not have permission to create this contribution', $result['error_message']);
 144     $this->addFinancialAclPermissions([['add', 'Donation']]);
 145
 146     $contribution = $this->callAPISuccess('contribution', 'create', $p);
 147
 148     $params = array(
 149       'contribution_id' => $contribution['id'],
 150     );
 151
 152     $this->setPermissions([
 153       'access CiviCRM',
 154       'access CiviContribute',
 155       'edit contributions',
 156       'view contributions of type Donation',
 157       'delete contributions of type Donation',
 158     ]);
 159
 160     $contribution = $this->callAPISuccess('contribution', 'get', $params);
 161
 162     $this->assertEquals(1, $contribution['count']);
 163     $this->assertEquals($contribution['values'][$contribution['id']]['contact_id'], $this->_individualId);
 164     $this->assertEquals($contribution['values'][$contribution['id']]['financial_type_id'], 1);
 165     $this->assertEquals($contribution['values'][$contribution['id']]['total_amount'], 100.00);
 166     $this->assertEquals($contribution['values'][$contribution['id']]['non_deductible_amount'], 10.00);
 167     $this->assertEquals($contribution['values'][$contribution['id']]['fee_amount'], 5.00);
 168     $this->assertEquals($contribution['values'][$contribution['id']]['net_amount'], 95.00);
 169     $this->assertEquals($contribution['values'][$contribution['id']]['trxn_id'], 23456);
 170     $this->assertEquals($contribution['values'][$contribution['id']]['invoice_id'], 78910);
 171     $this->assertEquals($contribution['values'][$contribution['id']]['contribution_source'], 'SSF');
 172     $this->assertEquals($contribution['values'][$contribution['id']]['contribution_status'], 'Completed');
 173     $this->callAPISuccess('Contribution', 'Delete', array(
 174       'id' => $contribution['id'],
 175     ));
 176   }
 177
 178   /**
 179    * Test that acl contributions can be retrieved.
 180    */
 181   public function testGetACLContribution() {
 182     $this->enableFinancialACLs();
 183
 184     $this->setPermissions([
 185       'access CiviCRM',
 186       'access CiviContribute',
 187       'view all contacts',
 188       'add contributions of type Donation',
 189     ]);
 190     $contribution = $this->callAPISuccess('Contribution', 'create', $this->_params);
 191     $this->callAPISuccess('Contribution', 'create', array_merge($this->_params, ['financial_type_id' => 'Member Dues']));
 192
 193     $params = array(
 194       'id' => $contribution['id'],
 195       'check_permissions' => TRUE,
 196     );
 197     $contribution = $this->callAPISuccess('contribution', 'get', $params);
 198     $this->assertEquals($contribution['count'], 0);
 199
 200     $this->addFinancialAclPermissions([['view', 'Donation']]);
 201     $this->callAPISuccessGetSingle('contribution', $params);
 202     $this->callAPISuccessGetCount('contribution', ['financial_type_id' => 'Member Dues', 'check_permissions' => 1], 0);
 203     $this->markTestIncomplete('check_permissions = 0 should be respected but is not - I have added a todo at the right place but not changed it as yet');
 204     $this->callAPISuccessGetCount('contribution', ['financial_type_id' => 'Member Dues'], 1);
 205   }
 206
 207   /**
 208    * Test checks that passing in line items suppresses the create mechanism.
 209    */
 210   public function testCreateACLContributionChainedLineItems() {
 211     $this->enableFinancialACLs();
 212     $params = array(
 213       'contact_id' => $this->_individualId,
 214       'receive_date' => '20120511',
 215       'total_amount' => 100.00,
 216       'financial_type_id' => $this->_financialTypeId,
 217       'payment_instrument_id' => 1,
 218       'non_deductible_amount' => 10.00,
 219       'fee_amount' => 50.00,
 220       'net_amount' => 90.00,
 221       'source' => 'SSF',
 222       'contribution_status_id' => 1,
 223       'check_permissions' => TRUE,
 224       'api.line_item.create' => array(
 225         array(
 226           'price_field_id' => 1,
 227           'qty' => 2,
 228           'line_total' => '20',
 229           'unit_price' => '10',
 230           'financial_type_id' => 1,
 231         ),
 232         array(
 233           'price_field_id' => 1,
 234           'qty' => 1,
 235           'line_total' => '80',
 236           'unit_price' => '80',
 237           'financial_type_id' => 2,
 238         ),
 239       ),
 240     );
 241
 242     $this->setPermissions([
 243       'access CiviCRM',
 244       'access CiviContribute',
 245       'edit contributions',
 246       'delete in CiviContribute',
 247       'add contributions of type Donation',
 248       'delete contributions of type Donation',
 249     ]);
 250     $this->callAPIFailure('contribution', 'create', $params, 'Error in call to LineItem_create : You do not have permission to create this line item');
 251
 252     // Check that the entire contribution has rolled back.
 253     $contribution = $this->callAPISuccess('contribution', 'get', array());
 254     $this->assertEquals(0, $contribution['count']);
 255
 256     $this->addFinancialAclPermissions([
 257       ['add', 'Member Dues'],
 258       ['view', 'Donation'],
 259       ['view', 'Member Dues'],
 260       ['delete', 'Member Dues'],
 261     ]);
 262     $contribution = $this->callAPISuccess('contribution', 'create', $params);
 263
 264     $lineItemParams = array(
 265       'contribution_id' => $contribution['id'],
 266       'entity_table' => 'civicrm_contribution',
 267     );
 268     $lineItems = $this->callAPISuccess('LineItem', 'get', $lineItemParams);
 269     $this->assertEquals(3, $lineItems['count']);
 270     $this->assertEquals(100.00, $lineItems['values'][3]['line_total']);
 271     $this->assertEquals(20, $lineItems['values'][4]['line_total']);
 272     $this->assertEquals(80, $lineItems['values'][5]['line_total']);
 273     $this->assertEquals(1, $lineItems['values'][3]['financial_type_id']);
 274     $this->assertEquals(1, $lineItems['values'][4]['financial_type_id']);
 275     $this->assertEquals(2, $lineItems['values'][5]['financial_type_id']);
 276
 277     $this->callAPISuccess('Contribution', 'Delete', array(
 278       'id' => $contribution['id'],
 279     ));
 280   }
 281
 282   /**
 283    * Test that acl contributions can be edited.
 284    */
 285   public function testEditACLContribution() {
 286     $this->enableFinancialACLs();
 287     $contribution = $this->callAPISuccess('Contribution', 'create', $this->_params);
 288
 289     $params = array(
 290       'id' => $contribution['id'],
 291       'check_permissions' => TRUE,
 292       'total_amount' => 200.00,
 293     );
 294
 295     $this->setPermissions([
 296       'access CiviCRM',
 297       'access CiviContribute',
 298       'edit contributions',
 299       'view contributions of type Donation',
 300     ]);
 301     $this->callAPIFailure('Contribution', 'create', $params);
 302
 303     $this->addFinancialAclPermissions([['edit', 'Donation']]);
 304     $contribution = $this->callAPISuccess('Contribution', 'create', $params);
 305
 306     $this->assertEquals($contribution['values'][$contribution['id']]['total_amount'], 200.00);
 307   }
 308
 309   /**
 310    * Test that acl contributions can be deleted.
 311    */
 312   public function testDeleteACLContribution() {
 313     $this->enableFinancialACLs();
 314
 315     $this->setPermissions([
 316       'access CiviCRM',
 317       'access CiviContribute',
 318       'view all contacts',
 319       'add contributions of type Donation',
 320     ]);
 321     $contribution = $this->callAPISuccess('Contribution', 'create', $this->_params);
 322
 323     $params = array(
 324       'contribution_id' => $contribution['id'],
 325       'check_permissions' => TRUE,
 326     );
 327     $this->addPermissions(['delete in CiviContribute']);
 328     $this->callAPIFailure('Contribution', 'delete', $params);
 329
 330     $this->addFinancialAclPermissions([['delete', 'Donation']]);
 331     $contribution = $this->callAPISuccess('Contribution', 'delete', $params);
 332
 333     $this->assertEquals($contribution['count'], 1);
 334   }
 335
 336 }