From: eileenmcnaughton Date: Mon, 25 Jan 2016 01:08:06 +0000 (+0000) Subject: CRM-17350 add unit test for tag api create permission X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=83a2ebb66fd220de1dbe3b90470e517762faad54;p=civicrm-core.git CRM-17350 add unit test for tag api create permission --- diff --git a/tests/phpunit/api/v3/EntityTagACLTest.php b/tests/phpunit/api/v3/EntityTagACLTest.php new file mode 100644 index 0000000000..57873589d9 --- /dev/null +++ b/tests/phpunit/api/v3/EntityTagACLTest.php @@ -0,0 +1,234 @@ +useTransaction(TRUE); + parent::setUp(); + $individualID = $this->individualCreate(); + $daoObj = new CRM_Core_DAO(); + $this->callAPISuccess('Attachment', 'create', array( + 'entity_table' => 'civicrm_contact', + 'entity_id' => $individualID, + 'mime_type' => 'k', + 'name' => 'p', + 'content' => 'l', + )); + $daoObj->createTestObject('CRM_Activity_BAO_Activity', array(), 1, 0); + $daoObj->createTestObject('CRM_Case_BAO_Case', array(), 1, 0); + $entities = $this->getTagOptions(); + foreach ($entities as $key => $entity) { + $this->callAPISuccess('Tag', 'create', array( + 'used_for' => $key, + 'name' => $entity, + 'description' => $entity, + ) + ); + } + CRM_Core_Config::singleton()->userPermissionClass->permissions = array('access CiviCRM'); + } + + /** + * Get the options for the used_for fields. + * + * @return array + */ + public function getTagOptions() { + $options = $this->callAPISuccess('Tag', 'getoptions', array('field' => 'used_for')); + return $options['values']; + } + + /** + * Get the entity table for a tag label. + * + * @param string $entity + * + * @return string + */ + protected function getTableForTag($entity) { + $options = $this->getTagOptions(); + return array_search($entity, $options); + } + /** + * Get entities which can be tagged in data provider format. + */ + public function taggableEntities() { + $return = array(); + foreach ($this->getTagOptions() as $entity) { + $return[] = array($entity); + } + return $return; + } + + /** + * This test checks that users with edit all contacts can edit all tags. + * + * @dataProvider taggableEntities + * + * We are looking to see that a contact with edit all contacts can still add all tags (for all + * tag entities since that was how it was historically and we are not fixing non-contact entities). + * + * @param string $entity + * Entity to test + */ + public function testThatForEntitiesEditAllContactsCanAddTags($entity) { + + CRM_Core_Config::singleton()->userPermissionClass->permissions = array('edit all contacts'); + $this->callAPISuccess('EntityTag', 'create', array( + 'entity_id' => 1, + 'tag_id' => $entity, + 'check_permissions' => TRUE, + 'entity_table' => $this->getTableForTag($entity), + )); + $this->callAPISuccessGetCount('EntityTag', array( + 'entity_id' => 1, + 'entity_table' => $this->getTableForTag($entity), + ), 1); + } + + /** + * This test checks that an ACL or edit all contacts is required to be able to create a contact. + * + * @dataProvider taggableEntities + */ + public function testThatForEntityWithoutACLOrEditAllThereIsNoAccess($entity) { + + CRM_Core_Config::singleton()->userPermissionClass->permissions = array('access CiviCRM', 'view all contacts'); + $this->callAPISuccess('EntityTag', 'create', array( + 'entity_id' => 1, + 'tag_id' => $entity, + 'check_permissions' => TRUE, + 'entity_table' => $this->getTableForTag($entity), + )); + $this->callAPISuccessGetCount('EntityTag', array( + 'entity_id' => 1, + 'entity_table' => $this->getTableForTag($entity), + ), 0); + } + + /** + * This test checks that permissions are not applied when check_permissions is off. + * + * @dataProvider taggableEntities + * + * @param string $entity + * Entity to test + */ + public function testCheckPermissionsOffWorks($entity) { + + CRM_Core_Config::singleton()->userPermissionClass->permissions = array('access CiviCRM', 'view all contacts'); + $result = $this->callAPISuccess('EntityTag', 'create', array( + 'entity_id' => 1, + 'tag_id' => $entity, + 'check_permissions' => 0, + 'entity_table' => $this->getTableForTag($entity), + )); + $this->assertEquals(1, $result['added']); + $this->callAPISuccessGetCount('EntityTag', array( + 'entity_id' => 1, + 'entity_table' => $this->getTableForTag($entity), + 'check_permissions' => 0, + ), 1); + } + + /** + * This test checks ACLs can be used to control who can edit a contact. + * + * Note that for other entities this hook will not allow them to edit the entity_tag and they still need + * edit all contacts (pending a more extensive fix). + * + * @dataProvider taggableEntities + * + * @param string $entity + * Entity to test + */ + public function testThatForEntitiesACLApplies($entity) { + + CRM_Core_Config::singleton()->userPermissionClass->permissions = array('access CiviCRM', 'view all contacts'); + $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookAllResults')); + $this->callAPISuccess('EntityTag', 'create', array( + 'entity_id' => 1, + 'tag_id' => $entity, + 'entity_table' => $this->getTableForTag($entity), + 'check_permissions' => TRUE, + )); + $this->callAPISuccessGetCount('EntityTag', array( + 'entity_id' => 1, + 'entity_table' => $this->getTableForTag($entity), + ), ($entity == 'Contacts' ? 1 : 0)); + } + + /** + * All results returned. + * + * @implements CRM_Utils_Hook::aclWhereClause + * + * @param string $type + * @param array $tables + * @param array $whereTables + * @param int $contactID + * @param string $where + */ + public function aclWhereHookAllResults($type, &$tables, &$whereTables, &$contactID, &$where) { + $where = " (1) "; + } + +}